Apply pacman 4.0 changes to our copies of makepkg.conf and pacman.conf

Note: Signature checks are disabled for now until we provide a keyring package.

makepkg-i686.conf

@@ -8,16 +8,16 @@
 #
 #-- The download utilities that makepkg should use to acquire sources
 #  Format: 'protocol::agent'
-DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
-          'http::/usr/bin/wget -c -t 3 --waitretry=3 -O %o %u'
-          'https::/usr/bin/wget -c -t 3 --waitretry=3 --no-check-certificate -O %o %u'
+DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+          'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
           'rsync::/usr/bin/rsync -z %u %o'
           'scp::/usr/bin/scp -C %u %o')
 
 # Other common tools:
 # /usr/bin/snarf
 # /usr/bin/lftpget -c
-# /usr/bin/curl
+# /usr/bin/wget
 
 #########################################################################
 # ARCHITECTURE, COMPILE FLAGS
@@ -26,7 +26,7 @@ DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
 CARCH="i686"
 CHOST="i686-pc-linux-gnu"
 
-#-- Exclusive: will only run on i686
+#-- Compiler and Linker Flags
 # -march (or -mcpu) builds exclusively for an architecture
 # -mtune optimizes for an architecture, but builds for whole processor family
 CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
@@ -39,7 +39,7 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
 # BUILD ENVIRONMENT
 #########################################################################
 #
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check)
+# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #  A negated environment option will do the opposite of the comments below.
 #
 #-- fakeroot: Allow building packages as a non-root user
@@ -47,19 +47,23 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
 #-- color:    Colorize output messages
 #-- ccache:   Use ccache to cache compilation
 #-- check:    Run the check() function if present in the PKGBUILD
+#-- sign:     Generate PGP signature file
 #
-BUILDENV=(fakeroot !distcc color !ccache check)
+BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #
 #-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
 #-- specify a space-delimited list of hosts running in the DistCC cluster.
 #DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
 
 #########################################################################
 # GLOBAL PACKAGE OPTIONS
 #   These are default values for the options=() settings
 #########################################################################
 #
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge)
+# Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
 #  A negated option will do the opposite of the comments below.
 #
 #-- strip:     Strip symbols from binaries/libraries
@@ -68,8 +72,9 @@ BUILDENV=(fakeroot !distcc color !ccache check)
 #-- emptydirs: Leave empty directories in packages
 #-- zipman:    Compress manual (man and info) pages in MAN_DIRS with gzip
 #-- purge:     Remove files specified by PURGE_TARGETS
+#-- upx:       Compress binary executable files using UPX
 #
-OPTIONS=(strip docs libtool emptydirs zipman purge)
+OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
 
 #-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
 INTEGRITY_CHECK=(md5)
@@ -100,6 +105,8 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
 #SRCPKGDEST=/home/srcpackages
 #-- Packager: name/email of the person or organization building packages
 #PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
 
 #########################################################################
 # EXTENSION DEFAULTS

makepkg-x86_64.conf

@@ -8,16 +8,16 @@
 #
 #-- The download utilities that makepkg should use to acquire sources
 #  Format: 'protocol::agent'
-DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
-          'http::/usr/bin/wget -c -t 3 --waitretry=3 -O %o %u'
-          'https::/usr/bin/wget -c -t 3 --waitretry=3 --no-check-certificate -O %o %u'
+DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+          'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
           'rsync::/usr/bin/rsync -z %u %o'
           'scp::/usr/bin/scp -C %u %o')
 
 # Other common tools:
 # /usr/bin/snarf
 # /usr/bin/lftpget -c
-# /usr/bin/curl
+# /usr/bin/wget
 
 #########################################################################
 # ARCHITECTURE, COMPILE FLAGS
@@ -26,7 +26,7 @@ DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
 CARCH="x86_64"
 CHOST="x86_64-unknown-linux-gnu"
 
-#-- Exclusive: will only run on x86_64
+#-- Compiler and Linker Flags
 # -march (or -mcpu) builds exclusively for an architecture
 # -mtune optimizes for an architecture, but builds for whole processor family
 CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
@@ -39,7 +39,7 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
 # BUILD ENVIRONMENT
 #########################################################################
 #
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check)
+# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #  A negated environment option will do the opposite of the comments below.
 #
 #-- fakeroot: Allow building packages as a non-root user
@@ -47,19 +47,23 @@ LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
 #-- color:    Colorize output messages
 #-- ccache:   Use ccache to cache compilation
 #-- check:    Run the check() function if present in the PKGBUILD
+#-- sign:     Generate PGP signature file
 #
-BUILDENV=(fakeroot !distcc color !ccache check)
+BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #
 #-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
 #-- specify a space-delimited list of hosts running in the DistCC cluster.
 #DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
 
