From dc1b677799bd6d827e6e371ea8d65fbeb78019b8 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 16 Jul 2024 18:33:56 -0300
Subject: Fix: trashman: tor: ensure seamless deb.torproject.org-keyring
 upgrades

---
 .../files/etc/apt/trusted.gpg.d/torproject.org.gpg | Bin 37730 -> 0 bytes
 .../share/keyrings/deb.torproject.org-keyring.gpg  | Bin 0 -> 38678 bytes
 share/trashman/tor/unix/linux/debian/install       |  28 +++++++++++++++------
 3 files changed, 20 insertions(+), 8 deletions(-)
 delete mode 100644 share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg
 create mode 100644 share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg

diff --git a/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg b/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg
deleted file mode 100644
index 7614b20..0000000
Binary files a/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg and /dev/null differ
diff --git a/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg b/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg
new file mode 100644
index 0000000..738ef5d
Binary files /dev/null and b/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg differ
diff --git a/share/trashman/tor/unix/linux/debian/install b/share/trashman/tor/unix/linux/debian/install
index 6676c8d..5b70819 100755
--- a/share/trashman/tor/unix/linux/debian/install
+++ b/share/trashman/tor/unix/linux/debian/install
@@ -7,6 +7,7 @@
 SHARE="$1"
 LIB="$2"
 REQUIREMENTS="apt-transport-https wget gnupg"
+KEYRING="/usr/share/keyrings/deb.torproject.org-keyring.gpg"
 
 # Include basic functions
 . $LIB/trashman/functions || exit 1
@@ -19,16 +20,27 @@ trashman_apt_install $REQUIREMENTS
 DISTRIBUTION="`trashman_debian_major_version_name`"
 
 cat <<-EOF > /etc/apt/sources.list.d/tor.list
-   deb     [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org $DISTRIBUTION main
-   deb-src [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org $DISTRIBUTION main
+   deb     [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org $DISTRIBUTION main
+   deb-src [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org $DISTRIBUTION main
 EOF
 
-# Remove key from old location
+# Remove key from old locations
 rm -f /usr/share/keyrings/tor-archive-keyring.gpg
-
-#wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
-cp $SHARE/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg /etc/apt/trusted.gpg.d/
-
-apt update && apt install -y tor deb.torproject.org-keyring
+rm -f /etc/apt/trusted.gpg.d/ /etc/apt/trusted.gpg.d/torproject.org.gpg
+
+# Install temporary keyring
+# Details at https://support.torproject.org/apt/tor-deb-repo/
+#wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | \
+#  gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg > /dev/null
+if [ ! -e "${KEYRING}" ]; then
+  cp $SHARE/tor/unix/linux/debian/files/${KEYRING} ${KEYRING}
+fi
+
+# Now that we have the config and the keyring, leave it to be managed by
+# deb.torproject.org-keyring package.
+#
+# Do an upgrade first to make sure we have the latest keyring package
+# installed if that's not the first time this script is running.
+apt update && apt upgrade -y && apt install -y tor deb.torproject.org-keyring
 
 #rm -rf /var/lib/apt/lists/*
-- 
cgit v1.2.3