diff --git a/makepkg.conf b/makepkg.conf
index 3ac3afc..6e39342 100644
--- a/makepkg.conf
+++ b/makepkg.conf
@@ -1,3 +1,4 @@
+#!/hint/bash
 #
 # /etc/makepkg.conf
 #
@@ -23,6 +24,7 @@ DLAGENTS=('file::/usr/bin/curl -gqC - -o %o %u'
 #-- The package required by makepkg to download VCS sources
 #  Format: 'protocol::package'
 VCSCLIENTS=('bzr::bzr'
+            'fossil::fossil'
             'git::git'
             'hg::mercurial'
             'svn::subversion')
@@ -35,11 +37,11 @@ CARCH="x86_64"
 CHOST="x86_64-pc-linux-gnu"
 
 #-- Compiler and Linker Flags
-# -march (or -mcpu) builds exclusively for an architecture
-# -mtune optimizes for an architecture, but builds for whole processor family
-CPPFLAGS="-D_FORTIFY_SOURCE=2"
-CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt"
-CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt"
+#CPPFLAGS=""
+CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
+        -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
+        -fstack-clash-protection -fcf-protection"
+CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
 LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
@@ -53,7 +55,7 @@ DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
 # BUILD ENVIRONMENT
 #########################################################################
 #
-# Defaults: BUILDENV=(!distcc color !ccache check !sign)
+# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
 #  A negated environment option will do the opposite of the comments below.
 #
 #-- distcc:   Use the Distributed C/C++/ObjC compiler
@@ -76,7 +78,7 @@ BUILDENV=(!distcc color !ccache check !sign)
 #   These are default values for the options=() settings
 #########################################################################
 #
-# Default: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug)
+# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto)
 #  A negated option will do the opposite of the comments below.
 #
 #-- strip:      Strip symbols from binaries/libraries
@@ -86,14 +88,13 @@ BUILDENV=(!distcc color !ccache check !sign)
 #-- emptydirs:  Leave empty directories in packages
 #-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
 #-- purge:      Remove files specified by PURGE_TARGETS
-#-- upx:        Compress binary executable files using UPX
-#-- optipng:    Optimize PNG images with optipng
 #-- debug:      Add debugging flags as specified in DEBUG_* variables
+#-- lto:        Add compile flags for building with link time optimization
 #
-OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug)
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
 
 #-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
-INTEGRITY_CHECK=(md5)
+INTEGRITY_CHECK=(sha256)
 #-- Options to be used when stripping binaries. See `man strip' for details.
 STRIP_BINARIES="--strip-all"
 #-- Options to be used when stripping shared libraries. See `man strip' for details.
@@ -146,10 +147,12 @@ COMPRESSLZ=(lzip -c -f)
 # EXTENSION DEFAULTS
 #########################################################################
 #
-# WARNING: Do NOT modify these variables unless you know what you are
-#          doing.
-#
-PKGEXT='.pkg.tar.xz'
+PKGEXT='.pkg.tar.zst'
 SRCEXT='.src.tar.gz'
 
-# vim: set ft=sh ts=2 sw=2 et:
+#########################################################################
+# OTHER
+#########################################################################
+#
+#-- Command used to run pacman as root, instead of trying sudo and su
+#PACMAN_AUTH=()