Re: [arch-general] Clarification on pacman signature verification

On 01/25/2016 04:43 AM, Solomon Lam wrote: > Hi, This is regarding package verification performed by pacman. > > Does pacman download the .sig file of a package while installing one? All I > could find are the local cached copies of packages only but not their > signatures. If thats the case, how

Re: [arch-general] Mounting root according to fstab the first time (fstab in initrd)?

Hi! I was a bit busy and just got to hacking my mkinitcpio now. I decided to follow ProgAndy's idea and remove the current way of mounting (default_mount_handler function) and instead create and use mount hooks (by default the default_mount_handler and the mount call's nearest lines is a new,

Re: [arch-general] Clarification on pacman signature verification

On Mon, 25 Jan 2016 15:13:24 +0530 Solomon Lam wrote: > Hi, This is regarding package verification performed by pacman. > > Does pacman download the .sig file of a package while installing one? All I > could find are the local cached copies of packages only but not their >

Re: [arch-general] Clarification on pacman signature verification

On 01/25/2016 01:35 PM, Solomon Lam wrote: > Thanks for the reply. I think I got my answer. > > I noticed that the 'desc' file of a package(inside the db) contains 'md5' > and 'sha256' checksums as well. So, does pacman perform pgp verification or > checksum verification during installation? It

Re: [arch-general] [tor] User and group entries are left over in passwd and gshadow after removal, makes pwck and shadow.service fail

On Mon, 25 Jan 2016 17:45:17 +0100 Doug Newgard wrote: Dev discussion here: https://lists.archlinux.org/pipermail/arch-dev-public/2015-February/026953.html Thanks, that's the context I needed to understand your decision. Reading the dev discussion and the clear consensus emerging from it, I

Re: [arch-general] [tor] User and group entries are left over in passwd and gshadow after removal, makes pwck and shadow.service fail

On Mon, 25 Jan 2016 17:29:51 +0100 Bastien Traverse wrote: > Hi, > > I opened FS#47893 [1] to discuss this issue, but it's been closed with > no delay and I can't really have a discussion via re-opening requests. > > Upon installation of the tor package, directory

[arch-general] [tor] User and group entries are left over in passwd and gshadow after removal, makes pwck and shadow.service fail

Hi, I opened FS#47893 [1] to discuss this issue, but it's been closed with no delay and I can't really have a discussion via re-opening requests. Upon installation of the tor package, directory /var/lib/tor is created (see PKGBUILD#40 [2]). Upon uninstallation, it is automatically deleted

Re: [arch-general] Clarification on pacman signature verification

Thanks for the reply. I think I got my answer. I noticed that the 'desc' file of a package(inside the db) contains 'md5' and 'sha256' checksums as well. So, does pacman perform pgp verification or checksum verification during installation? On Mon, Jan 25, 2016 at 8:08 PM, Eli Schwartz

Re: [arch-general] Unknown Trust and Corrupted Package

It is in testing; updating the keyring pkg from testing fixed the issue on my box. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [arch-general] Unknown Trust and Corrupted Package

Le 25 janvier 2016 03:23:25 GMT+01:00, Levente Polyak a écrit : >On 01/25/2016 03:17 AM, Jayesh Badwaik wrote: >> Hi, >> >> I'm receiving message about unknown trust while trying to install the >confuse >> package. >> > > >Looks like people tend to forget about

Re: [arch-general] Unknown Trust and Corrupted Package

On Monday, 25 January 2016 09:00:43 IST Bruno Pagani wrote: > Is there somewhere on the wiki, especially beginner guide or install one > where it’s advised to do this on a regular basis? (I’m on mobile right now, > not easy to check) I found this [1], which suggests that the changes should be

Re: [arch-general] Yahoo mail problems (was [aur-general] No notification for out-of-date package)

Hey, > Also as for rejecting invalid DKIM mails: People should really not do > that unless DMARC tells them to. That _is_ a problem already and will get worse this year. Yahoo has already published a "reject invalid" policy nearly two years ago[1]. See: [0 mosu@sweet-chili ~] host -t txt

Re: [arch-general] Unknown Trust and Corrupted Package

>> I'm receiving message about unknown trust while trying to install the confuse >> package. >> > > Looks like people tend to forget about updating pacman keyring. > > pacman-key --refresh-keys is'n this done automatically? should it? -- damjan

[arch-general] Clarification on pacman signature verification

Hi, This is regarding package verification performed by pacman. Does pacman download the .sig file of a package while installing one? All I could find are the local cached copies of packages only but not their signatures. If thats the case, how does pacman verify the integrity of the downloaded

Re: [arch-general] archlinux-keyring 20160123-1 is needed, but unavailable without testing

My apologies, after taking a look at the archive, I noticed that this issue already was reported. I couldn't notice it, since there's an issue with my account: "Note: your list delivery is currently disabled; it was disabled due to excessive bounces. The last bounce was received on 12-Jan-2016."

Re: [arch-general] Unknown Trust and Corrupted Package

On 01/25/2016 10:27 AM, Damjan Georgievski wrote: > huh, now what? > [...] > gpg: keyserver refresh failed: Permission denied As the error message indicates, you need to do that as root. It's also possible to grab the new archlinux-keyring package from [testing]. cheers, Levente signature.asc

Re: [arch-general] Unknown Trust and Corrupted Package

> > > Looks like people tend to forget about updating pacman keyring. > > > > pacman-key --refresh-keys > > is'n this done automatically? should it? > I personally can't see how it (an upgrade hook in a package) could. The pacman-keyring package can (and does) do some maintenance operations

Re: [arch-general] Unknown Trust and Corrupted Package

> Looks like people tend to forget about updating pacman keyring. > > pacman-key --refresh-keys huh, now what? # pacman-key --refresh-keys gpg: refreshing 85 keys from hkp://keys.gnupg.net gpg: keyserver refresh failed: Permission denied ==> ERROR: A specified local key could not be updated

[arch-general] archlinux-keyring 20160123-1 is needed, but unavailable without testing

Hi, archlinux-keyring 20160123-1 is needed, but not available, if testing isn't used. Packages (11) boost-1.60.0-2 boost-libs-1.60.0-2 cmake-3.4.2-1 confuse-2.8-1 dhcpcd-6.10.1-1 libvpx-1.5.0-4 ntp-4.2.8.p6-1 openmpi-1.10.2-1 pacman-mirrorlist-20160124-1