[pacman-dev] [PATCH] repo-add: add --include-sigs option

Allan McRae allan at archlinux.org
Fri Sep 4 02:55:04 UTC 2020


On 4/9/20 12:40 pm, Eli Schwartz wrote:
> On 9/2/20 11:02 PM, Allan McRae wrote:
>> Pacman now downloads the signature files for all packages when present in a
>> repository.  That makes distributing signatures within repository databases
>> redundant and costly.
>>
>> Do not distribute the package signature files within the repo databases by
>> default and add an --include-sigs to revert to the old behaviour.
> 
> As I've mentioned on the list before, I would like an --ignore-sigs
> option and continue to distribute sigs by default for pacman 6.0
> 
> In pacman 6.1 we'll switch by default to ignoring them, and let people
> use --include-sigs to revert to the old behavior.
> 
> Ignoring sigs right out of the gate means the default behavior of
> repo-add is to be unusable for people upgrading from pacman N-1. For
> example, Arch Linux would most certainly need to use the option to
> provide backwards compat while upgrading. So do third-party repositories.
> 
> Also: this option cannot be added to scripts ahead of time, since
> repo-add will error on an unknown option, and it cannot be added after
> the fact, since some packages will be broken in the meantime.
> 
> I don't see what the rush is here to add behavior that no one will want
> to use.
> - It makes sense to make this configurable now that it's useful to be
>   able to ignore them.
> - At the same time, defaults should be based on what is more likely for
>   people to want.
> 

I really do not like the idea of adding an option, just to remove it in
the next release.   But we won't actually be able to remove it for at
least two releases, as you have just made the case that people won't be
able to change their scripts on release.

Given pacman-6.0 is likely a few months out,  can we do a 5.2.3 release
including something like:


diff --git a/doc/repo-add.8.asciidoc b/doc/repo-add.8.asciidoc
index 8de4485b..19e2336a 100644
--- a/doc/repo-add.8.asciidoc
+++ b/doc/repo-add.8.asciidoc
@@ -70,6 +70,10 @@ repo-add Options
 	Remove old package files from the disk when updating their entry in the
 	database.

+*\--include-sigs*::
+	Dummy option for forward compatibility with pacman-6.0.
+	Include package PGP signatures in the repository database (if available)
+

 Example
 -------
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index b0b3505d..ee010dba 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -43,6 +43,7 @@ LOCKFILE=
 CLEAN_LOCK=0
 USE_COLOR='y'
 PREVENT_DOWNGRADE=0
+INCLUDE_SIGS=0

 # Import libmakepkg
 source "$LIBRARY"/util/message.sh
@@ -631,6 +632,9 @@ while (( $# )); do
 		-p|--prevent-downgrade)
 			PREVENT_DOWNGRADE=1
 			;;
+		--include-sigs)
+			INCLUDE_SIGS=1
+			;;
 		*)
 			args+=("$1")
 			;;


More information about the pacman-dev mailing list