From 6a6479c3554876f8a3b6d234ec02b94dbe646ff2 Mon Sep 17 00:00:00 2001
From: Matthew Barnes <mbarnes@redhat.com>
Date: Thu, 14 May 2015 12:44:36 -0400
Subject: [PATCH] repo: Prevent GPG keys from being imported to keybox format

If a remote keyring does not already exist, create an empty pubring.gpg
file in the temporary directory prior to importing keys.  This prevents
gpg2 from creating a pubring.kbx file in the new keybox format [1].  We
want to stay with the older keyring format since its performances issues
are not relevant here.

[1] https://gnupg.org/faq/whats-new-in-2.1.html#keybox
---
 src/libostree/ostree-repo.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index baeb60be..f0ace791 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -1308,7 +1308,26 @@ ostree_repo_remote_gpg_import (OstreeRepo         *self,
           goto out;
         }
     }
-  else if (errno != ENOENT)
+  else if (errno == ENOENT)
+    {
+      glnx_fd_close int fd = -1;
+
+      /* Create an empty pubring.gpg file prior to importing keys.  This
+       * prevents gpg2 from creating a pubring.kbx file in the new keybox
+       * format [1].  We want to stay with the older keyring format since
+       * its performance issues are not relevant here.
+       *
+       * [1] https://gnupg.org/faq/whats-new-in-2.1.html#keybox
+       */
+      fd = openat (target_temp_fd, "pubring.gpg",
+                   O_WRONLY | O_CREAT | O_CLOEXEC | O_NOCTTY, 0644);
+      if (fd == -1)
+        {
+          glnx_set_prefix_error_from_errno (error, "%s", "Unable to create pubring.gpg");
+          goto out;
+        }
+    }
+  else
     {
       glnx_set_prefix_error_from_errno (error, "%s", "Unable to copy remote's keyring");
       goto out;