[pacman-dev] [PATCH] Added gpg-agent.conf to disable the gnupg scdaemon This fixes an issue where smartcards, such a Yubikey, would cause the keyring to fail locally signing, thus also failing to verify signed packages.

Eric Renfro psi-jack at linux-help.org
Tue Feb 27 05:16:18 UTC 2018


Signed-off-by: Eric Renfro <psi-jack at linux-help.org>
---
 scripts/pacman-key.sh.in | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 5bf6c7a1..72b64aa4 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -210,6 +210,12 @@ initialize() {
 	add_gpg_conf_option "$conffile" 'lock-never'
 	add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
 
+	# gpg-agent.conf
+	agent_conffile="${PACMAN_KEYRING_DIR}/gpg-agent.conf"
+	[[ -f $agent_conffile ]] || touch "$agent_conffile"
+	chmod 644 "$agent_conffile"
+	add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
+
 	# set up a private signing key (if none available)
 	if [[ $(secret_keys_available) -lt 1 ]]; then
 		generate_master_key
-- 
2.16.2


More information about the pacman-dev mailing list