deprecate 'apt-key update' and no-op it in Debian

Debian isn't using 'update' anymore for years and the command is in
direct conflict with our goal of not requiring gnupg anymore, so it
is high time to officially declare this command as deprecated.

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 49056f2a6e813d07bd2caa54a8b6c694aca5b4c1..511c91c167a1e352bbc711e14bb78d11718f61fa 100644 (file)
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -156,6 +156,13 @@ net_update() {
 }
 
 update() {
+    if [ -z "$APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE" ]; then
+       echo >&2 "Warning: 'apt-key update' is deprecated and should not be used anymore!"
+       if [ -z "$ARCHIVE_KEYRING" ]; then
+           echo >&2 "Note: In your distribution this command is a no-op and can therefore be removed safely."
+           exit 0
+       fi
+    fi
     if [ ! -f "$ARCHIVE_KEYRING" ]; then
        echo >&2 "ERROR: Can't find the archive-keyring"
        echo >&2 "Is the &keyring-package; package installed?"

diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml
index e0d9f5b9575f735ea57a713be4361c511c8754b9..111fdb0d1313d8017e24c7f329c9ae599f37ca0a 100644 (file)
--- a/doc/apt-key.8.xml
+++ b/doc/apt-key.8.xml
@@ -128,17 +128,21 @@
      </listitem>
      </varlistentry>
 
-     <varlistentry><term><option>update</option></term>
+     <varlistentry><term><option>update</option></term> (deprecated)
      <listitem>
      <para>
-
        Update the local keyring with the archive keyring and remove from
        the local keyring the archive keys which are no longer valid.
        The archive keyring is shipped in the <literal>archive-keyring</literal> package of your
        distribution, e.g. the &keyring-package; package in &keyring-distro;.
-
      </para>
-
+     <para>
+       Note that a distribution does not need to and in fact should not use
+       this command any longer and instead ship keyring files in the
+       <filename>/etc/apt/trusted.gpg</filename> directory directly as this
+       avoids a dependency on <package>gnupg</package> and it is easier to manage
+       keys by simply adding and removing files for maintainers and users alike.
+     </para>
      </listitem>
      </varlistentry>
      
@@ -181,18 +185,6 @@
 
      &file-trustedgpg;
 
-     <varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
-     <listitem><para>Local trust database of archive keys.</para></listitem>
-     </varlistentry>
-
-     <varlistentry><term>&keyring-filename;</term>
-     <listitem><para>Keyring of &keyring-distro; archive trusted keys.</para></listitem>
-     </varlistentry>
-
-     <varlistentry><term>&keyring-removed-filename;</term>
-     <listitem><para>Keyring of &keyring-distro; archive removed trusted keys.</para></listitem>
-     </varlistentry>
-
    </variablelist>
 
 </refsect1>

diff --git a/vendor/debian/apt-vendor.ent b/vendor/debian/apt-vendor.ent
index 93e4e046043a440a58588c4540a9174f85c5c695..8d5416cedef45a26bdb1c2ef3ff0f379d00b868e 100644 (file)
--- a/vendor/debian/apt-vendor.ent
+++ b/vendor/debian/apt-vendor.ent
@@ -1,8 +1,8 @@
 <!-- details about the keys used by the distribution -->
 <!ENTITY keyring-distro "Debian">
 <!ENTITY keyring-package "<package>debian-archive-keyring</package>">
-<!ENTITY keyring-filename "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>">
-<!ENTITY keyring-removed-filename "<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>">
+<!ENTITY keyring-filename "">
+<!ENTITY keyring-removed-filename "">
 <!ENTITY keyring-master-filename "">
 <!ENTITY keyring-uri "">