summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-09-21 17:51:02 -0500
committerDan McGee <dan@archlinux.org>2011-09-22 11:15:45 -0500
commit1df9b2aa79c5017d394e26619449ab0a49c65c16 (patch)
treefb5874fe81ee81032396a7ac6b4bd885f3c824a5 /scripts
parent067721cbff9652d5c436d277f9be3f8fa2a71796 (diff)
downloadpacman-1df9b2aa79c5017d394e26619449ab0a49c65c16.tar.xz
pacman-key: add an additional plain text 'foo-trusted' file
This is similar to the 'foo-revoked' file we had. This will be used to inform the user what keys in the shipped keyring need to be explicitly trusted by the user. A distro such as Arch will likely have 3-4 master keys listed in this trusted file, but an additional 25 developer keys present in the keyring that the user shouldn't have to directly sign. We use this list to prompt the user to sign the keys locally. If the key is already signed locally gpg will print a bit of junk but will continue without pestering the user. Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'scripts')
-rw-r--r--scripts/pacman-key.sh.in29
1 files changed, 28 insertions, 1 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index cb76a403..d0f338f6 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -219,6 +219,11 @@ verify_keyring_input() {
keyfile="${KEYRING_IMPORT_DIR}/${keyring}.gpg"
validate_with_gpg "${keyfile}" || ret=1
+ keyfile="${KEYRING_IMPORT_DIR}/${keyring}-trusted"
+ if [[ -f "${keyfile}" ]]; then
+ validate_with_gpg "${keyfile}" || ret=1
+ fi
+
keyfile="${KEYRING_IMPORT_DIR}/${keyring}-revoked"
if [[ -f "${keyfile}" ]]; then
validate_with_gpg "${keyfile}" || ret=1
@@ -270,9 +275,31 @@ populate_keyring() {
"${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
done
- # Read the revoked key IDs to an array. The conversion from whatever is inside the file
+ # Read the trusted key IDs to an array. The conversion from whatever is inside the file
# to key ids is important, because key ids are the only guarantee of identification
# for the keys.
+ local -A trusted_ids
+ for keyring in "${KEYRINGIDS[@]}"; do
+ if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
+ while read key; do
+ key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
+ if [[ -n ${key_id} ]]; then
+ # Mark this key to be lsigned
+ trusted_ids[$key_id]="${keyring}"
+ fi
+ done < "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
+ fi
+ done
+
+ if (( ${#trusted_ids[@]} > 0 )); then
+ msg "$(gettext "Locally signing trusted keys in keyring...")"
+ for key_id in "${!trusted_ids[@]}"; do
+ msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
+ "${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}"
+ done
+ fi
+
+ # Read the revoked key IDs to an array.
local -A revoked_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then