pacman-key: treat foo-trusted as an ownertrust export file
This allows it to serve double-duty. In order to allow users to base verification decisions off of both a valid signature and a trusted signature, we need to assign some level of owner trust to the keys we designate as trusted on import. Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
parent
ab7d2890a4
commit
484d5ec624
|
@ -118,8 +118,10 @@ PGP keyring file `foo.gpg` that contains the keys for the foo keyring in the
|
|||
directory +{pkgdatadir}/keyrings+.
|
||||
|
||||
Optionally, the file `foo-trusted` can be provided containing a list of trusted
|
||||
key IDs for that keyring. This file will inform the user which keys a user
|
||||
needs to verify and sign to build a local web of trust.
|
||||
key IDs for that keyring. This is a file in a format compatible with 'gpg
|
||||
\--export-ownertrust' output. This file will inform the user which keys a user
|
||||
needs to verify and sign to build a local web of trust, in addition to
|
||||
assigning provided owner trust values.
|
||||
|
||||
Also optionally, the file `foo-revoked` can be provided containing a list of
|
||||
revoked key IDs for that keyring. Revoked is defined as "no longer valid for
|
||||
|
|
|
@ -215,7 +215,7 @@ verify_keyring_input() {
|
|||
local ret=0;
|
||||
local KEYRING_IMPORT_DIR='@pkgdatadir@/keyrings'
|
||||
|
||||
# Verify signatures of keyring files and association revocation files if they exist
|
||||
# Verify signatures of keyring files and trusted/revoked files if they exist
|
||||
msg "$(gettext "Verifying keyring file signatures...")"
|
||||
local keyring keyfile
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
|
@ -278,14 +278,18 @@ populate_keyring() {
|
|||
"${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
|
||||
done
|
||||
|
||||
# Read the trusted key IDs to an array. The conversion from whatever is inside the file
|
||||
# to key ids is important, because key ids are the only guarantee of identification
|
||||
# for the keys.
|
||||
# Read the trusted key IDs to an array. Because this is an ownertrust
|
||||
# file, we know we have the full 40 hex digit fingerprint values.
|
||||
# Format of ownertrust dump file:
|
||||
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:6:
|
||||
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
|
||||
local -A trusted_ids
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
|
||||
while read key; do
|
||||
key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
|
||||
# skip comments; these are valid in this file
|
||||
[[ $key = \#* ]] && continue
|
||||
key_id="${key%%:*}"
|
||||
if [[ -n ${key_id} ]]; then
|
||||
# Mark this key to be lsigned
|
||||
trusted_ids[$key_id]="${keyring}"
|
||||
|
@ -300,9 +304,17 @@ populate_keyring() {
|
|||
msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
|
||||
"${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}"
|
||||
done
|
||||
msg "$(gettext "Importing owner trust values...")"
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
|
||||
"${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
# Read the revoked key IDs to an array.
|
||||
# Read the revoked key IDs to an array. The conversion from whatever is
|
||||
# inside the file to key ids is important, because key ids are the only
|
||||
# guarantee of identification for the keys.
|
||||
local -A revoked_ids
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then
|
||||
|
|
Loading…
Reference in New Issue