summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2011-08-23 16:10:06 +1000
committerAllan McRae <allan@archlinux.org>2011-08-29 11:55:23 +1000
commite1b9f7b3005c4d6db9cc84e95a42d4beba6c7e24 (patch)
tree6a91a52daad9982bbbc5d1423014f6d338efaed1 /scripts
parent29dede2eb76ab5a139d4e8236be1037a7a86b6e5 (diff)
pacman-key: rework and document holding keys in keyring
The HoldKey option was undocumented and was not suited for pacman.conf. Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list of keys not to be removed from the pacman keyring with the --populate option. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts')
-rw-r--r--scripts/pacman-key.sh.in12
1 files changed, 5 insertions, 7 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 6a350af6..7b9f80ba 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -232,17 +232,15 @@ populate_keyring() {
fi
done
- # List of keys that must be kept installed, even if in the list of keys to be removed
- local HOLD_KEYS="$(get_from "$CONFIG" "HoldKeys")"
-
- # Remove the keys that must be kept from the set of keys that should be removed
- if [[ -n ${HOLD_KEYS} ]]; then
- for key in ${HOLD_KEYS}; do
+ # Read list of keys that must be kept installed and remove them from the list
+ # of keys to be removed
+ if [[ -f "${PACMAN_KEYRING_DIR}/holdkeys" ]]; then
+ while read key; do
key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" | grep ^pub | cut -d: -f5)"
if [[ -n "${removed_ids[$key_id]}" ]]; then
unset removed_ids[$key_id]
fi
- done
+ done < "${PACMAN_KEYRING_DIR}/holdkeys"
fi
# Remove the keys not marked to keep