prepare release

We need /dev/ptmx -> /dev/pts/ptmx (for devpts -o newinstance)
Other way to do this thing is via bind mount (as said kernel doc[devpts.txt]).

This should be done in this way at least for /dev as devtmpfs in the chroot.
Since we can not touch /dev (devtmpfs), because devtmpfs is "singleton",
just use bind method and avoid interference.

Do it the same for both modes of /dev (tmpfs) and (devtmpfs) to keep it simple.

Currently devpts in chroot is not working without this when using /dev as devtmpfs,
this fixes this issue (opening /dev/ptmx, creates devices nodes on outside /dev/pts)

Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>

.gitignore

@@ -14,3 +14,4 @@ mkarchroot
 rebuildpkgs
 zsh_completion
 find-libdeps
+crossrepomove

Makefile

@@ -1,4 +1,4 @@
-V=20120215
+V=20120611
 
 PREFIX = /usr/local
 
@@ -12,7 +12,8 @@ BINPROGS = \
 	lddd \
 	finddeps \
 	rebuildpkgs \
-	find-libdeps
+	find-libdeps \
+	crossrepomove
 
 SBINPROGS = \
 	mkarchroot \
@@ -59,6 +60,10 @@ ARCHBUILD_LINKS = \
 	gnome-unstable-i686-build \
 	gnome-unstable-x86_64-build
 
+CROSSREPOMOVE_LINKS = \
+	extra2community \
+	community2extra
+
 all: $(BINPROGS) $(SBINPROGS) bash_completion zsh_completion
 
 edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g"
@@ -82,8 +87,9 @@ install:
 	install -m0644 ${CONFIGFILES} $(DESTDIR)$(PREFIX)/share/devtools
 	for l in ${COMMITPKG_LINKS}; do ln -sf commitpkg $(DESTDIR)$(PREFIX)/bin/$$l; done
 	for l in ${ARCHBUILD_LINKS}; do ln -sf archbuild $(DESTDIR)$(PREFIX)/bin/$$l; done
+	for l in ${CROSSREPOMOVE_LINKS}; do ln -sf crossrepomove $(DESTDIR)$(PREFIX)/bin/$$l; done
 	ln -sf find-libdeps $(DESTDIR)$(PREFIX)/bin/find-libprovides
-	install -Dm0644 bash_completion $(DESTDIR)/etc/bash_completion.d/devtools
+	install -Dm0644 bash_completion $(DESTDIR)/usr/share/bash-completion/completions/devtools
 	install -Dm0644 zsh_completion $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
 	ln -sf archco $(DESTDIR)$(PREFIX)/bin/communityco
 
@@ -93,7 +99,8 @@ uninstall:
 	for f in ${CONFIGFILES}; do rm -f $(DESTDIR)$(PREFIX)/share/devtools/$$f; done
 	for l in ${COMMITPKG_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
 	for l in ${ARCHBUILD_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
-	rm $(DESTDIR)/etc/bash_completion.d/devtools
+	for l in ${CROSSREPOMOVE_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
+	rm $(DESTDIR)/usr/share/bash-completion/completions/devtools
 	rm $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
 	rm -f $(DESTDIR)$(PREFIX)/bin/communityco
 	rm -f $(DESTDIR)$(PREFIX)/bin/find-libprovides

archrelease.in

@@ -54,6 +54,9 @@ for file in "${known_files[@]}"; do
 	fi
 done
 
+# gracefully handle files containing an "@" character
+known_files=("${known_files[@]/%/@}")
+
 for tag in "$@"; do
 	stat_busy "Copying ${trunk} to ${tag}"
 

commitpkg.in

@@ -42,7 +42,7 @@ pkgbase=${pkgbase:-$pkgname}
 case "$cmd" in
 	commitpkg)
 		if (( $# == 0 )); then
-			die 'usage: commitpkg <reponame> [-l limit] [-a arch] [commit message]'
+			die 'usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
 		fi
 		repo="$1"
 		shift
@@ -51,23 +51,13 @@ case "$cmd" in
 		repo="${cmd%pkg}"
 		;;
 	*)
-		die 'usage: commitpkg <reponame> [-l limit] [-a arch] [commit message]'
+		die 'usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
 		;;
 esac
 
-case "$repo" in
-	core|extra|testing|staging|kde-unstable|gnome-unstable)
-		server='gerolde.archlinux.org' ;;
-	community*|multilib*)
-		server='aur.archlinux.org' ;;
-	*)
-		server='gerolde.archlinux.org'
-		msg "Non-standard repository $repo in use, defaulting to server $server" ;;
-esac
-
 # check if all local source files are under version control
 for s in "${source[@]}"; do
-	if [[ $s != *://* ]] && ! svn status -v "$s" | grep -q '^[ AMRX~]'; then
+	if [[ $s != *://* ]] && ! svn status -v "$s@" | grep -q '^[ AMRX~]'; then
 		die "$s is not under version control"
 	fi
 done
@@ -83,18 +73,49 @@ for i in 'changelog' 'install'; do
 	done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
 done
 
-# see if any limit options were passed, we'll send them to rsync
 rsyncopts=(-e ssh -p --chmod=ug=rw,o=r -c -h -L --progress --partial -y)
-while getopts ':l:a:' flag; do
+archreleaseopts=()
+while getopts ':l:a:s:f' flag; do
 	case $flag in
-		l) rsyncopts+=("--bwlimit=$2") ;;
-		a) commit_arch=$2 ;;
+		f) archreleaseopts+=('-f') ;;
+		s) server=$OPTARG ;;
+		l) rsyncopts+=("--bwlimit=$OPTARG") ;;
+		a) commit_arch=$OPTARG ;;
 		:) die "Option requires an argument -- '$OPTARG'" ;;
 		\?) die "Invalid option -- '$OPTARG'" ;;
 	esac
 done
 shift $(( OPTIND - 1 ))
 
+# check packages have the packager field set
+for _arch in ${arch[@]}; do
+	if [[ -n $commit_arch && ${_arch} != "$commit_arch" ]]; then
+		continue
+	fi
+	for _pkgname in ${pkgname[@]}; do
+		fullver=$(get_full_version $_pkgname)
+
+		if pkgfile=$(shopt -s nullglob;
+				getpkgfile "${PKGDEST+$PKGDEST/}$_pkgname-$fullver-${_arch}".pkg.tar.?z); then
+			if grep -q "packager = Unknown Packager" <(bsdtar -xOqf $pkgfile .PKGINFO); then
+				die "PACKAGER was not set when building package"
+			fi
+		fi
+	done
+done
+
+if [[ -z $server ]]; then
+	case "$repo" in
+		core|extra|testing|staging|kde-unstable|gnome-unstable)
+			server='gerolde.archlinux.org' ;;
+		community*|multilib*)
+			server='aur.archlinux.org' ;;
+		*)
+			server='gerolde.archlinux.org'
+			msg "Non-standard repository $repo in use, defaulting to server $server" ;;
+	esac
+fi
+
 if [[ -n $(svn status -q) ]]; then
 	msgtemplate="upgpkg: $pkgbase $(get_full_version)"$'\n\n'
 	if [[ -n $1 ]]; then
@@ -162,7 +183,7 @@ for _arch in ${arch[@]}; do
 		commit_arches+=($_arch)
 	fi
 done
-archrelease "${commit_arches[@]/#/$repo-}" || die
+archrelease "${archreleaseopts[@]}" "${commit_arches[@]/#/$repo-}" || die
 
 new_uploads=()
 

