Find the answer to your Linux question:
Results 1 to 4 of 4
While doing an update I ran in to a problem with package keys. I edited /etc/pacman.d/gnupg/gpg.conf and disabled key signing. I was wondering if this is a safe practice what ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 01-21-2012 #1
    electroman6913
    electroman6913 is offline
    Linux Newbie
    Join Date
    Aug 2010
    Posts
    196

    Package Signing

    While doing an update I ran in to a problem with package keys.
    I edited /etc/pacman.d/gnupg/gpg.conf and disabled key signing.
    I was wondering if this is a safe practice what should my gpg.conf file look like here is my current file.


    no-greeting
    no-permission-warning
    lock-never
    keyserver hkp://keys.gnupg.net
    keyserver-options timeout=10
    sigLevel = Never
    Reply With Quote Reply With Quote
  2. 01-21-2012 #2
    Jonathan183
    Jonathan183 is offline
    Linux Guru Jonathan183's Avatar
    Join Date
    Oct 2007
    Posts
    3,002
    I suggest you put the contents back to defaults ...
    Code:
    no-greeting
no-permission-warning
lock-never
keyserver hkp://keys.gnupg.net
keyserver-options timeout=10
    If you want to disable package signing then edit /etc/pacman.conf and
    Code:
    # PGP signature checking
# NOTE: None of this will work without running `pacman-key --init` first.
# The compiled in default is equivalent to the following line. This requires
# you to locally sign and trust packager keys using `pacman-key` for them to be
# considered valid.
# SigLevel = Optional TrustedOnly
# If you wish to check signatures but avoid local sign and trust issues, use
# the following line. This will treat any key imported into pacman's keyring as
# trusted.
#SigLevel = Optional TrustAll
# For now, off by default unless you read the above.
SigLevel = Never
    ... which would be the current defaults

    Ed: I just switched to SigLevel = Optional TrustedOnly which is working at the moment for me ...
    Reply With Quote Reply With Quote
  3. 01-21-2012 #3
    electroman6913
    electroman6913 is offline
    Linux Newbie
    Join Date
    Aug 2010
    Posts
    196
    Thanks that signature checking was not in my pacman.conf file at all. I added your code and went with optional TrustedOnly. and I set my gpg.conf file back to default. I will see if it works next time I do an update.
    Reply With Quote Reply With Quote
  4. 01-21-2012 #4
    Jonathan183
    Jonathan183 is offline
    Linux Guru Jonathan183's Avatar
    Join Date
    Oct 2007
    Posts
    3,002
    do you have a /etc/pacman.conf.pacnew with relevant info in ?

    I did a system update ... pulling in pacman4
    updated /etc/pacman.conf with information in /etc/pacman.conf.pacnew
    commented out SigLevel = Never and uncommented SigLevel = Optional TrustedOnly
    ran pacman-key --init
    ran pacman-key -r 0xFFF979E7 0xCDFD6BB0 0x4C7EA887 0x6AC6A4C2 0x824B18E8
    checking info here for fingerprints then
    pacman-key --edit-key 0xFFF979E7 0xCDFD6BB0 0x4C7EA887 0x6AC6A4C2 0x824B18E8

    ... which is covered on the Arch Wiki here
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules