diff options
| author | Kristian Klausen <kristian@klausen.dk> | 2022-09-10 16:36:55 +0200 |
|---|---|---|
| committer | Allan McRae <allan@archlinux.org> | 2022-10-02 11:26:04 +1000 |
| commit | 958475a7cfb400512908e3848cce73bebf243b21 (patch) | |
| tree | e8ae89599642557e640b8e7f640ad9cb51f5fae9 /scripts/pacman-key.sh.in | |
| parent | 4b21c60e503706bbf99179d520358857046655f1 (diff) | |
pacman-key: Don't check gpg's trustdb after each key revocation
The trustdb is marked as dirty when a key is revoked[1] and GPG will
recheck it the next time. Checking the trustdb can take 300-500ms which
with 52 revoked keys (and counting) adds up.
This is very noticeable when initializing and populating pacman's
keyring like archiso is doing[2]. It is also unnecessary as the trustdb
is always checked as the last step when populating the keyring.
[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keyedit.c;h=1cb62de8a87a823e06b2ed74efdc9e7a4cd99e2b;hb=refs/heads/STABLE-BRANCH-2-2#l6509
[2] https://gitlab.archlinux.org/archlinux/archiso/-/issues/191
(cherry picked from commit 673ce1ab10a652948f4f62bbbe8d12c5f4932cb0)
Diffstat (limited to 'scripts/pacman-key.sh.in')
| -rw-r--r-- | scripts/pacman-key.sh.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in index f7f1dd61..913f2c39 100644 --- a/scripts/pacman-key.sh.in +++ b/scripts/pacman-key.sh.in @@ -374,7 +374,7 @@ populate_keyring() { if (( VERBOSE )); then msg2 "$(gettext "Disabling key %s...")" "${key_id}" fi - printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null + printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}" --command-fd 0 --no-auto-check-trustdb --quiet --batch --edit-key "${key_id}" 2>/dev/null key_count=$((key_count+1)) done if (( key_count )); then |