2010-11-20 08:15:05 -05:00
|
|
|
/////
|
2011-06-22 12:06:34 -04:00
|
|
|
vim:set ts=4 sw=4 syntax=asciidoc noet spell spelllang=en_us:
|
2010-11-20 08:15:05 -05:00
|
|
|
/////
|
|
|
|
pacman-key(8)
|
|
|
|
=============
|
|
|
|
|
|
|
|
|
|
|
|
Name
|
|
|
|
----
|
|
|
|
pacman-key - manage pacman's list of trusted keys
|
|
|
|
|
|
|
|
|
|
|
|
Synopsis
|
|
|
|
--------
|
2011-07-08 08:30:09 -04:00
|
|
|
'pacman-key' [options]
|
2010-11-20 08:15:05 -05:00
|
|
|
|
|
|
|
|
|
|
|
Description
|
|
|
|
-----------
|
2011-07-08 08:30:09 -04:00
|
|
|
'pacman-key' is a wrapper script for GnuPG used to manage pacman's keyring, which
|
|
|
|
is the collection of PGP keys used to check signed packages and databases. It
|
|
|
|
provides the ability to import and export keys, fetch keys from keyservers and
|
|
|
|
update the key trust database.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-07-08 08:30:09 -04:00
|
|
|
More complex keyring management can be achieved using GnuPG directly combined with
|
2011-09-01 16:04:28 -04:00
|
|
|
the '\--homedir' option pointing at the pacman keyring (located in
|
2011-07-08 08:30:09 -04:00
|
|
|
+{sysconfdir}/pacman.d/gnupg+ by default).
|
2010-11-20 08:15:05 -05:00
|
|
|
|
|
|
|
|
2011-07-08 08:30:09 -04:00
|
|
|
Options
|
2010-11-20 08:15:05 -05:00
|
|
|
-------
|
2011-07-08 08:30:09 -04:00
|
|
|
*-a, \--add* [file(s)]::
|
2011-03-23 02:53:44 -04:00
|
|
|
Add the key(s) contained in the specified file or files to pacman's
|
|
|
|
keyring. If a key already exists, update it.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-07-08 08:30:09 -04:00
|
|
|
*\--config* <file>::
|
|
|
|
Use an alternate config file instead of the +{sysconfdir}/pacman.conf+
|
|
|
|
default.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-07-08 08:30:09 -04:00
|
|
|
*-d, \--delete* <keyid(s)>::
|
|
|
|
Remove the key(s) identified by the specified keyid(s) from pacman's
|
2011-03-23 02:53:44 -04:00
|
|
|
keyring.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-07-08 08:30:09 -04:00
|
|
|
*-e, \--export* [keyid(s)]::
|
|
|
|
Export key(s) identified by the specified keyid(s) to 'stdout'. If no keyid
|
|
|
|
is specified, all keys will be exported.
|
|
|
|
|
2011-08-20 03:28:07 -04:00
|
|
|
*\--edit-key* <keyid(s)>::
|
2011-09-01 16:04:28 -04:00
|
|
|
Present a menu for key management task on the specified keyid(s). Useful
|
|
|
|
for adjusting a keys trust level.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-07-08 08:30:09 -04:00
|
|
|
*-f, \--finger* [keyid(s)]::
|
2011-03-23 02:53:44 -04:00
|
|
|
List a fingerprint for each specified keyid, or for all known keys if no
|
|
|
|
keyids are specified.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-07-08 08:30:09 -04:00
|
|
|
*\--gpgdir* <dir>::
|
|
|
|
Set an alternate home directory for GnuPG. If unspecified, the value is
|
|
|
|
read from +{sysconfdir}/pacman.conf+.
|
|
|
|
|
2011-03-23 02:53:44 -04:00
|
|
|
*-h, \--help*::
|
|
|
|
Output syntax and command line options.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-09-01 16:04:28 -04:00
|
|
|
*\--import* <dir(s)>::
|
2011-07-19 08:52:07 -04:00
|
|
|
Adds keys from pubring.gpg into pacman's keyring and imports ownertrust
|
|
|
|
values from trustdb.gpg in the specified directories.
|
|
|
|
|
2011-09-01 16:04:28 -04:00
|
|
|
*\--import-dirs* <dir(s)> ::
|
2011-07-19 08:52:07 -04:00
|
|
|
Imports ownertrust values from trustdb.gpg in the specified directories.
|
|
|
|
|
2011-09-01 16:04:28 -04:00
|
|
|
*\--init*::
|
2011-07-09 03:26:17 -04:00
|
|
|
Ensure the keyring is properly initialized and has the required access
|
|
|
|
permissions.
