From 1c49d1ba850f9306d5cebc0441ef66ffa33d348b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 22 Jan 2015 17:07:27 +0100
Subject: [PATCH] import: make the user verficiation keyring override the
 vendor keyring, instead of extending it

This way the user has the ability to remove keys from the
vendor-supplied keyring if he intends so.
---
 src/import/import-common.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/import/import-common.c b/src/import/import-common.c
index 395f998f1..561c77abd 100644
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -358,8 +358,7 @@ int import_verify(
                         "--no-auto-check-trustdb",
                         "--batch",
                         "--trust-model=always",
-                        "--keyring=" VENDOR_KEYRING_PATH,
-                        NULL, /* maybe user keyring */
+                        NULL, /* keyring to use */
                         NULL, /* --verify */
                         NULL, /* signature file */
                         NULL, /* dash */
@@ -403,6 +402,8 @@ int import_verify(
                  * otherwise. */
                 if (access(USER_KEYRING_PATH, F_OK) >= 0)
                         cmd[k++] = "--keyring=" USER_KEYRING_PATH;
+                else
+                        cmd[k++] = "--keyring=" VENDOR_KEYRING_PATH;
 
                 cmd[k++] = "--verify";
                 cmd[k++] = sig_file_path;
-- 
2.30.2