summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEli Schwartz <eschwartz@archlinux.org>2019-10-07 05:11:20 +0200
committerAllan McRae <allan@archlinux.org>2019-10-07 05:23:22 +0200
commit2a792ac7bb1ceda42767c696e2664819b47ffc3b (patch)
treed0716668533fca6d23e3f600caf4f27fd6083973
parentf49233903521f19a1fcba6bf6c36abea71309a1e (diff)
downloadpacman-2a792ac7bb1ceda42767c696e2664819b47ffc3b.tar.gz
pacman-2a792ac7bb1ceda42767c696e2664819b47ffc3b.tar.xz
pacman-key: clean keys on import to remove unknown signatures
There is no good reason to bloat the keyring by importing tons of signatures we cannot use; drop any signatures that don't validate against another available key (probably the master keys). If any desired signatures get cleaned, the key can be refreshed after importing the new signing public key. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r--scripts/pacman-key.sh.in1
1 files changed, 1 insertions, 0 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 93600bc0..117acc40 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -209,6 +209,7 @@ initialize() {
add_gpg_conf_option "$conffile" 'no-permission-warning'
add_gpg_conf_option "$conffile" 'lock-never'
add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
+ add_gpg_conf_option "$conffile" 'keyserver-options' 'import-clean'
local gpg_ver=$(gpg --version | awk '{print $3; exit}')
if (( $(vercmp "$gpg_ver" 2.2.17) >= 0 )); then