I am unsure about the SigLevel options in pacman after merging the new 4.1 pacnew and hope someone can clarify. It is a similar question to here but not quite.
While merging the configuration, I wonder if I have to add "TrustedOnly" in order to get signature checking on the official repos package sigs.
... TrustedOnly (default)
The built-in default is the following:
SigLevel = Optional TrustedOnly
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
Now my understanding is be that the manpage needs an update to describe the default options as they are installed. That would be fine, if it is correct.
However, I am unsure because the [default] described in the manpage could also mean that the options specified in pacman.conf are adding to the default compiled in defaults, i.e. "Required DatabaseOnly" overwrites the compiled in "Optional" and the default in "TrustedOnly" is not changed.
So, do I have to add "TrustedOnly" to the SigLevel like this
SigLevel = Required TrustedOnly DatabaseOptional
in order to have general signature checking for the main repo packages or not?
Last edited by Strike0 (2013-04-06 12:14:22)
The default is "Optional TrustedOnly"
So, you can go:
SigLevel = Required DatabaseOptional TrustedOnly" SigLevel = Required DatabaseOptional" SigLevel = PackageRequired TrustedOnly" SigLevel = PackageRequired"
and all end up with the same result. Packages are required to be signed by a trusted signature, databases can be optionally signed but if they are, the signature needs trusted.
Ok, that's great!
Thanks for the quick reply (&striking out the easter egg along the course).
edit: removed sentence with misunderstanding on my side.
edit2: added example to the wiki.
Last edited by Strike0 (2013-04-13 07:25:25)