add --readonly option for apt-key adv

Some advanced commands can be executed without the keyring being
modified like --verify, so this adds an option to disable the mergeback
and uses it for our gpg calling code.

Git-Dch: Ignore

diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index 56e26ab9964ee06d612c671a4a4783e5fe794d4b..cd17cd5368bde831397468f2d6ed08ab53badbae 100644 (file)
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -54,6 +54,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
 
    Args.push_back(aptkey.c_str());
    Args.push_back("--quiet");
+   Args.push_back("--readonly");
    Args.push_back("adv");
 
    char statusfdstr[10];

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 9259fac0d32447d2009225908e19238235c73fbb..21d6926314c466abdff2d5ec42be68982ceb5163 100644 (file)
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -337,20 +337,19 @@ while [ -n "$1" ]; do
         shift
         TRUSTEDFILE="$1"
         FORCED_KEYRING="$1"
-        shift
         ;;
       --secret-keyring)
         shift
         FORCED_SECRET_KEYRING="$1"
-        shift
+        ;;
+      --readonly)
+        merge_back_changes() { true; }
         ;;
       --fakeroot)
         requires_root() { true; }
-        shift
         ;;
       --quiet)
         aptkey_echo() { true; }
-        shift
         ;;
       --*)
         echo >&2 "Unknown option: $1"
@@ -359,6 +358,7 @@ while [ -n "$1" ]; do
       *)
         break;;
    esac
+   shift
 done
 
 if [ -z "$TRUSTEDFILE" ]; then
@@ -430,7 +430,6 @@ case "$command" in
     del|rm|remove)
        requires_root
        foreach_keyring_do 'remove_key_from_keyring' "$@"
-       merge_back_changes
        aptkey_echo "OK"
         ;;
     update)

diff --git a/test/integration/framework b/test/integration/framework
index 50f16fb465c9976ef37251897c0dc1c527022a9d..fcdca34ce3c3988b956e700429f427eed262df8f 100644 (file)
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -429,7 +429,7 @@ Package: $NAME" >> ${BUILDDIR}/debian/control
                | while read SRC; do
                echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist
 #              if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then
-#                      aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet \
+#                      aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet --readonly \
 #                              adv --yes --default-key 'Joe Sixpack' \
 #                              --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
 #                      mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
@@ -816,7 +816,7 @@ setupaptarchive() {
 signreleasefiles() {
        local SIGNER="${1:-Joe Sixpack}"
        local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
-       local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec adv --batch --yes"
+       local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes"
        msgninfo "\tSign archive with $SIGNER key $KEY… "
        local REXKEY='keys/rexexpired'
        local SECEXPIREBAK="${REXKEY}.sec.bak"