[arch-dev-public] pacman root key issue with gnupg-2.1
Allan McRae
allan at archlinux.org
Mon Dec 1 02:14:34 UTC 2014
Hi all,
With GnuPG 2.1, they have tightened up on keys without a passphrase. We
don't have a passphrase on the root key in the pacman keyring... This
means that things like adding keys (pacman-key --recv-key <keyid>) now fail.
The pacman-4.1.2-7 has a patch to pacman-key that adds an option when
creating the initial key that allows passphraseless keys to work. The
only solution I can see to this problem is having everyone regenerate
their pacman root key.
Instructions:
make sure you have pacman >= 4.1.2-7 installed
rm -r /etc/pacman.d/gnupg
pacman-key --init
pacman-key --populate archlinux
readd any other keys you need
Of course, the original key generation will take a very, very, very long
time. So we will also have to encourage users to install haveged and
run it.
Or can a gnupg expert point out another way to deal with this change?
Allan
More information about the arch-dev-public
mailing list