[arch-releng] [PATCH] pacman 4.1 compatibility
* Remove the unattended-keyring-init patch as this was applied by upstream with pacamn 4.1 * Update our pacman.conf following the new upstream default Signed-off-by: Pierre Schmitz <pierre@archlinux.de> --- configs/releng/build.sh | 1 - .../pacman-key-4.0.3_unattended-keyring-init.patch | 32 ---------------------- configs/releng/pacman.conf | 14 ++++------ 3 files changed, 5 insertions(+), 42 deletions(-) delete mode 100644 configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 560fda2..6e9e2f8 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -79,7 +79,6 @@ make_setup_mkinitcpio() { make_customize_root_image() { cp -af ${script_path}/root-image ${work_dir}/${arch} - patch ${work_dir}/${arch}/root-image/usr/bin/pacman-key < ${script_path}/pacman-key-4.0.3_unattended-keyring-init.patch curl -o ${work_dir}/${arch}/root-image/etc/pacman.d/mirrorlist 'https://www.archlinux.org/mirrorlist/?country=all&protocol=http&use_mirror_status=on' lynx -dump -nolist 'https://wiki.archlinux.org/index.php/Installation_Guide?action=render' >> ${work_dir}/${arch}/root-image/root/install.txt diff --git a/configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch b/configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch deleted file mode 100644 index 0a5117f..0000000 --- a/configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch +++ /dev/null @@ -1,32 +0,0 @@ -Author: Pierre Schmitz <pierre@archlinux.de> - -* pacman-key: Use lsign_keys function in --populate -* pacman-key: reduce verbosity of --populate - ---- pacman-key 2012-07-10 18:45:32.000000000 -0300 -+++ pacman-key 2012-07-18 16:38:18.264110004 -0300 -@@ -376,7 +376,7 @@ - # Add keys from requested keyrings - for keyring in "${KEYRINGIDS[@]}"; do - msg "$(gettext "Appending keys from %s.gpg...")" "$keyring" -- "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" -+ "${GPG_PACMAN[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" - done - - # Read the trusted key IDs to an array. Because this is an ownertrust -@@ -403,12 +403,13 @@ - msg "$(gettext "Locally signing trusted keys in keyring...")" - for key_id in "${!trusted_ids[@]}"; do - msg2 "$(gettext "Locally signing key %s...")" "${key_id}" -- "${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}" -+ KEYIDS=("${key_id}") -+ lsign_keys - done - msg "$(gettext "Importing owner trust values...")" - for keyring in "${KEYRINGIDS[@]}"; do - if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then -- "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" -+ "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" 2>/dev/null - fi - done - fi diff --git a/configs/releng/pacman.conf b/configs/releng/pacman.conf index 821f9a5..45fe03d 100644 --- a/configs/releng/pacman.conf +++ b/configs/releng/pacman.conf @@ -15,11 +15,10 @@ #LogFile = /var/log/pacman.log #GPGDir = /etc/pacman.d/gnupg/ HoldPkg = pacman glibc -# If upgrades are available for these packages they will be asked for first -SyncFirst = pacman #XferCommand = /usr/bin/curl -C - -f %u > %o #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u #CleanMethod = KeepInstalled +#UseDelta = 0.7 Architecture = auto # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup @@ -31,7 +30,7 @@ Architecture = auto # Misc options #UseSyslog -#UseDelta +#Color #TotalDownload # We cannot check disk space from within a chroot environment #CheckSpace @@ -39,7 +38,9 @@ Architecture = auto # By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. -#SigLevel = Optional TrustedOnly +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Optional +#RemoteFileSigLevel = Required # NOTE: You must run `pacman-key --init` before first using pacman; the local # keyring can then be populated with the keys of all official Arch Linux @@ -69,23 +70,18 @@ Architecture = auto # after the header, and they will be used before the default mirrors. #[testing] -#SigLevel = PackageRequired #Include = /etc/pacman.d/mirrorlist [core] -SigLevel = PackageRequired Include = /etc/pacman.d/mirrorlist [extra] -SigLevel = PackageRequired Include = /etc/pacman.d/mirrorlist #[community-testing] -#SigLevel = PackageRequired #Include = /etc/pacman.d/mirrorlist [community] -SigLevel = PackageRequired Include = /etc/pacman.d/mirrorlist # An example of a custom package repository. See the pacman manpage for -- 1.8.2.1
On 04/13/2013 10:58 AM, Pierre Schmitz wrote:
* Remove the unattended-keyring-init patch as this was applied by upstream with pacamn 4.1 * Update our pacman.conf following the new upstream default
Signed-off-by: Pierre Schmitz <pierre@archlinux.de> --- configs/releng/build.sh | 1 - .../pacman-key-4.0.3_unattended-keyring-init.patch | 32 ---------------------- configs/releng/pacman.conf | 14 ++++------ 3 files changed, 5 insertions(+), 42 deletions(-) delete mode 100644 configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch
diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 560fda2..6e9e2f8 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -79,7 +79,6 @@ make_setup_mkinitcpio() { make_customize_root_image() { cp -af ${script_path}/root-image ${work_dir}/${arch}
