From 720cc2886ba558b3639e020e2fde2ec51e6ae3d1 Mon Sep 17 00:00:00 2001
From: redshiftzero <jen@freedom.press>
Date: Tue, 5 Feb 2019 18:11:49 -0800
Subject: [PATCH 1/2] securedrop-app-code postinst: migrate keyring

(cherry picked from commit 261468ad0e9186e950d0edf2a765f1ac896a820a)
---
 install_files/securedrop-app-code/debian/postinst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/install_files/securedrop-app-code/debian/postinst b/install_files/securedrop-app-code/debian/postinst
index bab2330891..ddc76bd8ca 100644
--- a/install_files/securedrop-app-code/debian/postinst
+++ b/install_files/securedrop-app-code/debian/postinst
@@ -116,6 +116,12 @@ case "$1" in
         echo allow-loopback-pinentry > /var/lib/securedrop/keys/gpg-agent.conf
     fi
 
+    # Migrate private keyring to gpg2.1 if needed
+    if [ ! -d "/var/lib/securedrop/keys/private-keys-v1.d" ]; then
+        # Then we should migrate the keyring
+        gpg2 --homedir=/var/lib/securedrop/keys --import < /var/lib/securedrop/keys/secring.gpg
+    fi
+
     chown -R www-data:www-data /var/lib/securedrop /var/www/securedrop
 
     pip install --no-index --find-links=/var/securedrop/wheelhouse --upgrade \

From af11157f6fb8553014eaf39350bf4a7a57e84fe8 Mon Sep 17 00:00:00 2001
From: Kushal Das <mail@kushaldas.in>
Date: Mon, 18 Feb 2019 18:16:12 +0530
Subject: [PATCH 2/2] Fixes #4108 no import_ok error for importing gpg

--batch flag helps to import the gpg keys into gpg2 format
without having the passphrase.

(cherry picked from commit 71ac0eb8e393b1ac8fd2a299fd5a5dd433e8ac04)
---
 install_files/securedrop-app-code/debian/postinst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install_files/securedrop-app-code/debian/postinst b/install_files/securedrop-app-code/debian/postinst
index ddc76bd8ca..b37a2a972a 100644
--- a/install_files/securedrop-app-code/debian/postinst
+++ b/install_files/securedrop-app-code/debian/postinst
@@ -119,7 +119,7 @@ case "$1" in
     # Migrate private keyring to gpg2.1 if needed
     if [ ! -d "/var/lib/securedrop/keys/private-keys-v1.d" ]; then
         # Then we should migrate the keyring
-        gpg2 --homedir=/var/lib/securedrop/keys --import < /var/lib/securedrop/keys/secring.gpg
+        gpg2 --homedir=/var/lib/securedrop/keys --batch --import < /var/lib/securedrop/keys/secring.gpg
     fi
 
     chown -R www-data:www-data /var/lib/securedrop /var/www/securedrop