Pacman now downloads the signature files for all packages when present in a repository. That makes distributing signatures within repository databases redundant and costly. Do not distribute the package signature files within the repo databases by default and add an --include-sigs to revert to the old behaviour. Signed-off-by: Allan McRae <allan@archlinux.org> --- doc/repo-add.8.asciidoc | 2 ++ scripts/repo-add.sh.in | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/doc/repo-add.8.asciidoc b/doc/repo-add.8.asciidoc index 8de4485b..9b903ab1 100644 --- a/doc/repo-add.8.asciidoc +++ b/doc/repo-add.8.asciidoc @@ -70,6 +70,8 @@ repo-add Options Remove old package files from the disk when updating their entry in the database. +*\--include-sigs*:: + Include package PGP signatures in the repository database (if available) Example ------- diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 7182d1b8..c153e7bb 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -42,6 +42,7 @@ LOCKFILE= CLEAN_LOCK=0 USE_COLOR='y' PREVENT_DOWNGRADE=0 +INCLUDE_SIGS=0 # Import libmakepkg source "$LIBRARY"/util/compress.sh @@ -260,7 +261,7 @@ db_write_entry() { fi # compute base64'd PGP signature - if [[ -f "$pkgfile.sig" ]]; then + if (( INCLUDE_SIGS )) && [[ -f "$pkgfile.sig" ]]; then if grep -q 'BEGIN PGP SIGNATURE' "$pkgfile.sig"; then error "$(gettext "Cannot use armored signatures for packages: %s")" "$pkgfile.sig" return 1 @@ -622,6 +623,9 @@ while (( $# )); do -p|--prevent-downgrade) PREVENT_DOWNGRADE=1 ;; + --include-sigs) + INCLUDE_SIGS=1 + ;; *) args+=("$1") ;; -- 2.27.0