FS#67123 : [archlinux-keyring] update script should use no-self-sigs-only

FS#67123 - [archlinux-keyring] update script should use no-self-sigs-only

Attached to Project: Arch Linux
Opened by Christoph Reiter (lazka) - Friday, 26 June 2020, 15:16 GMT
Last edited by Christian Hesse (eworm) - Monday, 29 June 2020, 07:44 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Christian Hesse (eworm)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:

gnupg by default no longer downloads signatures which breaks the WOT in the keyring.

pacman-key was changed last year to set "no-self-sigs-only" so the signatures are loaded as well -> https://git.archlinux.org/pacman.git/commit/scripts/pacman-key.sh.in?id=f49233903521f19a1fcba6bf6c36abea71309a1e

I think https://git.archlinux.org/archlinux-keyring.git/tree/update-keys should also add "keyserver-options no-self-sigs-only" to the temporary gpg.conf it uses so signatures get included.

(Context: I'm using a fork of this repo in MSYS2 and adding new packager keys no longer worked i.e. they are marked as not trusted without this option)

This task depends upon

Closed by Christian Hesse (eworm)
Monday, 29 June 2020, 07:44 GMT
Reason for closing: Implemented
Additional comments about closing: Committed to git

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#67123 - [archlinux-keyring] update script should use no-self-sigs-only

Details

Loading...