[arch-general] Pacman-key keyring and my own GPG key
I have just upgraded to pacman 4, and as instructed I executed "pacman-key --init". It generated new GPG key "Pacman Keychain Master Key <pacman@localhost>" and imported it into pacman keyring. The question is: should i replace it with my own private GPG key that I use normally? I understand that it should all work well with the generated one, but since I already have GPG key, then wouldn't it make more sense to use it instead of generated one? If the answer for that question is yes, then is it better to import my GPG key into pacman keyring or instruct pacman to use my regular gnupg keyring at ~/.gnupg ? Maciej
On Tue, 17 Jan 2012 23:20:41 +0100 Maciej Mazur <mamciek@gmail.com> wrote:
I have just upgraded to pacman 4, and as instructed I executed "pacman-key --init". It generated new GPG key "Pacman Keychain Master Key <pacman@localhost>" and imported it into pacman keyring.
The question is: should i replace it with my own private GPG key that I use normally? I understand that it should all work well with the generated one, but since I already have GPG key, then wouldn't it make more sense to use it instead of generated one?
If the answer for that question is yes, then is it better to import my GPG key into pacman keyring or instruct pacman to use my regular gnupg keyring at ~/.gnupg ?
Maciej
No. Pacman keyring is for package verification. It is located in GPGDir = /etc/pacman.d/gnupg/ and contains packagers' public keys. Your sec. key is for your user ONLY. If you make your own packages, sign them and want them to be verified, you should import your PUBLIC key via pacman-key. -- Leonid Isaev GnuPG key ID: 164B5A6D Key fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
On Tue, Jan 17, 2012 at 04:38:31PM -0600, Leonid Isaev wrote:
Pacman keyring is for package verification. It is located in GPGDir = /etc/pacman.d/gnupg/ and contains packagers' public keys. Your sec. key is for your user ONLY. If you make your own packages, sign them and want them to be verified, you should import your PUBLIC key via pacman-key.
Vaguely related question: I noticed that pacman pulls in both gnupg and gnupg2. Why does it need both ? Ciao, -- FA Vor uns liegt ein weites Tal, die Sonne scheint - ein Glitzerstrahl.
On Tue, Jan 17, 2012 at 8:46 PM, Fons Adriaensen <fons@linuxaudio.org> wrote:
On Tue, Jan 17, 2012 at 04:38:31PM -0600, Leonid Isaev wrote:
Pacman keyring is for package verification. It is located in GPGDir = /etc/pacman.d/gnupg/ and contains packagers' public keys. Your sec. key is for your user ONLY. If you make your own packages, sign them and want them to be verified, you should import your PUBLIC key via pacman-key.
Vaguely related question: I noticed that pacman pulls in both gnupg and gnupg2. Why does it need both ?
Pacman uses gpgme, which is compiled against gnupg and gnupg2. I don't know if it would possible to make gnupg2 an optional dependency, though. -- A: Because it obfuscates the reading. Q: Why is top posting so bad? For mor information, please read: http://idallen.com/topposting.html ------------------------------------------- Denis A. Altoe Falqueto Linux user #524555 -------------------------------------------
participants (4)
-
Denis A. Altoé Falqueto
-
Fons Adriaensen
-
Leonid Isaev
-
Maciej Mazur