[arch-releng] [PATCH] Initialize pacman keyring on bootup

[Gerardo Exequiel Pozzi]

On 06/24/2012 07:29 PM, Pierre Schmitz wrote:
> Am 25.06.2012 00:12, schrieb Gerardo Exequiel Pozzi:
>> On 06/24/2012 06:24 PM, Pierre Schmitz wrote:
>>>> * Initialize pacman keyring on bootup
>>>> what about leaving pacman-key --init to the user or install script
>>>> instead of doing things automatically?
>>> What is the downside of doing it automatically here? Everybody will
>>> have to do it manually otherwise. You wont only need this to install a
>>> system but also to use pacman within your live environment.
>>>
>>> Greetings,
>>>
>>> Pierre
>>>
>> Just to keep, the live-enviroment to the most default possible.
>> I am more fan to setup pacman keyring at build time rather than at
>> runtime, or there are any downside?
> The downside is that you cannot. It is very important that everybody
> has its own secret key and that it stays secret. If we ship a private
> key, everybody would be able to sign any package with it and pacman
> would accept this.
>
> So we really need to create the key pair at runtime. And as everybody
> has to do it in order to use pacman (with signature verification
> enabled) we might as well script it.
OK. Thanks for your explanation :)

Maybe in a future, this "rc.d/pacman-init", can be part of the pacman pkg.
>
> I am not sure I get the statement about "default". By default pacman
> ships no keyring and asks you to create it right after installing. By
> automating this step the result wont be different.
>
> Greetings,
>
> Pierre
>


-- 
Gerardo Exequiel Pozzi
\cos^2\alpha + \sin^2\alpha = 1