index : pacman | |
Archlinux32 fork of pacman | gitolite user |
summaryrefslogtreecommitdiff |
-rw-r--r-- | doc/pacman-key.8.txt | 29 | ||||
-rw-r--r-- | scripts/pacman-key.sh.in | 29 |
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt index 225b352f..103a1fdd 100644 --- a/doc/pacman-key.8.txt +++ b/doc/pacman-key.8.txt @@ -110,18 +110,27 @@ Options Providing a Keyring for Import ------------------------------ -A distribution or other repository provided may want to provide a set of valid +A distribution or other repository provided may want to provide a set of PGP keys used in the signing of its packages and repository databases that can -be readily imported into the pacman keyring. This is achieved by providing a +be readily imported into the pacman keyring. This is achieved by providing a PGP keyring file `foo.gpg` that contains the keys for the foo keyring in the -directory +{pkgdatadir}/keyrings+. Optionally the file `foo-revoked` can be -provided containing a list of revoked key IDs for that keyring. These files are -required to be signed (detached) by a trusted PGP key that the user must -manually import to the pacman keyring. This prevents a potentially malicious -repository adding keys to the pacman keyring without the users knowledge. - -A key being marked as revoked always takes priority over the key being added to -the pacman keyring, regardless of the keyring it is provided in. +directory +{pkgdatadir}/keyrings+. + +Optionally, the file `foo-trusted` can be provided containing a list of trusted +key IDs for that keyring. This file will inform the user which keys a user +needs to verify and sign to build a local web of trust. + +Also optionally, the file `foo-revoked` can be provided containing a list of +revoked key IDs for that keyring. Revoked is defined as "no longer valid for +any signing", so should be used with prudence. A key being marked as revoked +will be disabled in the keyring and no longer treated as valid, so this always +takes priority over it's trusted state in any other keyring. + +All files are required to be signed (detached) by a trusted PGP key that the +user must manually import to the pacman keyring. This prevents a potentially +malicious repository adding keys to the pacman keyring without the users +knowledge. + See Also -------- diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index cb76a403..d0f338f6 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -219,6 +219,11 @@ verify_keyring_input() { keyfile="${KEYRING_IMPORT_DIR}/${keyring}.gpg" validate_with_gpg "${keyfile}" || ret=1 + keyfile="${KEYRING_IMPORT_DIR}/${keyring}-trusted" + if [[ -f "${keyfile}" ]]; then + validate_with_gpg "${keyfile}" || ret=1 + fi + keyfile="${KEYRING_IMPORT_DIR}/${keyring}-revoked" if [[ -f "${keyfile}" ]]; then validate_with_gpg "${keyfile}" || ret=1 @@ -270,9 +275,31 @@ populate_keyring() { "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" done - # Read the revoked key IDs to an array. The conversion from whatever is inside the file + # Read the trusted key IDs to an array. The conversion from whatever is inside the file # to key ids is important, because key ids are the only guarantee of identification # for the keys. + local -A trusted_ids + for keyring in "${KEYRINGIDS[@]}"; do + if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then + while read key; do + key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)" + if [[ -n ${key_id} ]]; then + # Mark this key to be lsigned + trusted_ids[$key_id]="${keyring}" + fi + done < "${KEYRING_IMPORT_DIR}/${keyring}-trusted" + fi + done + + if (( ${#trusted_ids[@]} > 0 )); then + msg "$(gettext "Locally signing trusted keys in keyring...")" + for key_id in "${!trusted_ids[@]}"; do + msg2 "$(gettext "Locally signing key %s...")" "${key_id}" + "${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}" + done + fi + + # Read the revoked key IDs to an array. local -A revoked_ids for keyring in "${KEYRINGIDS[@]}"; do if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then |