On 15/08/11 23:10, Allan McRae wrote:
The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided. A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.
This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids. These files are
required to be signed (detached) by a key trusted by pacman-key, in
practise probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.
Signed-off-by: Allan McRae<[email protected]>
As an example of this in action:
> sudo ./scripts/pacman-key --populate
==> Verifying keyring file signatures...
==> Appending keys from allanbrokeit.gpg...
gpg: key EAE999BD: "Allan McRae <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
==> Removing revoked keys from keyring...
removing key 5C2E46A0F53A76ED - Dan McGee <[email protected]>
==> Updating trust database...
gpg: no need for a trustdb check
Allan
