summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-09-26 13:18:19 -0500
committerDan McGee <dan@archlinux.org>2011-10-05 22:00:52 -0500
commit484d5ec624f12220df809b63bba719105eafdb8f (patch)
treeda6373543e0fef7cb2b23bdbeaf65fd612f388bd
parentab7d2890a47f051a892b05b4d551de0e5c5c8282 (diff)
pacman-key: treat foo-trusted as an ownertrust export file
This allows it to serve double-duty. In order to allow users to base verification decisions off of both a valid signature and a trusted signature, we need to assign some level of owner trust to the keys we designate as trusted on import. Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--doc/pacman-key.8.txt6
-rw-r--r--scripts/pacman-key.sh.in24
2 files changed, 22 insertions, 8 deletions
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index d2da480f..1582a3ca 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -118,8 +118,10 @@ PGP keyring file `foo.gpg` that contains the keys for the foo keyring in the
directory +{pkgdatadir}/keyrings+.
Optionally, the file `foo-trusted` can be provided containing a list of trusted
-key IDs for that keyring. This file will inform the user which keys a user
-needs to verify and sign to build a local web of trust.
+key IDs for that keyring. This is a file in a format compatible with 'gpg
+\--export-ownertrust' output. This file will inform the user which keys a user
+needs to verify and sign to build a local web of trust, in addition to
+assigning provided owner trust values.
Also optionally, the file `foo-revoked` can be provided containing a list of
revoked key IDs for that keyring. Revoked is defined as "no longer valid for
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index da07492c..482e0468 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -215,7 +215,7 @@ verify_keyring_input() {
local ret=0;
local KEYRING_IMPORT_DIR='@pkgdatadir@/keyrings'
- # Verify signatures of keyring files and association revocation files if they exist
+ # Verify signatures of keyring files and trusted/revoked files if they exist
msg "$(gettext "Verifying keyring file signatures...")"
local keyring keyfile
for keyring in "${KEYRINGIDS[@]}"; do
@@ -278,14 +278,18 @@ populate_keyring() {
"${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
done
- # Read the trusted key IDs to an array. The conversion from whatever is inside the file
- # to key ids is important, because key ids are the only guarantee of identification
- # for the keys.
+ # Read the trusted key IDs to an array. Because this is an ownertrust
+ # file, we know we have the full 40 hex digit fingerprint values.
+ # Format of ownertrust dump file:
+ # 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:6:
+ # 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
local -A trusted_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
while read key; do
- key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
+ # skip comments; these are valid in this file
+ [[ $key = \#* ]] && continue
+ key_id="${key%%:*}"
if [[ -n ${key_id} ]]; then
# Mark this key to be lsigned
trusted_ids[$key_id]="${keyring}"
@@ -300,9 +304,17 @@ populate_keyring() {
msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
"${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}"
done
+ msg "$(gettext "Importing owner trust values...")"
+ for keyring in "${KEYRINGIDS[@]}"; do
+ if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
+ "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
+ fi
+ done
fi
- # Read the revoked key IDs to an array.
+ # Read the revoked key IDs to an array. The conversion from whatever is
+ # inside the file to key ids is important, because key ids are the only
+ # guarantee of identification for the keys.
local -A revoked_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then