From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 22 Jan 2015 16:07:27 +0000 (+0100)
Subject: import: make the user verficiation keyring override the vendor keyring, instead of... 
X-Git-Tag: v219~357
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=1c49d1ba850f9306d5cebc0441ef66ffa33d348b

import: make the user verficiation keyring override the vendor keyring, instead of extending it

This way the user has the ability to remove keys from the
vendor-supplied keyring if he intends so.
---

diff --git a/src/import/import-common.c b/src/import/import-common.c
index 395f998f1..561c77abd 100644
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -358,8 +358,7 @@ int import_verify(
                         "--no-auto-check-trustdb",
                         "--batch",
                         "--trust-model=always",
-                        "--keyring=" VENDOR_KEYRING_PATH,
-                        NULL, /* maybe user keyring */
+                        NULL, /* keyring to use */
                         NULL, /* --verify */
                         NULL, /* signature file */
                         NULL, /* dash */
@@ -403,6 +402,8 @@ int import_verify(
                  * otherwise. */
                 if (access(USER_KEYRING_PATH, F_OK) >= 0)
                         cmd[k++] = "--keyring=" USER_KEYRING_PATH;
+                else
+                        cmd[k++] = "--keyring=" VENDOR_KEYRING_PATH;
 
                 cmd[k++] = "--verify";
                 cmd[k++] = sig_file_path;