diff options
| author | Thomas Bächler <thomas@archlinux.org> | 2014-05-04 10:31:00 +0200 |
|---|---|---|
| committer | Allan McRae <allan@archlinux.org> | 2014-05-23 07:31:00 +0200 |
| commit | d39d3b3a0997a997af48e4446e4b97c53be2439d (patch) | |
| tree | 8a5cba7ccc94570353ab98eb8978192d5be62dc1 /doc | |
| parent | d174cc8943344a14330c8dce20941de303a44927 (diff) | |
| download | pacman-d39d3b3a0997a997af48e4446e4b97c53be2439d.tar.gz pacman-d39d3b3a0997a997af48e4446e4b97c53be2439d.tar.xz | |
makepkg: Introduce validpgpkeys array
If validpgpkeys is set in the PKGBUILD, signature checking fails if
the fingerprint of the key used to create the signature is not listed
in the array.
The key's trust value is ignored.
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/PKGBUILD.5.txt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/PKGBUILD.5.txt b/doc/PKGBUILD.5.txt index 50d8347c..17e8af25 100644 --- a/doc/PKGBUILD.5.txt +++ b/doc/PKGBUILD.5.txt @@ -128,6 +128,14 @@ Files in the source array with extensions `.sig`, `.sign` or, `.asc` are recognized by makepkg as PGP signatures and will be automatically used to verify the integrity of the corresponding source file. +*validpgpkeys (array)*:: + An array of PGP fingerprints. If this array is non-empty, makepkg will + only accept signatures from the keys listed here and will ignore the + trust values from the keyring. If the source file was signed with a + subkey, makepkg will still use the primary key for comparison. ++ +Fingerprints must be uppercase and must not contain whitespace characters. + *noextract (array)*:: An array of file names corresponding to those from the source array. Files listed here will not be extracted with the rest of the source files. This |