diff options
| author | Dan McGee <dan@archlinux.org> | 2011-09-22 00:53:44 +0200 |
|---|---|---|
| committer | Dan McGee <dan@archlinux.org> | 2011-09-22 18:15:45 +0200 |
| commit | 33685b960d3f05841cfac5696a0946396c448a34 (patch) | |
| tree | e44b8f3c85733e2fdee22a165a4cafcd836e835d /scripts | |
| parent | 595e1a437fab8d489736eff4811903aea4f5a38f (diff) | |
| download | pacman-33685b960d3f05841cfac5696a0946396c448a34.tar.gz pacman-33685b960d3f05841cfac5696a0946396c448a34.tar.xz | |
pacman-key: remove holdkeys functionality
We're putting the cart ahead of the horse a bit here. Given that our
keyring is not one where everything is implicitly trusted (ala gpgv),
keeping or deleting a key has no bearing on its trusted status, only
whether we can actually verify things signed by said key.
If we need to address this down the road, we can find a solution that
works for the problem at hand rather than trying to solve it now before
signing is even widespread.
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/pacman-key.sh.in | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index ad2eefe4..72725154 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -288,18 +288,6 @@ populate_keyring() { fi done - # Read list of keys that must be kept installed and remove them from the list - # of keys to be removed - if [[ -f "${PACMAN_KEYRING_DIR}/holdkeys" ]]; then - while read key; do - key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)" - if [[ -n "${revoked_ids[$key_id]}" ]]; then - unset revoked_ids[$key_id] - fi - done < "${PACMAN_KEYRING_DIR}/holdkeys" - fi - - # Remove the keys not marked to keep if (( ${#revoked_ids[@]} > 0 )); then msg "$(gettext "Disabling revoked keys in keyring...")" for key_id in "${!revoked_ids[@]}"; do |