fix: change archzfs SigLevel from Optional TrustAll to Never

Optional TrustAll is misleading — it implies signature checking when none is actually happening. Use Never to match the installer and be explicit. Repo is served over HTTPS; GPG adds no value in build env.
author: Craig Jennings <c@cjennings.net> 2026-02-23 05:48:45 -0600
committer: Craig Jennings <c@cjennings.net> 2026-02-23 05:48:45 -0600
commit: 2faf2b088e67bb79d61b5e051a805aed60b85206 (patch)
tree: 8d5f0d0ae9f710258e051fb4f78fbbfa7d66c04f
parent: ff29361074e2908cd010627efdcf77ad69a1485d (diff)
download: archangel-2faf2b088e67bb79d61b5e051a805aed60b85206.tar.gz
archangel-2faf2b088e67bb79d61b5e051a805aed60b85206.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/build.sh b/build.sh
index a169cae..8bb7893 100755
--- a/build.sh
+++ b/build.sh
@@ -140,12 +140,14 @@ if [[ -f "$PROFILE_DIR/airootfs/etc/mkinitcpio.d/linux.preset" ]]; then
 fi
 
 # Add archzfs repository to pacman.conf
+# SigLevel=Never: archzfs GPG key import is unreliable in clean build environments;
+# repo is explicitly added and served over HTTPS, GPG adds no real value here
 info "Adding archzfs repository..."
 cat >> "$PROFILE_DIR/pacman.conf" << 'EOF'
 
 [archzfs]
 Server = https://archzfs.com/$repo/$arch
-SigLevel = Optional TrustAll
+SigLevel = Never
 EOF
 
 # Add ZFS and our custom packages
author	Craig Jennings <c@cjennings.net>	2026-02-23 05:48:45 -0600
committer	Craig Jennings <c@cjennings.net>	2026-02-23 05:48:45 -0600
commit	2faf2b088e67bb79d61b5e051a805aed60b85206 (patch)
tree	8d5f0d0ae9f710258e051fb4f78fbbfa7d66c04f
parent	ff29361074e2908cd010627efdcf77ad69a1485d (diff)
download	archangel-2faf2b088e67bb79d61b5e051a805aed60b85206.tar.gz archangel-2faf2b088e67bb79d61b5e051a805aed60b85206.zip