[arch-releng] [RFC] [PATCH] [configs/releng] Add version of pacman-key that allows unattended keyring initialization

Gerardo Exequiel Pozzi vmlinuz386 at yahoo.com.ar
Wed Jul 18 16:20:31 EDT 2012


This was made originally using directly pacman-key file,
convert it in a patch form, to be more easy to track it.

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386 at yahoo.com.ar>
---
 configs/releng/build.sh                            |  1 +
 .../pacman-key-4.0.3_unattended-keyring-init.patch | 32 ++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch

diff --git a/configs/releng/build.sh b/configs/releng/build.sh
index 9593de9..62709ac 100755
--- a/configs/releng/build.sh
+++ b/configs/releng/build.sh
@@ -146,6 +146,7 @@ make_customize_root_image() {
         mkdir -p ${work_dir}/root-image/etc/pacman.d
         wget -O ${work_dir}/root-image/etc/pacman.d/mirrorlist 'https://www.archlinux.org/mirrorlist/?country=all&protocol=http&use_mirror_status=on'
         sed -i "s/#Server/Server/g" ${work_dir}/root-image/etc/pacman.d/mirrorlist
+        patch ${work_dir}/root-image/usr/bin/pacman-key < ${script_path}/pacman-key-4.0.3_unattended-keyring-init.patch
         sed -i 's/#\(en_US\.UTF-8\)/\1/' ${work_dir}/root-image/etc/locale.gen
         mkarchiso ${verbose} -w "${work_dir}" -C "${pacman_conf}" -D "${install_dir}" \
             -r 'locale-gen' \
diff --git a/configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch b/configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch
new file mode 100644
index 0000000..0a5117f
--- /dev/null
+++ b/configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch
@@ -0,0 +1,32 @@
+Author: Pierre Schmitz <pierre at archlinux.de>
+
+* pacman-key: Use lsign_keys function in --populate
+* pacman-key: reduce verbosity of --populate
+
+--- pacman-key	2012-07-10 18:45:32.000000000 -0300
++++ pacman-key	2012-07-18 16:38:18.264110004 -0300
+@@ -376,7 +376,7 @@
+ 	# Add keys from requested keyrings
+ 	for keyring in "${KEYRINGIDS[@]}"; do
+ 		msg "$(gettext "Appending keys from %s.gpg...")" "$keyring"
+-		"${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
++		"${GPG_PACMAN[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
+ 	done
+ 
+ 	# Read the trusted key IDs to an array. Because this is an ownertrust
+@@ -403,12 +403,13 @@
+ 		msg "$(gettext "Locally signing trusted keys in keyring...")"
+ 		for key_id in "${!trusted_ids[@]}"; do
+ 			msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
+-			"${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}"
++			KEYIDS=("${key_id}")
++			lsign_keys
+ 		done
+ 		msg "$(gettext "Importing owner trust values...")"
+ 		for keyring in "${KEYRINGIDS[@]}"; do
+ 			if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
+-				"${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
++				"${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" 2>/dev/null
+ 			fi
+ 		done
+ 	fi
-- 
1.7.11.2



More information about the arch-releng mailing list