diff options
| author | Dan McGee <dan@archlinux.org> | 2011-09-22 00:53:44 +0200 |
|---|---|---|
| committer | Dan McGee <dan@archlinux.org> | 2011-09-22 18:15:45 +0200 |
| commit | 33685b960d3f05841cfac5696a0946396c448a34 (patch) | |
| tree | e44b8f3c85733e2fdee22a165a4cafcd836e835d | |
| parent | 595e1a437fab8d489736eff4811903aea4f5a38f (diff) | |
| download | pacman-33685b960d3f05841cfac5696a0946396c448a34.tar.gz pacman-33685b960d3f05841cfac5696a0946396c448a34.tar.xz | |
pacman-key: remove holdkeys functionality
We're putting the cart ahead of the horse a bit here. Given that our
keyring is not one where everything is implicitly trusted (ala gpgv),
keeping or deleting a key has no bearing on its trusted status, only
whether we can actually verify things signed by said key.
If we need to address this down the road, we can find a solution that
works for the problem at hand rather than trying to solve it now before
signing is even widespread.
Signed-off-by: Dan McGee <dan@archlinux.org>
| -rw-r--r-- | doc/pacman-key.8.txt | 4 | ||||
| -rw-r--r-- | scripts/pacman-key.sh.in | 12 |
2 files changed, 1 insertions, 15 deletions
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index 5f947284..225b352f 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -121,9 +121,7 @@ manually import to the pacman keyring. This prevents a potentially malicious repository adding keys to the pacman keyring without the users knowledge. A key being marked as revoked always takes priority over the key being added to -the pacman keyring, regardless of the keyring it is provided in. To prevent a -key from being revoked when using '\--populate', its ID can be listed in -+{sysconfdir}/pacman.d/gnupg/holdkeys+. +the pacman keyring, regardless of the keyring it is provided in. See Also -------- diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index ad2eefe4..72725154 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -288,18 +288,6 @@ populate_keyring() { fi done - # Read list of keys that must be kept installed and remove them from the list - # of keys to be removed - if [[ -f "${PACMAN_KEYRING_DIR}/holdkeys" ]]; then - while read key; do - key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)" - if [[ -n "${revoked_ids[$key_id]}" ]]; then - unset revoked_ids[$key_id] - fi - done < "${PACMAN_KEYRING_DIR}/holdkeys" - fi - - # Remove the keys not marked to keep if (( ${#revoked_ids[@]} > 0 )); then msg "$(gettext "Disabling revoked keys in keyring...")" for key_id in "${!revoked_ids[@]}"; do |