On 4/9/20 12:55 pm, Allan McRae wrote:
> On 4/9/20 12:40 pm, Eli Schwartz wrote:
>> On 9/2/20 11:02 PM, Allan McRae wrote:
>>> Pacman now downloads the signature files for all packages when present in a
>>> repository. That makes distributing signatures within repository databases
>>> redundant and costly.
>>>
>>> Do not distribute the package signature files within the repo databases by
>>> default and add an --include-sigs to revert to the old behaviour.
>>
>> As I've mentioned on the list before, I would like an --ignore-sigs
>> option and continue to distribute sigs by default for pacman 6.0
>>
>> In pacman 6.1 we'll switch by default to ignoring them, and let people
>> use --include-sigs to revert to the old behavior.
>>
>> Ignoring sigs right out of the gate means the default behavior of
>> repo-add is to be unusable for people upgrading from pacman N-1. For
>> example, Arch Linux would most certainly need to use the option to
>> provide backwards compat while upgrading. So do third-party repositories.
>>
>> Also: this option cannot be added to scripts ahead of time, since
>> repo-add will error on an unknown option, and it cannot be added after
>> the fact, since some packages will be broken in the meantime.
>>
>> I don't see what the rush is here to add behavior that no one will want
>> to use.
>> - It makes sense to make this configurable now that it's useful to be
>> able to ignore them.
>> - At the same time, defaults should be based on what is more likely for
>> people to want.
>>
>
> I really do not like the idea of adding an option, just to remove it in
> the next release. But we won't actually be able to remove it for at
> least two releases, as you have just made the case that people won't be
> able to change their scripts on release.
>
> Given pacman-6.0 is likely a few months out, can we do a 5.2.3 release
> including something like:
>
Any feedback on this option?
>
> diff --git a/doc/repo-add.8.asciidoc b/doc/repo-add.8.asciidoc
> index 8de4485b..19e2336a 100644
> --- a/doc/repo-add.8.asciidoc
> +++ b/doc/repo-add.8.asciidoc
> @@ -70,6 +70,10 @@ repo-add Options
> Remove old package files from the disk when updating their entry in the
> database.
>
> +*\--include-sigs*::
> + Dummy option for forward compatibility with pacman-6.0.
> + Include package PGP signatures in the repository database (if available)
> +
>
> Example
> -------
> diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
> index b0b3505d..ee010dba 100644
> --- a/scripts/repo-add.sh.in
> +++ b/scripts/repo-add.sh.in
> @@ -43,6 +43,7 @@ LOCKFILE=
> CLEAN_LOCK=0
> USE_COLOR='y'
> PREVENT_DOWNGRADE=0
> +INCLUDE_SIGS=0
>
> # Import libmakepkg
> source "$LIBRARY"/util/message.sh
> @@ -631,6 +632,9 @@ while (( $# )); do
> -p|--prevent-downgrade)
> PREVENT_DOWNGRADE=1
> ;;
> + --include-sigs)
> + INCLUDE_SIGS=1
> + ;;
> *)
> args+=("$1")
> ;;
> .
>
