[pacman-dev] [PATCH] repo-add: add --include-sigs option

Allan McRae allan at archlinux.org
Mon Sep 21 05:19:24 UTC 2020


On 4/9/20 12:55 pm, Allan McRae wrote:
> On 4/9/20 12:40 pm, Eli Schwartz wrote:
>> On 9/2/20 11:02 PM, Allan McRae wrote:
>>> Pacman now downloads the signature files for all packages when present in a
>>> repository.  That makes distributing signatures within repository databases
>>> redundant and costly.
>>>
>>> Do not distribute the package signature files within the repo databases by
>>> default and add an --include-sigs to revert to the old behaviour.
>>
>> As I've mentioned on the list before, I would like an --ignore-sigs
>> option and continue to distribute sigs by default for pacman 6.0
>>
>> In pacman 6.1 we'll switch by default to ignoring them, and let people
>> use --include-sigs to revert to the old behavior.
>>
>> Ignoring sigs right out of the gate means the default behavior of
>> repo-add is to be unusable for people upgrading from pacman N-1. For
>> example, Arch Linux would most certainly need to use the option to
>> provide backwards compat while upgrading. So do third-party repositories.
>>
>> Also: this option cannot be added to scripts ahead of time, since
>> repo-add will error on an unknown option, and it cannot be added after
>> the fact, since some packages will be broken in the meantime.
>>
>> I don't see what the rush is here to add behavior that no one will want
>> to use.
>> - It makes sense to make this configurable now that it's useful to be
>>   able to ignore them.
>> - At the same time, defaults should be based on what is more likely for
>>   people to want.
>>
> 
> I really do not like the idea of adding an option, just to remove it in
> the next release.   But we won't actually be able to remove it for at
> least two releases, as you have just made the case that people won't be
> able to change their scripts on release.
> 
> Given pacman-6.0 is likely a few months out,  can we do a 5.2.3 release
> including something like:
> 

Any feedback on this option?

> 
> diff --git a/doc/repo-add.8.asciidoc b/doc/repo-add.8.asciidoc
> index 8de4485b..19e2336a 100644
> --- a/doc/repo-add.8.asciidoc
> +++ b/doc/repo-add.8.asciidoc
> @@ -70,6 +70,10 @@ repo-add Options
>  	Remove old package files from the disk when updating their entry in the
>  	database.
> 
> +*\--include-sigs*::
> +	Dummy option for forward compatibility with pacman-6.0.
> +	Include package PGP signatures in the repository database (if available)
> +
> 
>  Example
>  -------
> diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
> index b0b3505d..ee010dba 100644
> --- a/scripts/repo-add.sh.in
> +++ b/scripts/repo-add.sh.in
> @@ -43,6 +43,7 @@ LOCKFILE=
>  CLEAN_LOCK=0
>  USE_COLOR='y'
>  PREVENT_DOWNGRADE=0
> +INCLUDE_SIGS=0
> 
>  # Import libmakepkg
>  source "$LIBRARY"/util/message.sh
> @@ -631,6 +632,9 @@ while (( $# )); do
>  		-p|--prevent-downgrade)
>  			PREVENT_DOWNGRADE=1
>  			;;
> +		--include-sigs)
> +			INCLUDE_SIGS=1
> +			;;
>  		*)
>  			args+=("$1")
>  			;;
> .
> 


More information about the pacman-dev mailing list