docs/pacman.conf: Document SigLevel option

This adds docs for SigLevel, which can exist in both [options] and [repository] sections. It also does a bit of reworking of the structure of this manpage and adds a labeled list under the repo sections where we didn't have one before. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 17:14:32 -05:00 · 2011-07-21 17:14:32 -05:00 · f10aea73e4
commit f10aea73e4
parent b03b06cfd3
1 changed files with 88 additions and 12 deletions
--- a/doc/pacman.conf.5.txt
+++ b/doc/pacman.conf.5.txt
@ -156,6 +156,10 @@ Options
 	packages are only cleaned if not installed locally and not present in any
 	known sync database.
 *SigLevel =* ...::
 	Set the default signature verification level. For more information, see
 	<<SC,Package and Database Signature Checking>> below.
 *UseSyslog*::
 	Log action messages through syslog(). This will insert log entries into
 	+{localstatedir}/log/messages+ or equivalent.
@ -193,27 +197,99 @@ contain a file that lists the servers for that repository.
 --------
 [core]
-# use this repository first
+# use this server first
-Server = ftp://ftp.archlinux.org/core/os/arch
+Server = ftp://ftp.archlinux.org/$repo/os/$arch
 # next use servers as defined in the mirrorlist below
 Include = {sysconfdir}/pacman.d/mirrorlist
 --------
 During parsing, pacman will define the `$repo` variable to the name of the
 current section. This is often utilized in files specified using the 'Include'
 directive so all repositories can use the same mirrorfile. pacman also defines
 the `$arch` variable to the value of `Architecture`, so the same mirrorfile can
 even be used for different architectures.
 --------
 Server = ftp://ftp.archlinux.org/$repo/os/$arch
 --------
 The order of repositories in the configuration files matters; repositories
 listed first will take precedence over those listed later in the file when
 packages in two repositories have identical names, regardless of version
 number.
 *Include =* path::
 	Include another config file. This file can include repositories or
 	general configuration options. Wildcards in the specified paths will get
 	expanded based on linkman:glob[7] rules.
 *Server =* url::
 	A full URL to a location where the database, packages, and signatures (if
 	available) for this repository can be found.
 +
 During parsing, pacman will define the `$repo` variable to the name of the
 current section. This is often utilized in files specified using the 'Include'
 directive so all repositories can use the same mirrorfile. pacman also defines
 the `$arch` variable to the value of `Architecture`, so the same mirrorfile can
 even be used for different architectures.
 *SigLevel =* ...::
 	Set the signature verification level for this repository. For more
 	information, see <<SC,Package and Database Signature Checking>> below.
 Package and Database Signature Checking
 ---------------------------------------
 The 'SigLevel' directive is valid in both the `[options]` and repository
 sections. If used in `[options]`, it sets a default value for any repository
 that does not provide the setting.
 If set to *Never*, no signature checking will take place.
 If set to *Optional* , signatures will be checked when present, but unsigned
 databases and packages will also be accepted.
 If set to *Required*, signatures will be required on all packages and
 databases.
 Alternatively, you can get more fine-grained control by combining some of
 the options and prefixes described below. All options in a config file are
 processed in top-to-bottom, left-to-right fashion, where later options override
 and/or supplement earlier ones. If 'SigLevel' is specified in a repository
 section, the starting value is that from the `[options]` section, or the
 built-in system default as shown below if not specified.
 The options are split into two main groups, described below. Terms used such as
 ``marginally trusted'' are terms used by GnuPG, for more information please
 consult linkman:gpg[1].
 When to Check::
 	These options control if and when signature checks should take place.
 	*Never*;;
 		All signature checking is suppressed, even if signatures are present.
 	*Optional* (default);;
 		Signatures are checked if present; absence of a signature is not an
 		error. An invalid signature is a fatal error, as is a signature from a
 		key not in the keyring.
 	*Required*;;
 		Signatures are required; absence of a signature or an invalid signature
 		is a fatal error, as is a signature from a key not in the keyring.
 What is Allowed::
 	These options control what signatures are viewed as permissible. Note that
 	neither of these options allows acceptance of invalid or expired
 	signatures, or those from revoked keys.
 	*TrustedOnly* (default);;
 		If a signature is checked, it must be in the keyring and fully trusted;
 		marginal trust does not meet this criteria.
 	*TrustAll*;;
 		If a signature is checked, it must be in the keyring, but is not
 		required to be assigned a trust level (e.g., unknown or marginal
 		trust).
 Options in both groups can additionally be prefixed with either *Package* or
 *Database*, which will cause it to only take effect on the specified object
 type. For example, `PackageTrustAll` would allow marginal and unknown trust
 level signatures for packages.
 The built-in default is the following:
 --------
 SigLevel = Optional TrustedOnly
 --------
 Using Your Own Repository
 -------------------------
 If you have numerous custom packages of your own, it is often easier to generate