[arch-commits] Commit in pacman/trunk (4 files)

Gaetan Bisson bisson at archlinux.org
Sun Jun 3 05:22:58 UTC 2012


    Date: Sunday, June 3, 2012 @ 01:22:57
  Author: bisson
Revision: 160647

upgpkg: pacman 4.0.3-2

- enable signature verification in pacman.conf, pacman.conf.x86_64
- add post_install instructions to create and populate keyring
- add dependency on archlinux-keyring

Modified:
  pacman/trunk/PKGBUILD
  pacman/trunk/pacman.conf
  pacman/trunk/pacman.conf.x86_64
  pacman/trunk/pacman.install

--------------------+
 PKGBUILD           |    8 ++++----
 pacman.conf        |   23 +++++++++--------------
 pacman.conf.x86_64 |   25 ++++++++++---------------
 pacman.install     |   10 ++++++----
 4 files changed, 29 insertions(+), 37 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2012-06-03 04:02:31 UTC (rev 160646)
+++ PKGBUILD	2012-06-03 05:22:57 UTC (rev 160647)
@@ -5,14 +5,14 @@
 
 pkgname=pacman
 pkgver=4.0.3
-pkgrel=1
+pkgrel=2
 pkgdesc="A library-based package manager with dependency support"
 arch=('i686' 'x86_64')
 url="http://www.archlinux.org/pacman/"
 license=('GPL')
 groups=('base')
 depends=('bash' 'glibc>=2.15' 'libarchive>=3.0.2' 'curl>=7.19.4'
-         'gpgme' 'pacman-mirrorlist')
+         'gpgme' 'pacman-mirrorlist' 'archlinux-keyring')
 makedepends=('asciidoc')
 optdepends=('fakeroot: for makepkg usage as normal user')
 backup=(etc/pacman.conf etc/makepkg.conf)
@@ -24,8 +24,8 @@
         makepkg.conf)
 md5sums=('387965c7125e60e5f0b9ff3b427fe0f9'
          '1a70392526c8768470da678b31905a6e'
-         '4605b3490d4fd1e5c6e20db17da9ded6'
-         'a0edf98ad1845a4c7d902a86638d5d2d'
+         '99734ea46795f466d41c503e9e23b6d4'
+         '556d49489e82b5750cf026d3b18c8f4f'
          '589cd34eb9d5b678455e8289394f523e')
 
 build() {

Modified: pacman.conf
===================================================================
--- pacman.conf	2012-06-03 04:02:31 UTC (rev 160646)
+++ pacman.conf	2012-06-03 05:22:57 UTC (rev 160647)
@@ -36,19 +36,14 @@
 CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
-SigLevel = Never
 
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -77,11 +72,11 @@
 #Include = /etc/pacman.d/mirrorlist
 
 [core]
-#SigLevel = PackageRequired
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
-#SigLevel = PackageOptional
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 #[community-testing]
@@ -89,7 +84,7 @@
 #Include = /etc/pacman.d/mirrorlist
 
 [community]
-#SigLevel = PackageOptional
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for

Modified: pacman.conf.x86_64
===================================================================
--- pacman.conf.x86_64	2012-06-03 04:02:31 UTC (rev 160646)
+++ pacman.conf.x86_64	2012-06-03 05:22:57 UTC (rev 160647)
@@ -36,19 +36,14 @@
 CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
-SigLevel = Never
 
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -77,11 +72,11 @@
 #Include = /etc/pacman.d/mirrorlist
 
 [core]
-#SigLevel = PackageRequired
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
-#SigLevel = PackageOptional
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 #[community-testing]
@@ -89,7 +84,7 @@
 #Include = /etc/pacman.d/mirrorlist
 
 [community]
-#SigLevel = PackageOptional
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # If you want to run 32 bit applications on your x86_64 system,
@@ -100,7 +95,7 @@
 #Include = /etc/pacman.d/mirrorlist
 
 #[multilib]
-#SigLevel = PackageOptional
+#SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for

Modified: pacman.install
===================================================================
--- pacman.install	2012-06-03 04:02:31 UTC (rev 160646)
+++ pacman.install	2012-06-03 05:22:57 UTC (rev 160647)
@@ -9,7 +9,9 @@
     if [ "$(vercmp $2 3.5.0)" -lt 0 ]; then
         _warnupgrade
     fi
-    _check_pubring
+    if [ ! -f "etc/pacman.d/gnupg/pubring.gpg" ] || [ "$(vercmp $2 4.0.3-2)" -lt 0 ]; then
+        _check_pubring
+    fi
 }
 
 post_install() {
@@ -17,9 +19,9 @@
 }
 
 _check_pubring() {
-    if [ ! -f "etc/pacman.d/gnupg/pubring.gpg" ]; then
-        echo " >>> Run \`pacman-key --init\` to set up your pacman keyring."
-    fi
+    echo " >>> Run  \`pacman-key --init; pacman-key --populate archlinux\`"
+    echo " >>> to import the data required by pacman for package verification."
+    echo " >>> See: https://www.archlinux.org/news/having-pacman-verify-packages"
 }
 
 _warnupgrade() {




More information about the arch-commits mailing list