[pacman-dev] [PATCH] repo-add: add --include-sigs option

Allan McRae allan at archlinux.org
Thu Jun 3 03:41:42 UTC 2021


Pacman now downloads the signature files for all packages when present in a
repository.  That makes distributing signatures within repository databases
redundant and costly.

Do not distribute the package signature files within the repo databases by
default and add an --include-sigs to revert to the old behaviour.

Signed-off-by: Allan McRae <allan at archlinux.org>
---

Resubmit of this patch now we are post 6.0.  pacman-6.1 is likely far enough
away that there will be plenty of transition time.

 doc/repo-add.8.asciidoc | 2 ++
 scripts/repo-add.sh.in  | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/doc/repo-add.8.asciidoc b/doc/repo-add.8.asciidoc
index 8de4485b..9b903ab1 100644
--- a/doc/repo-add.8.asciidoc
+++ b/doc/repo-add.8.asciidoc
@@ -70,6 +70,8 @@ repo-add Options
 	Remove old package files from the disk when updating their entry in the
 	database.
 
+*\--include-sigs*::
+	Include package PGP signatures in the repository database (if available)
 
 Example
 -------
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index d3938396..ac501b1a 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -42,6 +42,7 @@ LOCKFILE=
 CLEAN_LOCK=0
 USE_COLOR='y'
 PREVENT_DOWNGRADE=0
+INCLUDE_SIGS=0
 
 # Import libmakepkg
 source "$LIBRARY"/util/compress.sh
@@ -260,7 +261,7 @@ db_write_entry() {
 	fi
 
 	# compute base64'd PGP signature
-	if [[ -f "$pkgfile.sig" ]]; then
+	if (( INCLUDE_SIGS )) && [[ -f "$pkgfile.sig" ]]; then
 		if grep -q 'BEGIN PGP SIGNATURE' "$pkgfile.sig"; then
 			error "$(gettext "Cannot use armored signatures for packages: %s")" "$pkgfile.sig"
 			return 1
@@ -622,6 +623,9 @@ while (( $# )); do
 		-p|--prevent-downgrade)
 			PREVENT_DOWNGRADE=1
 			;;
+		--include-sigs)
+			INCLUDE_SIGS=1
+			;;
 		*)
 			args+=("$1")
 			;;
-- 
2.31.1


More information about the pacman-dev mailing list