diff options
author | Allan McRae <allan@archlinux.org> | 2011-08-15 14:51:58 +0200 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2011-08-29 03:55:22 +0200 |
commit | d1240f67eab6dfa7e3344cd84dd8849b38ce337c (patch) | |
tree | 41a795de5a8968a88a2f0ec74b95903bd13743a1 /doc | |
parent | 2cfcc874b9332ad207398b9e20dc8880d93e8ae4 (diff) | |
download | pacman-d1240f67eab6.tar.gz pacman-d1240f67eab6.tar.xz |
pacman-key: rework importing distro/repo provided keyrings
The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided. A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.
This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids. These files are
required to be signed (detached) by a key trusted by pacman-key, in
practice probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/pacman-key.8.txt | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index 9dc175cf..f61c2eca 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -80,8 +80,12 @@ Options *-r, \--receive* <keyserver> <keyid(s)>:: Fetch the specified keyids from the specified key server URL. -*\--reload*:: - Reloads the keys from the keyring package. +*\--populate* [<keyring(s)>]:: + Reload the default keys from the (optionally provided) keyrings in + +{pkgdatadir}/keyrings+. Each keyring is provided in a file foo.gpg that + contains the keys for the foo keyring. Optionally the file foo-revoked + contains a list of revoked key IDs for that keyring. These files are + required to be signed (detached) by a trusted PGP key. *-u, \--updatedb*:: Equivalent to \--check-trustdb in GnuPG. |