summaryrefslogtreecommitdiffstats
path: root/doc/pacman.conf.5.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/pacman.conf.5.txt')
-rw-r--r--doc/pacman.conf.5.txt121
1 files changed, 104 insertions, 17 deletions
diff --git a/doc/pacman.conf.5.txt b/doc/pacman.conf.5.txt
index dcaeed7f..e793e78b 100644
--- a/doc/pacman.conf.5.txt
+++ b/doc/pacman.conf.5.txt
@@ -1,5 +1,5 @@
/////
-vim:set ts=4 sw=4 syntax=asciidoc noet:
+vim:set ts=4 sw=4 syntax=asciidoc noet spell spelllang=en_us:
/////
pacman.conf(5)
==============
@@ -69,6 +69,15 @@ Options
to the first cache directory with write access. *NOTE*: this is an absolute
path, the root path is not automatically prepended.
+*GPGDir =* path/to/gpg/dir::
+ Overrides the default location of the directory containing configuration
+ files for GnuPG. A typical default is +{sysconfdir}/pacman.d/gnupg/+.
+ This directory should contain two files: `pubring.gpg` and `trustdb.gpg`.
+ `pubring.gpg` holds the public keys of all packagers. `trustdb.gpg`
+ contains a so-called trust database, which specifies that the keys are
+ authentic and trusted.
+ *NOTE*: this is an absolute path, the root path is not automatically
+ prepended.
*LogFile =* '/path/to/file'::
Overrides the default location of the pacman log file. A typical default
@@ -147,13 +156,14 @@ Options
packages are only cleaned if not installed locally and not present in any
known sync database.
+*SigLevel =* ...::
+ Set the default signature verification level. For more information, see
+ <<SC,Package and Database Signature Checking>> below.
+
*UseSyslog*::
Log action messages through syslog(). This will insert log entries into
+{localstatedir}/log/messages+ or equivalent.
-*ShowSize*::
- Display the size of individual packages for '\--sync' and '\--query' modes.
-
*UseDelta*::
Download delta files instead of complete packages if possible. Requires
the xdelta3 program to be installed.
@@ -168,6 +178,10 @@ Options
Performs an approximate check for adequate available disk space before
installing packages.
+*VerbosePkgLists*::
+ Displays name, version and size of target packages formatted
+ as a table for upgrade, sync and remove operations.
+
Repository Sections
-------------------
Each repository section defines a section name and at least one location where
@@ -183,27 +197,99 @@ contain a file that lists the servers for that repository.
--------
[core]
-# use this repository first
-Server = ftp://ftp.archlinux.org/core/os/arch
+# use this server first
+Server = ftp://ftp.archlinux.org/$repo/os/$arch
# next use servers as defined in the mirrorlist below
Include = {sysconfdir}/pacman.d/mirrorlist
--------
+The order of repositories in the configuration files matters; repositories
+listed first will take precedence over those listed later in the file when
+packages in two repositories have identical names, regardless of version
+number.
+
+*Include =* path::
+ Include another config file. This file can include repositories or
+ general configuration options. Wildcards in the specified paths will get
+ expanded based on linkman:glob[7] rules.
+
+*Server =* url::
+ A full URL to a location where the database, packages, and signatures (if
+ available) for this repository can be found.
++
During parsing, pacman will define the `$repo` variable to the name of the
current section. This is often utilized in files specified using the 'Include'
directive so all repositories can use the same mirrorfile. pacman also defines
the `$arch` variable to the value of `Architecture`, so the same mirrorfile can
even be used for different architectures.
+*SigLevel =* ...::
+ Set the signature verification level for this repository. For more
+ information, see <<SC,Package and Database Signature Checking>> below.
+
+Package and Database Signature Checking
+---------------------------------------
+The 'SigLevel' directive is valid in both the `[options]` and repository
+sections. If used in `[options]`, it sets a default value for any repository
+that does not provide the setting.
+
+* If set to *Never*, no signature checking will take place.
+* If set to *Optional* , signatures will be checked when present, but unsigned
+ databases and packages will also be accepted.
+* If set to *Required*, signatures will be required on all packages and
+ databases.
+
+Alternatively, you can get more fine-grained control by combining some of
+the options and prefixes described below. All options in a config file are
+processed in top-to-bottom, left-to-right fashion, where later options override
+and/or supplement earlier ones. If 'SigLevel' is specified in a repository
+section, the starting value is that from the `[options]` section, or the
+built-in system default as shown below if not specified.
+
+The options are split into two main groups, described below. Terms used such as
+``marginally trusted'' are terms used by GnuPG, for more information please
+consult linkman:gpg[1].
+
+When to Check::
+ These options control if and when signature checks should take place.
+
+ *Never*;;
+ All signature checking is suppressed, even if signatures are present.
+
+ *Optional* (default);;
+ Signatures are checked if present; absence of a signature is not an
+ error. An invalid signature is a fatal error, as is a signature from a
+ key not in the keyring.
+
+ *Required*;;
+ Signatures are required; absence of a signature or an invalid signature
+ is a fatal error, as is a signature from a key not in the keyring.
+
+What is Allowed::
+ These options control what signatures are viewed as permissible. Note that
+ neither of these options allows acceptance of invalid or expired
+ signatures, or those from revoked keys.
+
+ *TrustedOnly* (default);;
+ If a signature is checked, it must be in the keyring and fully trusted;
+ marginal trust does not meet this criteria.
+
+ *TrustAll*;;
+ If a signature is checked, it must be in the keyring, but is not
+ required to be assigned a trust level (e.g., unknown or marginal
+ trust).
+
+Options in both groups can additionally be prefixed with either *Package* or
+*Database*, which will cause it to only take effect on the specified object
+type. For example, `PackageTrustAll` would allow marginal and unknown trust
+level signatures for packages.
+
+The built-in default is the following:
+
--------
-Server = ftp://ftp.archlinux.org/$repo/os/$arch
+SigLevel = Optional TrustedOnly
--------
-The order of repositories in the configuration files matters; repositories
-listed first will take precedence over those listed later in the file when
-packages in two repositories have identical names, regardless of version
-number.
-
Using Your Own Repository
-------------------------
If you have numerous custom packages of your own, it is often easier to generate
@@ -215,11 +301,12 @@ directory with these packages so pacman can find it when run with '\--refresh'.
The above command will generate a compressed database named
'/home/pkgs/custom.db.tar.gz'. Note that the database must be of the form
-'\{treename\}.db.tar.gz', where '\{treename\}' is the name of the section defined in
-the configuration file. That's it! Now configure your custom section in the
-configuration file as shown in the config example above. Pacman will now use your
-package repository. If you add new packages to the repository, remember to
-re-generate the database and use pacman's '\--refresh' option.
+'\{treename\}.db.tar.{ext}', where '\{treename\}' is the name of the section
+defined in the configuration file and '\{ext\}' is a valid compression type as
+documented in linkman:repo-add[8]. That's it! Now configure your custom section
+in the configuration file as shown in the config example above. Pacman will now
+use your package repository. If you add new packages to the repository,
+remember to re-generate the database and use pacman's '\--refresh' option.
For more information on the repo-add command, see ``repo-add \--help'' or
linkman:repo-add[8].