summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--scripts/pacman-key.sh.in25
1 files changed, 25 insertions, 0 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index c200d8e4..8f108250 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -100,6 +100,25 @@ get_from() {
return 1
}
+generate_master_key() {
+ # Generate the master key, which will be in both pubring and secring
+ "${GPG_PACMAN[@]}" --gen-key --batch <<EOF
+%echo Generating pacman keychain master key...
+Key-Type: RSA
+Key-Length: 2048
+Key-Usage: sign
+Name-Real: Pacman Keychain Master Key
+Name-Email: pacman@localhost
+Expire-Date: 0
+%commit
+%echo Done
+EOF
+}
+
+secret_keys_available() {
+ "${GPG_PACMAN[@]}" -K --with-colons | wc -l
+}
+
# Adds the given gpg.conf option if it is not present in the file.
# Note that if we find it commented out, we won't add the option.
# args: $1 conffile, $2 option-name, $3 (optional) option-value
@@ -135,6 +154,12 @@ initialize() {
add_gpg_conf_option "$conffile" 'no-permission-warning'
add_gpg_conf_option "$conffile" 'lock-never'
add_gpg_conf_option "$conffile" 'keyserver' 'hkp://keys.gnupg.net'
+
+ # set up a private signing key (if none available)
+ if [[ $(secret_keys_available) -lt 1 ]]; then
+ generate_master_key
+ UPDATEDB=1
+ fi
}
check_keyring() {