[arch-releng] [PATCH] Initialize pacman keyring on bootup

Pierre Schmitz pierre at archlinux.de
Sun Jun 24 18:29:55 EDT 2012

Am 25.06.2012 00:12, schrieb Gerardo Exequiel Pozzi:
> On 06/24/2012 06:24 PM, Pierre Schmitz wrote:
>>> * Initialize pacman keyring on bootup
>>> what about leaving pacman-key --init to the user or install script
>>> instead of doing things automatically?
>> What is the downside of doing it automatically here? Everybody will
>> have to do it manually otherwise. You wont only need this to install a
>> system but also to use pacman within your live environment.
>> Greetings,
>> Pierre
> Just to keep, the live-enviroment to the most default possible.
> I am more fan to setup pacman keyring at build time rather than at
> runtime, or there are any downside?

The downside is that you cannot. It is very important that everybody
has its own secret key and that it stays secret. If we ship a private
key, everybody would be able to sign any package with it and pacman
would accept this.

So we really need to create the key pair at runtime. And as everybody
has to do it in order to use pacman (with signature verification
enabled) we might as well script it.

I am not sure I get the statement about "default". By default pacman
ships no keyring and asks you to create it right after installing. By
automating this step the result wont be different.



Pierre Schmitz, https://pierre-schmitz.com

More information about the arch-releng mailing list