remove empty keyrings in trusted.gpg.d on upgrade

Adding and deleting many repositories could cause (empty) keyring files
to pill up in older apt-key versions, which in the end might cause gnupg
to run into its internal limit of at most 40 keyrings

diff --git a/debian/apt.postinst b/debian/apt.postinst
index a538abde988bdbaf07c685d77c00e5b672df4330..01f78a1dd14b715f5031f635f351d4de51148187 100755 (executable)
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -15,6 +15,15 @@ set -e
 
 case "$1" in
     configure)
+       if dpkg --compare-versions "$2" lt 1.0.7; then
+           # apt-key before 0.9.10 could leave empty keyrings around
+           find /etc/apt/trusted.gpg.d/ -name '*.gpg' | while read keyring; do
+               if ! test -s "$keyring"; then
+                   rm -f "$keyring"
+               fi
+           done
+       fi
+
        if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then
            # we are using tmpfiles for both
            rm -f /etc/apt/trustdb.gpg