[pacman-dev] [PATCH] Create pacman keyring directory if missing

Allan McRae allan at archlinux.org
Thu Mar 24 21:36:10 EDT 2011


On 25/03/11 11:00, Denis A. Altoé Falqueto wrote:
> On Thu, Mar 24, 2011 at 8:05 PM, Ray Kohler<ataraxia937 at gmail.com>  wrote:
>>
>> Signed-off-by: Ray Kohler<ataraxia937 at gmail.com>
>> ---
>>   scripts/pacman-key.sh.in |    6 ++++++
>>   1 files changed, 6 insertions(+), 0 deletions(-)
>>
>> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
>> index 5746e64..ccc7f92 100644
>> --- a/scripts/pacman-key.sh.in
>> +++ b/scripts/pacman-key.sh.in
>> @@ -246,6 +246,12 @@ if [[ GPGDIR=$(find_config "GPGDir") == 0 ]]; then
>>   fi
>>   GPG_PACMAN="gpg --homedir ${PACMAN_KEYRING_DIR}"
>>
>> +# Try to create $PACMAN_KEYRING_DIR if non-existent
>> +# Check for simple existence rather than for a directory as someone may want
>> +# to use a symlink here
>> +# Force mode 700 as gpg complains if any group or other access is present
>> +[[ -e ${PACMAN_KEYRING_DIR} ]] || mkdir -p -m 700 "${PACMAN_KEYRING_DIR}"
>> +
>>   # Parse and execute command
>>   command="$1"
>>   if [[ -z "${command}" ]]; then
>> --
>> 1.7.4.1
>
> Hi, Ray.
>
> I would like to say that the creation of the directory was originally
> a feature of pacman-key. But Allan suggested to move the
> responsibility to the makefile of pacman, so the keyring would be
> created empty by the build system. It is yet a TODO item, indeed. So,
> it's the distribution duty to package it the way it fits better for
> them.
>
> By the other hand, I was thinking about that while writing this
> message, and I think that you are right. pacman-key should generate an
> empty keyring if there is not one. If we leave to a package, it could
> bet messy if the user tries to reinstall the package or if there is an
> update for it. It would generate unnecessary .pacnew files for each
> one in the keyring. pacman-key already has a feature to add and remove
> keys from keyrings made specifically for that purpose.
>

I agree.   I still think these folder should be created by "make 
install" but it makes sense for pacman-key to create the folder if it 
does not exist.

My pacman-git PKGBUILD has this in it....

install -dm700 $pkgdir/etc/pacman.d/gnupg
touch $pkgdir/etc/pacman.d/gnupg/{sec,pub}ring.gpg
chmod 600 $pkgdir/etc/pacman.d/gnupg/{sec,pub}ring.gpg

Does not having those keyring files also cause issues here and need to 
be addressed?  Or have I just been over cautious in packaging there?

Allan


More information about the pacman-dev mailing list