[pacman-dev] [PATCH 1/5] pacman-key: keyring management tool

Guillaume ALAUX guillaume at alaux.net
Mon Sep 20 12:00:56 EDT 2010


On 20 September 2010 14:06, Guillaume ALAUX <guillaume at alaux.net> wrote:
> On 20 September 2010 13:58, Allan McRae <allan at archlinux.org> wrote:
>> Hi,
>>
>> FYI, it is much easier to comment (and separate comments from the patch) if
>> things are posted inline.   Here goes some brief comments in cut paste sort
>> of format...  hopefully you can follow them.
>>
>> Anyway, overall this looks quite good.  Make these small adjustments it is
>> basically good to go.  Even better if you submit as a patch with the
>> necessary autotools changes, but I can handle those if not.
>>
>>
>>> Description
>>> -----------
>>> The script *pacman-key* manage *pacman*'s keyring, ie the keyring of GnuPG
>>> keys used to sign packages.
>>> It enables to import, export and fetch keys from keyservers as well as
>>> update the key trust database.
>>
>> Hmm...  how about something like:
>>
>> The script *pacman-key* manage *pacman*'s keyring, which is the collection
>> of GnuPG keys used to check signed packages.
>> It provides the ability to import and export keys, fetch keys from
>> keyservers and update the key trust database.
>>
>>
>>> *\--config* 'file'::
>>>       Set an alternative configuration file to use (default is
>>> /etc/pacman.conf)
>>
>> you should use {sysconfdir}/pacman.conf instead so we can adjust this based
>> on the configure output.
>>
>>
>>> *-l*, *\--list*::
>>>       List keys and signatures in pacman's keyring. Same as option
>>> \--list-sigs of GnuPG. See GnuPG's man pages for flag significations
>>
>> Equivalent to --list-sigs from GnuPG.  (?)
>>
>>
>>> *-u*, *\--updatedb*::
>>>       Update the trustdb of pacman. Same as option \--check-trustdb of
>>> GnuPG.
>>
>> Equivalent to \--check-trustdb in GnuPG
>>
>>
>> Allan
>
> Hello,
>
>> it is much easier to comment if things are posted inline
> OK I hadn't think about it !
>
>> Make these small adjustments it is basically good to go
> They also look OK to me, I will change that.
>
>> Even better if you submit as a patch with the necessary autotools changes
> Will try to :)
>
> --
> Guillaume
>

OK, how about that?

=== PATCH ===
diff --git a/doc/.gitignore b/doc/.gitignore
index f047aaa..aebf7a0 100644
--- a/doc/.gitignore
+++ b/doc/.gitignore
@@ -3,6 +3,7 @@ libalpm.3
 makepkg.8
 makepkg.conf.5
 pacman.8
+pacman-key.8
 pacman.conf.5
 repo-add.8
 repo-remove.8
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 2e656f6..5c84234 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -7,6 +7,7 @@ ASCIIDOC_MANS = \
 	pacman.8 \
 	makepkg.8 \
 	repo-add.8 \
+	pacman-key.8 \
 	PKGBUILD.5 \
 	makepkg.conf.5 \
 	pacman.conf.5 \
@@ -18,6 +19,7 @@ HTML_MANPAGES = \
 	pacman.8.html \
 	makepkg.8.html \
 	repo-add.8.html \
+	pacman-key.8.html \
 	PKGBUILD.5.html \
 	makepkg.conf.5.html \
 	pacman.conf.5.html \
@@ -38,6 +40,7 @@ EXTRA_DIST = \
 	pacman.8.txt \
 	makepkg.8.txt \
 	repo-add.8.txt \
+	pacman-key.8.txt \
 	PKGBUILD.5.txt \
 	PKGBUILD-example.txt \
 	makepkg.conf.5.txt \
@@ -128,6 +131,7 @@ $(HTML_OTHER): asciidoc.conf
 pacman.8 pacman.8.html: pacman.8.txt
 makepkg.8 makepkg.8.html: makepkg.8.txt
 repo-add.8 repo-add.8.html: repo-add.8.txt
+pacman-key.8 pacman-key.8.html: pacman-key.8.txt
 PKGBUILD.5 PKGBUILD.5.html: PKGBUILD.5.txt PKGBUILD-example.txt
 makepkg.conf.5 makepkg.conf.5.html: makepkg.conf.5.txt
 pacman.conf.5 pacman.conf.5.html: pacman.conf.5.txt
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
new file mode 100644
index 0000000..6b70f80
--- /dev/null
+++ b/doc/pacman-key.8.txt
@@ -0,0 +1,76 @@
+/////
+vim:set ts=4 sw=4 syntax=asciidoc noet:
+/////
+pacman-key(8)
+=============
+
+
+Name
+----
+pacman-key - manage pacman's list of trusted keys
+
+
+Synopsis
+--------
+*pacman-key* [options] *command* ['arguments']
+
+
+Description
+-----------
+The script *pacman-key* manage *pacman*'s keyring, which is the
collection of GnuPG keys used to check signed packages.
+It provides the ability to import and export keys, fetch keys from
keyservers and update the key trust database.
+
+
+Options
+-------
+*\--config* 'file'::
+	Set an alternative configuration file to use (default is
{sysconfdir}/pacman.conf)
+
+*\--gpgdir* 'directory'::
+	Set an alternative home directory for GnuPG (default is set in
{sysconfdir}/pacman.conf)
+
+
+Commands
+-------
+*-a*, *\--add* 'file ...'::
+	Add the key(s) contained in 'file'(s) to pacman's keyring. If a key
already exists, update it.
+
+*\--adv* 'param ...'::
+	Use this option to issue particular GnuPG actions to pacman's
keyring. This option should be used with care as it can modify
pacman's trust in packages' signatures.
+
+*-d*, *\--del* 'keyid ...'::
+	Remove the key(s) identified by 'keyid'(s) from pacman's keyring
+
+*-e*, *\--export* ['keyid ...']::
+	Export key(s) identified by 'keyid'(s) to STDOUT or all keys if no
'keyid' is specified
+
+*-f*, *\--finger* ['keyid ...']::
+	List fingerprint(s) for specified 'keyid'(s) or for all if none is specified
+
+*\--help*::
+	Displays this message
+
+*-l*, *\--list*::
+	Equivalent to --list-sigs from GnuPG
+
+*-r*, *\--receive* 'keyserver' 'keyid ...'::
+	Fetch the 'keyid'(s) from the specified 'keyserver' URL
+
+*\--reload*::
+	Reloads the keys from the keyring package
+
+*-t*, *\--trust* 'keyid'::
+	Set the trust level of the given key
+
+*-u*, *\--updatedb*::
+	Equivalent to \--check-trustdb in GnuPG
+
+*-v*, *\--version*::
+	Displays the current version
+
+
+See Also
+--------
+linkman:pacman.conf[5]
+
+include::footer.txt[]


More information about the pacman-dev mailing list