condorcore-keyring

Author	SHA1	Message	Date
Christian Hesse	9cbe1e1414	update-keys: switch to keyserver keyserver.ubuntu.com As the SKS infrastructure is offline for good, we need to switch to keyserver.ubuntu.com for the time being. The Ubuntu keyservers to not support EC keys, thus we have to ignore failure when refreshing keys.	2021-08-02 13:23:39 +02:00
David Runge	1cf0aa446f	Add SPDX license identifier update-keys: Add SPDX license identifier for GPL-3.0-or-later.	2021-07-29 07:48:38 +02:00
Christian Hesse	129876cc3e	update-keys: (re-)enable web of trust We need web of trust to download the master key signatures... So enable it.	2020-06-29 09:42:13 +02:00
Christian Hesse	5f2b58b703	update-keys: also collect keys with marginal trust	2019-10-11 21:50:16 +02:00
Christian Hesse	4966bc9b46	Export with comment ... containing username and keyid	2019-10-07 23:39:04 +02:00
Christian Hesse	8f471cf44e	Do not export minimal, but clean	2019-10-07 23:36:09 +02:00
Christian Hesse	cf5ed9feeb	update-keys: do not minimize but export-minimal	2019-08-06 09:38:04 +02:00
Eli Schwartz	5cb23e4ce6	update-keys: don't restore cwd in a subprocess Using popd at the very end of a shell script is unnecessary, because, as the very last command, there is nothing to restore state for. Immediately after, the shell subprocess is ended, and processes don't control the cwd of the parent process. Changing the cwd for the last microsecond of the shell process, during which no commands are run, is a mildly expensive no-op. By the same measure, if popd is never used, pushd is not needed to record the old cwd. So simply use 'cd'. Signed-off-by: Christian Hesse <mail@eworm.de>	2019-08-06 09:35:52 +02:00
Eli Schwartz	c4264b6784	update-keys: move armor to gpg.conf This option only affects --export, and we always use armored keys. Signed-off-by: Christian Hesse <mail@eworm.de>	2019-08-06 09:35:52 +02:00
Eli Schwartz	cca61ee733	update-keys: move export-clean to gpg.conf instead of cleaning the keyring before export This has the same effect, but causes only the exported version of the key to be cleaned. Cleaning the internal copy doesn't matter. Signed-off-by: Christian Hesse <mail@eworm.de>	2019-08-06 09:35:52 +02:00
Eli Schwartz	44f69d009f	update-keys: use gpg.conf to persist versions It is easier than passing around a dozen options on the command line. Signed-off-by: Christian Hesse <mail@eworm.de>	2019-08-06 09:35:52 +02:00
Eli Schwartz	0d99720ded	update-keys: use array for $GPG Embedding quotes in a string doesn't work, it just causes KEYSERVER to not be quoted at all. Signed-off-by: Christian Hesse <mail@eworm.de>	2019-08-06 09:35:52 +02:00
Christian Hesse	35d91559ff	Modify the temporary master key generation	2019-01-23 23:12:15 +01:00
Christian Hesse	0e79570527	Rework the update process * use --refresh-keys if key is available, not --recv-keys * refresh/receive in one go	2019-01-23 22:37:38 +01:00
Christian Hesse	a48a66dfd6	Import archlinux.gpg into the temporary keyring This makes sure we do not loose signatures depending on key server used.	2019-01-23 10:27:58 +01:00
Christian Hesse	de4326f4d4	exit immediately on error Intermittent errors (due to broker network connectivity, key server failure, whatever ...) could result in an incomplete keyring. So exit immediately on error.	2017-10-19 10:47:12 +02:00
Christian Hesse	6f00b281f1	Revoke keys unconditionally	2017-10-17 14:01:23 +02:00
Christian Hesse	8e8d330967	Use minimal export for revoked keys We need the key and most recent self signature. Signed-off-by: Christian Hesse <mail@eworm.de>	2017-10-17 12:09:39 +02:00
Christian Hesse	1c4f33d735	Do not export attribute user IDs (photo IDs) There's no need to have images in pacman keyring... Signed-off-by: Christian Hesse <mail@eworm.de>	2017-10-17 12:09:39 +02:00
Bartłomiej Piotrowski	0abfb04ebb	Update keyring - add keys of new Trusted Users: zorin, shibumi, archangegabriel - revoke keys of ex-TUs: flexiondotorg, dicebot - revoke Dan's master key Signed-off-by: Bartłomiej Piotrowski <bpiotrowski@archlinux.org>	2017-03-20 22:40:09 +01:00
Pierre Schmitz	5242dea788	GPG 2.1 compatibility	2015-02-07 10:28:34 +01:00
Pierre Schmitz	09a1d89a38	Support multiple keys per username	2013-09-26 22:55:57 +02:00
Pierre Schmitz	3e96a8f10f	Import all keys before cleaning them up	2013-06-10 14:18:32 +02:00
Pierre Schmitz	40ea22c053	Define a list of revoked keys Use the file packager-revoked-keyids to revoke certain keys.	2013-05-25 12:48:49 +02:00
Pierre Schmitz	3146e710fb	pacman 4.0.3 no longer requires the keyring itself to be signed	2012-04-07 18:43:24 +02:00
Pierre Schmitz	ef2d7258f4	Use more reliable default keyserver; same as in pacman >= 4.0.3	2012-04-07 18:38:26 +02:00
Pierre Schmitz	b7dc439458	Simplify/cleanup update script	2012-03-31 18:40:22 +02:00
Pierre Schmitz	8c53bb72db	Revert "The keyring no longer needs to be signed" This reverts commit `9f3a1ace76`. Keep signatures until pacman 4.0.3 hits [core].	2012-03-21 09:07:08 +01:00
Pierre Schmitz	9f3a1ace76	The keyring no longer needs to be signed	2012-03-09 22:36:02 +01:00
Pierre Schmitz	15f80006f7	Only recreate signatures if needed	2012-03-04 18:39:11 +01:00
Pierre Schmitz	392c57b2bd	Minimize the master keys and remove any unneeded signature	2012-03-03 20:56:03 +01:00
Pierre Schmitz	183b5fb612	Create keyring that can be used by pacman-key --populate We also remove unused signatures from the keys to keep the history more readable	2012-03-03 18:34:23 +01:00
Pierre Schmitz	ba1072bf86	Update gpg keys	2012-02-27 14:06:39 +01:00
Pierre Schmitz	bbd88abce4	Add ownertrust file for the master keys	2012-02-20 13:03:25 +01:00
Pierre Schmitz	f2101938ba	Verify packager keys using the master keys The update script creates key files for master keys and all developers with fully trusted keys.	2012-02-12 22:42:01 +01:00
Pierre Schmitz	35a8c70457	Add keyid lists and update script * The keyid lists are retreived from archweb * The update script can be run to refresh all keys	2012-02-12 17:04:59 +01:00

36 Commits