Working with a system-shared keyring
Andreas Heinlein
aheinlein at gmx.com
Thu Jun 2 11:57:30 CEST 2011
Am 02.06.2011 00:41, schrieb Dan McGee:
> So my questions are:
> 1. Does anyone else have experience with a shared among users keyring?
> 2. What is best/secure practice when it comes to this? Outside of
> --lock-never, yum does something that seems silly, but works- make a
> user-owned copy of the entire keyring directory and then uses that.
> 3. gpgme doesn't allow us to bypass the trustdb.gpg locking; is there
> any possibility of allowing gpgme to run with --lock-never in a
> read-only mode?
>
I'd try not relocating the homedir, but only the keyring location. If
you have a means of distributing a gpg.conf to everyone's home
directory, you could insert
no-default-keyring
keyring /etc/pacman.d/gnupg
Not sure about the secret keyring, though. It should not try to use
~/.gnupg/secring.gpg, so trying to import a secret key or generate a new
one should give an error. I assume that's what you intend.
A home directory with wrong permissions and/or read-only is granted to
give problems with various applications.
Bye,
Andreas
More information about the Gnupg-users
mailing list