Fix: trashman: tor: ensure seamless deb.torproject.org-keyring upgrades

diff --git a/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg b/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg
similarity index 96%
rename from share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg
rename to share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg
index 7614b2039d918e50e3ba16a23ae24693d53461a2..738ef5d7f1408470e1f1e2d6cf4e7639fc5e3f7f 100644 (file)
Binary files a/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg and b/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg differ

diff --git a/share/trashman/tor/unix/linux/debian/install b/share/trashman/tor/unix/linux/debian/install
index 6676c8df6fe4402698bb4e021b4c6c3aadf07fe2..5b708192c6cf58b04e69a61d28177877949aa988 100755 (executable)
--- a/share/trashman/tor/unix/linux/debian/install
+++ b/share/trashman/tor/unix/linux/debian/install
@@ -7,6 +7,7 @@
 SHARE="$1"
 LIB="$2"
 REQUIREMENTS="apt-transport-https wget gnupg"
+KEYRING="/usr/share/keyrings/deb.torproject.org-keyring.gpg"
 
 # Include basic functions
 . $LIB/trashman/functions || exit 1
@@ -19,16 +20,27 @@ trashman_apt_install $REQUIREMENTS
 DISTRIBUTION="`trashman_debian_major_version_name`"
 
 cat <<-EOF > /etc/apt/sources.list.d/tor.list
-   deb     [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org $DISTRIBUTION main
-   deb-src [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org $DISTRIBUTION main
+   deb     [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org $DISTRIBUTION main
+   deb-src [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org $DISTRIBUTION main
 EOF
 
-# Remove key from old location
+# Remove key from old locations
 rm -f /usr/share/keyrings/tor-archive-keyring.gpg
-
-#wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
-cp $SHARE/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg /etc/apt/trusted.gpg.d/
-
-apt update && apt install -y tor deb.torproject.org-keyring
+rm -f /etc/apt/trusted.gpg.d/ /etc/apt/trusted.gpg.d/torproject.org.gpg
+
+# Install temporary keyring
+# Details at https://support.torproject.org/apt/tor-deb-repo/
+#wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | \
+#  gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg > /dev/null
+if [ ! -e "${KEYRING}" ]; then
+  cp $SHARE/tor/unix/linux/debian/files/${KEYRING} ${KEYRING}
+fi
+
+# Now that we have the config and the keyring, leave it to be managed by
+# deb.torproject.org-keyring package.
+#
+# Do an upgrade first to make sure we have the latest keyring package
+# installed if that's not the first time this script is running.
+apt update && apt upgrade -y && apt install -y tor deb.torproject.org-keyring
 
 #rm -rf /var/lib/apt/lists/*