From e1b9f7b3005c4d6db9cc84e95a42d4beba6c7e24 Mon Sep 17 00:00:00 2001
From: Allan McRae <allan@archlinux.org>
Date: Tue, 23 Aug 2011 16:10:06 +1000
Subject: pacman-key: rework and document holding keys in keyring

The HoldKey option was undocumented and was not suited for pacman.conf.
Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list
of keys not to be removed from the pacman keyring with the --populate
option.

Signed-off-by: Allan McRae <allan@archlinux.org>
---
 scripts/pacman-key.sh.in | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

(limited to 'scripts')

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 6a350af6..7b9f80ba 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -232,17 +232,15 @@ populate_keyring() {
 		fi
 	done
 
-	# List of keys that must be kept installed, even if in the list of keys to be removed
-	local HOLD_KEYS="$(get_from "$CONFIG" "HoldKeys")"
-
-	# Remove the keys that must be kept from the set of keys that should be removed
-	if [[ -n ${HOLD_KEYS} ]]; then
-		for key in ${HOLD_KEYS}; do
+	# Read list of keys that must be kept installed and remove them from the list
+	# of keys to be removed
+	if [[ -f "${PACMAN_KEYRING_DIR}/holdkeys" ]]; then
+		while read key; do
 			key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)"
 			if [[ -n "${removed_ids[$key_id]}" ]]; then
 				unset removed_ids[$key_id]
 			fi
-		done
+		done < "${PACMAN_KEYRING_DIR}/holdkeys"
 	fi
 
 	# Remove the keys not marked to keep
-- 
cgit v1.2.3-24-g4f1b