makepkg: Add support for verifying pgp signatures

Many projects provide signature files along with the source code archives. It's good to check these, too, when verifying the integrity of source code archives. Not everybody is using gpg so the verification can be disabled with --skippgpcheck. Additionally, only a warning is displayed when the key that signed the source file is unknown. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
author: Wieland Hoffmann <themineo@googlemail.com> 2011-07-06 13:02:19 +0200
committer: Dan McGee <dan@archlinux.org> 2011-07-27 19:47:06 +0200
commit: 94f61c5b29274df164b01105165945e445289ae7 (patch)
tree: cd28e798ba6ee9198ceaf0edbf2336cb1a1c9ab6 /doc
parent: 9929a34a6d493c94bd176b66198bdbd734678043 (diff)
download: pacman-94f61c5b29274df164b01105165945e445289ae7.tar.gz
pacman-94f61c5b29274df164b01105165945e445289ae7.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/makepkg.8.txt b/doc/makepkg.8.txt
index ffc01cd5..57c1f899 100644
--- a/doc/makepkg.8.txt
+++ b/doc/makepkg.8.txt
@@ -87,6 +87,9 @@ Options
 *--skipinteg*::
 	Do not perform any integrity checks, just print a warning instead.
 
+*\--skippgpcheck*::
+	Do not verify PGP signatures of the source files.
+
 *-h, \--help*::
 	Output syntax and command line options.
author	Wieland Hoffmann <themineo@googlemail.com>	2011-07-06 13:02:19 +0200
committer	Dan McGee <dan@archlinux.org>	2011-07-27 19:47:06 +0200
commit	94f61c5b29274df164b01105165945e445289ae7 (patch)
tree	cd28e798ba6ee9198ceaf0edbf2336cb1a1c9ab6 /doc
parent	9929a34a6d493c94bd176b66198bdbd734678043 (diff)
download	pacman-94f61c5b29274df164b01105165945e445289ae7.tar.gz pacman-94f61c5b29274df164b01105165945e445289ae7.tar.xz