[pacman-dev] [PATCH] (newgpg) Let pacman specify GnuPG's home directory.

Chris Brannon cmbrannon at cox.net
Thu Dec 18 08:36:06 EST 2008


Gerhard Brauer <gerbra at archlinux.de> writes:

> a) The Keyring= Option indicates pacman if the signing framework should
> be used
>
> b) This var signals pacman where to find the public keyring for this
> repo. AND we could have different keyrings for repos.
> Ex.: the TU (if community packages get signed) fluctuation is IMHO
> bigger than on the Developers side. So keyring updates are more often
> necassary on community/TU side. And myself find it better to have the
> TUs signatures/trustlevel not in the same keyring like developers
> (core,extra) keyring for package signing.
>
> c) With this var a extern repo (ex. the france yaourt repo) could
> offers also signed packages - and a properly public keyring.

If I understand gpgme correctly, you can't just tell it to use a public
keyring from a given file.  This applies to the gpg binary as well.
GnuPG's paradigm is one of home directories.  You specify a GnuPG home
directory, such as ~/.gnupg or /etc/pacman.d/gnupg, and it looks for
pubring.gpg and other necessary files in that place.

One possibility is to allow overriding of GPGDir on a per-repo basis.

Regards,
-- Chris


More information about the pacman-dev mailing list