On 2026-03-15 10:41, nibo wrote:
My goal is to have a custom repository that can only be used by me. But https URLs do work. So if I could specify a TLS certificate that is signed by a certificate authority certificate that I control I could use a regular https URL but still be the only one with the required TLS certificate to connect. From what I saw libalpm uses libcurl. libcurl has options like `CURLOPT_SSLCERT` and `CURLOPT_SSLKEY` that can be set with `curl_easy_setopt`. Those two options could be controlled through the pacman configuration file. Maybe I'm misunderstanding, but I don't think this would provide what you're looking for. it's trivial to access any site where you don't trust the CA. either bypass the error, or copy cert into your trusted cert store(this is pretty easy to do from any website, by getting the public chain from the initial request/handshake)
TLS is great for e2e encryption, and for authenticity, but it's not really functional as a authentication/authorization control. All I would have to do is `curl -k https://your.private.repo` and I'd be able to see and download any packages you had let me know if I'm not understanding what you're trying to do. Mark