[pacman-dev] [PATCH] Added gpg-agent.conf to disable the gnupg scdaemon This fixes an issue where smartcards, such a Yubikey, would cause the keyring to fail locally signing, thus also failing to verify signed packages.
Eric Renfro
psi-jack at linux-help.org
Tue Feb 27 05:16:18 UTC 2018
Signed-off-by: Eric Renfro <psi-jack at linux-help.org>
---
scripts/pacman-key.sh.in | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 5bf6c7a1..72b64aa4 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -210,6 +210,12 @@ initialize() {
add_gpg_conf_option "$conffile" 'lock-never'
add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
+ # gpg-agent.conf
+ agent_conffile="${PACMAN_KEYRING_DIR}/gpg-agent.conf"
+ [[ -f $agent_conffile ]] || touch "$agent_conffile"
+ chmod 644 "$agent_conffile"
+ add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
+
# set up a private signing key (if none available)
if [[ $(secret_keys_available) -lt 1 ]]; then
generate_master_key
--
2.16.2
More information about the pacman-dev
mailing list