Christian Hesse
4966bc9b46
Export with comment
...
... containing username and keyid
2019-10-07 23:39:04 +02:00
Christian Hesse
8f471cf44e
Do not export minimal, but clean
2019-10-07 23:36:09 +02:00
Christian Hesse
cf5ed9feeb
update-keys: do not minimize but export-minimal
2019-08-06 09:38:04 +02:00
Eli Schwartz
5cb23e4ce6
update-keys: don't restore cwd in a subprocess
...
Using popd at the very end of a shell script is unnecessary, because, as
the very last command, there is nothing to restore state for.
Immediately after, the shell subprocess is ended, and processes don't
control the cwd of the parent process. Changing the cwd for the last
microsecond of the shell process, during which no commands are run, is
a mildly expensive no-op.
By the same measure, if popd is never used, pushd is not needed to
record the old cwd. So simply use 'cd'.
Signed-off-by: Christian Hesse <mail@eworm.de>
2019-08-06 09:35:52 +02:00
Eli Schwartz
c4264b6784
update-keys: move armor to gpg.conf
...
This option only affects --export, and we always use armored keys.
Signed-off-by: Christian Hesse <mail@eworm.de>
2019-08-06 09:35:52 +02:00
Eli Schwartz
cca61ee733
update-keys: move export-clean to gpg.conf instead of cleaning the keyring before export
...
This has the same effect, but causes only the exported version of the
key to be cleaned. Cleaning the internal copy doesn't matter.
Signed-off-by: Christian Hesse <mail@eworm.de>
2019-08-06 09:35:52 +02:00
Eli Schwartz
44f69d009f
update-keys: use gpg.conf to persist versions
...
It is easier than passing around a dozen options on the command line.
Signed-off-by: Christian Hesse <mail@eworm.de>
2019-08-06 09:35:52 +02:00
Eli Schwartz
0d99720ded
update-keys: use array for $GPG
...
Embedding quotes in a string doesn't work, it just causes KEYSERVER to
not be quoted at all.
Signed-off-by: Christian Hesse <mail@eworm.de>
2019-08-06 09:35:52 +02:00
Christian Hesse
35d91559ff
Modify the temporary master key generation
2019-01-23 23:12:15 +01:00
Christian Hesse
0e79570527
Rework the update process
...
* use --refresh-keys if key is available, not --recv-keys
* refresh/receive in one go
2019-01-23 22:37:38 +01:00
Christian Hesse
a48a66dfd6
Import archlinux.gpg into the temporary keyring
...
This makes sure we do not loose signatures depending on key server used.
2019-01-23 10:27:58 +01:00
Christian Hesse
de4326f4d4
exit immediately on error
...
Intermittent errors (due to broker network connectivity, key server
failure, whatever ...) could result in an incomplete keyring. So exit
immediately on error.
2017-10-19 10:47:12 +02:00
Christian Hesse
6f00b281f1
Revoke keys unconditionally
2017-10-17 14:01:23 +02:00
Christian Hesse
8e8d330967
Use minimal export for revoked keys
...
We need the key and most recent self signature.
Signed-off-by: Christian Hesse <mail@eworm.de>
2017-10-17 12:09:39 +02:00
Christian Hesse
1c4f33d735
Do not export attribute user IDs (photo IDs)
...
There's no need to have images in pacman keyring...
Signed-off-by: Christian Hesse <mail@eworm.de>
2017-10-17 12:09:39 +02:00
Bartłomiej Piotrowski
0abfb04ebb
Update keyring
...
- add keys of new Trusted Users: zorin, shibumi, archangegabriel
- revoke keys of ex-TUs: flexiondotorg, dicebot
- revoke Dan's master key
Signed-off-by: Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
2017-03-20 22:40:09 +01:00
Pierre Schmitz
5242dea788
GPG 2.1 compatibility
2015-02-07 10:28:34 +01:00
Pierre Schmitz
09a1d89a38
Support multiple keys per username
2013-09-26 22:55:57 +02:00
Pierre Schmitz
3e96a8f10f
Import all keys before cleaning them up
2013-06-10 14:18:32 +02:00
Pierre Schmitz
40ea22c053
Define a list of revoked keys
...
Use the file packager-revoked-keyids to revoke certain keys.
2013-05-25 12:48:49 +02:00
Pierre Schmitz
3146e710fb
pacman 4.0.3 no longer requires the keyring itself to be signed
2012-04-07 18:43:24 +02:00
Pierre Schmitz
ef2d7258f4
Use more reliable default keyserver; same as in pacman >= 4.0.3
2012-04-07 18:38:26 +02:00
Pierre Schmitz
b7dc439458
Simplify/cleanup update script
2012-03-31 18:40:22 +02:00
Pierre Schmitz
8c53bb72db
Revert "The keyring no longer needs to be signed"
...
This reverts commit 9f3a1ace76
.
Keep signatures until pacman 4.0.3 hits [core].
2012-03-21 09:07:08 +01:00
Pierre Schmitz
9f3a1ace76
The keyring no longer needs to be signed
2012-03-09 22:36:02 +01:00
Pierre Schmitz
15f80006f7
Only recreate signatures if needed
2012-03-04 18:39:11 +01:00
Pierre Schmitz
392c57b2bd
Minimize the master keys and remove any unneeded signature
2012-03-03 20:56:03 +01:00
Pierre Schmitz
183b5fb612
Create keyring that can be used by pacman-key --populate
...
We also remove unused signatures from the keys to keep the history more readable
2012-03-03 18:34:23 +01:00
Pierre Schmitz
ba1072bf86
Update gpg keys
2012-02-27 14:06:39 +01:00
Pierre Schmitz
bbd88abce4
Add ownertrust file for the master keys
2012-02-20 13:03:25 +01:00
Pierre Schmitz
f2101938ba
Verify packager keys using the master keys
...
The update script creates key files for master keys and all developers with fully trusted keys.
2012-02-12 22:42:01 +01:00
Pierre Schmitz
35a8c70457
Add keyid lists and update script
...
* The keyid lists are retreived from archweb
* The update script can be run to refresh all keys
2012-02-12 17:04:59 +01:00