On 15/08/11 23:10, Allan McRae wrote:
The current --reload option, apart from being non-clear in its naming, is very limited in that only one keyring can be provided. A distribution may want to provide multiple keyrings for various subsets of its organisation or custom repo providers may also want to provide a keyring.
This patch adds a --populate option that reads keyrings from (by default) /usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional foo-revoked file providing a list of revoked key ids. These files are required to be signed (detached) by a key trusted by pacman-key, in practise probably by the key that signed the package providing these files. The --populate flag either updates the pacman keyring using all keyrings in the directory or individual keyrings can be specified.
Signed-off-by: Allan McRae<allan@archlinux.org>
As an example of this in action:
sudo ./scripts/pacman-key --populate ==> Verifying keyring file signatures... ==> Appending keys from allanbrokeit.gpg... gpg: key EAE999BD: "Allan McRae <me@allanmcrae.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 ==> Removing revoked keys from keyring... removing key 5C2E46A0F53A76ED - Dan McGee <dpmcgee@gmail.com> ==> Updating trust database... gpg: no need for a trustdb check
Allan