Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
flatcar-install: Remove unnecessary --trusted-key gpg option
Using a custom key was recently broken by a GnuPG update. The Flatcar key is not imported when a custom key is given, but we still reference the Flatcar key with --trusted-key regardless, causing gpg to attempt to download the key from a keyserver. This fails because we no longer ship the necessary dirmngr binary, which is now only built when GnuPG has GnuTLS support enabled. Enabling GnuTLS support works around the problem, but it is not the proper fix. --trusted-key causes gpg to trust the given key, even though there is no secret key present. This is unnecessary, as the key would be trusted anyway, albeit with a warning. Using --assert-signer would be safer, as this ensures the file was signed specifically by the given key rather than some other key you happen to have in your keyring. It is not present in older GnuPG versions that we need to support though, and flatcar-install creates a temporary home for gpg, so no other keys would be present anyway. Closes: flatcar/Flatcar#1471 Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
- Loading branch information