[pacman-dev] [PATCH 2/3] Document new SigLevel config directive

Kerrick Staley mail at kerrickstaley.com
Mon Jul 18 02:35:26 EDT 2011 

The SigLevel config option replaces the VerifySig option, and has
similar semantics, but adds a set of advanced configuration options that
correspond to the recently introduced alpm_siglevel_t fields.

Signed-off-by: Kerrick Staley <mail at kerrickstaley.com>
---
 doc/pacman.conf.5.txt |   20 ++++++++++++++++++++
 1 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/doc/pacman.conf.5.txt b/doc/pacman.conf.5.txt
index a28e00f..19cd6e3 100644
--- a/doc/pacman.conf.5.txt
+++ b/doc/pacman.conf.5.txt
@@ -156,6 +156,26 @@ Options
 	packages are only cleaned if not installed locally and not present in any
 	known sync database.
 
+*SigLevel =* ...::
+	If set to `Optional` (the default), signatures will be checked if present,
+	but unsigned databases/packages will also be allowed. Setting to `Required`
+	will cause signatures to be required on all packages and databases. `Never`
+	will prevent all signature checking.
+	Alternatively, you get more fine-grained control by combining some of
+	the options described below.
+	`PackageRequired` works like `Required`, but only causes checks to
+	be performed on packages. `PackageOptional` works like `Optional`
+	but also for packages only, and it can't be specified along with
+	`PackageRequired`. `PackageMarginal` causes signatures from marginally
+	trusted keys to be accepted on packages. `PackageUnknown` causes
+	signatures made with an unknown key to be accepted on packages. All
+	of these `PackageX` options have corresponding `DatabaseX`
+	options. Lastly, `PackageHash` causes a secure hash in a database to
+	be accepted as a package signature. It probably should be combined with
+	`DatabaseRequired`. This `PackageHash`+`DatabaseRequired` combination is
+	reasonably secure and is a good compromise when signing every package is
+	too difficult for a distribution's maintainers.
+
 *UseSyslog*::
 	Log action messages through syslog(). This will insert log entries into
 	+{localstatedir}/log/messages+ or equivalent.
-- 
1.7.6

More information about the pacman-dev mailing list