You are not logged in.

#1 2012-10-05 16:38:25

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

[pacman] Save pkg signatures in cache

This has probably been discussed already, but somehow I can't find a link, so...

Is it possible in pacman to save package signatures alongside *.pkg.tar.xz files in cache?  I think it woukd be a useful security addition. For instance, recently I had to perform full system integrity check (similar to the time when kernel.org was compromised) and not being able to verify packages in cache really complicated things, as I had to first update and then download each package, verify, unpack and generate sha1sums for files (all on a clean server of course).

Thanks!


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#2 2012-10-10 18:38:15

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,429

Re: [pacman] Save pkg signatures in cache

You have sigs & sums from the rolling install (not the history) per repo in /var/cache/pkgtools/lists/
For such cases, would those not be enough (maybe install pacman fresh from a chroot first)?

Offline

Board footer

Powered by FluxBB