[pacman-dev] [PATCH] pacman-key: Add --import and --import-trustdb

Allan McRae allan at archlinux.org
Sat Jul 9 08:37:51 EDT 2011 

On 10/06/11 16:38, Pang Yan Han wrote:
> Currently, pacman-key allows users to import their keys using the --add option
> but no similar functionality exists for importing ownertrust values.
>
> The --import-trustdb option takes in a list of directories and imports
> ownertrust values if the directories have a trustdb.gpg database.
>
> The --import is a combination of --add and --import-trustdb. It takes in a list
> of directories and imports keys from pubring.gpg, ownertrust values from
> trustdb.gpg if any of these files exist.
>
> Signed-off-by: Pang Yan Han<pangyanhan at gmail.com>
> ---
> NOTE: There is this very strange bug such that when new keys are added,
> previously imported keys will fail for signature verification. This happens with
> both --add and --import.
>
> Eg. Say you want to import trustdb.gpg and pubring.gpg from directories "first",
> "second" and "third", you'd have to:
>
> # pacman-key --import first second third
> # pacman-key --import first second third


I have not gone through your patch in detail yet, but I do not see this 
issue you report when using the --add option:

allan at mugen /home/arch/code/pacman (working)
 > ./scripts/pacman-key --verify 
/home/allan/web/allanbrokeit/i686/allanbrokeit.db.sig
gpg: Signature made Tue 05 Jul 2011 15:22:42 EST using RSA key ID EAE999BD
gpg: NOTE: trustdb not writable
gpg: Good signature from "Allan McRae <me at allanmcrae.com>"
gpg:                 aka "Allan McRae (Developer) <allan at archlinux.org>"

allan at mugen /home/arch/code/pacman (working)
 > sudo ./scripts/pacman-key --add /home/allan/dan.gpg
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

allan at mugen /home/arch/code/pacman (working)
 > ./scripts/pacman-key --verify 
/home/allan/web/allanbrokeit/i686/allanbrokeit.db.sig
gpg: Signature made Tue 05 Jul 2011 15:22:42 EST using RSA key ID EAE999BD
gpg: NOTE: trustdb not writable
gpg: Good signature from "Allan McRae <me at allanmcrae.com>"
gpg:                 aka "Allan McRae (Developer) <allan at archlinux.org>"


So the signature verification still works after adding a key with --add. 
  There are two possibilities here...  1) this is fixed due to the large 
number of changes on my working branch, or 2) there is something wrong 
with the --import stuff...

Can you give more details on this issue so I can follow it up and get 
this patch merged.

Cheers,
Allan

More information about the pacman-dev mailing list