bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pacman-key: Don't check gpg's trustdb after each key revocation

Browse source 
The trustdb is marked as dirty when a key is revoked[1] and GPG will
recheck it the next time. Checking the trustdb can take 300-500ms which
with 52 revoked keys (and counting) adds up.

This is very noticeable when initializing and populating pacman's
keyring like archiso is doing[2]. It is also unnecessary as the trustdb
is always checked as the last step when populating the keyring.

[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keyedit.c;h=1cb62de8a87a823e06b2ed74efdc9e7a4cd99e2b;hb=refs/heads/STABLE-BRANCH-2-2#l6509
[2] https://gitlab.archlinux.org/archlinux/archiso/-/issues/191

(cherry picked from commit 673ce1ab10)
This commit is contained in:
Kristian Klausen 2022-09-10 16:36:55 +02:00 committed by Allan McRae
parent 4b21c60e50
commit 958475a7cf
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
scripts/pacman-key.sh.in
View file

@ -374,7 +374,7 @@ populate_keyring() {
if (( VERBOSE )); then if (( VERBOSE )); then
msg2 "$(gettext "Disabling key %s...")" "${key_id}" msg2 "$(gettext "Disabling key %s...")" "${key_id}"
fi fi
printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --no-auto-check-trustdb --quiet --batch --edit-key "${key_id}" 2>/dev/null
key_count=$((key_count+1)) key_count=$((key_count+1))
done done
if (( key_count )); then if (( key_count )); then