[arch-commits] Commit in pacman/trunk (4 files)
Gaetan Bisson
bisson at archlinux.org
Sun Jun 3 05:22:58 UTC 2012
Date: Sunday, June 3, 2012 @ 01:22:57
Author: bisson
Revision: 160647
upgpkg: pacman 4.0.3-2
- enable signature verification in pacman.conf, pacman.conf.x86_64
- add post_install instructions to create and populate keyring
- add dependency on archlinux-keyring
Modified:
pacman/trunk/PKGBUILD
pacman/trunk/pacman.conf
pacman/trunk/pacman.conf.x86_64
pacman/trunk/pacman.install
--------------------+
PKGBUILD | 8 ++++----
pacman.conf | 23 +++++++++--------------
pacman.conf.x86_64 | 25 ++++++++++---------------
pacman.install | 10 ++++++----
4 files changed, 29 insertions(+), 37 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2012-06-03 04:02:31 UTC (rev 160646)
+++ PKGBUILD 2012-06-03 05:22:57 UTC (rev 160647)
@@ -5,14 +5,14 @@
pkgname=pacman
pkgver=4.0.3
-pkgrel=1
+pkgrel=2
pkgdesc="A library-based package manager with dependency support"
arch=('i686' 'x86_64')
url="http://www.archlinux.org/pacman/"
license=('GPL')
groups=('base')
depends=('bash' 'glibc>=2.15' 'libarchive>=3.0.2' 'curl>=7.19.4'
- 'gpgme' 'pacman-mirrorlist')
+ 'gpgme' 'pacman-mirrorlist' 'archlinux-keyring')
makedepends=('asciidoc')
optdepends=('fakeroot: for makepkg usage as normal user')
backup=(etc/pacman.conf etc/makepkg.conf)
@@ -24,8 +24,8 @@
makepkg.conf)
md5sums=('387965c7125e60e5f0b9ff3b427fe0f9'
'1a70392526c8768470da678b31905a6e'
- '4605b3490d4fd1e5c6e20db17da9ded6'
- 'a0edf98ad1845a4c7d902a86638d5d2d'
+ '99734ea46795f466d41c503e9e23b6d4'
+ '556d49489e82b5750cf026d3b18c8f4f'
'589cd34eb9d5b678455e8289394f523e')
build() {
Modified: pacman.conf
===================================================================
--- pacman.conf 2012-06-03 04:02:31 UTC (rev 160646)
+++ pacman.conf 2012-06-03 05:22:57 UTC (rev 160647)
@@ -36,19 +36,14 @@
CheckSpace
#VerbosePkgLists
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
#SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
-SigLevel = Never
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
#
# REPOSITORIES
# - can be defined here or included from another file
@@ -77,11 +72,11 @@
#Include = /etc/pacman.d/mirrorlist
[core]
-#SigLevel = PackageRequired
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[extra]
-#SigLevel = PackageOptional
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
#[community-testing]
@@ -89,7 +84,7 @@
#Include = /etc/pacman.d/mirrorlist
[community]
-#SigLevel = PackageOptional
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
Modified: pacman.conf.x86_64
===================================================================
--- pacman.conf.x86_64 2012-06-03 04:02:31 UTC (rev 160646)
+++ pacman.conf.x86_64 2012-06-03 05:22:57 UTC (rev 160647)
@@ -36,19 +36,14 @@
CheckSpace
#VerbosePkgLists
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
#SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
-SigLevel = Never
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
#
# REPOSITORIES
# - can be defined here or included from another file
@@ -77,11 +72,11 @@
#Include = /etc/pacman.d/mirrorlist
[core]
-#SigLevel = PackageRequired
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[extra]
-#SigLevel = PackageOptional
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
#[community-testing]
@@ -89,7 +84,7 @@
#Include = /etc/pacman.d/mirrorlist
[community]
-#SigLevel = PackageOptional
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
@@ -100,7 +95,7 @@
#Include = /etc/pacman.d/mirrorlist
#[multilib]
-#SigLevel = PackageOptional
+#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
Modified: pacman.install
===================================================================
--- pacman.install 2012-06-03 04:02:31 UTC (rev 160646)
+++ pacman.install 2012-06-03 05:22:57 UTC (rev 160647)
@@ -9,7 +9,9 @@
if [ "$(vercmp $2 3.5.0)" -lt 0 ]; then
_warnupgrade
fi
- _check_pubring
+ if [ ! -f "etc/pacman.d/gnupg/pubring.gpg" ] || [ "$(vercmp $2 4.0.3-2)" -lt 0 ]; then
+ _check_pubring
+ fi
}
post_install() {
@@ -17,9 +19,9 @@
}
_check_pubring() {
- if [ ! -f "etc/pacman.d/gnupg/pubring.gpg" ]; then
- echo " >>> Run \`pacman-key --init\` to set up your pacman keyring."
- fi
+ echo " >>> Run \`pacman-key --init; pacman-key --populate archlinux\`"
+ echo " >>> to import the data required by pacman for package verification."
+ echo " >>> See: https://www.archlinux.org/news/having-pacman-verify-packages"
}
_warnupgrade() {
More information about the arch-commits
mailing list