[pacman-dev] [PATCH] Added gpg-agent.conf to disable the gnupg scdaemon
Allan McRae
allan at archlinux.org
Wed Mar 14 06:02:20 UTC 2018
On 27/02/18 23:27, Eric Renfro via pacman-dev wrote:
> This fixes an issue where smartcards, such a Yubikey, would cause the
> keyring to fail locally signing, thus also failing to verify signed
> packages.
>
I have been trying to figure out the issue here...
Is the issue that when a smartcard is plugged in, the pacman tries to
use that to locally sign the keys and not the master key in the pacman
keyring?
> Signed-off-by: Eric Renfro <psi-jack at linux-help.org>
> ---
> scripts/pacman-key.sh.in | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> index 5bf6c7a1..72b64aa4 100644
> --- a/scripts/pacman-key.sh.in
> +++ b/scripts/pacman-key.sh.in
> @@ -210,6 +210,12 @@ initialize() {
> add_gpg_conf_option "$conffile" 'lock-never'
> add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
>
> + # gpg-agent.conf
> + agent_conffile="${PACMAN_KEYRING_DIR}/gpg-agent.conf"
> + [[ -f $agent_conffile ]] || touch "$agent_conffile"
> + chmod 644 "$agent_conffile"
> + add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
> +
> # set up a private signing key (if none available)
> if [[ $(secret_keys_available) -lt 1 ]]; then
> generate_master_key
>
More information about the pacman-dev
mailing list