gkeys: Add settable trust-model for the keyrings

The --trust-model option is needed for git verification and many other gkeys operations.

1 files changed, 13 insertions, 1 deletions

diff --git a/gkeys/etc/gkeys.conf b/gkeys/etc/gkeys.conf
index e7a363f..e9eb820 100644
--- a/gkeys/etc/gkeys.conf
+++ b/gkeys/etc/gkeys.conf
@@ -67,9 +67,12 @@ files: 0o022
 # file is a json text file of: nick, name, keydir, fingerprint
 # one file per line
 # category = category or seedfile name
-# these categories/seedfile nmaes are used for the
+# these categories/seedfile names are used for the
 # -C, --category input value validations
 # eg: category: filepath
+#
+# If adding additional seed files,
+# remember to set an appropriate [trust-model] for them below"
 gentoo: %(seedsdir)s/gentoo.seeds
 gentoo-devs: %(seedsdir)s/gentoo-devs.seeds
 
@@ -92,6 +95,15 @@ gentoo-devs: https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds
 #sign:
 
 
+# Set the trust levels
+# one of {pgp|classic|direct|always|auto}
+# default is "auto"
+# for the gentoo and gentoo-devs keyrings set to "always"
+[trust-model]
+gentoo: always
+gentoo-devs: always
+
+
 [verify-seeds]
 
 # mapping of the seedfile category name