diff options
| author | Dan McGee <dan@archlinux.org> | 2011-09-22 00:51:02 +0200 |
|---|---|---|
| committer | Dan McGee <dan@archlinux.org> | 2011-09-22 18:15:45 +0200 |
| commit | 1df9b2aa79c5017d394e26619449ab0a49c65c16 (patch) | |
| tree | fb5874fe81ee81032396a7ac6b4bd885f3c824a5 /scripts | |
| parent | 067721cbff9652d5c436d277f9be3f8fa2a71796 (diff) | |
| download | pacman-1df9b2aa79c5017d394e26619449ab0a49c65c16.tar.gz pacman-1df9b2aa79c5017d394e26619449ab0a49c65c16.tar.xz | |
pacman-key: add an additional plain text 'foo-trusted' file
This is similar to the 'foo-revoked' file we had. This will be used to
inform the user what keys in the shipped keyring need to be explicitly
trusted by the user.
A distro such as Arch will likely have 3-4 master keys listed in this
trusted file, but an additional 25 developer keys present in the keyring
that the user shouldn't have to directly sign.
We use this list to prompt the user to sign the keys locally. If the key
is already signed locally gpg will print a bit of junk but will continue
without pestering the user.
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/pacman-key.sh.in | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index cb76a403..d0f338f6 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -219,6 +219,11 @@ verify_keyring_input() { keyfile="${KEYRING_IMPORT_DIR}/${keyring}.gpg" validate_with_gpg "${keyfile}" || ret=1 + keyfile="${KEYRING_IMPORT_DIR}/${keyring}-trusted" + if [[ -f "${keyfile}" ]]; then + validate_with_gpg "${keyfile}" || ret=1 + fi + keyfile="${KEYRING_IMPORT_DIR}/${keyring}-revoked" if [[ -f "${keyfile}" ]]; then validate_with_gpg "${keyfile}" || ret=1 @@ -270,9 +275,31 @@ populate_keyring() { "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" done - # Read the revoked key IDs to an array. The conversion from whatever is inside the file + # Read the trusted key IDs to an array. The conversion from whatever is inside the file # to key ids is important, because key ids are the only guarantee of identification # for the keys. + local -A trusted_ids + for keyring in "${KEYRINGIDS[@]}"; do + if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then + while read key; do + key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)" + if [[ -n ${key_id} ]]; then + # Mark this key to be lsigned + trusted_ids[$key_id]="${keyring}" + fi + done < "${KEYRING_IMPORT_DIR}/${keyring}-trusted" + fi + done + + if (( ${#trusted_ids[@]} > 0 )); then + msg "$(gettext "Locally signing trusted keys in keyring...")" + for key_id in "${!trusted_ids[@]}"; do + msg2 "$(gettext "Locally signing key %s...")" "${key_id}" + "${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}" + done + fi + + # Read the revoked key IDs to an array. local -A revoked_ids for keyring in "${KEYRINGIDS[@]}"; do if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then |