summaryrefslogtreecommitdiff
path: root/libre/pacman
diff options
context:
space:
mode:
Diffstat (limited to 'libre/pacman')
-rw-r--r--libre/pacman/PKGBUILD121
-rw-r--r--libre/pacman/gpg.conf50
-rw-r--r--libre/pacman/makepkg-pkgrel-4.patch87
-rw-r--r--libre/pacman/makepkg.conf140
-rw-r--r--libre/pacman/pacman.conf.i686103
-rw-r--r--libre/pacman/pacman.conf.mips64el103
-rw-r--r--libre/pacman/pacman.conf.x86_64118
-rw-r--r--libre/pacman/refresh-pacman-keys3
-rw-r--r--libre/pacman/sks-keyservers.netCA.pem32
9 files changed, 757 insertions, 0 deletions
diff --git a/libre/pacman/PKGBUILD b/libre/pacman/PKGBUILD
new file mode 100644
index 000000000..2fd4986f7
--- /dev/null
+++ b/libre/pacman/PKGBUILD
@@ -0,0 +1,121 @@
+# Maintainer (Arch): Dan McGee <dan@archlinux.org>
+# Maintainer (Arch): Dave Reisner <dreisner@archlinux.org>
+# Maintainer: André Silva <emulatorman@parabola.nu>
+# Maintainer: Márcio Silva <coadde@parabola.nu>
+# Contributor: Nicolás Reynolds <fauno@kiwwwi.com.ar>
+
+pkgname=pacman
+pkgver=4.1.2
+pkgrel=6.parabola1
+pkgdesc="A library-based package manager with dependency support"
+arch=('i686' 'x86_64' 'mips64el')
+url="http://www.archlinux.org/pacman/"
+license=('GPL')
+groups=('base' 'base-devel')
+depends=('bash>=4.2.042-2' 'glibc>=2.17-2' 'libarchive>=3.1.2' 'curl>=7.19.4'
+ 'gpgme' 'pacman-mirrorlist' 'archlinux-keyring' 'parabola-keyring' 'cacert-dot-org')
+makedepends=('asciidoc') # build man pages
+checkdepends=('python2' 'fakechroot')
+optdepends=('fakeroot: for makepkg usage as normal user')
+provides=("$pkgname-contrib")
+conflicts=("$pkgname-contrib" "$pkgname-parabola")
+replaces=("$pkgname-contrib" "$pkgname-parabola")
+backup=('etc/pacman.conf' 'etc/makepkg.conf')
+options=('strip' 'debug')
+source=("ftp://ftp.archlinux.org/other/$pkgname/$pkgname-$pkgver.tar.gz"{,.sig}
+ "$pkgname.conf."{i686,x86_64,mips64el}
+ "makepkg.conf"
+ "gpg.conf"
+ "sks-keyservers.netCA.pem"
+ "makepkg-pkgrel-4.patch"
+ "refresh-$pkgname-keys")
+md5sums=('063c8b0ff6bdf903dc235445525627cd'
+ 'SKIP'
+ '688feb0a552f42643a76f72e7198bfe4'
+ '77c5fd379e73cf86fc08a4bd5c4b1ba1'
+ '9e0c64937ef751ae4273fa4d73381484'
+ 'f0f310df411f943dbc4e2dd376c88662'
+ '8c339b2bf027979d1edcfc6ac0e7e81d'
+ '3cfc5d2867a6672f4f629220632948f4'
+ '5873359871833b40c2a8e08863d0613c'
+ '093f0779ac55ae781ba028ad74b95f84')
+
+prepare(){
+ cd "$pkgname-$pkgver"
+ patch -Np1 -i "$srcdir/makepkg-pkgrel-4.patch"
+}
+
+build() {
+ cd "$pkgname-$pkgver"
+
+ ./configure --prefix=/usr --sysconfdir=/etc \
