* Properly decrypt the InRelease file when downloading from an archive

  where InRelease is used. This longstanding bug was masked by former
  APT behaviour and was revealed only with recent APT versions
  Closes: #703146
  Thanks to Michael Vogt for the analysis and patch

2 files changed, 13 insertions, 1 deletions

diff --git a/debian/changelog b/debian/changelog
index 6003126..ce81354 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+debootstrap (1.0.47) UNRELEASED; urgency=low
+
+  * Team upload
+  * Properly decrypt the InRelease file when downloading from an archive
+    where InRelease is used. This longstanding bug was masked by former
+    APT behaviour and was revealed only with recent APT versions
+    Closes: #703146
+    Thanks to Michael Vogt for the analysis and patch
+
+ -- Christian Perrier <bubulle@debian.org>  Wed, 20 Mar 2013 21:21:47 +0100
+
 debootstrap (1.0.46) unstable; urgency=low
 
   * Team upload.
diff --git a/functions b/functions
index c1e938e..1dc0f87 100644
--- a/functions
+++ b/functions
@@ -530,7 +530,8 @@ download_release_sig () {
 		warning KEYRING "Cannot check Release signature; keyring file not available %s" "$KEYRING_WANTED"
 	fi
 	if [ "$release_file_variant" = "IN" ]; then
-		mv "$relsigdest" "$reldest"
+		rm -f $reldest
+                gpg --output "$reldest" --decrypt --keyring "$KEYRING" --ignore-time-conflict "$relsigdest"
 	fi
 }