update makepkg.conf and pacman.conf

10 files changed, 66 insertions, 82 deletions

diff --git a/makepkg-i686.conf b/makepkg-i686.conf
index 6bbd672..725c2a2 100644
--- a/makepkg-i686.conf
+++ b/makepkg-i686.conf
@@ -31,7 +31,7 @@ CHOST="i686-pc-linux-gnu"
 # -mtune optimizes for an architecture, but builds for whole processor family
 CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
 CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
-LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
 
diff --git a/makepkg-x86_64.conf b/makepkg-x86_64.conf
index ff460ec..4de5c67 100644
--- a/makepkg-x86_64.conf
+++ b/makepkg-x86_64.conf
@@ -31,7 +31,7 @@ CHOST="x86_64-unknown-linux-gnu"
 # -mtune optimizes for an architecture, but builds for whole processor family
 CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
 CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
-LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
 
diff --git a/pacman-extra.conf b/pacman-extra.conf
index 4c50513..0b1fea6 100644
--- a/pacman-extra.conf
+++ b/pacman-extra.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-gnome-unstable.conf b/pacman-gnome-unstable.conf
index 04e8f5b..07495d0 100644
--- a/pacman-gnome-unstable.conf
+++ b/pacman-gnome-unstable.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-kde-unstable.conf b/pacman-kde-unstable.conf
index e5b95bb..c0e2e8e 100644
--- a/pacman-kde-unstable.conf
+++ b/pacman-kde-unstable.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-multilib-staging.conf b/pacman-multilib-staging.conf
index a088010..dee241c 100644
--- a/pacman-multilib-staging.conf
+++ b/pacman-multilib-staging.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-multilib-testing.conf b/pacman-multilib-testing.conf
index ee9c988..e60a998 100644
--- a/pacman-multilib-testing.conf
+++ b/pacman-multilib-testing.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-multilib.conf b/pacman-multilib.conf
index 696003e..d83def4 100644
--- a/pacman-multilib.conf
+++ b/pacman-multilib.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-staging.conf b/pacman-staging.conf
index 4ef48de..4a803a1 100644
--- a/pacman-staging.conf
+++ b/pacman-staging.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #
diff --git a/pacman-testing.conf b/pacman-testing.conf
index cc007e3..a99b99d 100644
--- a/pacman-testing.conf
+++ b/pacman-testing.conf
@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #