From d1240f67eab6dfa7e3344cd84dd8849b38ce337c Mon Sep 17 00:00:00 2001 From: Allan McRae Date: Mon, 15 Aug 2011 22:51:58 +1000 Subject: pacman-key: rework importing distro/repo provided keyrings The current --reload option, apart from being non-clear in its naming, is very limited in that only one keyring can be provided. A distribution may want to provide multiple keyrings for various subsets of its organisation or custom repo providers may also want to provide a keyring. This patch adds a --populate option that reads keyrings from (by default) /usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional foo-revoked file providing a list of revoked key ids. These files are required to be signed (detached) by a key trusted by pacman-key, in practice probably by the key that signed the package providing these files. The --populate flag either updates the pacman keyring using all keyrings in the directory or individual keyrings can be specified. Signed-off-by: Allan McRae --- doc/pacman-key.8.txt | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index 9dc175cf..f61c2eca 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -80,8 +80,12 @@ Options *-r, \--receive* :: Fetch the specified keyids from the specified key server URL. -*\--reload*:: - Reloads the keys from the keyring package. +*\--populate* []:: + Reload the default keys from the (optionally provided) keyrings in + +{pkgdatadir}/keyrings+. Each keyring is provided in a file foo.gpg that + contains the keys for the foo keyring. Optionally the file foo-revoked + contains a list of revoked key IDs for that keyring. These files are + required to be signed (detached) by a trusted PGP key. *-u, \--updatedb*:: Equivalent to \--check-trustdb in GnuPG. -- cgit v1.2.3-24-g4f1b