View previous topic :: View next topic |
Author |
Message |
el muchacho Tux's lil' helper
Joined: 26 Mar 2015 Posts: 78
|
Posted: Tue Mar 31, 2015 3:29 pm Post subject: Gentoo install not using package signatures ? |
|
|
As far as I can tell, checking the package's integrity is not done through the installation of Gentoo. I can't see that we add the "FEATURES" options to make.conf nor have the public key to check that packages were signed.
Is it really the case or I am missing something ?
Code: | File: /etc/portage/make.conf
PORTAGE_GPG_DIR="/etc/portage/gnupg"
FEATURES="webrsync-gpg parallel-fetch userfetch userpriv usersandbox" |
|
|
Back to top |
|
|
Apheus Guru
Joined: 12 Jul 2008 Posts: 422
|
Posted: Tue Mar 31, 2015 3:43 pm Post subject: |
|
|
If you want complete checking, use webrsync with webrsync-gpg feature. The snapshot is signed with a key in Gentoo's control, and contains the manifest files with checksums. Portage checks downloads and distfiles with these checksums whenever something is fetched or unpacked.
Pulling validated snapshots |
|
Back to top |
|
|
|