[pacman-dev] [PATCH v3 0/3] Manage signing keys using a WKD (FS#63171)
diabonas at archlinux.org
Wed Oct 2 14:40:53 UTC 2019
Based on the feedback on #archlinux-pacman, I have reworked the WKD
patches: we now ask the user whether they want to import a missing PGP
key before doing any remote lookup, which eliminates the need for a
second temporary keyring. Without a remote lookup, we only know the ID
of the package signing key, so we display the packager in addition to
the key ID for user convenience.
This patch series entirely replaces all previously sent patches
regarding WKD support.
- PATCH v3 1/3 restructures the user confirmation in the described way.
It incorporates the previous patches 3/5 and 4/5 because to have a
standalone patch, we need to retrieve the user ID to display a
user-friendly confirmation message. Other than that, it's mostly moving
existing code around to fit the new workflow.
- PATCH v3 2/3 is a simplified version of the previous patch 2/5, since
doing the confirmation first allows us to drop the temporary keyring.
Note that in contrast to the previous approach, we don't check any more
whether the key retrieved from the WKD has the correct key ID, it is now
the responsibility of the WKD maintainer to ensure this. The reason for
this change is that at the time we are able to check the key ID, we have
already imported the key anyway.
- PATCH v3 3/3 is unchanged from "[PATCH v2] libmakepkg: check if
PACKAGER has the expected format for WKD lookup", included simply for
the convenience of having a complete patch series.
Jonas Witschel (3):
signing: move key import confirmation before key_search
signing: add ability to import keys using a WKD
libmakepkg: check if PACKAGER has the expected format for WKD lookup
lib/libalpm/be_package.c | 12 +-
lib/libalpm/signing.c | 120 ++++++++++++++----
lib/libalpm/signing.h | 2 +-
lib/libalpm/sync.c | 22 +++-
scripts/libmakepkg/lint_config/variable.sh.in | 6 +
src/pacman/callback.c | 13 +-
6 files changed, 136 insertions(+), 39 deletions(-)
More information about the pacman-dev