[ostree] repo: Prevent GPG keys from being imported to keybox format

[Matthew Barnes <mbarnes src gnome org>]

commit 6a6479c3554876f8a3b6d234ec02b94dbe646ff2
Author: Matthew Barnes <mbarnes redhat com>
Date:   Thu May 14 12:44:36 2015 -0400

    repo: Prevent GPG keys from being imported to keybox format
    
    If a remote keyring does not already exist, create an empty pubring.gpg
    file in the temporary directory prior to importing keys.  This prevents
    gpg2 from creating a pubring.kbx file in the new keybox format [1].  We
    want to stay with the older keyring format since its performances issues
    are not relevant here.
    
    [1] https://gnupg.org/faq/whats-new-in-2.1.html#keybox

 src/libostree/ostree-repo.c |   21 ++++++++++++++++++++-
 1 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index baeb60b..f0ace79 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -1308,7 +1308,26 @@ ostree_repo_remote_gpg_import (OstreeRepo         *self,
           goto out;
         }
     }
-  else if (errno != ENOENT)
+  else if (errno == ENOENT)
+    {
+      glnx_fd_close int fd = -1;
+
+      /* Create an empty pubring.gpg file prior to importing keys.  This
+       * prevents gpg2 from creating a pubring.kbx file in the new keybox
+       * format [1].  We want to stay with the older keyring format since
+       * its performance issues are not relevant here.
+       *
+       * [1] https://gnupg.org/faq/whats-new-in-2.1.html#keybox
+       */
+      fd = openat (target_temp_fd, "pubring.gpg",
+                   O_WRONLY | O_CREAT | O_CLOEXEC | O_NOCTTY, 0644);
+      if (fd == -1)
+        {
+          glnx_set_prefix_error_from_errno (error, "%s", "Unable to create pubring.gpg");
+          goto out;
+        }
+    }
+  else
     {
       glnx_set_prefix_error_from_errno (error, "%s", "Unable to copy remote's keyring");
       goto out;