diff --git a/doc/pacman.conf.5.asciidoc b/doc/pacman.conf.5.asciidoc index 16dc7950..adbd6914 100644 --- a/doc/pacman.conf.5.asciidoc +++ b/doc/pacman.conf.5.asciidoc @@ -318,12 +318,12 @@ When to Check:: *Never*;; All signature checking is suppressed, even if signatures are present. - *Optional* (default);; + *Optional*;; Signatures are checked if present; absence of a signature is not an error. An invalid signature is a fatal error, as is a signature from a key not in the keyring. - *Required*;; + *Required* (default);; Signatures are required; absence of a signature or an invalid signature is a fatal error, as is a signature from a key not in the keyring. @@ -349,7 +349,7 @@ level signatures for packages. The built-in default is the following: -------- -SigLevel = Optional TrustedOnly +SigLevel = Required TrustedOnly -------- diff --git a/src/pacman/conf.c b/src/pacman/conf.c index a0e0e96a..41bfbdbc 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -109,8 +109,7 @@ config_t *config_new(void) newconfig->logmask = ALPM_LOG_ERROR | ALPM_LOG_WARNING; newconfig->configfile = strdup(CONFFILE); if(alpm_capabilities() & ALPM_CAPABILITY_SIGNATURES) { - newconfig->siglevel = ALPM_SIG_PACKAGE | ALPM_SIG_PACKAGE_OPTIONAL | - ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL; + newconfig->siglevel = ALPM_SIG_PACKAGE | ALPM_SIG_DATABASE; newconfig->localfilesiglevel = ALPM_SIG_USE_DEFAULT; newconfig->remotefilesiglevel = ALPM_SIG_USE_DEFAULT; } diff --git a/test/pacman/tests/upgrade-download-pkg-and-sig-with-filename.py b/test/pacman/tests/upgrade-download-pkg-and-sig-with-filename.py index 8a43c97a..8c25a41d 100644 --- a/test/pacman/tests/upgrade-download-pkg-and-sig-with-filename.py +++ b/test/pacman/tests/upgrade-download-pkg-and-sig-with-filename.py @@ -1,6 +1,7 @@ self.description = 'download remote packages with -U with a URL filename' self.require_capability("gpg") self.require_capability("curl") +self.option['SigLevel'] = ['Required'] url = self.add_simple_http_server({ # simple diff --git a/test/pacman/util.py b/test/pacman/util.py index cabdf46c..5bbbbe9b 100644 --- a/test/pacman/util.py +++ b/test/pacman/util.py @@ -115,6 +115,8 @@ def mkcfgfile(filename, root, option, db): data = ["[options]"] for key, value in option.items(): data.extend(["%s = %s" % (key, j) for j in value]) + if "SigLevel" not in option: + data.append("SigLevel = Never\n") # Repositories # sort by repo name so tests can predict repo order, rather than be