+ --localstatedir=/var --enable-doc \
+ --with-scriptlet-shell=/usr/bin/bash \
+ --with-ldconfig=/usr/bin/ldconfig
+ make
+ make -C contrib
+}
+
+#check() {
+# make -C "$pkgname-$pkgver" check
+#}
+
+package() {
+ cd "$pkgname-$pkgver"
+
+ make DESTDIR="$pkgdir" install
+ make DESTDIR="$pkgdir" -C contrib install
+
+ # install Parabola specific stuff
+ install -dm755 "$pkgdir/etc"
+ install -m644 "$srcdir/$pkgname.conf.$CARCH" "$pkgdir/etc/$pkgname.conf"
+
+ case $CARCH in
+ i686)
+ mycarch="i686"
+ mychost="i686-pc-linux-gnu"
+ myflags="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
+ ;;
+ x86_64)
+ mycarch="x86_64"
+ mychost="x86_64-unknown-linux-gnu"
+ myflags="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
+ ;;
+ mips64el)
+ mycarch="mips64el"
+ mychost="mips64el-unknown-linux-gnu"
+ myflags="-march=mips3 -mtune=loongson2f -mabi=n32 -mplt -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
+ ;;
+ esac
+ myldflags="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
+
+ # set things correctly in the default conf file
+ install -m644 "$srcdir/makepkg.conf" "$pkgdir/etc"
+ sed -i "$pkgdir/etc/makepkg.conf" \
+ -e "s|@CARCH[@]|$mycarch|g" \
+ -e "s|@CHOST[@]|$mychost|g" \
+ -e "s|@LDFLAGS[@]|$myldflags|g" \
+ -e "s|@CARCHFLAGS[@]|$myflags|g"
+
+ # put bash_completion in the right location
+ install -dm755 "$pkgdir/usr/share/bash-completion/completions"
+ mv "$pkgdir/etc/bash_completion.d/pacman" "$pkgdir/usr/share/bash-completion/completions"
+ rmdir "$pkgdir/etc/bash_completion.d"
+
+ for f in makepkg pacman-key; do
+ ln -s pacman "$pkgdir/usr/share/bash-completion/completions/$f"
+ done
+
+ install -Dm644 contrib/PKGBUILD.vim "$pkgdir/usr/share/vim/vimfiles/syntax/PKGBUILD.vim"
+
+ install -Dm755 "${srcdir}/refresh-pacman-keys" \
+ "${pkgdir}/etc/cron.weekly/refresh-pacman-keys"
+
+ install -Dm644 "${srcdir}/sks-keyservers.netCA.pem" \
+ "${pkgdir}/etc/pacman.d/sks-keyservers.netCA.pem"
+
+ install -Dm644 "${srcdir}/gpg.conf" \
+ "${pkgdir}/etc/pacman.d/gpg.conf"
+}
+
+# vim: set ts=2 sw=2 et:
diff --git a/libre/pacman/gpg.conf b/libre/pacman/gpg.conf
new file mode 100644
index 000000000..7fc6fc661
--- /dev/null
+++ b/libre/pacman/gpg.conf
@@ -0,0 +1,50 @@
+# pacman-key default options
+no-greeting
+no-permission-warning
+lock-never
+keyserver-options timeout=20
+
+# From duraconf
+# personal digest preferences
+personal-digest-preferences SHA512
+
+# message digest algorithm used when signing a key
+cert-digest-algo SHA512
+
+# Set the list of default preferences to string.
+# used for new keys and default for "setpref"
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
+
+# From
+# https://crabgrass.riseup.net/riseuplabs+paow/openpgp-best-practices
+# Only use secure keyservers
+keyserver hkps://hkps.pool.sks-keyservers.net
+keyserver-options ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem
+keyserver-options no-honor-keyserver-url
+
+# when outputting certificates, view user IDs distinctly from keys:
+fixed-list-mode
+
+# short-keyids are trivially spoofed; it's easy to create a long-keyid
+# collision; if you care about strong key identifiers, you always want
+# to see the fingerprint:
+keyid-format 0xlong
+fingerprint
+
+# when multiple digests are supported by all recipients, choose the
+# strongest one:
+personal-digest-preferences SHA512 SHA384 SHA256 SHA224
+
+# If you use a graphical environment (and even if you don't)
+# you should be using an agent: (similar arguments as
+# https://www.debian-administration.org/users/dkg/weblog/64)
+use-agent
+
+# You should always know at a glance which User IDs gpg thinks are
+# legitimately bound to the keys in your keyring:
+verify-options show-uid-validity
+list-options show-uid-validity
+
+# include an unambiguous indicator of which key made a signature: (see
+# http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)
+sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g
diff --git a/libre/pacman/makepkg-pkgrel-4.patch b/libre/pacman/makepkg-pkgrel-4.patch
new file mode 100644
index 000000000..4024b0ad6
--- /dev/null
+++ b/libre/pacman/makepkg-pkgrel-4.patch
@@ -0,0 +1,87 @@
+From 6357edfc61e293170a4c922fbdcfa260963d7268 Mon Sep 17 00:00:00 2001
+From: Luke Shumaker <lukeshu@sbcglobal.net>
+Date: Sun, 31 Aug 2014 17:10:32 -0400
+Subject: [PATCH] makepkg: treat pkgrel more similarly to pkgver
+
+This is perfectly fine with libalpm; it was only makepkg that was more
+strict with pkgrel than pkgver.
+
+Further, the former error message about invalid pkgrel formats claimed that
+pkgrel was a "decimal", which would mean that `1.1 == 1.10`. This was not
+the case; alpm parsed pkgrel as a version, not a decimal. In that light,
+enforcing /[0-9]+(\.([0-9]+)?/ on a version spec seems silly.
+---
+ doc/PKGBUILD.5.txt | 4 ++--
+ scripts/makepkg.sh.in | 4 ++--
+ test/util/vercmptest.sh | 18 ++++++++++++++++++
+ 3 files changed, 22 insertions(+), 4 deletions(-)
+
+diff --git a/doc/PKGBUILD.5.txt b/doc/PKGBUILD.5.txt
+index e78a8e5..986a4f6 100644
+--- a/doc/PKGBUILD.5.txt
++++ b/doc/PKGBUILD.5.txt
+@@ -46,7 +46,7 @@ similar to `$_basekernver`.
+
+ *pkgver*::
+ The version of the software as released from the author (e.g., '2.7.1').
+- The variable is not allowed to contain colons or hyphens.
++ The variable is not allowed to contain colons, hyphens or whitespace.
+ +
+ The `pkgver` variable can be automatically updated by providing a `pkgver()` function
+ in the PKGBUILD that outputs the new package version. This is run after downloading
+@@ -58,7 +58,7 @@ This is most useful when used with sources from version control systems (see bel
+ allows package maintainers to make updates to the package's configure
+ flags, for example. This is typically set to '1' for each new upstream
+ software release and incremented for intermediate PKGBUILD updates. The
+- variable is not allowed to contain hyphens.
++ variable is not allowed to contain colons, hyphens or whitespace.
+
+ *pkgdesc*::
+ This should be a brief description of the package and its functionality.
+diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
+index 940e947..88b654d 100644
+--- a/scripts/makepkg.sh.in
++++ b/scripts/makepkg.sh.in
+@@ -2134,8 +2134,8 @@ check_sanity() {
+ awk -F'=' '$1 ~ /^[[:space:]]*pkgrel$/' "$BUILDFILE" | sed "s/[[:space:]]*#.*//" |
+ while IFS='=' read -r _ i; do
+ eval i=\"$(sed 's/^\(['\''"]\)\(.*\)\1$/\2/' <<< "${i%%+([[:space:]])}")\"
+- if [[ $i != +([0-9])?(.+([0-9])) ]]; then
+- error "$(gettext "%s must be a decimal.")" "pkgrel"
++ if [[ $i = *[[:space:]:-]* ]]; then
++ error "$(gettext "%s is not allowed to contain colons, hyphens or whitespace.")" "pkgrel"
+ return 1
+ fi
+ done || ret=1
+diff --git a/test/util/vercmptest.sh b/test/util/vercmptest.sh
+index 04b841f..7985ddc 100755
+--- a/test/util/vercmptest.sh
++++ b/test/util/vercmptest.sh
+@@ -144,6 +144,24 @@ runtest 1:1.0 1.0 1
+ runtest 1:1.0 1.1 1
+ runtest 1:1.1 1.1 1
+
++# complex pkgrel values
++runtest 1-1.5.0 1-1.5.0 0
++runtest 1-1.5.1 1-1.5.0 1
++runtest 1-1.5.1 1-1.5 1
++runtest 1-1.5b 1-1.5 -1
++runtest 1-1.5b 1-1.5.1 -1
++runtest 1-1.0a 1-1.0alpha -1
++runtest 1-1.0alpha 1-1.0b -1
++runtest 1-1.0b 1-1.0beta -1
++runtest 1-1.0beta 1-1.0rc -1
++runtest 1-1.0rc 1-1.0 -1
++runtest 1-1.5.a 1-1.5 1
++runtest 1-1.5.b 1-1.5.a 1
++runtest 1-1.5.1 1-1.5.b 1
++runtest 1-2 1-2.par1 1
++runtest 1-2 1-2.par1 1
++runtest 1-3 1-2.par1 -1
++
+ #END TESTS
+
+ if [[ $failure -eq 0 ]]; then
+--
+2.1.0
+
diff --git a/libre/pacman/makepkg.conf b/libre/pacman/makepkg.conf
new file mode 100644
index 000000000..758d7d029
--- /dev/null
+++ b/libre/pacman/makepkg.conf
@@ -0,0 +1,140 @@
+#
+# /etc/makepkg.conf
+#
+
+#########################################################################
+# SOURCE ACQUISITION
+#########################################################################
+#
+#-- The download utilities that makepkg should use to acquire sources
+# Format: 'protocol::agent'
+DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+ 'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
+ 'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
+ 'rsync::/usr/bin/rsync --no-motd -z %u %o'
+ 'scp::/usr/bin/scp -C %u %o')
+
+# Other common tools:
+# /usr/bin/snarf
+# /usr/bin/lftpget -c
+# /usr/bin/wget
+
+#########################################################################
+# ARCHITECTURE, COMPILE FLAGS
+#########################################################################
+#
+CARCH="@CARCH@"
+CHOST="@CHOST@"
+
+#-- Compiler and Linker Flags
+# -march (or -mcpu) builds exclusively for an architecture
+# -mtune optimizes for an architecture, but builds for whole processor family
+CPPFLAGS="-D_FORTIFY_SOURCE=2"
+CFLAGS="@CARCHFLAGS@"
+CXXFLAGS="@CARCHFLAGS@"
+LDFLAGS="@LDFLAGS@"
+#-- Make Flags: change this for DistCC/SMP systems
+#MAKEFLAGS="-j2"
+#-- Debugging flags
+DEBUG_CFLAGS="-g -fvar-tracking-assignments"
+DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
+
+#########################################################################
+# BUILD ENVIRONMENT
+#########################################################################
+#
+# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
+# A negated environment option will do the opposite of the comments below.
+#
+#-- fakeroot: Allow building packages as a non-root user
+#-- distcc: Use the Distributed C/C++/ObjC compiler
+#-- color: Colorize output messages
+#-- ccache: Use ccache to cache compilation
+#-- check: Run the check() function if present in the PKGBUILD
+#-- sign: Generate PGP signature file
+#
+BUILDENV=(fakeroot !distcc color !ccache check !sign)
+#
+#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
+#-- specify a space-delimited list of hosts running in the DistCC cluster.
+#DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
+
+#########################################################################
+# GLOBAL PACKAGE OPTIONS
+# These are default values for the options=() settings
+#########################################################################
+#
+# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
+# A negated option will do the opposite of the comments below.
+#
+#-- strip: Strip symbols from binaries/libraries
+#-- docs: Save doc directories specified by DOC_DIRS
+#-- libtool: Leave libtool (.la) files in packages
+#-- staticlibs: Leave static library (.a) files in packages
+#-- emptydirs: Leave empty directories in packages
+#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
+#-- purge: Remove files specified by PURGE_TARGETS
+#-- upx: Compress binary executable files using UPX
+#-- debug: Add debugging flags as specified in DEBUG_* variables
+#
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
+
+#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
+INTEGRITY_CHECK=(md5)
+#-- Options to be used when stripping binaries. See `man strip' for details.
+STRIP_BINARIES="--strip-all"
+#-- Options to be used when stripping shared libraries. See `man strip' for details.
+STRIP_SHARED="--strip-unneeded"
+#-- Options to be used when stripping static libraries. See `man strip' for details.
+STRIP_STATIC="--strip-debug"
+#-- Manual (man and info) directories to compress (if zipman is specified)
+MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
+#-- Doc directories to remove (if !docs is specified)
+DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
+#-- Files to be removed from all packages (if purge is specified)
+PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
+
+#########################################################################
+# PACKAGE OUTPUT
+#########################################################################
+#
+# Default: put built package and cached source in build directory
+#
+#-- Destination: specify a fixed directory where all packages will be placed
+#PKGDEST=/home/packages
+#-- Source cache: specify a fixed directory where source files will be cached
+#SRCDEST=/home/sources
+#-- Source packages: specify a fixed directory where all src packages will be placed
+#SRCPKGDEST=/home/srcpackages
+#-- Log files: specify a fixed directory where all log files will be placed
+#LOGDEST=/home/makepkglogs
+#-- Packager: name/email of the person or organization building packages
+#PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
+
+#########################################################################
+# COMPRESSION DEFAULTS
+#########################################################################
+#
+COMPRESSGZ=(gzip -c -f -n)
+COMPRESSBZ2=(bzip2 -c -f)
+COMPRESSXZ=(xz -c -z -)
+COMPRESSLRZ=(lrzip -q)
+COMPRESSLZO=(lzop -q)
+COMPRESSZ=(compress -c -f)
+
+#########################################################################
+# EXTENSION DEFAULTS
+#########################################################################
+#
+# WARNING: Do NOT modify these variables unless you know what you are
+# doing.
+#
+PKGEXT='.pkg.tar.xz'
+SRCEXT='.src.tar.gz'
+
+# vim: set ft=sh ts=2 sw=2 et:
diff --git a/libre/pacman/pacman.conf.i686 b/libre/pacman/pacman.conf.i686
new file mode 100644
index 000000000..84cec630c
--- /dev/null
+++ b/libre/pacman/pacman.conf.i686
@@ -0,0 +1,103 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir = /
+#DBPath = /var/lib/pacman/
+#CacheDir = /var/cache/pacman/pkg/
+#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
+HoldPkg = pacman glibc
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+#UseDelta = 0.7
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg =
+#IgnoreGroup =
+
+#NoUpgrade =
+#NoExtract =
+
+# Misc options
+#UseSyslog
+#Color
+#TotalDownload
+CheckSpace
+#VerbosePkgLists
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+# - can be defined here or included from another file
+# - pacman will search repositories in the order defined here
+# - local/custom mirrors can be added here or in separate files
+# - repositories listed first will take precedence when packages
+# have identical names, regardless of version number
+# - URLs will have $repo replaced by the name of the current repo
+# - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+# [repo-name]
+# Server = ServerName
+# Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[libre-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[libre]
+Include = /etc/pacman.d/mirrorlist
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# Parabola also supports community projects and personal repositories, to find
+# them check out this wiki page: https://wiki.parabolagnulinux.org/Repositories
+
+# Parabola community repo
+#[pcr]
+#Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository. See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
diff --git a/libre/pacman/pacman.conf.mips64el b/libre/pacman/pacman.conf.mips64el
new file mode 100644
index 000000000..604040640
--- /dev/null
+++ b/libre/pacman/pacman.conf.mips64el
@@ -0,0 +1,103 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir = /
+#DBPath = /var/lib/pacman/
+#CacheDir = /var/cache/pacman/pkg/
+#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
+HoldPkg = pacman glibc
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+#UseDelta = 0.7
+Architecture = mips64el
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg =
+#IgnoreGroup =
+
+#NoUpgrade =
+#NoExtract =
+
+# Misc options
+#UseSyslog
+#Color
+#TotalDownload
+CheckSpace
+#VerbosePkgLists
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+# - can be defined here or included from another file
+# - pacman will search repositories in the order defined here
+# - local/custom mirrors can be added here or in separate files
+# - repositories listed first will take precedence when packages
+# have identical names, regardless of version number
+# - URLs will have $repo replaced by the name of the current repo
+# - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+# [repo-name]
+# Server = ServerName
+# Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[libre-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[libre]
+Include = /etc/pacman.d/mirrorlist
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# Parabola also supports community projects and personal repositories, to find
+# them check out this wiki page: https://wiki.parabolagnulinux.org/Repositories
+
+# Parabola community repo
+#[pcr]
+#Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository. See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
diff --git a/libre/pacman/pacman.conf.x86_64 b/libre/pacman/pacman.conf.x86_64
new file mode 100644
index 000000000..03a8cf3a6
--- /dev/null
+++ b/libre/pacman/pacman.conf.x86_64
@@ -0,0 +1,118 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir = /
+#DBPath = /var/lib/pacman/
+#CacheDir = /var/cache/pacman/pkg/
+#LogFile = /var/log/pacman.log
+#GPGDir = /etc/pacman.d/gnupg/
+HoldPkg = pacman glibc
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+#UseDelta = 0.7
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg =
+#IgnoreGroup =
+
+#NoUpgrade =
+#NoExtract =
+
+# Misc options
+#UseSyslog
+#Color
+#TotalDownload
+CheckSpace
+#VerbosePkgLists
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+# - can be defined here or included from another file
+# - pacman will search repositories in the order defined here
+# - local/custom mirrors can be added here or in separate files
+# - repositories listed first will take precedence when packages
+# have identical names, regardless of version number
+# - URLs will have $repo replaced by the name of the current repo
+# - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+# [repo-name]
+# Server = ServerName
+# Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[libre-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[libre]
+Include = /etc/pacman.d/mirrorlist
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# If you want to run 32 bit applications on your x86_64 system,
+# enable the libre-multilib and multilib repositories as required here.
+
+#[libre-multilib-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+#[libre-multilib]
+#Include = /etc/pacman.d/mirrorlist
+
+#[multilib-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+#[multilib]
+#Include = /etc/pacman.d/mirrorlist
+
+# Parabola also supports community projects and personal repositories, to find
+# them check out this wiki page: https://wiki.parabolagnulinux.org/Repositories
+
+# Parabola community repo
+#[pcr]
+#Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository. See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
diff --git a/libre/pacman/refresh-pacman-keys b/libre/pacman/refresh-pacman-keys
new file mode 100644
index 000000000..e96dc34e5
--- /dev/null
+++ b/libre/pacman/refresh-pacman-keys
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+pacman-key --refresh-keys
diff --git a/libre/pacman/sks-keyservers.netCA.pem b/libre/pacman/sks-keyservers.netCA.pem
new file mode 100644
index 000000000..24a2ad2e8
--- /dev/null
+++ b/libre/pacman/sks-keyservers.netCA.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
+BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u
+ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw
+MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP
+c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr
+cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I
+6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj
+MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F
+45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS
+FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx
+Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4
+aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx
+MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y
+u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9
+p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP
+fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G
+A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY
+TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR
+OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u
+gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/
+X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5
+gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB
+UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04
+lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT
+BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB
+cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U
+f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G
+ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph
+WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==
+-----END CERTIFICATE-----