From 484d5ec624f12220df809b63bba719105eafdb8f Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Mon, 26 Sep 2011 13:18:19 -0500 Subject: pacman-key: treat foo-trusted as an ownertrust export file This allows it to serve double-duty. In order to allow users to base verification decisions off of both a valid signature and a trusted signature, we need to assign some level of owner trust to the keys we designate as trusted on import. Signed-off-by: Dan McGee --- doc/pacman-key.8.txt | 6 ++++-- scripts/pacman-key.sh.in | 24 ++++++++++++++++++------ 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index d2da480f..1582a3ca 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -118,8 +118,10 @@ PGP keyring file `foo.gpg` that contains the keys for the foo keyring in the directory +{pkgdatadir}/keyrings+. Optionally, the file `foo-trusted` can be provided containing a list of trusted -key IDs for that keyring. This file will inform the user which keys a user -needs to verify and sign to build a local web of trust. +key IDs for that keyring. This is a file in a format compatible with 'gpg +\--export-ownertrust' output. This file will inform the user which keys a user +needs to verify and sign to build a local web of trust, in addition to +assigning provided owner trust values. Also optionally, the file `foo-revoked` can be provided containing a list of revoked key IDs for that keyring. Revoked is defined as "no longer valid for diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index da07492c..482e0468 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -215,7 +215,7 @@ verify_keyring_input() { local ret=0; local KEYRING_IMPORT_DIR='@pkgdatadir@/keyrings' - # Verify signatures of keyring files and association revocation files if they exist + # Verify signatures of keyring files and trusted/revoked files if they exist msg "$(gettext "Verifying keyring file signatures...")" local keyring keyfile for keyring in "${KEYRINGIDS[@]}"; do @@ -278,14 +278,18 @@ populate_keyring() { "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" done - # Read the trusted key IDs to an array. The conversion from whatever is inside the file - # to key ids is important, because key ids are the only guarantee of identification - # for the keys. + # Read the trusted key IDs to an array. Because this is an ownertrust + # file, we know we have the full 40 hex digit fingerprint values. + # Format of ownertrust dump file: + # 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:6: + # 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5: local -A trusted_ids for keyring in "${KEYRINGIDS[@]}"; do if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then while read key; do - key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)" + # skip comments; these are valid in this file + [[ $key = \#* ]] && continue + key_id="${key%%:*}" if [[ -n ${key_id} ]]; then # Mark this key to be lsigned trusted_ids[$key_id]="${keyring}" @@ -300,9 +304,17 @@ populate_keyring() { msg2 "$(gettext "Locally signing key %s...")" "${key_id}" "${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}" done + msg "$(gettext "Importing owner trust values...")" + for keyring in "${KEYRINGIDS[@]}"; do + if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then + "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" + fi + done fi - # Read the revoked key IDs to an array. + # Read the revoked key IDs to an array. The conversion from whatever is + # inside the file to key ids is important, because key ids are the only + # guarantee of identification for the keys. local -A revoked_ids for keyring in "${KEYRINGIDS[@]}"; do if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then -- cgit v1.2.3-24-g4f1b