crossrepomove.in

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+m4_include(lib/common.sh)
+
+scriptname=${0##*/}
+
+if [[ -z $1 ]]; then
+	echo 'Usage: '$scriptname' [pkgbase]'
+	exit 1
+fi
+
+pkgbase="${1}"
+
+packages_svn='svn+ssh://gerolde.archlinux.org/srv/svn-packages'
+packages_server='gerolde.archlinux.org'
+community_svn='svn+ssh://aur.archlinux.org/srv/svn-packages'
+community_server='aur.archlinux.org'
+mirror='http://mirrors.kernel.org/archlinux'
+
+case $scriptname in
+	extra2community)
+		source_svn="${packages_svn}"
+		target_svn="${community_svn}"
+		source_server="${packages_server}"
+		target_server="${community_server}"
+		source_repo='extra'
+		target_repo='community'
+		;;
+	community2extra)
+		source_svn="${community_svn}"
+		target_svn="${packages_svn}"
+		source_server="${community_server}"
+		target_server="${packages_server}"
+		source_repo='community'
+		target_repo='extra'
+		;;
+	*)
+		die "Couldn't find configuration for $scriptname"
+		;;
+esac
+
+setup_workdir
+
+pushd $WORKDIR >/dev/null
+
+msg "Downloading sources for ${pkgbase}"
+svn -q checkout -N "${target_svn}" target_checkout
+mkdir -p "target_checkout/${pkgbase}/repos"
+svn -q export "${source_svn}/${pkgbase}/trunk" "target_checkout/${pkgbase}/trunk" || die
+. "target_checkout/${pkgbase}/trunk/PKGBUILD"
+
+msg "Downloading packages for ${pkgbase}"
+for _arch in ${arch[@]}; do
+	if [[ "${_arch[*]}" == 'any' ]]; then
+		repo_arch='x86_64'
+	else
+		repo_arch=${_arch}
+	fi
+	for _pkgname in ${pkgname[@]}; do
+		fullver=$(get_full_version $_pkgname)
+		# FIXME: this only works with .xz packages
+		ssh "${target_server}" "cd staging/${target_repo}
+			curl -O ${mirror}/${source_repo}/os/${repo_arch}/$_pkgname-$fullver-${_arch}.pkg.tar.xz
+			curl -O ${mirror}/${source_repo}/os/${repo_arch}/$_pkgname-$fullver-${_arch}.pkg.tar.xz.sig" || die
+	done
+done
+
+msg "Adding ${pkgbase} to ${target_repo}"
+svn -q add "target_checkout/${pkgbase}"
+svn -q propset svn:keywords 'Id' "target_checkout/${pkgbase}/trunk/PKGBUILD"
+svn -q commit -m"${scriptname}: Moving ${pkgbase} from ${source_repo} to ${target_repo}" target_checkout
+pushd "target_checkout/${pkgbase}/trunk" >/dev/null
+archrelease "${arch[@]/#/$target_repo-}" || die
+popd >/dev/null
+ssh "${target_server}" '/arch/db-update' || die
+
+msg "Removing ${pkgbase} from ${source_repo}"
+for _arch in ${arch[@]}; do
+	ssh "${source_server}" "/arch/db-remove ${source_repo} ${_arch} ${pkgbase}"
+done
+svn -q checkout -N "${source_svn}" source_checkout
+svn -q up "source_checkout/${pkgbase}"
+svn -q rm "source_checkout/${pkgbase}"
+svn -q commit -m"${scriptname}: Moving ${pkgbase} from ${source_repo} to ${target_repo}" source_checkout
+
+popd >/dev/null

find-libdeps.in

@@ -3,6 +3,7 @@
 m4_include(lib/common.sh)
 
 set -e
+shopt -s extglob
 
 IGNORE_INTERNAL=0
 
@@ -40,7 +41,7 @@ fi
 
 process_sofile() {
 	# extract the library name: libfoo.so
-	soname="${sofile%%\.so\.*}.so"
+	soname="${sofile%.so?(+(.+([0-9])))}".so
 	# extract the major version: 1
 	soversion="${sofile##*\.so\.}"
 	if [[ "$soversion" = "$sofile" ]] && (($IGNORE_INTERNAL)); then

makechrootpkg.in

@@ -67,7 +67,7 @@ while getopts 'hcudr:I:l:n' arg; do
 		r) passeddir="$OPTARG" ;;
 		I) install_pkg="$OPTARG" ;;
 		l) copy="$OPTARG" ;;
-		n) run_namcap=true ;;
+		n) run_namcap=true; makepkg_args="$makepkg_args -i" ;;
 		*) makepkg_args="$makepkg_args -$arg $OPTARG" ;;
 	esac
 done

makepkg-i686.conf

@@ -31,7 +31,7 @@ CHOST="i686-pc-linux-gnu"
 # -mtune optimizes for an architecture, but builds for whole processor family
 CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
 CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
-LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
 

makepkg-x86_64.conf

@@ -31,7 +31,7 @@ CHOST="x86_64-unknown-linux-gnu"
 # -mtune optimizes for an architecture, but builds for whole processor family
 CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
 CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
-LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
 

mkarchroot.in

@@ -13,6 +13,7 @@ m4_include(lib/common.sh)
 FORCE='n'
 RUN=''
 NOCOPY='n'
+USE_DEVTMPFS='n'
 
 working_dir=''
 
@@ -29,11 +30,12 @@ usage() {
 	echo '    -M <file>     Location of a makepkg config file'
 	echo '    -n            Do not copy config files into the chroot'
 	echo '    -c <dir>      Set pacman cache. Default: /var/cache/pacman/pkg'
+	echo '    -d            Use devtmpfs instead of minimal /dev (tmpfs)'
 	echo '    -h            This message'
 	exit 1
 }
 
