[arch-projects] [PATCH] [devtools] Have signature checking work in chroots

Sat Oct 15 06:56:48 EDT 2011

Adjust the mount options for /dev/pts to allow signature checking
with gpgme to work.

Adjust the various pacman.confs to use "SigLevel = Optional TrustAll"
which is the best that can be done automatically with Arch repos at
the moment.

Signed-off-by: Allan McRae <allan at archlinux.org>
---

I'm not sure exactly what other consequences there are from removing
"newinstance" from the /dev/pts mount options but this appears to
work...

 mkarchroot.in                |    2 +-
 pacman-extra.conf            |    2 --
 pacman-multilib-testing.conf |    4 +---
 pacman-multilib.conf         |    4 +---
 pacman-staging.conf          |    4 +---
 pacman-testing.conf          |    4 +---
 6 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/mkarchroot.in b/mkarchroot.in
index 0debb13..4db3032 100644
--- a/mkarchroot.in
+++ b/mkarchroot.in
@@ -110,7 +110,7 @@ chroot_mount() {
 	mount -t tmpfs shm "${working_dir}/dev/shm" -o nodev,nosuid,size=128M
 
 	[ -e "${working_dir}/dev/pts" ] || mkdir "${working_dir}/dev/pts"
-	mount -t devpts devpts "${working_dir}/dev/pts" -o newinstance,ptmxmode=666
+	mount -t devpts devpts "${working_dir}/dev/pts" -o ptmxmode=666
 	ln -s pts/ptmx "${working_dir}/dev/ptmx"
 
 	[ -e "${cache_dir}" ] || mkdir -p "${cache_dir}"
diff --git a/pacman-extra.conf b/pacman-extra.conf
index cdad265..898f9ba 100644
--- a/pacman-extra.conf
+++ b/pacman-extra.conf
@@ -47,8 +47,6 @@ Architecture = auto
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
 SigLevel = Optional TrustAll
-# Disable signature checks for now
-SigLevel = Never
 
 #
 # REPOSITORIES
diff --git a/pacman-multilib-testing.conf b/pacman-multilib-testing.conf
index b7e59f6..e2591cf 100644
--- a/pacman-multilib-testing.conf
+++ b/pacman-multilib-testing.conf
@@ -46,9 +46,7 @@ Architecture = auto
 # If you wish to check signatures but avoid local sign and trust issues, use
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
-#SigLevel = Optional TrustAll
-# Disable signature checks for now
-SigLevel = Never
+SigLevel = Optional TrustAll
 
 #
 # REPOSITORIES
diff --git a/pacman-multilib.conf b/pacman-multilib.conf
index 709361e..e0dae7b 100644
--- a/pacman-multilib.conf
+++ b/pacman-multilib.conf
@@ -46,9 +46,7 @@ Architecture = auto
 # If you wish to check signatures but avoid local sign and trust issues, use
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
-#SigLevel = Optional TrustAll
-# Disable signature checks for now
-SigLevel = Never
+SigLevel = Optional TrustAll
 
 #
 # REPOSITORIES
diff --git a/pacman-staging.conf b/pacman-staging.conf
index 9d8e23e..ae497d1 100644
--- a/pacman-staging.conf
+++ b/pacman-staging.conf
@@ -46,9 +46,7 @@ Architecture = auto
 # If you wish to check signatures but avoid local sign and trust issues, use
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
-#SigLevel = Optional TrustAll
-# Disable signature checks for now
-SigLevel = Never
+SigLevel = Optional TrustAll
 
 #
 # REPOSITORIES
diff --git a/pacman-testing.conf b/pacman-testing.conf
index 70b0249..8d1b6c5 100644
--- a/pacman-testing.conf
+++ b/pacman-testing.conf
@@ -46,9 +46,7 @@ Architecture = auto
 # If you wish to check signatures but avoid local sign and trust issues, use
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
-#SigLevel = Optional TrustAll
-# Disable signature checks for now
-SigLevel = Never
+SigLevel = Optional TrustAll
 
 #
 # REPOSITORIES
-- 
1.7.7

