diff --git a/makepkg-i686.conf b/makepkg-i686.conf
index 91201834944e5f4a3e198242e3eb2a17140b8352..6bbd6721df0b2cd2b3e0673854d3e5670f34ea54 100644
--- a/makepkg-i686.conf
+++ b/makepkg-i686.conf
@@ -8,16 +8,16 @@
#
#-- The download utilities that makepkg should use to acquire sources
# Format: 'protocol::agent'
-DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
- 'http::/usr/bin/wget -c -t 3 --waitretry=3 -O %o %u'
- 'https::/usr/bin/wget -c -t 3 --waitretry=3 --no-check-certificate -O %o %u'
+DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+ 'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
+ 'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
'rsync::/usr/bin/rsync -z %u %o'
'scp::/usr/bin/scp -C %u %o')
# Other common tools:
# /usr/bin/snarf
# /usr/bin/lftpget -c
-# /usr/bin/curl
+# /usr/bin/wget
#########################################################################
# ARCHITECTURE, COMPILE FLAGS
@@ -26,7 +26,7 @@ DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
CARCH="i686"
CHOST="i686-pc-linux-gnu"
-#-- Exclusive: will only run on i686
+#-- Compiler and Linker Flags
# -march (or -mcpu) builds exclusively for an architecture
# -mtune optimizes for an architecture, but builds for whole processor family
CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
@@ -39,7 +39,7 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
# BUILD ENVIRONMENT
#########################################################################
#
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check)
+# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
# A negated environment option will do the opposite of the comments below.
#
#-- fakeroot: Allow building packages as a non-root user
@@ -47,19 +47,23 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
#-- color: Colorize output messages
#-- ccache: Use ccache to cache compilation
#-- check: Run the check() function if present in the PKGBUILD
+#-- sign: Generate PGP signature file
#
-BUILDENV=(fakeroot !distcc color !ccache check)
+BUILDENV=(fakeroot !distcc color !ccache check !sign)
#
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
#########################################################################
# GLOBAL PACKAGE OPTIONS
# These are default values for the options=() settings
#########################################################################
#
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge)
+# Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
# A negated option will do the opposite of the comments below.
#
#-- strip: Strip symbols from binaries/libraries
@@ -68,8 +72,9 @@ BUILDENV=(fakeroot !distcc color !ccache check)
#-- emptydirs: Leave empty directories in packages
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge: Remove files specified by PURGE_TARGETS
+#-- upx: Compress binary executable files using UPX
#
-OPTIONS=(strip docs libtool emptydirs zipman purge)
+OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
INTEGRITY_CHECK=(md5)
@@ -100,6 +105,8 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
#SRCPKGDEST=/home/srcpackages
#-- Packager: name/email of the person or organization building packages
#PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
#########################################################################
# EXTENSION DEFAULTS
diff --git a/makepkg-x86_64.conf b/makepkg-x86_64.conf
index 052cf3f10b52bee7f9e40ee55335ade9470b96b6..ff460ec09ce06ee6a45e23f095ebd0268c91f3de 100644
--- a/makepkg-x86_64.conf
+++ b/makepkg-x86_64.conf
@@ -8,16 +8,16 @@
#
#-- The download utilities that makepkg should use to acquire sources
# Format: 'protocol::agent'
-DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
- 'http::/usr/bin/wget -c -t 3 --waitretry=3 -O %o %u'
- 'https::/usr/bin/wget -c -t 3 --waitretry=3 --no-check-certificate -O %o %u'
+DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+ 'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
+ 'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
'rsync::/usr/bin/rsync -z %u %o'
'scp::/usr/bin/scp -C %u %o')
# Other common tools:
# /usr/bin/snarf
# /usr/bin/lftpget -c
-# /usr/bin/curl
+# /usr/bin/wget
#########################################################################
# ARCHITECTURE, COMPILE FLAGS
@@ -26,7 +26,7 @@ DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
CARCH="x86_64"
CHOST="x86_64-unknown-linux-gnu"
-#-- Exclusive: will only run on x86_64
+#-- Compiler and Linker Flags
# -march (or -mcpu) builds exclusively for an architecture
# -mtune optimizes for an architecture, but builds for whole processor family
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
@@ -39,7 +39,7 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
# BUILD ENVIRONMENT
#########################################################################
#
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check)
+# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
# A negated environment option will do the opposite of the comments below.
#
#-- fakeroot: Allow building packages as a non-root user
@@ -47,19 +47,23 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
#-- color: Colorize output messages
#-- ccache: Use ccache to cache compilation
#-- check: Run the check() function if present in the PKGBUILD
+#-- sign: Generate PGP signature file
#
-BUILDENV=(fakeroot !distcc color !ccache check)
+BUILDENV=(fakeroot !distcc color !ccache check !sign)
#
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
#########################################################################
# GLOBAL PACKAGE OPTIONS
# These are default values for the options=() settings
#########################################################################
#
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge)
+# Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
# A negated option will do the opposite of the comments below.
#
#-- strip: Strip symbols from binaries/libraries
@@ -68,8 +72,9 @@ BUILDENV=(fakeroot !distcc color !ccache check)
#-- emptydirs: Leave empty directories in packages
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge: Remove files specified by PURGE_TARGETS
+#-- upx: Compress binary executable files using UPX
#
-OPTIONS=(strip docs libtool emptydirs zipman purge)
+OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
INTEGRITY_CHECK=(md5)
@@ -100,6 +105,8 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
#SRCPKGDEST=/home/srcpackages
#-- Packager: name/email of the person or organization building packages
#PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
#########################################################################
# EXTENSION DEFAULTS
diff --git a/pacman-extra.conf b/pacman-extra.conf
index 206ab23b4c838920a636734380c119fbf17b114c..d2b37b1079fad4a7532e9dabba21ec8d8723eeec 100644
--- a/pacman-extra.conf
+++ b/pacman-extra.conf
@@ -13,11 +13,12 @@
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
@@ -28,12 +29,25 @@ Architecture = auto
#NoUpgrade =
#NoExtract =
-# Misc options (all disabled by default)
+# Misc options
#UseSyslog
-#ShowSize
#UseDelta
#TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
#
# REPOSITORIES
@@ -76,5 +90,6 @@ Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
+#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
diff --git a/pacman-multilib-testing.conf b/pacman-multilib-testing.conf
index 32fc35cd26dae9b57c898e6ecdbdf7cac6837118..d544e9ec041d9e1fd2d58521912ae407d5354ee0 100644
--- a/pacman-multilib-testing.conf
+++ b/pacman-multilib-testing.conf
@@ -13,11 +13,12 @@
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
@@ -28,12 +29,25 @@ Architecture = auto
#NoUpgrade =
#NoExtract =
-# Misc options (all disabled by default)
+# Misc options
#UseSyslog
-#ShowSize
#UseDelta
#TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
#
# REPOSITORIES
@@ -76,6 +90,7 @@ Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repository here.
[multilib-testing]
+#SigLevel = Optional TrustAll
Include = /etc/pacman.d/mirrorlist
[multilib]
diff --git a/pacman-multilib.conf b/pacman-multilib.conf
index 50f86be9825d0d2713b5aa55c0f40d72cfff2349..2497c81fad65bb3f78bbde258e755a7c27b856f7 100644
--- a/pacman-multilib.conf
+++ b/pacman-multilib.conf
@@ -13,11 +13,12 @@
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
@@ -28,12 +29,25 @@ Architecture = auto
#NoUpgrade =
#NoExtract =
-# Misc options (all disabled by default)
+# Misc options
#UseSyslog
-#ShowSize
#UseDelta
#TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
#
# REPOSITORIES
@@ -76,6 +90,7 @@ Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repository here.
[multilib]
+#SigLevel = Optional TrustAll
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
diff --git a/pacman-staging.conf b/pacman-staging.conf
index 4479129829d4dd375a6d89f5c1319690952a2757..b9c2cc22d395458541b8ab400c0e31490ea7b9a4 100644
--- a/pacman-staging.conf
+++ b/pacman-staging.conf
@@ -13,11 +13,12 @@
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
@@ -28,12 +29,25 @@ Architecture = auto
#NoUpgrade =
#NoExtract =
-# Misc options (all disabled by default)
+# Misc options
#UseSyslog
-#ShowSize
#UseDelta
#TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
#
# REPOSITORIES
@@ -76,6 +90,7 @@ Include = /etc/pacman.d/mirrorlist
[community-testing]
Include = /etc/pacman.d/mirrorlist
+#SigLevel = Optional TrustAll
[community]
Include = /etc/pacman.d/mirrorlist
diff --git a/pacman-testing.conf b/pacman-testing.conf
index fcfdf15d3e01e271c064f7d1049568802ad46c83..6a7c4bf3fb83862de870018f75726dce9f623dcb 100644
--- a/pacman-testing.conf
+++ b/pacman-testing.conf
@@ -13,11 +13,12 @@
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
@@ -28,12 +29,25 @@ Architecture = auto
#NoUpgrade =
#NoExtract =
-# Misc options (all disabled by default)
+# Misc options
#UseSyslog
-#ShowSize
#UseDelta
#TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
#
# REPOSITORIES
@@ -76,5 +90,6 @@ Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
+#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs