table of contents
PACMAN-KEY(8) | Pacman Manual | PACMAN-KEY(8) |
NAME¶
pacman-key - manage pacman's list of trusted keys
SYNOPSIS¶
pacman-key [options] operation [targets]
DESCRIPTION¶
pacman-key is a wrapper script for GnuPG used to manage pacman’s keyring, which is the collection of PGP keys used to check signed packages and databases. It provides the ability to import and export keys, fetch keys from keyservers and update the key trust database.
More complex keyring management can be achieved using GnuPG directly combined with the --homedir option pointing at the pacman keyring (located in /etc/pacman.d/gnupg by default).
Invoking pacman-key consists of supplying an operation with any potential options and targets to operate on. Depending on the operation, a target may be a valid key identifier, filename, or directory.
OPERATIONS¶
-a, --add
-d, --delete
-e, --export
--edit-key
-f, --finger
-h, --help
--import
--import-trustdb
--init
-l, --list-keys
--list-sigs
--lsign-key
--nocolor
-r, --recv-keys
--refresh-keys
--populate
-u, --updatedb
-V, --version
-v, --verify
With only one argument given, assume that the signature is a detached signature, and look for a matching data file to verify by stripping the file extension. If no matching data file is found, fall back on GnuPG semantics and attempt to verify a file with an embedded signature.
OPTIONS¶
--config <file>
--gpgdir <dir>
--keyserver <keyserver>
PROVIDING A KEYRING FOR IMPORT¶
A distribution or other repository provided may want to provide a set of PGP keys used in the signing of its packages and repository databases that can be readily imported into the pacman keyring. This is achieved by providing a PGP keyring file foo.gpg that contains the keys for the foo keyring in the directory /usr/share/keyrings.
Optionally, the file foo-trusted can be provided containing a list of trusted key IDs for that keyring. This is a file in a format compatible with gpg --export-ownertrust output. This file will inform the user which keys a user needs to verify and sign to build a local web of trust, in addition to assigning provided owner trust values.
Also optionally, the file foo-revoked can be provided containing a list of revoked key IDs for that keyring. Revoked is defined as "no longer valid for any signing", so should be used with prudence. A key being marked as revoked will be disabled in the keyring and no longer treated as valid, so this always takes priority over it’s trusted state in any other keyring.
SEE ALSO¶
See the pacman website at https://archlinux.org/pacman/ for current information on pacman and its related tools.
BUGS¶
Bugs? You must be kidding; there are no bugs in this software. But if we happen to be wrong, submit a bug report with as much detail as possible at the Arch Linux Bug Tracker in the Pacman section.
AUTHORS¶
Current maintainers:
Past major contributors:
For additional contributors, use git shortlog -s on the pacman.git repository.
2024-03-27 | Pacman 6.0.2 |