pacman-key: rework importing distro/repo provided keyrings

The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided.  A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.

This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings.  A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids.  These files are
required to be signed (detached) by a key trusted by pacman-key, in
practice probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.

Signed-off-by: Allan McRae <allan@archlinux.org>

1 files changed, 6 insertions, 2 deletions

diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 9dc175cf..f61c2eca 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -80,8 +80,12 @@ Options
 *-r, \--receive* <keyserver> <keyid(s)>::
 	Fetch the specified keyids from the specified key server URL.
 
-*\--reload*::
-	Reloads the keys from the keyring package.
+*\--populate* [<keyring(s)>]::
+	Reload the default keys from the (optionally provided) keyrings in
+	+{pkgdatadir}/keyrings+. Each keyring is provided in a file foo.gpg that
+	contains the keys for the foo keyring. Optionally the file foo-revoked
+	contains a list of revoked key IDs for that keyring. These files are
+	required to be signed (detached) by a trusted PGP key.
 
 *-u, \--updatedb*::
 	Equivalent to \--check-trustdb in GnuPG.