Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#73334 - [archlinux-keyring] Please remove my key from archlinux-revoked

Attached to Project: Arch Linux
Opened by Gaetan Bisson (vesath) - Wednesday, 12 January 2022, 00:28 GMT
Last edited by Christian Hesse (eworm) - Friday, 11 February 2022, 21:15 GMT
Task Type Bug Report
Category Packages: Core
Status Assigned
Assigned To Pierre Schmitz (Pierre)
Christian Hesse (eworm)
David Runge (dvzrv)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 1
Private No


Every update of archlinux-keyring disables my key (fingerprint: 1A60DC44245D06FEF90623D6EEEEE2EEEE2EEEEE ) from the pacman keyring, even on local installs when I've manually signed this key as trusted. That is annoying since I then have to re-enable it every time.

Besides it should not be required anymore: I resigned as a developer two years ago so there's been ample time for my key to get disabled on every other install. And finally my key is not signed by any of the master keys so I don't see why it needs disabling.


This task depends upon

Comment by Christian Hesse (eworm) - Friday, 11 February 2022, 21:23 GMT
Chances are that someone updates a really old machine or fiddled with the keyring before... So we want to ships all the revocation certificates - probably forever.
Everything else is tooling from keyring repository, keyring packaging and pacman hooks. I do not think we want to change that. Any thoughts, dvzrv?

Steps you can take on your side:
* use a new key
* add another pacman hook that enables your key and runs after the general keyring hook
Comment by Gaetan Bisson (vesath) - Saturday, 12 February 2022, 00:36 GMT
Thanks for your suggestions. Changing keys is impractical and I'm already using a pacman hook which I'd like to get rid of.

However let me clarify that I am only asking for archlinux-keyring to stop disabling my key, as in line 377 of pacman-key (run by archlinux-keyring's install file) which does "printf 'disable\nquit\n' | gpg ...". This really does nothing but flip a bit somewhere.

Naturally I am not asking for the revocation certificates on the master key signatures to my key to be removed. And since my key has no more signatures from any master key it cannot be used for packaging. So there is no need to keep disabling it update after update.