summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2011-08-15 14:51:58 +0200
committerAllan McRae <allan@archlinux.org>2011-08-29 03:55:22 +0200
commitd1240f67eab6dfa7e3344cd84dd8849b38ce337c (patch)
tree41a795de5a8968a88a2f0ec74b95903bd13743a1 /doc
parent2cfcc874b9332ad207398b9e20dc8880d93e8ae4 (diff)
downloadpacman-d1240f67eab6dfa7e3344cd84dd8849b38ce337c.tar.gz
pacman-d1240f67eab6dfa7e3344cd84dd8849b38ce337c.tar.xz
pacman-key: rework importing distro/repo provided keyrings
The current --reload option, apart from being non-clear in its naming, is very limited in that only one keyring can be provided. A distribution may want to provide multiple keyrings for various subsets of its organisation or custom repo providers may also want to provide a keyring. This patch adds a --populate option that reads keyrings from (by default) /usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional foo-revoked file providing a list of revoked key ids. These files are required to be signed (detached) by a key trusted by pacman-key, in practice probably by the key that signed the package providing these files. The --populate flag either updates the pacman keyring using all keyrings in the directory or individual keyrings can be specified. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/pacman-key.8.txt8
1 files changed, 6 insertions, 2 deletions
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 9dc175cf..f61c2eca 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -80,8 +80,12 @@ Options
*-r, \--receive* <keyserver> <keyid(s)>::
Fetch the specified keyids from the specified key server URL.
-*\--reload*::
- Reloads the keys from the keyring package.
+*\--populate* [<keyring(s)>]::
+ Reload the default keys from the (optionally provided) keyrings in
+ +{pkgdatadir}/keyrings+. Each keyring is provided in a file foo.gpg that
+ contains the keys for the foo keyring. Optionally the file foo-revoked
+ contains a list of revoked key IDs for that keyring. These files are
+ required to be signed (detached) by a trusted PGP key.
*-u, \--updatedb*::
Equivalent to \--check-trustdb in GnuPG.