O Arch Linux e a autenticação de pacotes

Publicado por edps em 03/07/2012

[ Hits: 3.966 ]

Blog: https://edpsblog.wordpress.com/

 


O Arch Linux e a autenticação de pacotes



Veremos agora como efetuar a transição do antigo sistema utilizado pelo pacman para o novo sistema de pacotes autenticados.

Mais simples impossível (bem... eu acho):

# pacman -Syy
# pacman -S pacman
# pacman-key --init; pacman-key --populate archlinux


Para o caso daqueles que não utilizam nenhum repositório externo, ou opções extras no arquivo /etc/pacman.conf e seu arquivo /etc/makepkg.conf também esteja sem nenhuma modificação, basta os passos a seguir para por ordem na casa:

# mv /etc/pacman.conf /etc/pacman.conf-OLD
# mv /etc/pacman.conf.new /etc/pacman.conf
# mv /etc/makepkg.conf /etc/makepkg.conf-OLD
# mv /etc/makepkg.conf.new /etc/makepkg.conf


No meu caso, precisei copiar não só os repositórios externos, como opções e comentários de meu conf, ao final da mesclagem dos arquivos /etc/pacman.conf e /etc/pacman.conf.new, o resultado foi esse:

#
#  /etc/pacman.conf
#
#  See the pacman.conf(5) manpage for option and repository directives

#
#  GENERAL  OPTIONS
#
[options]
#  The following paths are commented out with their default values listed.
#  If you wish to use different paths, uncomment and update the paths.
#  RootDir     =  /
#  DBPath     =  /var/lib/pacman/
#  CacheDir     =  /var/cache/pacman/pkg/
#  LogFile     =  /var/log/pacman.log
#  GPGDir     =  /etc/pacman.d/gnupg/
# Caso algum usuário desavisado tente remover os pacotes abaixo, o Pacman pedirá confirmação para a ação.
# Mensagem típica: " Pacotes HoldPkg foram encontrados na lista. Você deseja continuar? [s/N] "

HoldPkg    =  pacman glibc

#  Atualizar primeiro o Pacman.
SyncFirst    =  pacman

###  Definição do agente de download padrão.
##  https://wiki.archlinux.org/index.php/Improve_Pacman_Performance
#

#  wget.
#  XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#  XferCommand = /usr/bin/wget --passive-ftp -c -v -O %o %u

#  curl.
#  XferCommand = /usr/bin/curl -C - -f %u > %o
#  XferCommand = /usr/bin/curl -C - %u > %o

#  axel.
#  XferCommand = /usr/bin/axel -S4 -v -a -o %o %u
#  XferCommand = /usr/bin/axel -S4 -n2 -v -a -o %o %u

#  aria2c.
#  XferCommand = /usr/bin/aria2c --allow-overwrite=true -c --file-allocation=falloc --log-level=error -m2 --max- connection-per-server=2 --max-file-not-found=5 --min-split-size=5M --no-conf --remote-time=true --summary-interval=0 -t5 -d / -o %o %u

#
##  https://wiki.archlinux.org/index.php/Improve_Pacman_Performance
###  Definição do agente de download padrão.

#  Método de limpeza.

CleanMethod = KeepInstalled

#  Arquitetura (i686, x86_64 ou auto).
Architecture = auto

#  Pacotes que não serão atualizados.
#  IgnorePkg    =
#  IgnoreGroup  =

#  NoUpgrade    =
#  NoExtract    =

#  Log mais detalhado.
#  UseSyslog
#  UseDelta

TotalDownload
#  CheckSpace
#  VerbosePkgLists

#  By default, pacman accepts packages signed by keys that its local keyring
#  trusts (see pacman-key and its man page), as well as unsigned packages.
#  SigLevel = Optional TrustedOnly

# NOTE: You must run `pacman-key --init` before first using pacman; the local
#  keyring can then be populated with the keys of all official Arch Linux
#  packagers with `pacman-key --populate archlinux`.

#
#  REPOSITORIES
#    - can be defined here or included from another file
#    - pacman will search repositories in the order defined here
#    - local/custom mirrors can be added here or in separate files
#    - repositories listed first will take precedence when packages
#    - have identical names, regardless of version number
#    - URLs will have $repo replaced by the name of the current repo
#    - URLs will have $arch replaced by the name of the architecture
#
#  Repository entries are of the format:
#      [repo-name]
#      Server = ServerName
#      Include = IncludePath
#
#  The header [repo-name] is crucial - it must be present and
#  uncommented to enable the repo.
#

#  The testing repositories are disabled by default. To enable, uncomment the
#  repo name header and Include lines. You can add preferred servers immediately
#  after the header, and they will be used before the default mirrors.

### Arch RollBack Machine. (utilização de snapshots, basta descomentar as linhas e escolher a data).
##
#

#  [core]
#  Server=http://arm.konnichi.com/2012/06/09/core/os/i686

#  [extra]
#  Server=http://arm.konnichi.com/2012/06/09/extra/os/i686

#  [community]
#  Server=http://arm.konnichi.com/2012/06/09/community/os/i686

#
##
### Arch RollBack Machine.


[core]
SigLevel  =  PackageRequired
Include  =  /etc/pacman.d/mirrorlist

[extra]
SigLevel  =  PackageRequired
Include  =  /etc/pacman.d/mirrorlist

[community]
SigLevel  =  PackageRequired
Include  =  /etc/pacman.d/mirrorlist

#
#  Arch Unnoficial Repositories
#  https://wiki.archlinux.org/index.php/Unofficial_User_Repositories
#


[archlinuxfr]
Server  =  http://repo.archlinux.fr/i686

[archstuff]
Server  =  http://archstuff.vs169092.vserver.de/i686

[herecura-stable]
Server  =  http://repo.herecura.be/herecura-stable/i686

[herecura-stable-any]
Server  =  http://repo.herecura.be/herecura-stable/any

[arch-fonts]
Server  =  http://huulivoide.pp.fi/Arch/arch-fonts

[ayatana]
Server  =  http://repo.ayatana.info/

[xyne-any]
Server  =  http://xyne.archlinux.ca/repos/xyne-any/

[repo-ck]
SigLevel  =  Optional TrustedOnly
Server  =  http://repo-ck.com/$arch

[heftig]
Server  =  http://pkgbuild.com/~heftig/repo/i686

[pfkernel]
Server  =  http://dl.dropbox.com/u/11734958/i686

#
#  Arch Unnoficial Repositories
#  https://wiki.archlinux.org/index.php/Unofficial_User_Repositories
#

Após mesclar os arquivos /etc/makepkg.conf e /etc/makepkg.conf.new, meu novo arquivo ficou assim:

#
#  /etc/makepkg.conf
#

###########################################
#  SOURCE ACQUISITION
###########################################
#
#--  The download utilities that makepkg should use to acquire sources
#  Format: 'protocol::agent'

DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
          'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'rsync::/usr/bin/rsync -z %u %o'
          'scp::/usr/bin/scp -C %u %o')

#  Other common tools:
#  /usr/bin/snarf
#  /usr/bin/lftpget -c
#  /usr/bin/wget

###########################################
#  ARCHITECTURE, COMPILE FLAGS
###########################################
#

CARCH="i686"
CHOST="i686-pc-linux-gnu"

#--  Compiler and Linker Flags
#  -march (or -mcpu) builds exclusively for an architecture
#  -mtune optimizes for an architecture, but builds for whole processor family

CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
#--  Make Flags: change this for DistCC/SMP systems
MAKEFLAGS="-j2"

###########################################
#  BUILD ENVIRONMENT
###########################################
#
#  Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
#  A negated environment option will do the opposite of the comments below.
#
#-- p\fakeroot:   Allow building packages as a non-root user
#--  distcc:   Use the Distributed C/C++/ObjC compiler
#--  color:   Colorize output messages
#--  ccache:   Use ccache to cache compilation
#--  check:   Run the check() function if present in the PKGBUILD
#--  sign:   Generate PGP signature file
#
BUILDENV=(fakeroot !distcc color !ccache check !sign)
#
#--  If using DistCC, your MAKEFLAGS will also need modification. In addition,
#--  specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
#
#--  Specify a directory for package building.
#BUILDDIR=/tmp/makepkg


###########################################
#  GLOBAL PACKAGE OPTIONS
#   These are default values for the options=() settings
###########################################
#
#  Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
#   A negated option will do the opposite of the comments below.
#
#--  strip:     Strip symbols from binaries/libraries
#--  docs:     Save doc directories specified by DOC_DIRS
#--  libtool:     Leave libtool (.la) files in packages
#--  emptydirs:     Leave empty directories in packages
#--  zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
#--  purge:     Remove files specified by PURGE_TARGETS
#--  upx:     Compress binary executable files using UPX
#

OPTIONS=(strip docs libtool emptydirs zipman purge !upx)

#--  File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
INTEGRITY_CHECK=(md5)
#--  Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="--strip-all"
#--  Options to be used when stripping shared libraries. See `man strip' for details.
STRIP_SHARED="--strip-unneeded"
#--  Options to be used when stripping static libraries. See `man strip' for details.
STRIP_STATIC="--strip-debug"
#--  Manual (man and info) directories to compress (if zipman is specified)
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
#--  Doc directories to remove (if !docs is specified)
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
#--  Files to be removed from all packages (if purge is specified)
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)

###########################################
#  PACKAGE OUTPUT
###########################################
#
#  Default: put built package and cached source in build directory
#
#--  Destination: specify a fixed directory where all packages will be placed

PKGDEST=/home/h4rd3r/PkgBuilds/packages
#--  Source cache: specify a fixed directory where source files will be cached
SRCDEST=/home/h4rd3r/PkgBuilds/sources
#--  Source packages: specify a fixed directory where all src packages will be placed
SRCPKGDEST=/home/h4rd3r/PkgBuilds/srcpackages
#--  Packager: name/email of the person or organization building packages
PACKAGER="SEU NOME <SEU EMAIL>"

###########################################
#  EXTENSION DEFAULTS
###########################################
#
#  WARNING: Do NOT modify these variables unless you know what you are
#          doing.
#

PKGEXT='.pkg.tar.xz'
SRCEXT='.src.tar.gz'
# vim: set ft=sh ts=2 sw=2 et:

Realizadas as alterações, prossigo com:

# pacman -Syy
# pacman -Su
Na imagem abaixo, vemos um erro referente a autenticação do repo-ck, os passos para corrigi-lo são esses:

# pacman-key -r 6176ED4B
# pacman-key --lsign-key 6176ED4B
# nano /etc/pacman.conf
Adicionar a linha:

SigLevel = Optional TrustedOnly

E repetir os passos:

# pacman -Syy
# pacman -Su
Vemos abaixo a atualização do kernel -ck:
E a conclusão do sys-upgrade:
Abaixo vemos a instalação individual de pacotes sem nenhum questionamento:
Previamente publicado em meu blog:
Outras dicas deste autor

Acelerando seus downloads com o aria2

Auto-login no GDM3 no Debian Squeeze ou outros

gmusicbrowser Player - Instalação em diversas distros

Esquema personalizado para o HTop

eBook A Cathedral e o Bazar

Leitura recomendada

Desablitando a opção de salvar senha de login de usuário no IE utilizando Squid autenticado

Copiando as Fontes TrueType do Windows para o Linux

VIM - Substituindo tabs por espaços

Ubuntu 13.10 com Gnome Shell: Borda da janela não muda [Resolvido]

Instalando driver NVIDIA no Slackware 14

  

Comentários

Nenhum comentário foi encontrado.



Contribuir com comentário




Patrocínio

Site hospedado pelo provedor HostGator.
Linux banner
Linux banner
Linux banner

Artigos

Dicas

Viva o Android

Tópicos

Top 10 do mês

Scripts