Re: [pacman-dev] [PATCH] pacman-key: Add --import and --import-trustdb

Sat, 09 Jul 2011 05:35:09 -0700 

On 10/06/11 16:38, Pang Yan Han wrote:

Currently, pacman-key allows users to import their keys using the --add option
but no similar functionality exists for importing ownertrust values.

The --import-trustdb option takes in a list of directories and imports
ownertrust values if the directories have a trustdb.gpg database.

The --import is a combination of --add and --import-trustdb. It takes in a list
of directories and imports keys from pubring.gpg, ownertrust values from
trustdb.gpg if any of these files exist.

Signed-off-by: Pang Yan Han<[email protected]>
---
NOTE: There is this very strange bug such that when new keys are added,
previously imported keys will fail for signature verification. This happens with
both --add and --import.

Eg. Say you want to import trustdb.gpg and pubring.gpg from directories "first",
"second" and "third", you'd have to:

# pacman-key --import first second third
# pacman-key --import first second third
I have not gone through your patch in detail yet, but I do not see this issue you report when using the --add option: 

allan@mugen /home/arch/code/pacman (working)
> ./scripts/pacman-key --verify /home/allan/web/allanbrokeit/i686/allanbrokeit.db.sig 
gpg: Signature made Tue 05 Jul 2011 15:22:42 EST using RSA key ID EAE999BD
gpg: NOTE: trustdb not writable
gpg: Good signature from "Allan McRae <[email protected]>"
gpg:                 aka "Allan McRae (Developer) <[email protected]>"

allan@mugen /home/arch/code/pacman (working)
> sudo ./scripts/pacman-key --add /home/allan/dan.gpg
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

allan@mugen /home/arch/code/pacman (working)
> ./scripts/pacman-key --verify /home/allan/web/allanbrokeit/i686/allanbrokeit.db.sig 
gpg: Signature made Tue 05 Jul 2011 15:22:42 EST using RSA key ID EAE999BD
gpg: NOTE: trustdb not writable
gpg: Good signature from "Allan McRae <[email protected]>"
gpg:                 aka "Allan McRae (Developer) <[email protected]>"
So the signature verification still works after adding a key with --add. There are two possibilities here... 1) this is fixed due to the large number of changes on my working branch, or 2) there is something wrong with the --import stuff...
Can you give more details on this issue so I can follow it up and get this patch merged. 

Cheers,
Allan

Reply via email to