From 9715ddbe9df6e7a2a37a11c4f3e90a5446459217 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Fri, 14 Oct 2011 09:09:46 +0200
Subject: [PATCH] Apply pacman 4.0 changes to our copies of makepkg.conf and
pacman.conf
Note: Signature checks are disabled for now until we provide a keyring package.
---
makepkg-i686.conf | 25 ++++++++++++++++---------
makepkg-x86_64.conf | 25 ++++++++++++++++---------
pacman-extra.conf | 23 +++++++++++++++++++----
pacman-multilib-testing.conf | 23 +++++++++++++++++++----
pacman-multilib.conf | 23 +++++++++++++++++++----
pacman-staging.conf | 23 +++++++++++++++++++----
pacman-testing.conf | 23 +++++++++++++++++++----
7 files changed, 127 insertions(+), 38 deletions(-)
diff --git a/makepkg-i686.conf b/makepkg-i686.conf
index 9120183..6bbd672 100644
--- a/makepkg-i686.conf
+++ b/makepkg-i686.conf
@@ -8,16 +8,16 @@
#
#-- The download utilities that makepkg should use to acquire sources
# Format: 'protocol::agent'
-DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
- 'http::/usr/bin/wget -c -t 3 --waitretry=3 -O %o %u'
- 'https::/usr/bin/wget -c -t 3 --waitretry=3 --no-check-certificate -O %o %u'
+DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+ 'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
+ 'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
'rsync::/usr/bin/rsync -z %u %o'
'scp::/usr/bin/scp -C %u %o')
# Other common tools:
# /usr/bin/snarf
# /usr/bin/lftpget -c
-# /usr/bin/curl
+# /usr/bin/wget
#########################################################################
# ARCHITECTURE, COMPILE FLAGS
@@ -26,7 +26,7 @@ DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
CARCH="i686"
CHOST="i686-pc-linux-gnu"
-#-- Exclusive: will only run on i686
+#-- Compiler and Linker Flags
# -march (or -mcpu) builds exclusively for an architecture
# -mtune optimizes for an architecture, but builds for whole processor family
CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
@@ -39,7 +39,7 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
# BUILD ENVIRONMENT
#########################################################################
#
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check)
+# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
# A negated environment option will do the opposite of the comments below.
#
#-- fakeroot: Allow building packages as a non-root user
@@ -47,19 +47,23 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
#-- color: Colorize output messages
#-- ccache: Use ccache to cache compilation
#-- check: Run the check() function if present in the PKGBUILD
+#-- sign: Generate PGP signature file
#
-BUILDENV=(fakeroot !distcc color !ccache check)
+BUILDENV=(fakeroot !distcc color !ccache check !sign)
#
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
#########################################################################
# GLOBAL PACKAGE OPTIONS
# These are default values for the options=() settings
#########################################################################
#
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge)
+# Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
# A negated option will do the opposite of the comments below.
#
#-- strip: Strip symbols from binaries/libraries
@@ -68,8 +72,9 @@ BUILDENV=(fakeroot !distcc color !ccache check)
#-- emptydirs: Leave empty directories in packages
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge: Remove files specified by PURGE_TARGETS
+#-- upx: Compress binary executable files using UPX
#
-OPTIONS=(strip docs libtool emptydirs zipman purge)
+OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
INTEGRITY_CHECK=(md5)
@@ -100,6 +105,8 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
#SRCPKGDEST=/home/srcpackages
#-- Packager: name/email of the person or organization building packages
#PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
#########################################################################
# EXTENSION DEFAULTS
diff --git a/makepkg-x86_64.conf b/makepkg-x86_64.conf
index 052cf3f..ff460ec 100644
--- a/makepkg-x86_64.conf
+++ b/makepkg-x86_64.conf
@@ -8,16 +8,16 @@
#
#-- The download utilities that makepkg should use to acquire sources
# Format: 'protocol::agent'
-DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
- 'http::/usr/bin/wget -c -t 3 --waitretry=3 -O %o %u'
- 'https::/usr/bin/wget -c -t 3 --waitretry=3 --no-check-certificate -O %o %u'
+DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+ 'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
+ 'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
'rsync::/usr/bin/rsync -z %u %o'
'scp::/usr/bin/scp -C %u %o')
# Other common tools:
# /usr/bin/snarf
# /usr/bin/lftpget -c
-# /usr/bin/curl
+# /usr/bin/wget
#########################################################################
# ARCHITECTURE, COMPILE FLAGS
@@ -26,7 +26,7 @@ DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
CARCH="x86_64"
CHOST="x86_64-unknown-linux-gnu"
-#-- Exclusive: will only run on x86_64
+#-- Compiler and Linker Flags
# -march (or -mcpu) builds exclusively for an architecture
# -mtune optimizes for an architecture, but builds for whole processor family
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
@@ -39,7 +39,7 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
# BUILD ENVIRONMENT
#########################################################################
#
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check)
+# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
# A negated environment option will do the opposite of the comments below.
#
#-- fakeroot: Allow building packages as a non-root user
@@ -47,19 +47,23 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
#-- color: Colorize output messages
#-- ccache: Use ccache to cache compilation
#-- check: Run the check() function if present in the PKGBUILD
+#-- sign: Generate PGP signature file
#
-BUILDENV=(fakeroot !distcc color !ccache check)
+BUILDENV=(fakeroot !distcc color !ccache check !sign)
#
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
#########################################################################
# GLOBAL PACKAGE OPTIONS
# These are default values for the options=() settings
#########################################################################
#
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge)
+# Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
# A negated option will do the opposite of the comments below.
#
#-- strip: Strip symbols from binaries/libraries
@@ -68,8 +72,9 @@ BUILDENV=(fakeroot !distcc color !ccache check)
#-- emptydirs: Leave empty directories in packages
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge: Remove files specified by PURGE_TARGETS
+#-- upx: Compress binary executable files using UPX
#
-OPTIONS=(strip docs libtool emptydirs zipman purge)
+OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
INTEGRITY_CHECK=(md5)
@@ -100,6 +105,8 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
#SRCPKGDEST=/home/srcpackages
#-- Packager: name/email of the person or organization building packages
#PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
#########################################################################
# EXTENSION DEFAULTS
diff --git a/pacman-extra.conf b/pacman-extra.conf
index 206ab23..d2b37b1 100644
--- a/pacman-extra.conf
+++ b/pacman-extra.conf
@@ -13,11 +13,12 @@
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
@@ -28,12 +29,25 @@ Architecture = auto
#NoUpgrade =
#NoExtract =
-# Misc options (all disabled by default)
+# Misc options
#UseSyslog
-#ShowSize
#UseDelta
#TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
#
# REPOSITORIES
@@ -76,5 +90,6 @@ Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
+#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
diff --git a/pacman-multilib-testing.conf b/pacman-multilib-testing.conf
index 32fc35c..d544e9e 100644
--- a/pacman-multilib-testing.conf
+++ b/pacman-multilib-testing.conf
@@ -13,11 +13,12 @@
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
@@ -28,12 +29,25 @@ Architecture = auto
#NoUpgrade =
#NoExtract =
-# Misc options (all disabled by default)
+# Misc options
#UseSyslog
-#ShowSize
#UseDelta
#TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
#
# REPOSITORIES
@@ -76,6 +90,7 @@ Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repository here.
[multilib-testing]
+#SigLevel = Optional TrustAll
Include = /etc/pacman.d/mirrorlist
[multilib]
diff --git a/pacman-multilib.conf b/pacman-multilib.conf
index 50f86be..2497c81 100644
--- a/pacman-multilib.conf
+++ b/pacman-multilib.conf
@@ -13,11 +13,12 @@
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
@@ -28,12 +29,25 @@ Architecture = auto
#NoUpgrade =
#NoExtract =
-# Misc options (all disabled by default)
+# Misc options
#UseSyslog
-#ShowSize
#UseDelta
#TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
#
# REPOSITORIES
@@ -76,6 +90,7 @@ Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repository here.
[multilib]
+#SigLevel = Optional TrustAll
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
diff --git a/pacman-staging.conf b/pacman-staging.conf
index 4479129..b9c2cc2 100644
--- a/pacman-staging.conf
+++ b/pacman-staging.conf
@@ -13,11 +13,12 @@
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
@@ -28,12 +29,25 @@ Architecture = auto
#NoUpgrade =
#NoExtract =
-# Misc options (all disabled by default)
+# Misc options
#UseSyslog
-#ShowSize
#UseDelta
#TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
#
# REPOSITORIES
@@ -76,6 +90,7 @@ Include = /etc/pacman.d/mirrorlist
[community-testing]
Include = /etc/pacman.d/mirrorlist
+#SigLevel = Optional TrustAll
[community]
Include = /etc/pacman.d/mirrorlist
diff --git a/pacman-testing.conf b/pacman-testing.conf
index fcfdf15..6a7c4bf 100644
--- a/pacman-testing.conf
+++ b/pacman-testing.conf
@@ -13,11 +13,12 @@
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
@@ -28,12 +29,25 @@ Architecture = auto
#NoUpgrade =
#NoExtract =
-# Misc options (all disabled by default)
+# Misc options
#UseSyslog
-#ShowSize
#UseDelta
#TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
#
# REPOSITORIES
@@ -76,5 +90,6 @@ Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
+#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
--
GitLab