You are not logged in.

#1 2013-04-18 06:44:56

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,326
Website

Installing package with -U and Ignoring Signatures

If I want to install a package using -U but the package isn't signed, can I tell pacman to SigLevel = Never for this one transaction, rather than having to edit pacman.conf, install, then change pacman.conf back?

# pacman -U http://www.example.com/foobar-20130417-1-any.pkg.tar.xz
 foobar-20130417-1-any                     1180.0   B  1152K/s 00:00 [#############################################] 100%
loading packages...
error: /var/cache/pacman/pkg/foobar-20130417-1-any.pkg.tar.xz: signature format errorerror: GPGME error: No data
error: '/var/cache/pacman/pkg/foobar-20130417-1-any.pkg.tar.xz': invalid or corrupted package (PGP signature)

Offline

#2 2013-04-18 07:13:59

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 20,107
Website

Re: Installing package with -U and Ignoring Signatures

As of pacman 4, you can use:

LocalFileSigLevel = Optional

on the basis that it is already on your system and theoretically has passed a check previously...


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Offline

#3 2013-04-18 23:25:07

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,326
Website

Re: Installing package with -U and Ignoring Signatures

Not quite what I'm after I don't think; my example (and use case) is installing from a URL...

It might have to do if pacman treats that as a "local" after it downloads it....

Offline

#4 2013-04-19 00:58:56

karol
Archivist
Registered: 2009-05-06
Posts: 25,433

Re: Installing package with -U and Ignoring Signatures

Offline

#5 2013-04-19 01:01:38

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,326
Website

Re: Installing package with -U and Ignoring Signatures

That's closer, I've added a comment to that bug to have a --nosig option also. Thx karol smile

Offline

#6 2013-04-19 01:25:20

Allan
is always right
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,465
Website

Re: Installing package with -U and Ignoring Signatures

RemoteFileSigLevel = Optional

Offline

#7 2013-04-19 05:03:56

Jristz
Member
From: America/Santiago
Registered: 2011-06-11
Posts: 931

Re: Installing package with -U and Ignoring Signatures

LocalFileSigLevel = Never

located on manpages

why this is Trusted by default??


Well, I suppose that this is somekind of signature, no?

Offline

#8 2013-04-19 05:20:02

Allan
is always right
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,465
Website

Re: Installing package with -U and Ignoring Signatures

Jristz wrote:

LocalFileSigLevel = Never

located on manpages

why this is Trusted by default??

Why are local files on your hard drive trusted by default? Probably because you put them there...

Edit: also it is not LocalFileSigLevel when using pacman -U http://...

Offline

#9 2013-04-19 16:26:30

teateawhy
Member
From: GER
Registered: 2012-03-05
Posts: 1,079
Website

Re: Installing package with -U and Ignoring Signatures

Jristz wrote:

LocalFileSigLevel = Never

located on manpages

why this is Trusted by default??

Do you trust yourself?

Offline

#10 2013-04-21 19:04:08

Jristz
Member
From: America/Santiago
Registered: 2011-06-11
Posts: 931

Re: Installing package with -U and Ignoring Signatures

teateawhy wrote:
Jristz wrote:

LocalFileSigLevel = Never

located on manpages

why this is Trusted by default??

Do you trust yourself?

in this case is unnecesary have a LocalFileSigLevel because a common person Trust in their/yourself and if one going to install any from a local file, what is the point of have this if one troust in theirself


Well, I suppose that this is somekind of signature, no?

Offline

Board footer

Powered by FluxBB