summaryrefslogtreecommitdiff
path: root/doc/pacman.conf.5.txt
blob: 9c3dffe39be49ffe73e01ac8ec6afce30e49341c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
/////
vim:set ts=4 sw=4 syntax=asciidoc noet spell spelllang=en_us:
/////
pacman.conf(5)
==============

Name
----
pacman.conf - pacman package manager configuration file


Synopsis
--------
{sysconfdir}/pacman.conf


Description
-----------
Pacman, using linkman:libalpm[3], will attempt to read pacman.conf each time it
is invoked. This configuration file is divided into sections or repositories.
Each section defines a package repository that pacman can use when searching
for packages in '\--sync' mode. The exception to this is the options section,
which defines global options.


Example
-------

--------
#
# pacman.conf
#
[options]
NoUpgrade = etc/passwd etc/group etc/shadow
NoUpgrade = etc/fstab

[core]
Include = /etc/pacman.d/core

[custom]
Server = file:///home/pkgs
--------

NOTE: Each directive must be in CamelCase. If the case isn't respected, the
directive won't be recognized. For example. noupgrade or NOUPGRADE will not
work.

Options
-------
*RootDir =* path/to/root::
	Set the default root directory for pacman to install to. This option is
	used if you want to install a package on a temporary mounted partition
	which is "owned" by another system, or for a chroot install.
	*NOTE*: If database path or logfile are not specified on either the
	command line or in linkman:pacman.conf[5], their default location will
	be inside this root path.

*DBPath =* path/to/db/dir::
	Overrides the default location of the toplevel database directory.  A
	typical default is +{localstatedir}/lib/pacman/+. Most users will not need to set
	this option. *NOTE*: if specified, this is an absolute path and the root
	path is not automatically prepended.

*CacheDir =* path/to/cache/dir::
	Overrides the default location of the package cache directory. A typical
	default is +{localstatedir}/cache/pacman/pkg/+. Multiple cache directories can be
	specified, and they are tried in the order they are listed in the config
	file. If a file is not found in any cache directory, it will be downloaded
	to the first cache directory with write access. *NOTE*: this is an absolute
	path, the root path is not automatically prepended.

*GPGDir =* path/to/gpg/dir::
	Overrides the default location of the directory containing configuration
	files for GnuPG. A typical default is +{sysconfdir}/pacman.d/gnupg/+.
	This directory should contain two files: `pubring.gpg` and `trustdb.gpg`.
	`pubring.gpg` holds the public keys of all packagers. `trustdb.gpg`
	contains a so-called trust database, which specifies that the keys are
	authentic and trusted.
	*NOTE*: this is an absolute path, the root path is not automatically
	prepended.

*LogFile =* /path/to/file::
	Overrides the default location of the pacman log file. A typical default
	is +{localstatedir}/log/pacman.log+. This is an absolute path and the root directory
	is not prepended.

*HoldPkg =* package ...::
	If a user tries to '\--remove' a package that's listed in `HoldPkg`,
	pacman will ask for confirmation before proceeding. Shell-style glob
	patterns are allowed.

*IgnorePkg =* package ...::
	Instructs pacman to ignore any upgrades for this package when performing
	a '\--sysupgrade'. Shell-style glob patterns are allowed.

*IgnoreGroup =* group ...::
	Instructs pacman to ignore any upgrades for all packages in this
	group when performing a '\--sysupgrade'. Shell-style glob patterns are
	allowed.

*Include =* path::
	Include another config file. This file can include repositories or
	general configuration options. Wildcards in the specified paths will get
	expanded based on linkman:glob[7] rules.

*Architecture =* auto | i686 | x86_64 | ...::
	If set, pacman will only allow installation of packages of the given
	architecture (e.g. 'i686', 'x86_64', etc). The special value 'auto' will
	use the system architecture, provided by in ``uname -m''.  If unset, no
	architecture checks are made. *NOTE*: packages with the special
	architecture 'any' can always be installed, as they are meant to be
	architecture independent.

*XferCommand =* /path/to/command %u::
	If set, an external program will be used to download all remote files.
	All instances of `%u` will be replaced with the download URL. If present,
	instances of `%o` will be replaced with the local filename, plus a
	``.part'' extension, which allows programs like wget to do file resumes
	properly.
	+
	This option is useful for users who experience problems with built-in
	http/ftp support, or need the more advanced proxy support that comes with
	utilities like wget.

