[pacman-dev] [PATCH 1/2] Documented SigLevel in pacman.conf.5.txt

Kerrick Staley mail at kerrickstaley.com
Mon Jul 18 00:06:29 EDT 2011 

Added the documentation for the SigLevel to pacman.conf.5.txt; the code
that implements this will be put into place with the next commit.

Signed-off-by: Kerrick Staley <mail at kerrickstaley.com>
---
 doc/pacman.conf.5.txt |   24 ++++++++++++++++++++++++
 1 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/doc/pacman.conf.5.txt b/doc/pacman.conf.5.txt
index a28e00f..349e4f7 100644
--- a/doc/pacman.conf.5.txt
+++ b/doc/pacman.conf.5.txt
@@ -156,6 +156,30 @@ Options
 	packages are only cleaned if not installed locally and not present in any
 	known sync database.
 
+*SigLevel =* ...::
+	If set to `Never` (the default), signatures won't ever be
+	checked. Conversely, `Required` will require signatures on all packages
+	and databases. `PackageHash` will require database signatures but accept
+	any package as long as the corresponding database gives a secure hash for
+	it (a good compromise when signing every package is too difficult for a
+	distribution's maintainers).
+	A more advanced setting is `Optional`, which will perform signature checks
+	if signatures are present but will allow unsigned databases/packages; this
+	can be useful when a distribution is making a transition from unsigned
+	repositories to signed ones.
+	For advanced configuration, you can list any of the settings described
+	hereafter, but the options can't be contradictory; `PackageHash` may also
+	be included in the list. `PackageRequired` and `DatabaseRequired` work
+	like `Required`, but only cause checks to be performed on packages and
+	databases, respectively; `Required` is equivalent to `PackageRequired
+	DatabaseRequired` with no other options. `PackageOptional` works
+	similarly to `PackageRequired`, and the two cannot be specified together;
+	`DatabaseOptional` works similarly for databases. `PackageMarginal`
+	causes signatures from marginally trusted keys to be accepted on packages;
+	`DatabaseMarginal` works similarly for databases. `PackageUnknown`
+	causes signatures made with an unknown key to be accepted on packages;
+	`DatabaseMarginal` works similarly for databases.
+
 *UseSyslog*::
 	Log action messages through syslog(). This will insert log entries into
 	+{localstatedir}/log/messages+ or equivalent.
-- 
1.7.6

More information about the pacman-dev mailing list