O Arch Linux e a autenticação de pacotes

Publicado por edps em 03/07/2012

[ Hits: 6.518 ]

Blog: https://edpsblog.wordpress.com/

 


O Arch Linux e a autenticação de pacotes



Veremos agora como efetuar a transição do antigo sistema utilizado pelo pacman para o novo sistema de pacotes autenticados.

Mais simples impossível (bem... eu acho):

# pacman -Syy
# pacman -S pacman
# pacman-key --init; pacman-key --populate archlinux


Para o caso daqueles que não utilizam nenhum repositório externo, ou opções extras no arquivo /etc/pacman.conf e seu arquivo /etc/makepkg.conf também esteja sem nenhuma modificação, basta os passos a seguir para por ordem na casa:

# mv /etc/pacman.conf /etc/pacman.conf-OLD
# mv /etc/pacman.conf.new /etc/pacman.conf
# mv /etc/makepkg.conf /etc/makepkg.conf-OLD
# mv /etc/makepkg.conf.new /etc/makepkg.conf


No meu caso, precisei copiar não só os repositórios externos, como opções e comentários de meu conf, ao final da mesclagem dos arquivos /etc/pacman.conf e /etc/pacman.conf.new, o resultado foi esse:

#
#  /etc/pacman.conf
#
#  See the pacman.conf(5) manpage for option and repository directives

#
#  GENERAL  OPTIONS
#
[options]
#  The following paths are commented out with their default values listed.
#  If you wish to use different paths, uncomment and update the paths.
#  RootDir     =  /
#  DBPath     =  /var/lib/pacman/
#  CacheDir     =  /var/cache/pacman/pkg/
#  LogFile     =  /var/log/pacman.log
#  GPGDir     =  /etc/pacman.d/gnupg/
# Caso algum usuário desavisado tente remover os pacotes abaixo, o Pacman pedirá confirmação para a ação.
# Mensagem típica: " Pacotes HoldPkg foram encontrados na lista. Você deseja continuar? [s/N] "

HoldPkg    =  pacman glibc

#  Atualizar primeiro o Pacman.
SyncFirst    =  pacman

###  Definição do agente de download padrão.
##  https://wiki.archlinux.org/index.php/Improve_Pacman_Performance
#

#  wget.
#  XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#  XferCommand = /usr/bin/wget --passive-ftp -c -v -O %o %u

#  curl.
#  XferCommand = /usr/bin/curl -C - -f %u > %o
#  XferCommand = /usr/bin/curl -C - %u > %o

#  axel.
#  XferCommand = /usr/bin/axel -S4 -v -a -o %o %u
#  XferCommand = /usr/bin/axel -S4 -n2 -v -a -o %o %u

#  aria2c.
#  XferCommand = /usr/bin/aria2c --allow-overwrite=true -c --file-allocation=falloc --log-level=error -m2 --max- connection-per-server=2 --max-file-not-found=5 --min-split-size=5M --no-conf --remote-time=true --summary-interval=0 -t5 -d / -o %o %u

#
##  https://wiki.archlinux.org/index.php/Improve_Pacman_Performance
###  Definição do agente de download padrão.

#  Método de limpeza.

CleanMethod = KeepInstalled

#  Arquitetura (i686, x86_64 ou auto).
Architecture = auto

#  Pacotes que não serão atualizados.
#  IgnorePkg    =
#  IgnoreGroup  =

#  NoUpgrade    =
#  NoExtract    =

#  Log mais detalhado.
#  UseSyslog
#  UseDelta

TotalDownload
#  CheckSpace
#  VerbosePkgLists

#  By default, pacman accepts packages signed by keys that its local keyring
#  trusts (see pacman-key and its man page), as well as unsigned packages.
#  SigLevel = Optional TrustedOnly

# NOTE: You must run `pacman-key --init` before first using pacman; the local
#  keyring can then be populated with the keys of all official Arch Linux
#  packagers with `pacman-key --populate archlinux`.

