summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-09-21 17:53:44 -0500
committerDan McGee <dan@archlinux.org>2011-09-22 11:15:45 -0500
commit33685b960d3f05841cfac5696a0946396c448a34 (patch)
treee44b8f3c85733e2fdee22a165a4cafcd836e835d
parent595e1a437fab8d489736eff4811903aea4f5a38f (diff)
pacman-key: remove holdkeys functionality
We're putting the cart ahead of the horse a bit here. Given that our keyring is not one where everything is implicitly trusted (ala gpgv), keeping or deleting a key has no bearing on its trusted status, only whether we can actually verify things signed by said key. If we need to address this down the road, we can find a solution that works for the problem at hand rather than trying to solve it now before signing is even widespread. Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--doc/pacman-key.8.txt4
-rw-r--r--scripts/pacman-key.sh.in12
2 files changed, 1 insertions, 15 deletions
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 5f947284..225b352f 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -121,9 +121,7 @@ manually import to the pacman keyring. This prevents a potentially malicious
repository adding keys to the pacman keyring without the users knowledge.
A key being marked as revoked always takes priority over the key being added to
-the pacman keyring, regardless of the keyring it is provided in. To prevent a
-key from being revoked when using '\--populate', its ID can be listed in
-+{sysconfdir}/pacman.d/gnupg/holdkeys+.
+the pacman keyring, regardless of the keyring it is provided in.
See Also
--------
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index ad2eefe4..72725154 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -288,18 +288,6 @@ populate_keyring() {
fi
done
- # Read list of keys that must be kept installed and remove them from the list
- # of keys to be removed
- if [[ -f "${PACMAN_KEYRING_DIR}/holdkeys" ]]; then
- while read key; do
- key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
- if [[ -n "${revoked_ids[$key_id]}" ]]; then
- unset revoked_ids[$key_id]
- fi
- done < "${PACMAN_KEYRING_DIR}/holdkeys"
- fi
-
- # Remove the keys not marked to keep
if (( ${#revoked_ids[@]} > 0 )); then
msg "$(gettext "Disabling revoked keys in keyring...")"
for key_id in "${!revoked_ids[@]}"; do