[PATCH] Added gpg-agent.conf to disable the gnupg scdaemon This fixes an issue where smartcards, such a Yubikey, would cause the keyring to fail locally signing, thus also failing to verify signed packages.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] Added gpg-agent.conf to disable the gnupg scdaemon This fixes an issue where smartcards, such a Yubikey, would cause the keyring to fail locally signing, thus also failing to verify signed packages.

pacman-dev mailing list
Signed-off-by: Eric Renfro <[hidden email]>
---
 scripts/pacman-key.sh.in | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 5bf6c7a1..72b64aa4 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -210,6 +210,12 @@ initialize() {
  add_gpg_conf_option "$conffile" 'lock-never'
  add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
 
+ # gpg-agent.conf
+ agent_conffile="${PACMAN_KEYRING_DIR}/gpg-agent.conf"
+ [[ -f $agent_conffile ]] || touch "$agent_conffile"
+ chmod 644 "$agent_conffile"
+ add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
+
  # set up a private signing key (if none available)
  if [[ $(secret_keys_available) -lt 1 ]]; then
  generate_master_key
--
2.16.2