fix: change archzfs SigLevel from Optional TrustAll to Never

Optional TrustAll is misleading — it implies signature checking when none is actually happening. Use Never to match the installer and be explicit. Repo is served over HTTPS; GPG adds no value in build env.
author: Craig Jennings <c@cjennings.net> 2026-02-23 05:48:45 -0600
committer: Craig Jennings <c@cjennings.net> 2026-02-23 05:48:45 -0600
commit: 9e34c087ddb714598cb5eae78751fd416726d864 (patch)
tree: 8d5f0d0ae9f710258e051fb4f78fbbfa7d66c04f /build.sh
parent: 722df5c1ae421d51e49beadc5128c2a28f78ed19 (diff)
download: archangel-9e34c087ddb714598cb5eae78751fd416726d864.tar.gz
archangel-9e34c087ddb714598cb5eae78751fd416726d864.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/build.sh b/build.sh
index a169cae..8bb7893 100755
--- a/build.sh
+++ b/build.sh
@@ -140,12 +140,14 @@ if [[ -f "$PROFILE_DIR/airootfs/etc/mkinitcpio.d/linux.preset" ]]; then
 fi
 
 # Add archzfs repository to pacman.conf
+# SigLevel=Never: archzfs GPG key import is unreliable in clean build environments;
+# repo is explicitly added and served over HTTPS, GPG adds no real value here
 info "Adding archzfs repository..."
 cat >> "$PROFILE_DIR/pacman.conf" << 'EOF'
 
 [archzfs]
 Server = https://archzfs.com/$repo/$arch
-SigLevel = Optional TrustAll
+SigLevel = Never
 EOF
 
 # Add ZFS and our custom packages
author	Craig Jennings <c@cjennings.net>	2026-02-23 05:48:45 -0600
committer	Craig Jennings <c@cjennings.net>	2026-02-23 05:48:45 -0600
commit	9e34c087ddb714598cb5eae78751fd416726d864 (patch)
tree	8d5f0d0ae9f710258e051fb4f78fbbfa7d66c04f /build.sh
parent	722df5c1ae421d51e49beadc5128c2a28f78ed19 (diff)
download	archangel-9e34c087ddb714598cb5eae78751fd416726d864.tar.gz archangel-9e34c087ddb714598cb5eae78751fd416726d864.zip