You are not logged in.

#1 2013-04-06 11:44:40

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,277

[solved] pacman 4.1 SigLevel options

I am unsure about the SigLevel options in pacman after merging the new 4.1 pacnew and hope someone can clarify. It is a similar question to here but not quite.

While merging the configuration, I wonder if I have to add "TrustedOnly" in order to get signature checking on the official repos package sigs. 

man pacman.conf as of today wrote:

...      TrustedOnly (default)
...
The built-in default is the following:
           SigLevel = Optional TrustedOnly
...

pacman.conf.pacnew then wrote:

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel    = Required DatabaseOptional

Now my understanding is be that the manpage needs an update to describe the default options as they are installed. That would be fine, if it is correct.

However, I am unsure because the [default] described in the manpage could also mean that the options specified in pacman.conf are adding to the default compiled in defaults, i.e. "Required DatabaseOnly" overwrites the compiled in "Optional" and the default in "TrustedOnly" is not changed.

So, do I have to add "TrustedOnly" to the SigLevel like this

SigLevel    = Required TrustedOnly DatabaseOptional

in order to have general signature checking for the main repo packages or not?
Thanks.

Last edited by Strike0 (2013-04-06 12:14:22)

Offline

#2 2013-04-06 11:48:16

Allan
Developer
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,367
Website

Re: [solved] pacman 4.1 SigLevel options

The default is "Optional TrustedOnly"

So, you can go:

SigLevel = Required DatabaseOptional TrustedOnly"
SigLevel = Required DatabaseOptional"
SigLevel = PackageRequired TrustedOnly"
SigLevel = PackageRequired"

and all end up with the same result.  Packages are required to be signed by a trusted signature, databases can be optionally signed but if they are, the signature needs trusted.

Offline

#3 2013-04-06 12:13:38

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,277

Re: [solved] pacman 4.1 SigLevel options

Ok, that's great! 
Thanks for the quick reply (&striking out the easter egg along the course).

edit: removed sentence with misunderstanding on my side.
edit2: added example to the wiki.

Last edited by Strike0 (2013-04-13 07:25:25)

Offline

Board footer

Powered by FluxBB