Results 1 to 4 of 4
While doing an update I ran in to a problem with package keys. I edited /etc/pacman.d/gnupg/gpg.conf and disabled key signing. I was wondering if this is a safe practice what ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 01-21-2012 #1
- Join Date
- Aug 2010
While doing an update I ran in to a problem with package keys.
I edited /etc/pacman.d/gnupg/gpg.conf and disabled key signing.
I was wondering if this is a safe practice what should my gpg.conf file look like here is my current file.
sigLevel = Never
- 01-21-2012 #2
I suggest you put the contents back to defaults ...
no-greeting no-permission-warning lock-never keyserver hkp://keys.gnupg.net keyserver-options timeout=10
# PGP signature checking # NOTE: None of this will work without running `pacman-key --init` first. # The compiled in default is equivalent to the following line. This requires # you to locally sign and trust packager keys using `pacman-key` for them to be # considered valid. # SigLevel = Optional TrustedOnly # If you wish to check signatures but avoid local sign and trust issues, use # the following line. This will treat any key imported into pacman's keyring as # trusted. #SigLevel = Optional TrustAll # For now, off by default unless you read the above. SigLevel = Never
Ed: I just switched to SigLevel = Optional TrustedOnly which is working at the moment for me ...
- 01-21-2012 #3
- Join Date
- Aug 2010
Thanks that signature checking was not in my pacman.conf file at all. I added your code and went with optional TrustedOnly. and I set my gpg.conf file back to default. I will see if it works next time I do an update.
- 01-21-2012 #4
do you have a /etc/pacman.conf.pacnew with relevant info in ?
I did a system update ... pulling in pacman4
updated /etc/pacman.conf with information in /etc/pacman.conf.pacnew
commented out SigLevel = Never and uncommented SigLevel = Optional TrustedOnly
ran pacman-key --init
ran pacman-key -r 0xFFF979E7 0xCDFD6BB0 0x4C7EA887 0x6AC6A4C2 0x824B18E8
checking info here for fingerprints then
pacman-key --edit-key 0xFFF979E7 0xCDFD6BB0 0x4C7EA887 0x6AC6A4C2 0x824B18E8
... which is covered on the Arch Wiki here