*NoUpgrade =* file ...::
	All files listed with a `NoUpgrade` directive will never be touched during
	a package install/upgrade, and the new files will be installed with a
	'.pacnew' extension.
	These files refer to files in the package archive, so do not include the
	leading slash (the RootDir) when specifying them. Shell-style glob patterns
	are allowed. It is possible to invert matches by prepending a file with
	an exclamation mark. Inverted files will result in previously blacklisted
	files being whitelisted again. Subsequent matches will override previous
	ones. A leading literal exclamation mark or backslash needs to be escaped.

*NoExtract =* file ...::
	All files listed with a `NoExtract` directive will never be extracted from
	a package into the filesystem. This can be useful when you don't want part
	of a package to be installed. For example, if your httpd root uses an
	'index.php', then you would not want the 'index.html' file to be extracted
	from the 'apache' package.
	These files refer to files in the package archive, so do not include the
	leading slash (the RootDir) when specifying them. Shell-style glob patterns
	are allowed. It is possible to invert matches by prepending a file with
	an exclamation mark. Inverted files will result in previously blacklisted
	files being whitelisted again. Subsequent matches will override previous
	ones. A leading literal exclamation mark or backslash needs to be escaped.

*CleanMethod =* KeepInstalled &| KeepCurrent::
	If set to `KeepInstalled` (the default), the '-Sc' operation will clean
	packages that are no longer installed (not present in the local database).
	If set to `KeepCurrent`, '-Sc' will clean outdated packages (not present in
	any sync database).
	The second behavior is useful when the package cache is shared among
	multiple machines, where the local databases are usually different, but the
	sync databases in use could be the same. If both values are specified,
	packages are only cleaned if not installed locally and not present in any
	known sync database.

*SigLevel =* ...::
	Set the default signature verification level. For more information, see
	<<SC,Package and Database Signature Checking>> below.

*LocalFileSigLevel =* ...::
	Set the signature verification level for installing packages using the "-U"
	operation on a local file. Uses the value from SigLevel as the default.

*RemoteFileSigLevel =* ...::
	Set the signature verification level for installing  packages using the "-U"
	operation on a remote file URL. Uses the value from SigLevel as the default.

*UseSyslog*::
	Log action messages through syslog(). This will insert log entries into
	+{localstatedir}/log/messages+ or equivalent.

*Color*::
	Automatically enable colors only when pacman's output is on a tty.

*UseDelta* [= ratio]::
	Download delta files instead of complete packages if possible. Requires
	the `xdelta3` program to be installed. If a ratio is specified (e.g.,
	`0.5`), then it is used as a cutoff for determining whether to use deltas.
	Allowed values are between `0.0` and `2.0`; sensible values are between
	`0.2` and `0.9`.  Using a value above `1.0` is not recommended.  The
	default is `0.7` if left unspecified.

*TotalDownload*::
	When downloading, display the amount downloaded, download rate, ETA,
	and completed percentage of the entire download list rather
	than the percent of each individual download target. The progress
	bar is still based solely on the current file download.

*CheckSpace*::
	Performs an approximate check for adequate available disk space before
	installing packages.

*VerbosePkgLists*::
	Displays name, version and size of target packages formatted
	as a table for upgrade, sync and remove operations.

Repository Sections
-------------------
Each repository section defines a section name and at least one location where
the packages can be found. The section name is defined by the string within
square brackets (the two above are 'core'  and  'custom'). Repository names
must be unique and the name 'local' is reserved for the database of installed
packages. Locations are defined with the 'Server' directive and follow a URL
naming structure. If you want to use a local directory, you can specify the
full path with a ``file://'' prefix, as shown above.

A common way to define DB locations utilizes the 'Include' directive. For each
repository defined in the configuration file, a single 'Include' directive can
contain a file that lists the servers for that repository.

--------
[core]
# use this server first
Server = ftp://ftp.archlinux.org/$repo/os/$arch
# next use servers as defined in the mirrorlist below
Include = {sysconfdir}/pacman.d/mirrorlist
--------

The order of repositories in the configuration files matters; repositories
listed first will take precedence over those listed later in the file when
packages in two repositories have identical names, regardless of version
number.

*Include =* path::
	Include another config file. This file can include repositories or
	general configuration options. Wildcards in the specified paths will get
	expanded based on linkman:glob[7] rules.

*Server =* url::
	A full URL to a location where the database, packages, and signatures (if
	available) for this repository can be found.
+
During parsing, pacman will define the `$repo` variable to the name of the
current section. This is often utilized in files specified using the 'Include'
directive so all repositories can use the same mirrorfile. pacman also defines
the `$arch` variable to the value of `Architecture`, so the same mirrorfile can
even be used for different architectures.

*SigLevel =* ...::
	Set the signature verification level for this repository. For more
	information, see <<SC,Package and Database Signature Checking>> below.

*Usage =* ...::
	Set the usage level for this repository. This option takes a list of tokens
	which must be at least one of the following:
		*Sync*;;
			Enables refreshes for this repository.
		*Search*;;
			Enables searching for this repository.
		*Install*;;
			Enables installation of packages from this repository during a '\--sync'
			operation.
		*Upgrade*;;
			Allows this repository to be a valid source of packages when performing
			a '\--sysupgrade'.
		*All*;;
			Enables all of the above features for the repository. This is the default
			if not specified.
+
Note that an enabled repository can be operated on explicitly, regardless of the Usage
level set.


Package and Database Signature Checking[[SC]]
---------------------------------------------
The 'SigLevel' directive is valid in both the `[options]` and repository
sections. If used in `[options]`, it sets a default value for any repository
that does not provide the setting.

* If set to *Never*, no signature checking will take place.
* If set to *Optional* , signatures will be checked when present, but unsigned
  databases and packages will also be accepted.
* If set to *Required*, signatures will be required on all packages and
  databases.

Alternatively, you can get more fine-grained control by combining some of
the options and prefixes described below. All options in a config file are
processed in top-to-bottom, left-to-right fashion, where later options override
and/or supplement earlier ones. If 'SigLevel' is specified in a repository
section, the starting value is that from the `[options]` section, or the
built-in system default as shown below if not specified.

The options are split into two main groups, described below. Terms used such as
``marginally trusted'' are terms used by GnuPG, for more information please
consult linkman:gpg[1].

When to Check::
	These options control if and when signature checks should take place.

	*Never*;;
		All signature checking is suppressed, even if signatures are present.

	*Optional* (default);;
		Signatures are checked if present; absence of a signature is not an
		error. An invalid signature is a fatal error, as is a signature from a
		key not in the keyring.

	*Required*;;
		Signatures are required; absence of a signature or an invalid signature
		is a fatal error, as is a signature from a key not in the keyring.

What is Allowed::
	These options control what signatures are viewed as permissible. Note that
	neither of these options allows acceptance of invalid or expired
	signatures, or those from revoked keys.

	*TrustedOnly* (default);;
		If a signature is checked, it must be in the keyring and fully trusted;
		marginal trust does not meet this criteria.

	*TrustAll*;;
		If a signature is checked, it must be in the keyring, but is not
		required to be assigned a trust level (e.g., unknown or marginal
		trust).

Options in both groups can additionally be prefixed with either *Package* or
*Database*, which will cause it to only take effect on the specified object
type. For example, `PackageTrustAll` would allow marginal and unknown trust
level signatures for packages.

The built-in default is the following:

--------
SigLevel = Optional TrustedOnly
--------

Using Your Own Repository
-------------------------
If you have numerous custom packages of your own, it is often easier to generate
your own custom local repository than install them all with the '\--upgrade'
option. All you need to do is generate a compressed package database in the
directory with these packages so pacman can find it when run with '\--refresh'.

	repo-add /home/pkgs/custom.db.tar.gz /home/pkgs/*.pkg.tar.gz

The above command will generate a compressed database named
'/home/pkgs/custom.db.tar.gz'. Note that the database must be of the form
'\{treename\}.db.tar.{ext}', where '\{treename\}' is the name of the section
defined in the configuration file and '\{ext\}' is a valid compression type as
documented in linkman:repo-add[8]. That's it! Now configure your custom section
in the configuration file as shown in the config example above. Pacman will now
use your package repository. If you add new packages to the repository,
remember to re-generate the database and use pacman's '\--refresh' option.

For more information on the repo-add command, see ``repo-add \--help'' or
linkman:repo-add[8].


See Also
--------
linkman:pacman[8], linkman:libalpm[3]

include::footer.txt[]