#
#  REPOSITORIES
#    - can be defined here or included from another file
#    - pacman will search repositories in the order defined here
#    - local/custom mirrors can be added here or in separate files
#    - repositories listed first will take precedence when packages
#    - have identical names, regardless of version number
#    - URLs will have $repo replaced by the name of the current repo
#    - URLs will have $arch replaced by the name of the architecture
#
#  Repository entries are of the format:
#      [repo-name]
#      Server = ServerName
#      Include = IncludePath
#
#  The header [repo-name] is crucial - it must be present and
#  uncommented to enable the repo.
#

#  The testing repositories are disabled by default. To enable, uncomment the
#  repo name header and Include lines. You can add preferred servers immediately
#  after the header, and they will be used before the default mirrors.

### Arch RollBack Machine. (utilização de snapshots, basta descomentar as linhas e escolher a data).
##
#

#  [core]
#  Server=http://arm.konnichi.com/2012/06/09/core/os/i686

#  [extra]
#  Server=http://arm.konnichi.com/2012/06/09/extra/os/i686

#  [community]
#  Server=http://arm.konnichi.com/2012/06/09/community/os/i686

#
##
### Arch RollBack Machine.


[core]
SigLevel  =  PackageRequired
Include  =  /etc/pacman.d/mirrorlist

[extra]
SigLevel  =  PackageRequired
Include  =  /etc/pacman.d/mirrorlist

[community]
SigLevel  =  PackageRequired
Include  =  /etc/pacman.d/mirrorlist

#
#  Arch Unnoficial Repositories
#  https://wiki.archlinux.org/index.php/Unofficial_User_Repositories
#


[archlinuxfr]
Server  =  http://repo.archlinux.fr/i686

[archstuff]
Server  =  http://archstuff.vs169092.vserver.de/i686

[herecura-stable]
Server  =  http://repo.herecura.be/herecura-stable/i686

[herecura-stable-any]
Server  =  http://repo.herecura.be/herecura-stable/any

[arch-fonts]
Server  =  http://huulivoide.pp.fi/Arch/arch-fonts

[ayatana]
Server  =  http://repo.ayatana.info/

[xyne-any]
Server  =  http://xyne.archlinux.ca/repos/xyne-any/

[repo-ck]
SigLevel  =  Optional TrustedOnly
Server  =  http://repo-ck.com/$arch

[heftig]
Server  =  http://pkgbuild.com/~heftig/repo/i686

[pfkernel]
Server  =  http://dl.dropbox.com/u/11734958/i686

#
#  Arch Unnoficial Repositories
#  https://wiki.archlinux.org/index.php/Unofficial_User_Repositories
#

Após mesclar os arquivos /etc/makepkg.conf e /etc/makepkg.conf.new, meu novo arquivo ficou assim:

#
#  /etc/makepkg.conf
#

###########################################
#  SOURCE ACQUISITION
###########################################
#
#--  The download utilities that makepkg should use to acquire sources
#  Format: 'protocol::agent'

DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
          'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'rsync::/usr/bin/rsync -z %u %o'
          'scp::/usr/bin/scp -C %u %o')

#  Other common tools:
#  /usr/bin/snarf
#  /usr/bin/lftpget -c
#  /usr/bin/wget

###########################################
#  ARCHITECTURE, COMPILE FLAGS
###########################################
#

CARCH="i686"
CHOST="i686-pc-linux-gnu"

#--  Compiler and Linker Flags
#  -march (or -mcpu) builds exclusively for an architecture
#  -mtune optimizes for an architecture, but builds for whole processor family

CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
#--  Make Flags: change this for DistCC/SMP systems
MAKEFLAGS="-j2"

###########################################
#  BUILD ENVIRONMENT
###########################################
#
#  Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
#  A negated environment option will do the opposite of the comments below.
#
#-- p\fakeroot:   Allow building packages as a non-root user
#--  distcc:   Use the Distributed C/C++/ObjC compiler
#--  color:   Colorize output messages
#--  ccache:   Use ccache to cache compilation
#--  check:   Run the check() function if present in the PKGBUILD
#--  sign:   Generate PGP signature file
#
BUILDENV=(fakeroot !distcc color !ccache check !sign)
#
#--  If using DistCC, your MAKEFLAGS will also need modification. In addition,
#--  specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
#
#--  Specify a directory for package building.
#BUILDDIR=/tmp/makepkg


###########################################
#  GLOBAL PACKAGE OPTIONS
#   These are default values for the options=() settings
###########################################
#
#  Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
#   A negated option will do the opposite of the comments below.
#
#--  strip:     Strip symbols from binaries/libraries
#--  docs:     Save doc directories specified by DOC_DIRS
#--  libtool:     Leave libtool (.la) files in packages
#--  emptydirs:     Leave empty directories in packages
#--  zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
#--  purge:     Remove files specified by PURGE_TARGETS
#--  upx:     Compress binary executable files using UPX
#

OPTIONS=(strip docs libtool emptydirs zipman purge !upx)

#--  File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
INTEGRITY_CHECK=(md5)
#--  Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="--strip-all"
#--  Options to be used when stripping shared libraries. See `man strip' for details.
STRIP_SHARED="--strip-unneeded"
#--  Options to be used when stripping static libraries. See `man strip' for details.
STRIP_STATIC="--strip-debug"
#--  Manual (man and info) directories to compress (if zipman is specified)
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
#--  Doc directories to remove (if !docs is specified)
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
#--  Files to be removed from all packages (if purge is specified)
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)

###########################################
#  PACKAGE OUTPUT
###########################################
#
#  Default: put built package and cached source in build directory
#
#--  Destination: specify a fixed directory where all packages will be placed

PKGDEST=/home/h4rd3r/PkgBuilds/packages
#--  Source cache: specify a fixed directory where source files will be cached
SRCDEST=/home/h4rd3r/PkgBuilds/sources
#--  Source packages: specify a fixed directory where all src packages will be placed
SRCPKGDEST=/home/h4rd3r/PkgBuilds/srcpackages
#--  Packager: name/email of the person or organization building packages
PACKAGER="SEU NOME <SEU EMAIL>"

###########################################
#  EXTENSION DEFAULTS
###########################################
#
#  WARNING: Do NOT modify these variables unless you know what you are
#          doing.
#

PKGEXT='.pkg.tar.xz'
SRCEXT='.src.tar.gz'
# vim: set ft=sh ts=2 sw=2 et:

Realizadas as alterações, prossigo com:

# pacman -Syy
# pacman -Su
Na imagem abaixo, vemos um erro referente a autenticação do repo-ck, os passos para corrigi-lo são esses:

# pacman-key -r 6176ED4B
# pacman-key --lsign-key 6176ED4B
# nano /etc/pacman.conf
Adicionar a linha:

SigLevel = Optional TrustedOnly

E repetir os passos:

# pacman -Syy
# pacman -Su
Vemos abaixo a atualização do kernel -ck:
E a conclusão do sys-upgrade:
Abaixo vemos a instalação individual de pacotes sem nenhum questionamento:
Previamente publicado em meu blog:
Outras dicas deste autor

Convertendo uma manpage em arquivo PDF

NetFlix no Slackware Current

LSBInitScripts no Debian: missing LSB tags and overrides

Axel: alternativa ao wget

Driver Nvidia no Zenwalk 7.0

Leitura recomendada

Como redimensionar o menu de aplicativos do KDE plasma 5.21

Permissão para usuário desligar o sistema sem compremeter a segurança

Fazendo o touchpad ("mouse do notebook") funcionar no Linux

Blackbox - Configurando papel de parede para temas no Debian

Configurando navegador padrão via terminal no Debian

  

Comentários

Nenhum comentário foi encontrado.



Contribuir com comentário




Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts