Find the answer to your Linux question:
Results 1 to 4 of 4
While doing an update I ran in to a problem with package keys. I edited /etc/pacman.d/gnupg/gpg.conf and disabled key signing. I was wondering if this is a safe practice what ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Aug 2010
    Posts
    229

    Package Signing


    While doing an update I ran in to a problem with package keys.
    I edited /etc/pacman.d/gnupg/gpg.conf and disabled key signing.
    I was wondering if this is a safe practice what should my gpg.conf file look like here is my current file.


    no-greeting
    no-permission-warning
    lock-never
    keyserver hkp://keys.gnupg.net
    keyserver-options timeout=10
    sigLevel = Never

  2. #2
    Linux Guru Jonathan183's Avatar
    Join Date
    Oct 2007
    Posts
    3,042
    I suggest you put the contents back to defaults ...
    Code:
    no-greeting
    no-permission-warning
    lock-never
    keyserver hkp://keys.gnupg.net
    keyserver-options timeout=10
    If you want to disable package signing then edit /etc/pacman.conf and
    Code:
    # PGP signature checking
    # NOTE: None of this will work without running `pacman-key --init` first.
    # The compiled in default is equivalent to the following line. This requires
    # you to locally sign and trust packager keys using `pacman-key` for them to be
    # considered valid.
    # SigLevel = Optional TrustedOnly
    # If you wish to check signatures but avoid local sign and trust issues, use
    # the following line. This will treat any key imported into pacman's keyring as
    # trusted.
    #SigLevel = Optional TrustAll
    # For now, off by default unless you read the above.
    SigLevel = Never
    ... which would be the current defaults

    Ed: I just switched to SigLevel = Optional TrustedOnly which is working at the moment for me ...

  3. #3
    Linux Newbie
    Join Date
    Aug 2010
    Posts
    229
    Thanks that signature checking was not in my pacman.conf file at all. I added your code and went with optional TrustedOnly. and I set my gpg.conf file back to default. I will see if it works next time I do an update.

  4. #4
    Linux Guru Jonathan183's Avatar
    Join Date
    Oct 2007
    Posts
    3,042
    do you have a /etc/pacman.conf.pacnew with relevant info in ?

    I did a system update ... pulling in pacman4
    updated /etc/pacman.conf with information in /etc/pacman.conf.pacnew
    commented out SigLevel = Never and uncommented SigLevel = Optional TrustedOnly
    ran pacman-key --init
    ran pacman-key -r 0xFFF979E7 0xCDFD6BB0 0x4C7EA887 0x6AC6A4C2 0x824B18E8
    checking info here for fingerprints then
    pacman-key --edit-key 0xFFF979E7 0xCDFD6BB0 0x4C7EA887 0x6AC6A4C2 0x824B18E8

    ... which is covered on the Arch Wiki here

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •