#!/bin/sh

set -e

if [ "$1" = 'upgrade' -a -n "$2" ]; then
	# remove keys from the trusted.gpg file as they are now shipped in fragment files in trusted.gpg.d
	if dpkg --compare-versions "$2" 'gt' "2016.09.19" && which gpg > /dev/null && which apt-key > /dev/null; then
		TRUSTEDFILE='/etc/apt/trusted.gpg'
		eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring)
		eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f)
		if [ -e "$TRUSTEDFILE" ]; then
			for KEY in 871920D1991BC93C; do
				apt-key --keyring "$TRUSTEDFILE" del $KEY > /dev/null 2>&1 || :
			done
		fi
	fi
fi
