[pacman-dev] [PATCH] Proposal: Add some kind of user feedback about package signing

robert evert r.evert at tu-bs.de
Tue Nov 1 16:01:09 EDT 2011


Hey,

I know that package signing is not a favorite topic, but as its
implemented, the world should know, which packages are signed for the
time where unsigned and signed packages reside next to each other.

Maybe also more people will "complain" to the devs about not-yet signed
packages.

This fancy one-liner is just an idea, maybe the printf should go to the
place, where pacman checks, if the package has a signature and complain
there.
Or while installing packages, a little * could appear for signed packages.

Ideas?

-robert


>From 648c0ecf65d3cc34559fecbb93b67d572fb1f9c5 Mon Sep 17 00:00:00 2001
From: robert <r.evert_AT_tu-bs.de>
Date: Tue, 1 Nov 2011 20:41:25 +0100
Subject: [PATCH] - Add some kind of user feedback about package signing

---
 lib/libalpm/signing.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index 92f34b5..9928fc0 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -665,6 +665,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle,
const char *path,

switch(siglist->results[num].validity) {
                                                case ALPM_SIGVALIDITY_FULL:

_alpm_log(handle, ALPM_LOG_DEBUG, "signature is fully trusted\n");
+
printf(_("Package signature for %s is valid.\n"), path);
                                                        break;
                                                case
ALPM_SIGVALIDITY_MARGINAL:

_alpm_log(handle, ALPM_LOG_DEBUG, "signature is marginal trust\n");


More information about the pacman-dev mailing list