The SigLevel config option replaces the VerifySig option, and has similar semantics, but adds a set of advanced configuration options that correspond to the recently introduced alpm_siglevel_t fields. Signed-off-by: Kerrick Staley <mail@kerrickstaley.com> --- doc/pacman.conf.5.txt | 20 ++++++++++++++++++++ 1 files changed, 20 insertions(+), 0 deletions(-) diff --git a/doc/pacman.conf.5.txt b/doc/pacman.conf.5.txt index a28e00f..19cd6e3 100644 --- a/doc/pacman.conf.5.txt +++ b/doc/pacman.conf.5.txt @@ -156,6 +156,26 @@ Options packages are only cleaned if not installed locally and not present in any known sync database. +*SigLevel =* ...:: + If set to `Optional` (the default), signatures will be checked if present, + but unsigned databases/packages will also be allowed. Setting to `Required` + will cause signatures to be required on all packages and databases. `Never` + will prevent all signature checking. + Alternatively, you get more fine-grained control by combining some of + the options described below. + `PackageRequired` works like `Required`, but only causes checks to + be performed on packages. `PackageOptional` works like `Optional` + but also for packages only, and it can't be specified along with + `PackageRequired`. `PackageMarginal` causes signatures from marginally + trusted keys to be accepted on packages. `PackageUnknown` causes + signatures made with an unknown key to be accepted on packages. All + of these `PackageX` options have corresponding `DatabaseX` + options. Lastly, `PackageHash` causes a secure hash in a database to + be accepted as a package signature. It probably should be combined with + `DatabaseRequired`. This `PackageHash`+`DatabaseRequired` combination is + reasonably secure and is a good compromise when signing every package is + too difficult for a distribution's maintainers. + *UseSyslog*:: Log action messages through syslog(). This will insert log entries into +{localstatedir}/log/messages+ or equivalent. -- 1.7.6