On 25/09/2018 02:10, Guilhem Moulin wrote: > Then shouldn't the following be enough, and > save a temporary file? > > `| gpg --no-default-keyring --keyring … --trust-model=always --import`
I thought so but was wrong. Without relocating trustdb.gpg to somewhere else, it will lose all information in there. The only key in the keyring is the imported key, and all other trust info is purged, even though there is trust-model always. This is the user's real homedir... and what I meant when I said I lost my actual trustdb. That was the purpose of TMPTRUST. But since the --import should be fast enough to an empty keyring, it is much more solid to just --import inside the initramfs. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
