#
#
# patch "key_store.cc"
#  from [827e5ba6ba025c78b758a1a3ae2f0c83e2913bc3]
#    to [330ba136f19b8be47f607d517d31aaf0a5df1e5f]
# 
# patch "lua_hooks.cc"
#  from [d990e4052989486949d5113205ce95baaf479afb]
#    to [d60281c8953a4ef464a9c8f351b908717298d989]
# 
# patch "tests/read_and_convert_old_privkey_packet/__driver__.lua"
#  from [e5916e38ae5227feb76d9a8814e2ec104a5d263f]
#    to [d2ec722892057e350f0062f31baa306761776956]
#
============================================================
--- key_store.cc	827e5ba6ba025c78b758a1a3ae2f0c83e2913bc3
+++ key_store.cc	330ba136f19b8be47f607d517d31aaf0a5df1e5f
@@ -97,6 +97,7 @@ struct key_store_state
 
   // internal methods
   void get_key_file(key_id const & ident, system_path & file);
+  void get_old_key_file(key_name const & name, system_path & file);
   void write_key(full_key_info const & info);
   void maybe_read_key_dir();
   shared_ptr<RSA_PrivateKey> decrypt_private_key(key_id const & id,
@@ -329,6 +330,21 @@ void
 }
 
 void
+key_store_state::get_old_key_file(key_name const & name,
+                                  system_path & file)
+{
+  // filename is the keypair id, except that some characters can't be put in
+  // filenames (especially on windows).
+  string leaf = name();
+  for (unsigned int i = 0; i < leaf.size(); ++i)
+    if (leaf.at(i) == '+')
+      leaf.at(i) = '_';
+
+  file = key_dir / path_component(leaf, origin::internal);
+
+}
+
+void
 key_store_state::write_key(full_key_info const & info)
 {
   ostringstream oss;
@@ -343,6 +359,11 @@ key_store_state::write_key(full_key_info
   L(FL("writing key '%s' to file '%s' in dir '%s'")
     % info.first % file % key_dir);
   write_data_userprivate(file, dat, key_dir);
+
+  system_path old_file;
+  get_old_key_file(info.second.first, old_file);
+  if (file_exists(old_file))
+    delete_file(old_file);
 }
 
 bool
============================================================
--- lua_hooks.cc	d990e4052989486949d5113205ce95baaf479afb
+++ lua_hooks.cc	d60281c8953a4ef464a9c8f351b908717298d989
@@ -326,10 +326,15 @@ lua_hooks::hook_get_branch_key(branch_na
     .extract_str(key)
     .ok();
 
-  key_identity_info identity;
-  project.get_key_identity(keys, *this, arg_type(key, origin::user), identity);
-  k = identity.id;
-  return ok;
+  if (!ok || key.empty())
+    return false;
+  else
+    {
+      key_identity_info identity;
+      project.get_key_identity(keys, *this, arg_type(key, origin::user), identity);
+      k = identity.id;
+      return true;
+    }
 }
 
 bool
@@ -685,14 +690,15 @@ lua_hooks::hook_get_netsync_key(utf8 con
     .extract_str(name)
     .ok();
 
-  if (!exec_ok)
-    name = "";
-
-  key_identity_info identity;
-  project.get_key_identity(keys, *this, arg_type(name, origin::user), identity);
-  k = identity.id;
-
-  return exec_ok;
+  if (!exec_ok || name.empty())
+    return false;
+  else
+    {
+      key_identity_info identity;
+      project.get_key_identity(keys, *this, arg_type(name, origin::user), identity);
+      k = identity.id;
+      return true;
+    }
 }
 
 static void
============================================================
--- tests/read_and_convert_old_privkey_packet/__driver__.lua	e5916e38ae5227feb76d9a8814e2ec104a5d263f
+++ tests/read_and_convert_old_privkey_packet/__driver__.lua	d2ec722892057e350f0062f31baa306761776956
@@ -7,23 +7,29 @@ check(qgrep("read 1 packet", "stderr"))
 check(get("old_privkey", "pkt"))
 check(mtn("read", "pkt"), 0, false, true)
 check(qgrep("read 1 packet", "stderr"))
-check(qgrep("keypair", "keys/address@hidden"))
-check(not qgrep("privkey", "keys/address@hidden"))
 
+
 check(mtn("ls", "keys"), 0, true)
-check(qgrep("address@hidden", "stdout"))
+check(grep(" address@hidden", "stdout"), 0, true)
+line = readfile("stdout")
+keyid = string.sub(line, 0, 40)
 
+check(qgrep("keypair", "keys/" .. keyid))
+check(not qgrep("privkey", "keys/" .. keyid))
+
 addfile("foo", "foo")
 
 -- if we put the old privkey in the keydir, it should get
 -- auto-converted the first time anything tries to read it
 
+check(remove("keys/" .. keyid))
 check(get("old_privkey", "keys/address@hidden"))
 check(mtn("ls", "keys"), 0, true, true, "address@hidden")
 check(qgrep("address@hidden", "stdout"))
 check(qgrep("converting old-format", "stderr"))
-check(qgrep("keypair", "keys/address@hidden"))
-check(not qgrep("privkey", "keys/address@hidden"))
+check(not exists("keys/address@hidden"))
+check(qgrep("keypair", "keys/" .. keyid))
+check(not qgrep("privkey", "keys/" .. keyid))
 
 
 -- check that we can use the converted key to commit with
@@ -42,5 +48,5 @@ check(mtn("ls", "certs", "h:foo"), 0, tr
 
 -- 3) that should have actually signed the certs with that key
 check(mtn("ls", "certs", "h:foo"), 0, true, false)
-check(qgrep("Key *: address@hidden", "stdout"))
-check(not qgrep("Key *: address@hidden", "stdout"))
+check(qgrep("Key *:address@hidden", "stdout"))
+check(not qgrep("Key *:address@hidden", "stdout"))