[pacman-dev] [PATCH] pacman-key: rework importing distro/repo provided keyrings

Allan McRae allan at archlinux.org
Mon Aug 15 09:13:38 EDT 2011

On 15/08/11 23:10, Allan McRae wrote:
> The current --reload option, apart from being non-clear in its naming,
> is very limited in that only one keyring can be provided.  A distribution
> may want to provide multiple keyrings for various subsets of its
> organisation or custom repo providers may also want to provide a keyring.
> This patch adds a --populate option that reads keyrings from (by default)
> /usr/share/pacman/keyrings.  A keyring is named foo.gpg, with optional
> foo-revoked file providing a list of revoked key ids.  These files are
> required to be signed (detached) by a key trusted by pacman-key, in
> practise probably by the key that signed the package providing these
> files. The --populate flag either updates the pacman keyring using all
> keyrings in the directory or individual keyrings can be specified.
> Signed-off-by: Allan McRae<allan at archlinux.org>

As an example of this in action:

 > sudo ./scripts/pacman-key --populate
==> Verifying keyring file signatures...
==> Appending keys from allanbrokeit.gpg...
gpg: key EAE999BD: "Allan McRae <me at allanmcrae.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
==> Removing revoked keys from keyring...
   removing key 5C2E46A0F53A76ED - Dan McGee <dpmcgee at gmail.com>
==> Updating trust database...
gpg: no need for a trustdb check


More information about the pacman-dev mailing list