summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Renfro via pacman-dev <pacman-dev@archlinux.org>2018-02-27 14:27:49 +0100
committerAllan McRae <allan@archlinux.org>2018-03-14 08:45:08 +0100
commit0565cebfc387be67e0daac73a4d0a312965ca1d3 (patch)
tree98eebd1248709ea57d68122209e11a84b1bfaedb
parent3e619ccffe585ddf19b1faa053ff46654d2b8a48 (diff)
downloadpacman-0565cebfc387be67e0daac73a4d0a312965ca1d3.tar.gz
pacman-0565cebfc387be67e0daac73a4d0a312965ca1d3.tar.xz
Added gpg-agent.conf to disable the gnupg scdaemon
This fixes an issue where smartcards, such a Yubikey, would cause the keyring to fail locally signing, thus also failing to verify signed packages. Signed-off-by: Eric Renfro <psi-jack@linux-help.org> Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r--scripts/pacman-key.sh.in6
1 files changed, 6 insertions, 0 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index d6bc6be3..060d8369 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -210,6 +210,12 @@ initialize() {
add_gpg_conf_option "$conffile" 'lock-never'
add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
+ # gpg-agent.conf
+ agent_conffile="${PACMAN_KEYRING_DIR}/gpg-agent.conf"
+ [[ -f $agent_conffile ]] || touch "$agent_conffile"
+ chmod 644 "$agent_conffile"
+ add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
+
# set up a private signing key (if none available)
if [[ $(secret_keys_available) -lt 1 ]]; then
generate_master_key