 #########################################################################
 # GLOBAL PACKAGE OPTIONS
 #   These are default values for the options=() settings
 #########################################################################
 #
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge)
+# Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
 #  A negated option will do the opposite of the comments below.
 #
 #-- strip:     Strip symbols from binaries/libraries
@@ -68,8 +72,9 @@ BUILDENV=(fakeroot !distcc color !ccache check)
 #-- emptydirs: Leave empty directories in packages
 #-- zipman:    Compress manual (man and info) pages in MAN_DIRS with gzip
 #-- purge:     Remove files specified by PURGE_TARGETS
+#-- upx:       Compress binary executable files using UPX
 #
-OPTIONS=(strip docs libtool emptydirs zipman purge)
+OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
 
 #-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
 INTEGRITY_CHECK=(md5)
@@ -100,6 +105,8 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
 #SRCPKGDEST=/home/srcpackages
 #-- Packager: name/email of the person or organization building packages
 #PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
 
 #########################################################################
 # EXTENSION DEFAULTS

pacman-extra.conf

@@ -13,11 +13,12 @@
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 Architecture = auto
 
@@ -28,12 +29,25 @@ Architecture = auto
 #NoUpgrade   =
 #NoExtract   =
 
-# Misc options (all disabled by default)
+# Misc options
 #UseSyslog
-#ShowSize
 #UseDelta
 #TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
 
 #
 # REPOSITORIES
@@ -76,5 +90,6 @@ Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
 

pacman-multilib-testing.conf

@@ -13,11 +13,12 @@
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 Architecture = auto
 
@@ -28,12 +29,25 @@ Architecture = auto
 #NoUpgrade   =
 #NoExtract   =
 
-# Misc options (all disabled by default)
+# Misc options
 #UseSyslog
-#ShowSize
 #UseDelta
 #TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
 
 #
 # REPOSITORIES
@@ -76,6 +90,7 @@ Include = /etc/pacman.d/mirrorlist
 # If you want to run 32 bit applications on your x86_64 system,
 # enable the multilib repository here.
 [multilib-testing]
+#SigLevel = Optional TrustAll
 Include = /etc/pacman.d/mirrorlist
 
 [multilib]

pacman-multilib.conf

@@ -13,11 +13,12 @@
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 Architecture = auto
 
@@ -28,12 +29,25 @@ Architecture = auto
 #NoUpgrade   =
 #NoExtract   =
 
-# Misc options (all disabled by default)
+# Misc options
 #UseSyslog
-#ShowSize
 #UseDelta
 #TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
 
 #
 # REPOSITORIES
@@ -76,6 +90,7 @@ Include = /etc/pacman.d/mirrorlist
 # If you want to run 32 bit applications on your x86_64 system,
 # enable the multilib repository here.
 [multilib]
+#SigLevel = Optional TrustAll
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for

pacman-staging.conf

@@ -13,11 +13,12 @@
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 Architecture = auto
 
@@ -28,12 +29,25 @@ Architecture = auto
 #NoUpgrade   =
 #NoExtract   =
 
-# Misc options (all disabled by default)
+# Misc options
 #UseSyslog
-#ShowSize
 #UseDelta
 #TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
 
 #
 # REPOSITORIES
@@ -76,6 +90,7 @@ Include = /etc/pacman.d/mirrorlist
 [community-testing]
 Include = /etc/pacman.d/mirrorlist
 
+#SigLevel = Optional TrustAll
 [community]
 Include = /etc/pacman.d/mirrorlist
 

pacman-testing.conf

@@ -13,11 +13,12 @@
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 Architecture = auto
 
@@ -28,12 +29,25 @@ Architecture = auto
 #NoUpgrade   =
 #NoExtract   =
 
-# Misc options (all disabled by default)
+# Misc options
 #UseSyslog
-#ShowSize
 #UseDelta
 #TotalDownload
-#CheckSpace
+CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# Disable signature checks for now
+SigLevel = Never
 
 #
 # REPOSITORIES
@@ -76,5 +90,6 @@ Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs