makepkg and repo-add got a new option, so it is possible to select the key used for signing. makepkg.conf got a new option in BUILDENV, so the new packages built with makepkg will be signed in the process of building. pacman.conf got a new option for repositories. VerifySig will enable verification of signatures in repositories that support them. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com> --- doc/makepkg.8.txt | 4 ++++ doc/makepkg.conf.5.txt | 6 +++--- doc/pacman.conf.5.txt | 20 ++++++++++++++++++++ doc/repo-add.8.txt | 7 +++++-- 4 files changed, 32 insertions(+), 5 deletions(-) diff --git a/doc/makepkg.8.txt b/doc/makepkg.8.txt index a2fdb3f..4d8f26b 100644 --- a/doc/makepkg.8.txt +++ b/doc/makepkg.8.txt @@ -161,6 +161,10 @@ Options (Passed to pacman) Prevent pacman from displaying a progress bar; useful if you are redirecting makepkg output to file. +*\--signwithkey*:: + Select a specific key to be used to sign the package. If absent, + the default from the keyring key will be used. + Additional Features ------------------- diff --git a/doc/makepkg.conf.5.txt b/doc/makepkg.conf.5.txt index a565bd6..f82bc19 100644 --- a/doc/makepkg.conf.5.txt +++ b/doc/makepkg.conf.5.txt @@ -94,9 +94,9 @@ Options PKGBUILD options array. *sign*;; - Generate a PGP signature file using GnuPG. This will execute `gpg - --detach-sign --use-agent` on the built package to generate a detached - signature file, using the GPG agent if it is available. The signature + Generate a PGP signature file using GnuPG. This will execute `gpg2 + --detach-sign` on the built package to generate a detached signature + file, using the GPG agent if it is available. The signature file will be the entire filename of the package with a ``.sig'' extension. diff --git a/doc/pacman.conf.5.txt b/doc/pacman.conf.5.txt index 8c83232..16d1c89 100644 --- a/doc/pacman.conf.5.txt +++ b/doc/pacman.conf.5.txt @@ -204,6 +204,26 @@ listed first will take precedence over those listed later in the file when packages in two repositories have identical names, regardless of version number. +There is an option to allow the verification of digital signatures for +repositories that support them. The option is 'VerifySig' and the possible +values are: + +*Always*:: + Will enforce the verification of signatures as a requirement to + update the database. If there is no signature in the source location + or if the signature is not valid, the updating of this repository + is aborted. + +*Optional*:: + The verification of signatures will be made, but if there is no + signature in the source location, it will proceed with the updating. + The only situation of error will be when the database doesn't match + with the signature (download problem or real mismatch of signature). + +*Never*:: + There will be no verification of signatures for this repository. This + is the default. + Using Your Own Repository ------------------------- If you have numerous custom packages of your own, it is often easier to generate diff --git a/doc/repo-add.8.txt b/doc/repo-add.8.txt index e6cc940..0a5d980 100644 --- a/doc/repo-add.8.txt +++ b/doc/repo-add.8.txt @@ -10,9 +10,9 @@ repo-add - package database maintenance utility Synopsis -------- -repo-add [-q] <path-to-db> <package1> [<package2> ...] +repo-add [-q] [-s [-k|\--signwithkey key]] <path-to-db> <package1> [<package2> ...] -repo-remove [-q] <path-to-db> <packagename> [<packagename2> ...] +repo-remove [-q] [-s [-k|\--signwithkey key]] <path-to-db> <packagename> [<packagename2> ...] Description @@ -40,6 +40,9 @@ Options signature file, using the GPG agent if it is available. The signature file will be the entire filename of the database with a ``.sig'' extension. +*-k, \--sighwithkey key*:: + Select a specific key to be used for the signing of the database file. + If absent, the default key from the default keyring will be used. See Also -------- -- 1.7.1