pacman-key: Improve documentation for --populate

Signed-off-by: Allan McRae <allan@archlinux.org>
2024-12-22 15:58:50 -05:00 · 2011-08-23 15:46:46 +10:00 · 2011-08-23 15:46:46 +10:00 · 29dede2eb7
commit 29dede2eb7
parent cab1379a1a
1 changed files with 15 additions and 4 deletions
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@ -82,10 +82,8 @@ Options

 *\--populate* [<keyring(s)>]::
 	Reload the default keys from the (optionally provided) keyrings in
-	+{pkgdatadir}/keyrings+. Each keyring is provided in a file foo.gpg that
-	contains the keys for the foo keyring. Optionally the file foo-revoked
-	contains a list of revoked key IDs for that keyring. These files are
-	required to be signed (detached) by a trusted PGP key.
+	+{pkgdatadir}/keyrings+. For more information, see
+	<<SC,Providing a Keyring for Import>> below.

 *-u, \--updatedb*::
 	Equivalent to \--check-trustdb in GnuPG.
@ -97,6 +95,19 @@ Options
 	Displays the program version.


+Providing a Keyring for Import
+------------------------------
+A distribution or other repository provided may want to provide a set of valid
+PGP keys used in the signing of its packages and repository databases that can
+be readily imported into the pacman keyring.  This is achieved by providing a
+PGP keyring file `foo.gpg` that contains the keys for the foo keyring in the
+directory +{pkgdatadir}/keyrings+.  Optionally the file `foo-revoked` can be
+provided containing a list of revoked key IDs for that keyring. These files are
+required to be signed (detached) by a trusted PGP key that the user must
+manually import to the pacman keyring.  This prevents a potentially malicious
+repository adding keys to the pacman keyring without the users knowledge.
+
+
 See Also
 --------
 linkman:pacman[8], linkman:pacman.conf[5]