You are not logged in.

#1 2012-10-05 16:38:25

From: Aethyr
Registered: 2009-03-22
Posts: 971

[pacman] Save pkg signatures in cache

This has probably been discussed already, but somehow I can't find a link, so...

Is it possible in pacman to save package signatures alongside *.pkg.tar.xz files in cache?  I think it woukd be a useful security addition. For instance, recently I had to perform full system integrity check (similar to the time when was compromised) and not being able to verify packages in cache really complicated things, as I had to first update and then download each package, verify, unpack and generate sha1sums for files (all on a clean server of course).


Arch Linux is more than just GNU/Linux -- it's an adventure


#2 2012-10-10 18:38:15

From: Germany
Registered: 2011-09-05
Posts: 1,277

Re: [pacman] Save pkg signatures in cache

You have sigs & sums from the rolling install (not the history) per repo in /var/cache/pkgtools/lists/
For such cases, would those not be enough (maybe install pacman fresh from a chroot first)?


Board footer

Powered by FluxBB