The [obcommunity] database is now signed

Dear Obarun Community,

The [obcommunity] repository is now signed: both its database and its packages can be cryptographically verified, just like the official Obarun repositories.

What changed

The pacman package has been updated so that signature verification for [obcommunity] is enforced by default. The global SigLevel is now Required (packages and database must be signed), and the [obcommunity] entry carries no DatabaseOptional override, so it inherits that full verification.

Action required

These new defaults are shipped with the pacman update as /etc/pacman.conf.pacnew; your existing /etc/pacman.conf is left untouched. To benefit from this security, you must merge pacman.conf.pacnew into your active configuration (for example with pacdiff). Without this merge, pacman keeps running with your previous settings and the signatures are not checked.

If you activated [obcommunity] following the older instructions, your block still contains:

[obcommunity]
SigLevel = DatabaseNever
Server = https://cloud.server.obarun.org/$repo/os/$arch

Remove the SigLevel = DatabaseNever line (or whatever defined) so the repository inherits the new global Required level and its signed database is actually verified:

[obcommunity]
Server = https://cloud.server.obarun.org/$repo/os/$arch

Then resynchronise your databases:

pacman -Syy

A reminder: new packagers are always welcome

[obcommunity] is a community-managed repository, and it lives thanks to the people who contribute to it. Now that its packages and database are signed, this is a good moment to recall that new packagers are always welcome. If you have ever wanted to package software for Obarun, the path is now short and built on standard git operations — see the apkg tooling and the project skeleton to get started. Every new contribution helps [obcommunity] grow.

Thank you for your continued support of Obarun.

Eric Vidal: [email protected]