Re: [pacman-dev] [PATCH 1/5] pacman-key: keyring management tool
OK so hopefully this one will work nicely... === PATCH === diff --git a/doc/.gitignore b/doc/.gitignore index f047aaa..aebf7a0 100644 --- a/doc/.gitignore +++ b/doc/.gitignore @@ -3,6 +3,7 @@ libalpm.3 makepkg.8 makepkg.conf.5 pacman.8 +pacman-key.8 pacman.conf.5 repo-add.8 repo-remove.8 diff --git a/doc/Makefile.am b/doc/Makefile.am index 2e656f6..5c84234 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -7,6 +7,7 @@ ASCIIDOC_MANS = \ pacman.8 \ makepkg.8 \ repo-add.8 \ + pacman-key.8 \ PKGBUILD.5 \ makepkg.conf.5 \ pacman.conf.5 \ @@ -18,6 +19,7 @@ HTML_MANPAGES = \ pacman.8.html \ makepkg.8.html \ repo-add.8.html \ + pacman-key.8.html \ PKGBUILD.5.html \ makepkg.conf.5.html \ pacman.conf.5.html \ @@ -38,6 +40,7 @@ EXTRA_DIST = \ pacman.8.txt \ makepkg.8.txt \ repo-add.8.txt \ + pacman-key.8.txt \ PKGBUILD.5.txt \ PKGBUILD-example.txt \ makepkg.conf.5.txt \ @@ -128,6 +131,7 @@ $(HTML_OTHER): asciidoc.conf pacman.8 pacman.8.html: pacman.8.txt makepkg.8 makepkg.8.html: makepkg.8.txt repo-add.8 repo-add.8.html: repo-add.8.txt +pacman-key.8 pacman-key.8.html: pacman-key.8.txt PKGBUILD.5 PKGBUILD.5.html: PKGBUILD.5.txt PKGBUILD-example.txt makepkg.conf.5 makepkg.conf.5.html: makepkg.conf.5.txt pacman.conf.5 pacman.conf.5.html: pacman.conf.5.txt diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt new file mode 100644 index 0000000..6b70f80 --- /dev/null +++ b/doc/pacman-key.8.txt @@ -0,0 +1,76 @@ +///// +vim:set ts=4 sw=4 syntax=asciidoc noet: +///// +pacman-key(8) +============= + + +Name +---- +pacman-key - manage pacman's list of trusted keys + + +Synopsis +-------- +*pacman-key* [options] *command* ['arguments'] + + +Description +----------- +The script *pacman-key* manage *pacman*'s keyring, which is the collection of GnuPG keys used to check signed packages. +It provides the ability to import and export keys, fetch keys from keyservers and update the key trust database. + + +Options +------- +*\--config* 'file':: + Set an alternative configuration file to use (default is {sysconfdir}/pacman.conf) + +*\--gpgdir* 'directory':: + Set an alternative home directory for GnuPG (default is set in {sysconfdir}/pacman.conf) + + +Commands +------- +*-a*, *\--add* 'file ...':: + Add the key(s) contained in 'file'(s) to pacman's keyring. If a key already exists, update it. + +*\--adv* 'param ...':: + Use this option to issue particular GnuPG actions to pacman's keyring. This option should be used with care as it can modify pacman's trust in packages' signatures. + +*-d*, *\--del* 'keyid ...':: + Remove the key(s) identified by 'keyid'(s) from pacman's keyring + +*-e*, *\--export* ['keyid ...']:: + Export key(s) identified by 'keyid'(s) to STDOUT or all keys if no 'keyid' is specified + +*-f*, *\--finger* ['keyid ...']:: + List fingerprint(s) for specified 'keyid'(s) or for all if none is specified + +*\--help*:: + Displays this message + +*-l*, *\--list*:: + Equivalent to --list-sigs from GnuPG + +*-r*, *\--receive* 'keyserver' 'keyid ...':: + Fetch the 'keyid'(s) from the specified 'keyserver' URL + +*\--reload*:: + Reloads the keys from the keyring package + +*-t*, *\--trust* 'keyid':: + Set the trust level of the given key + +*-u*, *\--updatedb*:: + Equivalent to \--check-trustdb in GnuPG + +*-v*, *\--version*:: + Displays the current version + + +See Also +-------- +linkman:pacman.conf[5] + +include::footer.txt[]
On Mon, Sep 20, 2010 at 3:10 PM, <guillaume@alaux.net> wrote:
OK so hopefully this one will work nicely...
Yes, it is very good. I just would like to extend some parts, which go below:
=== PATCH === +*-a*, *\--add* 'file ...':: + Add the key(s) contained in 'file'(s) to pacman's keyring. If a key already exists, update it.
I'm trying to make the script work with standard input, as gpg does. But I'm having some trouble with parameter expansion when a file name has spaces. I'll check the man page for bash, I remember there's something about that.
+*\--help*:: + Displays this message
It wouldn't be exactly _this_ message :) Maybe the text could be: "Display short usage instructions" or something like that.
+*-r*, *\--receive* 'keyserver' 'keyid ...':: + Fetch the 'keyid'(s) from the specified 'keyserver' URL
This operation will import also signatures that the keyid may have on the keyserver. For examplo: if you have my public key and Allan signs it in a public key server, if you receive my key with that command, you'll get also the signature from Allan, saying that he trusts my key. So, if you trust Allan's key, maybe my key will be also trusted. It will depend on the minimum number of marginal or fully trusted signatures are needed to transfer trust. Don't know if it is important to add that to the text.
+*-t*, *\--trust* 'keyid':: + Set the trust level of the given key
That operation will call gpg in interactive mode. After entering that mode, the user must do the following: 1. Check if the fingerprint shown is really the one he is trying to trust. This is paramount for the correct working of gpg 2. Type 'trust' and press enter to start the trusting process 3. Choose the level of trust: 3.1. Marginal: this means that you trust, but not so much. A key marginally trusted will contribute with other marginally trusted keys to transfer trust to new keys. 3.2. Fully: this means that you trust a lot. In the default configuration, this level transfers trust to other keys signed by it without the need of other trusted keys. 3.3. Ultimately: this means the key is as trusted as your own. Keys signed with this key will be trusted also. 4. type 'quit' to get out of the interactive mode
+*-u*, *\--updatedb*:: + Equivalent to \--check-trustdb in GnuPG
We could explain that this operation is not really needed and is executed automatically whenever a new key is added or removed. -- A: Because it obfuscates the reading. Q: Why is top posting so bad? ------------------------------------------- Denis A. Altoe Falqueto -------------------------------------------
participants (2)
-
Denis A. Altoé Falqueto
-
guillaume@alaux.net