[pacman-dev] [PATCH] [RFC] Add UpgradeSigLevel configuration option
Use to override the global SigLevel value for upgrade operations.
e.g. when installing a package without a signature:
Fails to install:
SigLevel = Optional
UpgradeSigLevel = Required
Fails to install:
SigLevel = Required
Installs:
SigLevel = Required
UpgradeSigLevel = Optional
Installs:
SigLevel = Optional
Signed-off-by: Allan McRae
Am 22.12.2011 11:26, schrieb Allan McRae:
Use to override the global SigLevel value for upgrade operations.
e.g. when installing a package without a signature:
Fails to install: SigLevel = Optional UpgradeSigLevel = Required
Fails to install: SigLevel = Required
Installs: SigLevel = Required UpgradeSigLevel = Optional
Installs: SigLevel = Optional
I'll repeat some things that I said in the bug report - I have no idea if this is feasible and should be done now: I would love to distinguish between -U <local file> and -U <URL>. The rationale is that I want automatically the highest security when I download something (meaning: 'Required' for -U <URL>) but more convenience when installing a local package that I build from AUR and thus never signed (meaning: 'Optional' for -U <local file>). If you think this is too hard for now, I think that this patch is better than nothing. Apart from that, I find the name UpgradeSigLevel confusing: People might think it refers to upgrades in general, as opposed to the pacman 'upgrade' operation.
On Thu, 22 Dec 2011 11:53:38 +0100
Thomas Bächler
Am 22.12.2011 11:26, schrieb Allan McRae:
Use to override the global SigLevel value for upgrade operations.
e.g. when installing a package without a signature:
Fails to install: SigLevel = Optional UpgradeSigLevel = Required
Fails to install: SigLevel = Required
Installs: SigLevel = Required UpgradeSigLevel = Optional
Installs: SigLevel = Optional
I'll repeat some things that I said in the bug report - I have no idea if this is feasible and should be done now:
I would love to distinguish between -U <local file> and -U <URL>. The rationale is that I want automatically the highest security when I download something (meaning: 'Required' for -U <URL>) but more convenience when installing a local package that I build from AUR and thus never signed (meaning: 'Optional' for -U <local file>).
just some thoughts.. if you built a package yourself, you can also just sign it and verify the signature when installing. though this is a bit more computationally intensive... also, what if somebody sends you a package by mail or through some other medium than http? then it will also be the '-U <local file>' case but very different from the other '-U <local file>' case where you built yourself. Dieter
On 22/12/11 20:26, Allan McRae wrote:
Use to override the global SigLevel value for upgrade operations.
e.g. when installing a package without a signature:
Fails to install: SigLevel = Optional UpgradeSigLevel = Required
Fails to install: SigLevel = Required
Installs: SigLevel = Required UpgradeSigLevel = Optional
Installs: SigLevel = Optional
Signed-off-by: Allan McRae
--- The main issue I see here is that UpgradeSigLevel must come after the global SigLevel value. Otherwise the only way I see to use the value of SigLevel as a default for UpgradeSigLevel requires much code duplication.
So, any further comments on this before I take a stab at improving things further. So far the comments were: 1) distinguish between "pacman -U <url>" and "pacman -U <file>" 2) change name of option as "Upgrade" is confusing What about using: LocalFileSigLevel RemoteFileSigLevel Is RemoteFile too confusing with packages from repos? Allan
On 13.01.2012 02:30, Allan McRae wrote:
On 22/12/11 20:26, Allan McRae wrote:
Use to override the global SigLevel value for upgrade operations.
e.g. when installing a package without a signature:
Fails to install: SigLevel = Optional UpgradeSigLevel = Required
Fails to install: SigLevel = Required
Installs: SigLevel = Required UpgradeSigLevel = Optional
Installs: SigLevel = Optional
Signed-off-by: Allan McRae
--- The main issue I see here is that UpgradeSigLevel must come after the global SigLevel value. Otherwise the only way I see to use the value of SigLevel as a default for UpgradeSigLevel requires much code duplication.
So, any further comments on this before I take a stab at improving things further. So far the comments were:
1) distinguish between "pacman -U <url>" and "pacman -U <file>" 2) change name of option as "Upgrade" is confusing
What about using: LocalFileSigLevel RemoteFileSigLevel
Is RemoteFile too confusing with packages from repos?
Yes. Even in this context I wondered for a moment if that applies to -S as well, but then I guess you will keep SigLevel for that. UpgradeSigLevel is also confusing because that should/could/might apply to -Su, but not -S. This (wrong idea) would even make sense right now because not all old packages are signed, but all new ones are. -- Florian Pritz
Am 13.01.2012 02:30, schrieb Allan McRae:
So, any further comments on this before I take a stab at improving things further. So far the comments were:
1) distinguish between "pacman -U <url>" and "pacman -U <file>" 2) change name of option as "Upgrade" is confusing
What about using: LocalFileSigLevel RemoteFileSigLevel
Is RemoteFile too confusing with packages from repos?
Allan
Might be. LocalUrlSigLevel and RemoteUrlSigLevel maybe? Some other word that indicates that we use -U? Personally, if we don't come up with anything better, I am okay with {Local,Remote}FileSigLevel - just add a nice comment in the pacman.conf template.
participants (4)
-
Allan McRae
-
Dieter Plaetinck
-
Florian Pritz
-
Thomas Bächler