- patch ${work_dir}/${arch}/root-image/usr/bin/pacman-key < ${script_path}/pacman-key-4.0.3_unattended-keyring-init.patch curl -o ${work_dir}/${arch}/root-image/etc/pacman.d/mirrorlist 'https://www.archlinux.org/mirrorlist/?country=all&protocol=http&use_mirror_status=on'
lynx -dump -nolist 'https://wiki.archlinux.org/index.php/Installation_Guide?action=render' >> ${work_dir}/${arch}/root-image/root/install.txt diff --git a/configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch b/configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch deleted file mode 100644 index 0a5117f..0000000 --- a/configs/releng/pacman-key-4.0.3_unattended-keyring-init.patch +++ /dev/null @@ -1,32 +0,0 @@ -Author: Pierre Schmitz <pierre@archlinux.de> - -* pacman-key: Use lsign_keys function in --populate -* pacman-key: reduce verbosity of --populate - ---- pacman-key 2012-07-10 18:45:32.000000000 -0300 -+++ pacman-key 2012-07-18 16:38:18.264110004 -0300 -@@ -376,7 +376,7 @@ - # Add keys from requested keyrings - for keyring in "${KEYRINGIDS[@]}"; do - msg "$(gettext "Appending keys from %s.gpg...")" "$keyring" -- "${GPG_PACMAN[@]}" --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" -+ "${GPG_PACMAN[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg" - done - - # Read the trusted key IDs to an array. Because this is an ownertrust -@@ -403,12 +403,13 @@ - msg "$(gettext "Locally signing trusted keys in keyring...")" - for key_id in "${!trusted_ids[@]}"; do - msg2 "$(gettext "Locally signing key %s...")" "${key_id}" -- "${GPG_PACMAN[@]}" --quiet --lsign-key "${key_id}" -+ KEYIDS=("${key_id}") -+ lsign_keys - done - msg "$(gettext "Importing owner trust values...")" - for keyring in "${KEYRINGIDS[@]}"; do - if [[ -f "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then -- "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" -+ "${GPG_PACMAN[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted" 2>/dev/null - fi - done - fi diff --git a/configs/releng/pacman.conf b/configs/releng/pacman.conf index 821f9a5..45fe03d 100644 --- a/configs/releng/pacman.conf +++ b/configs/releng/pacman.conf @@ -15,11 +15,10 @@ #LogFile = /var/log/pacman.log #GPGDir = /etc/pacman.d/gnupg/ HoldPkg = pacman glibc -# If upgrades are available for these packages they will be asked for first -SyncFirst = pacman #XferCommand = /usr/bin/curl -C - -f %u > %o #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u #CleanMethod = KeepInstalled +#UseDelta = 0.7 Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup @@ -31,7 +30,7 @@ Architecture = auto
# Misc options #UseSyslog -#UseDelta +#Color #TotalDownload # We cannot check disk space from within a chroot environment #CheckSpace @@ -39,7 +38,9 @@ Architecture = auto
# By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. -#SigLevel = Optional TrustedOnly +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Optional +#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local # keyring can then be populated with the keys of all official Arch Linux @@ -69,23 +70,18 @@ Architecture = auto # after the header, and they will be used before the default mirrors.
#[testing] -#SigLevel = PackageRequired #Include = /etc/pacman.d/mirrorlist
[core] -SigLevel = PackageRequired Include = /etc/pacman.d/mirrorlist
[extra] -SigLevel = PackageRequired Include = /etc/pacman.d/mirrorlist
#[community-testing] -#SigLevel = PackageRequired #Include = /etc/pacman.d/mirrorlist
[community] -SigLevel = PackageRequired Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
Nice! The reference to the "patch" package can be removed now from docs/README.build and from depends=() from PKGBUID ;) Thanks. -- Gerardo Exequiel Pozzi \cos^2\alpha + \sin^2\alpha = 1
Am 13.04.2013 15:58, schrieb Pierre Schmitz:
diff --git a/configs/releng/pacman.conf b/configs/releng/pacman.conf index 821f9a5..45fe03d 100644 --- a/configs/releng/pacman.conf +++ b/configs/releng/pacman.conf @@ -15,11 +15,10 @@ #LogFile = /var/log/pacman.log #GPGDir = /etc/pacman.d/gnupg/ HoldPkg = pacman glibc -# If upgrades are available for these packages they will be asked for first -SyncFirst = pacman #XferCommand = /usr/bin/curl -C - -f %u > %o #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u #CleanMethod = KeepInstalled +#UseDelta = 0.7 Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup @@ -31,7 +30,7 @@ Architecture = auto
# Misc options #UseSyslog -#UseDelta +#Color #TotalDownload # We cannot check disk space from within a chroot environment #CheckSpace
Can we have Color enabled here?
@@ -39,7 +38,9 @@ Architecture = auto
# By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. -#SigLevel = Optional TrustedOnly +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Optional +#RemoteFileSigLevel = Required
What's the default for RemoteFileSigLevel? I think Required is a sane setting, so unless it is the default, we should enable this line.
participants (3)
-
Gerardo Exequiel Pozzi
-
Pierre Schmitz
-
Thomas Bächler