pacman-key: treat foo-trusted as an ownertrust export file

This allows it to serve double-duty. In order to allow users to base
verification decisions off of both a valid signature and a trusted
signature, we need to assign some level of owner trust to the keys we
designate as trusted on import.

Signed-off-by: Dan McGee <dan@archlinux.org>

2 files changed, 22 insertions, 8 deletions

diff --git a/doc/pacman-key.8.txt b/doc/pacman-key.8.txt
index 46115cb3..902d52fe 100644
--- a/doc/pacman-key.8.txt
+++ b/doc/pacman-key.8.txt
@@ -120,8 +120,10 @@ PGP keyring file `foo.gpg` that contains the keys for the foo keyring in the
 directory +{pkgdatadir}/keyrings+.
 
 Optionally, the file `foo-trusted` can be provided containing a list of trusted
-key IDs for that keyring. This file will inform the user which keys a user
-needs to verify and sign to build a local web of trust.
+key IDs for that keyring. This is a file in a format compatible with 'gpg
+\--export-ownertrust' output. This file will inform the user which keys a user
+needs to verify and sign to build a local web of trust, in addition to
+assigning provided owner trust values.
 
 Also optionally, the file `foo-revoked` can be provided containing a list of
 revoked key IDs for that keyring. Revoked is defined as "no longer valid for
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index c1c23973..04993047 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -215,7 +215,7 @@ verify_keyring_input() {
 	local ret=0;
 	local KEYRING_IMPORT_DIR='@pkgdatadir@/keyrings'
 
-	# Verify signatures of keyring files and association revocation files if they exist
+	# Verify signatures of keyring files and trusted/revoked files if they exist
 	msg "$(gettext "Verifying keyring file signatures...")"
 	local keyring keyfile
 	for keyring in "${KEYRINGIDS[@]}"; do
@@ -278,14 +278,18 @@ populate_keyring() {
 		"${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
 	done
 
-	# Read the trusted key IDs to an array. The conversion from whatever is inside the file
-	# to key ids is important, because key ids are the only guarantee of identification
-	# for the keys.
+	# Read the trusted key IDs to an array. Because this is an ownertrust
+	# file, we know we have the full 40 hex digit fingerprint values.
+	# Format of ownertrust dump file:
+	#  40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:6:
+	#  40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
 	local -A trusted_ids
 	for keyring in "${KEYRINGIDS[@]}"; do
 		if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
 			while read key; do
-				key_id="$("${GPG_PACMAN[@]}" --quiet --with-colons --list-key "${key}" 2>/dev/null | grep ^pub | cut -d: -f5)"
+				# skip comments; these are valid in this file
+				[[ $key = \#* ]] && continue
+				key_id="${key%%:*}"
 				if [[ -n ${key_id} ]]; then
 					# Mark this key to be lsigned
 					trusted_ids[$key_id]="${keyring}"
@@ -300,9 +304,17 @@ populate_keyring() {
 			msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
 			"${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}"
 		done
+		msg "$(gettext "Importing owner trust values...")"
+		for keyring in "${KEYRINGIDS[@]}"; do
+			if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
+				"${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
+			fi
+		done
 	fi
 
-	# Read the revoked key IDs to an array.
+	# Read the revoked key IDs to an array. The conversion from whatever is
+	# inside the file to key ids is important, because key ids are the only
+	# guarantee of identification for the keys.
 	local -A revoked_ids
 	for keyring in "${KEYRINGIDS[@]}"; do
 		if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-revoked" ]]; then