[pacman-dev] [PATCH] repo-add: add --include-sigs option
Allan McRae
allan at archlinux.org
Thu Jun 3 03:41:42 UTC 2021
Pacman now downloads the signature files for all packages when present in a
repository. That makes distributing signatures within repository databases
redundant and costly.
Do not distribute the package signature files within the repo databases by
default and add an --include-sigs to revert to the old behaviour.
Signed-off-by: Allan McRae <allan at archlinux.org>
---
Resubmit of this patch now we are post 6.0. pacman-6.1 is likely far enough
away that there will be plenty of transition time.
doc/repo-add.8.asciidoc | 2 ++
scripts/repo-add.sh.in | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/doc/repo-add.8.asciidoc b/doc/repo-add.8.asciidoc
index 8de4485b..9b903ab1 100644
--- a/doc/repo-add.8.asciidoc
+++ b/doc/repo-add.8.asciidoc
@@ -70,6 +70,8 @@ repo-add Options
Remove old package files from the disk when updating their entry in the
database.
+*\--include-sigs*::
+ Include package PGP signatures in the repository database (if available)
Example
-------
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index d3938396..ac501b1a 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -42,6 +42,7 @@ LOCKFILE=
CLEAN_LOCK=0
USE_COLOR='y'
PREVENT_DOWNGRADE=0
+INCLUDE_SIGS=0
# Import libmakepkg
source "$LIBRARY"/util/compress.sh
@@ -260,7 +261,7 @@ db_write_entry() {
fi
# compute base64'd PGP signature
- if [[ -f "$pkgfile.sig" ]]; then
+ if (( INCLUDE_SIGS )) && [[ -f "$pkgfile.sig" ]]; then
if grep -q 'BEGIN PGP SIGNATURE' "$pkgfile.sig"; then
error "$(gettext "Cannot use armored signatures for packages: %s")" "$pkgfile.sig"
return 1
@@ -622,6 +623,9 @@ while (( $# )); do
-p|--prevent-downgrade)
PREVENT_DOWNGRADE=1
;;
+ --include-sigs)
+ INCLUDE_SIGS=1
+ ;;
*)
args+=("$1")
;;
--
2.31.1
More information about the pacman-dev
mailing list