4

Verifying the sigs of all installed packages, and signing progress

view full story
linux-howto

https://bbs.archlinux.org – Allan wrote:Klink-a-dink-dink wrote:Is there any way to do this without reinstalling them all?NoProvided the packages hasn't been updated on a mirror... why not? That's how I verify packages if I need to have a look at a binary or wish to install a select peckage from [testing] w/o enabling it.On a different note, is there a pacman option to download signatures into the same cache dir as the corresponding package (suppose I don't care about filling up /var)? Or is this an ignorant question to ask?Allan wrote:Klink-a-dink-dink wrote:is there anywhere online where I can check the (HowTos)

Shoutmeloud's picture
Submitted by Shoutmeloud on 06/05/2012 – Made popular on 06/05/2012

Stories similar to Verifying the sigs of all installed packages, and signing progress

Allan wrote:Schala wrote:I don't knoew if it was the recent Python packages update but that's my guess.Then why reference pacman-4.1 in your subject?I believe there's a possibility that the way Pacman calls it may be incorrect.

Schala https://bbs.archlinux.org/profile.php?id=57170

2013-04-08T22:56:55Z

loafer wrote:alphaniner wrote:karol wrote:You should always run 'pacman -Syu' before installing new packages.I generally do so, though sometimes I'll cancel it and only update specific packages.In the OP's situation though, it seems quite heavy-handed.  If he's going to install a new DE with the intention of switching, why update the old one first?I'd have though

mcmillan wrote:xexio wrote:# -------------------------------------------------------------------------------- # PGP signature checking # --------------------------------------------------------------------------------

SigLevel = Required DatabaseOptional TrustedOnlyThis is telling it to always require package signatures, regardless of the source, so even your packages need to be signed.

jasonwryan wrote:Jristz wrote:jasonwryan wrote:Never do pacman -Syuf - it will break your system...in this case, wath is the objective of having a funtions that is recommended never use, instead why no only the -Syu --force and not the -Syuf???is more easy to write unintentionally a -Suyf raten than a -Syu --forceYou use the -f (or --force) option with S; ie., on a single package.

Allan wrote:Packages installed with pacman-4.0 or earlier will not have their method of verification recorded.   That was added in pacman-4.1.   So "Unknown" means just that.  "None" is installation without checking signature or checksum.Cool, thank you!I got around this withcomm -23 <(pacman -Qeq|sort) <(pacman -Qmq|sort) | pacman -S -from https:

Package not found error 46 weeks 6 days ago

chamber wrote:man pacman wrote:       -Q, --query           Query the package database. This operation allows you to view installed packages and their files, as well as meta-information about individual packages (dependencies, conflicts, install date, build date, size).

Allan wrote:Yes - it is a new feature of pacman-4.1 which requires a file in the package that is added but makepkg in pacman-4.1.Great, thanks.

cdown https://bbs.archlinux.org/profile.php?id=68188

2013-04-05T02:05:07Z

drcouzelis wrote:If you want to receive information about the progress made on the bug and contribute to getting it fixed then, yes, you need to register.Otherwise, just use bugmenot.com.Too late, i already registered.drcouzelis wrote:Lastly, don't be cheeky.Huh?

It is fairly impossible to enable package signing out of the box from a core install...  Either use a new testing iso, or reinstall everything afterwards (no new downloads if you select to keep packages in your cache).

Allan https://bbs.archlinux.org/profile.php?id=11253

2012-07-16T11:25:28Z