While doing an update I ran in to a problem with package keys.
I edited /etc/pacman.d/gnupg/gpg.conf and disabled key signing.
I was wondering if this is a safe practice what should my gpg.conf file look like here is my current file.
sigLevel = Never
I suggest you put the contents back to defaults ...
If you want to disable package signing then edit /etc/pacman.conf and
... which would be the current defaults
# PGP signature checking
# NOTE: None of this will work without running `pacman-key --init` first.
# The compiled in default is equivalent to the following line. This requires
# you to locally sign and trust packager keys using `pacman-key` for them to be
# considered valid.
# SigLevel = Optional TrustedOnly
# If you wish to check signatures but avoid local sign and trust issues, use
# the following line. This will treat any key imported into pacman's keyring as
#SigLevel = Optional TrustAll
# For now, off by default unless you read the above.
SigLevel = Never
Ed: I just switched to SigLevel = Optional TrustedOnly which is working at the moment for me ...
Thanks that signature checking was not in my pacman.conf file at all. I added your code and went with optional TrustedOnly. and I set my gpg.conf file back to default. I will see if it works next time I do an update.
do you have a /etc/pacman.conf.pacnew with relevant info in ?
I did a system update ... pulling in pacman4
updated /etc/pacman.conf with information in /etc/pacman.conf.pacnew
commented out SigLevel = Never and uncommented SigLevel = Optional TrustedOnly
ran pacman-key --init
ran pacman-key -r 0xFFF979E7 0xCDFD6BB0 0x4C7EA887 0x6AC6A4C2 0x824B18E8
checking info here for fingerprints then
pacman-key --edit-key 0xFFF979E7 0xCDFD6BB0 0x4C7EA887 0x6AC6A4C2 0x824B18E8
... which is covered on the Arch Wiki here