import: make the user verficiation keyring override the vendor keyring, instead of extending it

This way the user has the ability to remove keys from the vendor-supplied keyring if he intends so.
2025-01-13 17:18:18 +03:00 · 2015-01-22 17:07:27 +01:00 · 2015-01-22 17:07:27 +01:00 · 1c49d1ba85
commit 1c49d1ba85
parent 8dbce34b03
1 changed files with 3 additions and 2 deletions
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@ -358,8 +358,7 @@ int import_verify(
                        "--no-auto-check-trustdb",
                        "--batch",
                        "--trust-model=always",
-                        "--keyring=" VENDOR_KEYRING_PATH,
-                        NULL, /* maybe user keyring */
+                        NULL, /* keyring to use */
                        NULL, /* --verify */
                        NULL, /* signature file */
                        NULL, /* dash */
@ -403,6 +402,8 @@ int import_verify(
                 * otherwise. */
                if (access(USER_KEYRING_PATH, F_OK) >= 0)
                        cmd[k++] = "--keyring=" USER_KEYRING_PATH;
+                else
+                        cmd[k++] = "--keyring=" VENDOR_KEYRING_PATH;

                cmd[k++] = "--verify";
                cmd[k++] = sig_file_path;