operation. If not set, defaults to true. If disabled installation of images
will be quicker, but not as safe.
+`systemd-importd`/`systemd-pull` and `systemd-sysupdate`:
+
+* `$SYSTEMD_OPENPGP_KEYRING` — takes an absolute path to an OpenPGP keyring
+ file. If set and non-empty, signature verification on download uses this
+ keyring instead of the default `/etc/systemd/import-pubring.pgp` and
+ `/usr/lib/systemd/import-pubring.pgp` keyrings.
+ Useful when running unprivileged in the user context, with custom transfer
+ definitions (e.g. `systemd-sysupdate --definitions=…`), or for testing.
+ Has no effect when signature verification is disabled.
+
`systemd-dissect`, `systemd-nspawn` and all other tools that may operate on
disk images with `--image=` or similar:
_cleanup_(rm_rf_physical_and_freep) char *gpg_home = NULL;
char sig_file_path[] = "/tmp/sigXXXXXX";
_cleanup_(pidref_done_sigkill_wait) PidRef pidref = PIDREF_NULL;
+ const char *keyring_override;
int r;
assert(iovec_is_valid(payload));
assert(iovec_is_valid(signature));
+ /* Support using a custom keyring, see docs/ENVIRONMENT.md. */
+ keyring_override = empty_to_null(secure_getenv("SYSTEMD_OPENPGP_KEYRING"));
+ if (keyring_override && !(path_is_absolute(keyring_override) && path_is_normalized(keyring_override)))
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "$SYSTEMD_OPENPGP_KEYRING must be an absolute, normalized path, got '%s'.",
+ keyring_override);
+
r = pipe2(gpg_pipe, O_CLOEXEC);
if (r < 0)
return log_error_errno(errno, "Failed to create pipe for gpg: %m");
cmd[k++] = strjoina("--homedir=", gpg_home);
- /* We add the user keyring only to the command line arguments, if it's around since gpg fails
- * otherwise. */
- if (access(USER_KEYRING_PATH, F_OK) >= 0)
+ if (keyring_override)
+ cmd[k++] = strjoina("--keyring=", keyring_override);
+ else if (access(USER_KEYRING_PATH, F_OK) >= 0) /* We add the user keyring only to the
+ * command line arguments, if it's around
+ * since gpg fails otherwise. */
cmd[k++] = "--keyring=" USER_KEYRING_PATH;
else if (access(USER_KEYRING_PATH_LEGACY, F_OK) >= 0)
cmd[k++] = "--keyring=" USER_KEYRING_PATH_LEGACY;