-while getopts 'r:ufnhC:M:c:' arg; do
+while getopts 'r:ufnhC:M:c:d' arg; do
 	case "${arg}" in
 		r) RUN="$OPTARG" ;;
 		u) RUN='/bin/sh -c "pacman -Syu --noconfirm && (pacman -Qqu >/dev/null && pacman -Su --noconfirm || exit 0)"' ;;
@@ -42,6 +44,7 @@ while getopts 'r:ufnhC:M:c:' arg; do
 		M) makepkg_conf="$OPTARG" ;;
 		n) NOCOPY='y' ;;
 		c) cache_dir="$OPTARG" ;;
+		d) USE_DEVTMPFS="y" ;;
 		h|?) usage 0 ;;
 		*) error "invalid argument '${arg}'"; usage ;;
 	esac
@@ -90,6 +93,9 @@ chroot_mount() {
 	mount -t proc proc "${working_dir}/proc"
 
 	[[ -e "${working_dir}/dev" ]] || mkdir "${working_dir}/dev"
+	if [[ ${USE_DEVTMPFS} = "y" ]]; then
+		mount -t devtmpfs dev "${working_dir}/dev" -o mode=0755,nosuid
+	else
 		mount -t tmpfs dev "${working_dir}/dev" -o mode=0755,size=10M,nosuid
 		mknod -m 666 "${working_dir}/dev/null" c 1 3
 		mknod -m 666 "${working_dir}/dev/zero" c 1 5
@@ -97,6 +103,7 @@ chroot_mount() {
 		mknod -m 644 "${working_dir}/dev/random" c 1 8
 		mknod -m 644 "${working_dir}/dev/urandom" c 1 9
 		mknod -m 666 "${working_dir}/dev/tty" c 5 0
+		mknod -m 666 "${working_dir}/dev/ptmx" c 5 2
 		mknod -m 666 "${working_dir}/dev/tty0" c 4 0
 		mknod -m 666 "${working_dir}/dev/full" c 1 7
 		ln -s /proc/kcore "${working_dir}/dev/core"
@@ -104,13 +111,14 @@ chroot_mount() {
 		ln -s /proc/self/fd/0 "${working_dir}/dev/stdin"
 		ln -s /proc/self/fd/1 "${working_dir}/dev/stdout"
 		ln -s /proc/self/fd/2 "${working_dir}/dev/stderr"
+	fi
 
 	[[ -e "${working_dir}/dev/shm" ]] || mkdir "${working_dir}/dev/shm"
 	mount -t tmpfs shm "${working_dir}/dev/shm" -o nodev,nosuid,size=128M
 
 	[[ -e "${working_dir}/dev/pts" ]] || mkdir "${working_dir}/dev/pts"
 	mount -t devpts devpts "${working_dir}/dev/pts" -o newinstance,ptmxmode=666
-	ln -s pts/ptmx "${working_dir}/dev/ptmx"
+	mount -o bind "${working_dir}/dev/pts/ptmx" "${working_dir}/dev/ptmx"
 
 	[[ -e $cache_dir ]] || mkdir -p "${cache_dir}"
 	[[ -e "${working_dir}/${cache_dir}" ]] || mkdir -p "${working_dir}/${cache_dir}"
@@ -141,6 +149,7 @@ copy_hostconf () {
 chroot_umount () {
 	umount "${working_dir}/proc"
 	umount "${working_dir}/sys"
+	umount "${working_dir}/dev/ptmx"
 	umount "${working_dir}/dev/pts"
 	umount "${working_dir}/dev/shm"
 	umount "${working_dir}/dev"

pacman-extra.conf

@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #

pacman-gnome-unstable.conf

@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #

pacman-kde-unstable.conf

@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #

pacman-multilib-staging.conf

@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #

pacman-multilib-testing.conf

@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #

pacman-multilib.conf

@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #

pacman-staging.conf

@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #

pacman-testing.conf

@@ -37,17 +37,15 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
 
-# PGP signature checking
-# NOTE: None of this will work without running `pacman-key --init` first.
-# The compiled in default is equivalent to the following line. This requires
-# you to locally sign and trust packager keys using `pacman-key` for them to be
-# considered valid.
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
-# the following line. This will treat any key imported into pacman's keyring as
-# trusted.
-#SigLevel = Optional TrustAll
-# For now, off by default unless you read the above.
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+# Signature checking does not work within our chroot
 SigLevel = Never
 
 #