pacman-key: refine and clarify import/import-trustdb behavior
* --import now only imports keys from pubkey.gpg and does not import owner trust; if you want to have both simply run the operations in sequence. * --import-trustdb has been simplified; it will overwrite existing values in the trust database as before, but there is no need to export it first as those values are safe if left untouched. * Fix the manpage referring to a non-existent option. Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dan McGee
parent
cf0edb92ba
commit
ab7d2890a4
2 changed files with 8 additions and 14 deletions
|
|
@ -61,11 +61,12 @@ Options
|
|||
Output syntax and command line options.
|
||||
|
||||
*\--import* <dir(s)>::
|
||||
Adds keys from pubring.gpg into pacman's keyring and imports ownertrust
|
||||
values from trustdb.gpg in the specified directories.
|
||||
Imports keys from `pubring.gpg` into the public keyring from the specified
|
||||
directories.
|
||||
|
||||
*\--import-dirs* <dir(s)> ::
|
||||
Imports ownertrust values from trustdb.gpg in the specified directories.
|
||||
*\--import-trustdb* <dir(s)> ::
|
||||
Imports ownertrust values from `trustdb.gpg` into the shared trust database
|
||||
from the specified directories.
|
||||
|
||||
*\--init*::
|
||||
Ensure the keyring is properly initialized and has the required access
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ usage() {
|
|||
echo "$(gettext " --edit-key <keyid(s)> Present a menu for key management task on keyids")"
|
||||
printf "$(gettext " --gpgdir <dir> Set an alternate directory for GnuPG (instead\n\
|
||||
of '%s')")\n" "@sysconfdir@/pacman.d/gnupg"
|
||||
echo "$(gettext " --import <dir(s)> Imports pubring.gpg and trustdb.gpg from dir(s)")"
|
||||
echo "$(gettext " --import <dir(s)> Imports pubring.gpg from dir(s)")"
|
||||
echo "$(gettext " --import-trustdb <dir(s)> Imports ownertrust values from trustdb.gpg in dir(s)")"
|
||||
echo "$(gettext " --init Ensure the keyring is properly initialized")"
|
||||
echo "$(gettext " --keyserver Specify a keyserver to use if necessary")"
|
||||
|
|
@ -343,30 +343,23 @@ edit_keys() {
|
|||
|
||||
import_trustdb() {
|
||||
local importdir
|
||||
local trustdb=$(mktemp)
|
||||
"${GPG_PACMAN[@]}" --export-ownertrust > ${trustdb}
|
||||
|
||||
for importdir in "${IMPORT_DIRS[@]}"; do
|
||||
if [[ -f "${importdir}/trustdb.gpg" ]]; then
|
||||
gpg --homedir "${importdir}" --export-ownertrust >> ${trustdb}
|
||||
gpg --homedir "${importdir}" --export-ownertrust | \
|
||||
"${GPG_PACMAN[@]}" --import-ownertrust -
|
||||
fi
|
||||
done
|
||||
|
||||
"${GPG_PACMAN[@]}" --import-ownertrust ${trustdb}
|
||||
rm -f ${trustdb}
|
||||
}
|
||||
|
||||
import() {
|
||||
local importdir
|
||||
|
||||
# Imports public keys, then import trustdbs
|
||||
for importdir in "${IMPORT_DIRS[@]}"; do
|
||||
if [[ -f "${importdir}/pubring.gpg" ]]; then
|
||||
"${GPG_PACMAN[@]}" --quiet --batch --import "${importdir}/pubring.gpg"
|
||||
fi
|
||||
done
|
||||
|
||||
import_trustdb
|
||||
}
|
||||
|
||||
# PROGRAM START
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue