moparisthebest/pacman
1
0
Fork 0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-10 19:45:01 -05:00
Code Issues Releases Wiki Activity
d1240f67ea
pacman/doc/pacman-key.8.txt
Allan McRae d1240f67ea pacman-key: rework importing distro/repo provided keyrings 
The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided.  A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.

This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings.  A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids.  These files are
required to be signed (detached) by a key trusted by pacman-key, in
practice probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29 11:55:22 +10:00

105 lines
2.9 KiB
Plaintext
Raw Blame History

/////
vim:set ts=4 sw=4 syntax=asciidoc noet spell spelllang=en_us:
/////
pacman-key(8)
=============
Name
----
pacman-key - manage pacman's list of trusted keys
Synopsis
--------
'pacman-key' [options]
Description
-----------
'pacman-key' is a wrapper script for GnuPG used to manage pacman's keyring, which
is the collection of PGP keys used to check signed packages and databases. It
provides the ability to import and export keys, fetch keys from keyservers and
update the key trust database.
More complex keyring management can be achieved using GnuPG directly combined with
the `--homedir` option pointing at the pacman keyring (located in
+{sysconfdir}/pacman.d/gnupg+ by default).
Options
-------
*-a, \--add* [file(s)]::
Add the key(s) contained in the specified file or files to pacman's
keyring. If a key already exists, update it.
*\--config* <file>::
Use an alternate config file instead of the +{sysconfdir}/pacman.conf+
default.
*-d, \--delete* <keyid(s)>::
Remove the key(s) identified by the specified keyid(s) from pacman's
keyring.
*-e, \--export* [keyid(s)]::
Export key(s) identified by the specified keyid(s) to 'stdout'. If no keyid
is specified, all keys will be exported.
*\--edit-key* <keyid(s)>::
Present a menu for key management task on the specified keyids. Useful for
adjusting a keys trust level.
*-f, \--finger* [keyid(s)]::
List a fingerprint for each specified keyid, or for all known keys if no
keyids are specified.
*\--gpgdir* <dir>::
Set an alternate home directory for GnuPG. If unspecified, the value is
read from +{sysconfdir}/pacman.conf+.
*-h, \--help*::
Output syntax and command line options.
*--import* <dir(s)>::
Adds keys from pubring.gpg into pacman's keyring and imports ownertrust
values from trustdb.gpg in the specified directories.
*--import-dirs* <dir(s)> ::
Imports ownertrust values from trustdb.gpg in the specified directories.
*--init*::
Ensure the keyring is properly initialized and has the required access
permissions.
*-l, \--list-keys* [keyid(s)]::
Lists all or specified keys from the public keyring.
*--list-sigs* [keyid(s)]::
Same as --list-keys, but the signatures are listed too.
*-r, \--receive* <keyserver> <keyid(s)>::
Fetch the specified keyids from the specified key server URL.
*\--populate* [<keyring(s)>]::
Reload the default keys from the (optionally provided) keyrings in
+{pkgdatadir}/keyrings+. Each keyring is provided in a file foo.gpg that
contains the keys for the foo keyring. Optionally the file foo-revoked
contains a list of revoked key IDs for that keyring. These files are
required to be signed (detached) by a trusted PGP key.
*-u, \--updatedb*::
Equivalent to \--check-trustdb in GnuPG.
*-v, \--verify* <signature>::
Verify the given signature file.
*-V, \--version*::
Displays the program version.
See Also
--------
linkman:pacman[8], linkman:pacman.conf[5]
include::footer.txt[]
Reference in New Issue View Git Blame Copy Permalink