[pacman-dev] Status of package signing work
Allan McRae
allan at archlinux.org
Mon Nov 22 05:25:47 CET 2010
On 22/11/10 11:59, Denis A. Altoé Falqueto wrote:
> On Sat, Nov 20, 2010 at 10:51 PM, Allan McRae<allan at archlinux.org> wrote:
>> pacman:
>> - TODO: create directories needed for keyring during "make install"
>
> That is in the PKGBUILD for pacman, isn't?
I think the default directories should be created by "make install"
rather that in a PKGBUILD.
>> - TODO: verify signatures for packages installed from filesystem (???)
>
> I'll check if it is being done, but if I'm not mistaken, it is
> currently implemented.
I probably did something wrong... but when I created a random ".sig"
file of the right length beside a package and installed it with "pacman
-U", it was clear that the signature file was being read in but it did
not fail due to the bad signature. Mind you, I have absolutely no gpg
keyring stuff set up for testing yet.
Allan
More information about the pacman-dev
mailing list