Package Signing

Arch Linux ARM implements package signing following the model created by Arch Linux. All packages in all repositories for all architectures are signed by our build system; however, the repository database files are not signed in order to limit the exposure of private keys and because it is technically unnecessary.

Since all of the packages in our repositories originate from our build system — not from individual developers and maintainers — the packages are signed by the single build system key before leaving the secure build environment. Additionally, Arch Linux ARM mirrors are synchronized via rsync push from our master server, furthering the integrity of packages available for installation.

Enabling Signature Checking

  1. To help pacman-key work, ensure the haveged daemon is running. This daemon keeps the system's entropy pool full.
    systemctl status haveged
  2. If that command reports it active and running, go to the next step. Otherwise, install, start, and optionally enable haveged to run at boot:
    pacman -Syu haveged
    systemctl start haveged
    systemctl enable haveged
  3. Initialize the pacman keyring:
    pacman-key --init
  4. Install the Arch Linux ARM keyring:
    pacman -S archlinuxarm-keyring
    pacman-key --populate archlinuxarm
  5. Edit /etc/pacman.conf and uncomment or add the following lines:
    SigLevel = Required DatabaseOptional
    LocalFileSigLevel = Optional

Keys

Master Signing Keys
Key ID Fingerprint Owner
B823CD25 0292 2214 DE89 81D1 4DC2 ACAB BC70 4E86 B823 CD25 Kevin Mihelich
DCD9EE1A 9D22 B7BB 678D C056 B1F7 723C B55C 5315 DCD9 EE1A Jason Plum
9C6B5765 69DD 6C8F D314 223E 1436 2848 BF7E EF7A 9C6B 5765 Mike Brown
Package Signing Keys
Key ID Fingerprint Owner
2BDBE6A6 68B3 537F 39A3 13B3 E574 D067 7719 3F15 2BDB E6A6 Arch Linux ARM Build System

Copyright ©2009-2016 Arch Linux ARM
The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.
The Arch Linux™ name and logo are used under permission of the Arch Linux Project Lead.