FS#67123 - [archlinux-keyring] update script should use no-self-sigs-only
Attached to Project:
Arch Linux
Opened by Christoph Reiter (lazka) - Friday, 26 June 2020, 15:16 GMT
Last edited by Christian Hesse (eworm) - Monday, 29 June 2020, 07:44 GMT
Opened by Christoph Reiter (lazka) - Friday, 26 June 2020, 15:16 GMT
Last edited by Christian Hesse (eworm) - Monday, 29 June 2020, 07:44 GMT
|
Details
Description:
gnupg by default no longer downloads signatures which breaks the WOT in the keyring. pacman-key was changed last year to set "no-self-sigs-only" so the signatures are loaded as well -> https://git.archlinux.org/pacman.git/commit/scripts/pacman-key.sh.in?id=f49233903521f19a1fcba6bf6c36abea71309a1e I think https://git.archlinux.org/archlinux-keyring.git/tree/update-keys should also add "keyserver-options no-self-sigs-only" to the temporary gpg.conf it uses so signatures get included. (Context: I'm using a fork of this repo in MSYS2 and adding new packager keys no longer worked i.e. they are marked as not trusted without this option) |
This task depends upon
Closed by Christian Hesse (eworm)
Monday, 29 June 2020, 07:44 GMT
Reason for closing: Implemented
Additional comments about closing: Committed to git
Monday, 29 June 2020, 07:44 GMT
Reason for closing: Implemented
Additional comments about closing: Committed to git