Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2011-08-23 16:10:06 +1000
committerAllan McRae <allan@archlinux.org>2011-08-29 11:55:23 +1000
commite1b9f7b3005c4d6db9cc84e95a42d4beba6c7e24 (patch)
tree6a91a52daad9982bbbc5d1423014f6d338efaed1 /doc
parent29dede2eb76ab5a139d4e8236be1037a7a86b6e5 (diff)
pacman-key: rework and document holding keys in keyring
The HoldKey option was undocumented and was not suited for pacman.conf. Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list of keys not to be removed from the pacman keyring with the --populate option. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/pacman-key.8.txt8
1 files changed, 6 insertions, 2 deletions
diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index ff8d38df..3582b993 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -101,12 +101,16 @@ A distribution or other repository provided may want to provide a set of valid
PGP keys used in the signing of its packages and repository databases that can
be readily imported into the pacman keyring. This is achieved by providing a
PGP keyring file `foo.gpg` that contains the keys for the foo keyring in the
-directory +{pkgdatadir}/keyrings+. Optionally the file `foo-revoked` can be
+directory +{pkgdatadir}/keyrings+. Optionally the file `foo-revoked` can be
provided containing a list of revoked key IDs for that keyring. These files are
required to be signed (detached) by a trusted PGP key that the user must
-manually import to the pacman keyring. This prevents a potentially malicious
+manually import to the pacman keyring. This prevents a potentially malicious
repository adding keys to the pacman keyring without the users knowledge.
+A key being marked as revoked always takes priority over the key being added to
+the pacman keyring, regardless of the keyring it is provided in. To prevent a
+key from being revoked when using --populate, its ID can be listed in
++{sysconfdir}/pacman.d/gnupg/holdkeys+.
See Also
--------