|
|
|
|
|
2011-09-01 16:20:53 -04:00
|
|
|
*\--keyserver* <keyserver>::
|
|
|
|
Use the specified keyserver if the operation requires one. This will take
|
|
|
|
precedence over any keyserver option specified in a `gpg.conf`
|
|
|
|
configuration file. Running '\--init' with this option will set the default
|
|
|
|
keyserver if one was not already configured.
|
|
|
|
|
2011-07-29 22:24:46 -04:00
|
|
|
*-l, \--list-keys* [keyid(s)]::
|
|
|
|
Lists all or specified keys from the public keyring.
|
|
|
|
|
2011-09-01 16:04:28 -04:00
|
|
|
*\--list-sigs* [keyid(s)]::
|
|
|
|
Same as '\--list-keys', but the signatures are listed too.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-09-01 15:47:33 -04:00
|
|
|
*\--lsign-key* <keyid>::
|
|
|
|
Locally sign the given key. This is primarily used to root the web of trust
|
2011-09-01 16:04:28 -04:00
|
|
|
in the local private key generated by '\--init'.
|
2011-09-01 15:47:33 -04:00
|
|
|
|
2011-09-01 16:20:53 -04:00
|
|
|
*-r, \--recv-keys* <keyid(s)>::
|
|
|
|
Equivalent to '\--recv-keys' in GnuPG.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-09-01 16:29:25 -04:00
|
|
|
*\--refresh-keys* [keyid(s)]::
|
|
|
|
Equivalent to '\--refresh-keys' in GnuPG.
|
|
|
|
|
2011-09-01 16:04:28 -04:00
|
|
|
*\--populate* [keyring(s)]::
|
2011-08-15 08:51:58 -04:00
|
|
|
Reload the default keys from the (optionally provided) keyrings in
|
2011-08-23 01:46:46 -04:00
|
|
|
+{pkgdatadir}/keyrings+. For more information, see
|
|
|
|
<<SC,Providing a Keyring for Import>> below.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-03-23 02:53:44 -04:00
|
|
|
*-u, \--updatedb*::
|
2011-09-01 16:04:28 -04:00
|
|
|
Equivalent to '\--check-trustdb' in GnuPG.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
2011-08-20 03:28:07 -04:00
|
|
|
*-v, \--verify* <signature>::
|
2011-07-08 21:41:04 -04:00
|
|
|
Verify the given signature file.
|
|
|
|
|
|
|
|
*-V, \--version*::
|
2011-03-23 02:53:44 -04:00
|
|
|
Displays the program version.
|
2010-11-20 08:15:05 -05:00
|
|
|
|
|
|
|
|
2011-08-23 01:46:46 -04:00
|
|
|
Providing a Keyring for Import
|
|
|
|
------------------------------
|
2011-09-21 18:51:02 -04:00
|
|
|
A distribution or other repository provided may want to provide a set of
|
2011-08-23 01:46:46 -04:00
|
|
|
PGP keys used in the signing of its packages and repository databases that can
|
2011-09-21 18:51:02 -04:00
|
|
|
be readily imported into the pacman keyring. This is achieved by providing a
|
2011-08-23 01:46:46 -04:00
|
|
|
PGP keyring file `foo.gpg` that contains the keys for the foo keyring in the
|
2011-09-21 18:51:02 -04:00
|
|
|
directory +{pkgdatadir}/keyrings+.
|
|
|
|
|
|
|
|
Optionally, the file `foo-trusted` can be provided containing a list of trusted
|
|
|
|
key IDs for that keyring. This file will inform the user which keys a user
|
|
|
|
needs to verify and sign to build a local web of trust.
|
|
|
|
|
|
|
|
Also optionally, the file `foo-revoked` can be provided containing a list of
|
|
|
|
revoked key IDs for that keyring. Revoked is defined as "no longer valid for
|
|
|
|
any signing", so should be used with prudence. A key being marked as revoked
|
|
|
|
will be disabled in the keyring and no longer treated as valid, so this always
|
|
|
|
takes priority over it's trusted state in any other keyring.
|
|
|
|
|
|
|
|
All files are required to be signed (detached) by a trusted PGP key that the
|
|
|
|
user must manually import to the pacman keyring. This prevents a potentially
|
|
|
|
malicious repository adding keys to the pacman keyring without the users
|
|
|
|
knowledge.
|
|
|
|
|
2011-08-23 01:46:46 -04:00
|
|
|
|
2010-11-20 08:15:05 -05:00
|
|
|
See Also
|
|
|
|
--------
|
2011-03-23 02:53:44 -04:00
|
|
|
linkman:pacman[8], linkman:pacman.conf[5]
|
2010-11-20 08:15:05 -05:00
|
|
|
|
|
|
|
include::footer.txt[]
|