4966bc9b46
Export with comment
...
... containing username and keyid
2019-10-07 23:39:04 +02:00
8f471cf44e
Do not export minimal, but clean
2019-10-07 23:36:09 +02:00
cf5ed9feeb
update-keys: do not minimize but export-minimal
2019-08-06 09:38:04 +02:00
5cb23e4ce6
update-keys: don't restore cwd in a subprocess
...
Using popd at the very end of a shell script is unnecessary, because, as
the very last command, there is nothing to restore state for.
Immediately after, the shell subprocess is ended, and processes don't
control the cwd of the parent process. Changing the cwd for the last
microsecond of the shell process, during which no commands are run, is
a mildly expensive no-op.
By the same measure, if popd is never used, pushd is not needed to
record the old cwd. So simply use 'cd'.
Signed-off-by: Christian Hesse <mail@eworm.de >
2019-08-06 09:35:52 +02:00
c4264b6784
update-keys: move armor to gpg.conf
...
This option only affects --export, and we always use armored keys.
Signed-off-by: Christian Hesse <mail@eworm.de >
2019-08-06 09:35:52 +02:00
cca61ee733
update-keys: move export-clean to gpg.conf instead of cleaning the keyring before export
...
This has the same effect, but causes only the exported version of the
key to be cleaned. Cleaning the internal copy doesn't matter.
Signed-off-by: Christian Hesse <mail@eworm.de >
2019-08-06 09:35:52 +02:00
44f69d009f
update-keys: use gpg.conf to persist versions
...
It is easier than passing around a dozen options on the command line.
Signed-off-by: Christian Hesse <mail@eworm.de >
2019-08-06 09:35:52 +02:00
0d99720ded
update-keys: use array for $GPG
...
Embedding quotes in a string doesn't work, it just causes KEYSERVER to
not be quoted at all.
Signed-off-by: Christian Hesse <mail@eworm.de >
2019-08-06 09:35:52 +02:00
35d91559ff
Modify the temporary master key generation
2019-01-23 23:12:15 +01:00
0e79570527
Rework the update process
...
* use --refresh-keys if key is available, not --recv-keys
* refresh/receive in one go
2019-01-23 22:37:38 +01:00
a48a66dfd6
Import archlinux.gpg into the temporary keyring
...
This makes sure we do not loose signatures depending on key server used.
2019-01-23 10:27:58 +01:00
de4326f4d4
exit immediately on error
...
Intermittent errors (due to broker network connectivity, key server
failure, whatever ...) could result in an incomplete keyring. So exit
immediately on error.
2017-10-19 10:47:12 +02:00
6f00b281f1
Revoke keys unconditionally
2017-10-17 14:01:23 +02:00
8e8d330967
Use minimal export for revoked keys
...
We need the key and most recent self signature.
Signed-off-by: Christian Hesse <mail@eworm.de >
2017-10-17 12:09:39 +02:00
1c4f33d735
Do not export attribute user IDs (photo IDs)
...
There's no need to have images in pacman keyring...
Signed-off-by: Christian Hesse <mail@eworm.de >
2017-10-17 12:09:39 +02:00
0abfb04ebb
Update keyring
...
- add keys of new Trusted Users: zorin, shibumi, archangegabriel
- revoke keys of ex-TUs: flexiondotorg, dicebot
- revoke Dan's master key
Signed-off-by: Bartłomiej Piotrowski <bpiotrowski@archlinux.org >
2017-03-20 22:40:09 +01:00
5242dea788
GPG 2.1 compatibility
2015-02-07 10:28:34 +01:00
09a1d89a38
Support multiple keys per username
2013-09-26 22:55:57 +02:00
3e96a8f10f
Import all keys before cleaning them up
2013-06-10 14:18:32 +02:00
40ea22c053
Define a list of revoked keys
...
Use the file packager-revoked-keyids to revoke certain keys.
2013-05-25 12:48:49 +02:00
3146e710fb
pacman 4.0.3 no longer requires the keyring itself to be signed
2012-04-07 18:43:24 +02:00
ef2d7258f4
Use more reliable default keyserver; same as in pacman >= 4.0.3
2012-04-07 18:38:26 +02:00
b7dc439458
Simplify/cleanup update script
2012-03-31 18:40:22 +02:00
8c53bb72db
Revert "The keyring no longer needs to be signed"
...
This reverts commit 9f3a1ace76
.
Keep signatures until pacman 4.0.3 hits [core].
2012-03-21 09:07:08 +01:00
9f3a1ace76
The keyring no longer needs to be signed
2012-03-09 22:36:02 +01:00
15f80006f7
Only recreate signatures if needed
2012-03-04 18:39:11 +01:00
392c57b2bd
Minimize the master keys and remove any unneeded signature
2012-03-03 20:56:03 +01:00
183b5fb612
Create keyring that can be used by pacman-key --populate
...
We also remove unused signatures from the keys to keep the history more readable
2012-03-03 18:34:23 +01:00
ba1072bf86
Update gpg keys
2012-02-27 14:06:39 +01:00
bbd88abce4
Add ownertrust file for the master keys
2012-02-20 13:03:25 +01:00
f2101938ba
Verify packager keys using the master keys
...
The update script creates key files for master keys and all developers with fully trusted keys.
2012-02-12 22:42:01 +01:00
35a8c70457
Add keyid lists and update script
...
* The keyid lists are retreived from archweb
* The update script can be run to refresh all keys
2012-02-12 17:04:59 +01:00