[pacman-dev] [PATCH 5/5] Document new options related to package signing

Denis A. Altoé Falqueto denisfalqueto at gmail.com
Mon Jul 26 16:26:05 EDT 2010


makepkg and repo-add got a new option, so it is possible to
select the key used for signing.

makepkg.conf got a new option in BUILDENV, so the new packages
built with makepkg will be signed in the process of building.

pacman.conf got a new option for repositories. VerifySig will
enable verification of signatures in repositories that support
them.

Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto at gmail.com>
---
 doc/makepkg.8.txt      |    4 ++++
 doc/makepkg.conf.5.txt |    6 +++---
 doc/pacman.conf.5.txt  |   20 ++++++++++++++++++++
 doc/repo-add.8.txt     |    7 +++++--
 4 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/doc/makepkg.8.txt b/doc/makepkg.8.txt
index a2fdb3f..4d8f26b 100644
--- a/doc/makepkg.8.txt
+++ b/doc/makepkg.8.txt
@@ -161,6 +161,10 @@ Options
 	(Passed to pacman) Prevent pacman from displaying a progress bar;
 	useful if you are redirecting makepkg output to file.
 
+*\--signwithkey*::
+	Select a specific key to be used to sign the package. If absent,
+	the default from the keyring key will be used.
+
 
 Additional Features
 -------------------
diff --git a/doc/makepkg.conf.5.txt b/doc/makepkg.conf.5.txt
index a565bd6..f82bc19 100644
--- a/doc/makepkg.conf.5.txt
+++ b/doc/makepkg.conf.5.txt
@@ -94,9 +94,9 @@ Options
 		PKGBUILD options array.
 
 	*sign*;;
-		Generate a PGP signature file using GnuPG. This will execute `gpg
-		--detach-sign --use-agent` on the built package to generate a detached
-		signature file, using the GPG agent if it is available. The signature
+		Generate a PGP signature file using GnuPG. This will execute `gpg2
+		--detach-sign` on the built package to generate a detached signature 
+		file, using the GPG agent if it is available. The signature
 		file will be the entire filename of the package with a ``.sig''
 		extension.
 
diff --git a/doc/pacman.conf.5.txt b/doc/pacman.conf.5.txt
index 8c83232..16d1c89 100644
--- a/doc/pacman.conf.5.txt
+++ b/doc/pacman.conf.5.txt
@@ -204,6 +204,26 @@ listed first will take precedence over those listed later in the file when
 packages in two repositories have identical names, regardless of version
 number.
 
+There is an option to allow the verification of digital signatures for
+repositories that support them. The option is 'VerifySig' and the possible
+values are:
+
+*Always*::
+	Will enforce the verification of signatures as a requirement to
+	update the database. If there is no signature in the source location
+	or if the signature is not valid, the updating of this repository
+	is aborted.
+
+*Optional*::
+	The verification of signatures will be made, but if there is no
+	signature in the source location, it will proceed with the updating.
+	The only situation of error will be when the database doesn't match
+	with the signature (download problem or real mismatch of signature).
+
+*Never*::
+	There will be no verification of signatures for this repository. This
+	is the default.
+
 Using Your Own Repository
 -------------------------
 If you have numerous custom packages of your own, it is often easier to generate
diff --git a/doc/repo-add.8.txt b/doc/repo-add.8.txt
index e6cc940..0a5d980 100644
--- a/doc/repo-add.8.txt
+++ b/doc/repo-add.8.txt
@@ -10,9 +10,9 @@ repo-add - package database maintenance utility
 
 Synopsis
 --------
-repo-add [-q] <path-to-db> <package1> [<package2> ...]
+repo-add [-q] [-s [-k|\--signwithkey key]] <path-to-db> <package1> [<package2> ...]
 
-repo-remove [-q] <path-to-db> <packagename> [<packagename2> ...]
+repo-remove [-q] [-s [-k|\--signwithkey key]] <path-to-db> <packagename> [<packagename2> ...]
 
 
 Description
@@ -40,6 +40,9 @@ Options
 	signature file, using the GPG agent if it is available. The signature file
 	will be the entire filename of the database with a ``.sig'' extension.
 
+*-k, \--sighwithkey key*::
+	Select a specific key to be used for the signing of the database file.
+	If absent, the default key from the default keyring will be used.
 
 See Also
 --------
-- 
1.7.1.1



More information about the pacman-dev mailing list