Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Snapshot verification during installation.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Tue Apr 25, 2017 12:37 pm    Post subject: Snapshot verification during installation. Reply with quote

i would like to verify the ebuild snapshot during installation.

i will download the latest snapshot to a usb flash and verify it before starting the intall process.

then extract it using

Code:
tar xvjf portage-latest.tar.bz2 -C usr


are my tar switches ok?


Last edited by reddragon on Tue Apr 25, 2017 11:34 pm; edited 1 time in total
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 724

PostPosted: Tue Apr 25, 2017 1:25 pm    Post subject: Reply with quote

If they aren't okay, the worst that happens is no extraction, or extraction to a place you didn't intend.

You don't give enough information to allow a conclusion about "right place," and that command will fail if the tarball is not in the ${PWD}, "present working directory". You command will also fail if there is no directory "usr" off your ${PWD}
Back to top
View user's profile Send private message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Tue Apr 25, 2017 2:06 pm    Post subject: Reply with quote

sorry full commands are

Code:
mkdir /mnt/usb
mount /dev/sdc1 /mnt/usb
cd /mnt/usb
tar xvjf portage-latest.tar.bz2 -C /usr


this should replace these sections of the handbook

Code:
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Base#Installing_an_ebuild_repository_snapshot_from_the_web

and

https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Base#Optional:_Updating_the_Gentoo_ebuild_repository
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 724

PostPosted: Tue Apr 25, 2017 2:21 pm    Post subject: Reply with quote

For what it's worth, I usually extract by first making ${PWD} where I want the extracted files to end up; then using the full path/filename for the tarball. In other words, I never use the "-C" switch.

Before extracting, I check to make sure the tarball structure will land in the right place, relative to ${PWD}, with `tar tf /full/path/to/tarball.tar`

I think either way works, your "-C /usr", or my way `cd /usr; tar xf /path/to/portage-latest.tar.bz2` --- assuming you want the portage tree to begin at /usr/portage that is.

Somewhere along the line, tar got smartened up, so the "j" or "z" parameters informing tar it is dealing with a bzipped or gzipped file are no longer required. The "v" parameter isn't necessary, and for a tarball with thousands of files, like the gentoo-latest, I would not use it. It doesn't hurt anything, just slows things down ever so slightly.
Back to top
View user's profile Send private message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Tue Apr 25, 2017 2:38 pm    Post subject: Reply with quote

i dont have a running gentoo yet

"/usr/portage" is the default location?
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1921

PostPosted: Tue Apr 25, 2017 2:46 pm    Post subject: Reply with quote

Start with the handbook (there are offline versions):
Code:

https://wiki.gentoo.org/wiki/Handbook:Main_Page


In brief, switch to the partition which you will use for your root filesystem
and unpack the appropriate Stage 3 file. Then switch to the new /usr
directory, and unpack the portage snapshot.

Will
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 724

PostPosted: Tue Apr 25, 2017 2:52 pm    Post subject: Reply with quote

Yes, the portage tree (list of ebuild files, checksups, etc.) is defaulted to /usr/portage

If your gentoo is not running, but you have booted into some other system, the other system has no doubt taken up residence at /usr

There is more than one way to handle this condition. What will become the new Gentoo install is mounted "elsewhere" relative to the running system. A common location is for what will become the new Gentoo install is /mnt/gentoo

Not knowing exactly where you are at in this install, maybe you have made what will become the new Gentoo install your root directory already, with `chroot /mnt/gentoo /bin/bash` or similar, in which case (the chrooted environment) "/usr" is the correct destination for the portage tree.
Back to top
View user's profile Send private message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Tue Apr 25, 2017 3:01 pm    Post subject: Reply with quote

yes i plan to do this inside the new gentoo chroot enviroment as per the handbook.

but instead of dowloading the snapshot i will use the verifed one from usb flash.
Back to top
View user's profile Send private message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Tue Apr 25, 2017 3:07 pm    Post subject: Reply with quote

cwr

i will look at your link

its not realy an offline install though just want to verify snapshot like webrsync-gpg does
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 724

PostPosted: Tue Apr 25, 2017 3:10 pm    Post subject: Reply with quote

You're on your way then. It'll work, you're on the right track.

I just now, based on this thread, downloaded a portage tree snapshot. It's "install directory" is "portage", so if the tarball is extracted from ${PWD}=/usr, the contents of the tarball populate "/usr/portage" I believe the same thing happens if you use "-C /usr" from anywhere.
Back to top
View user's profile Send private message
Ant P.
Advocate
Advocate


Joined: 18 Apr 2009
Posts: 4074
Location: UK

PostPosted: Tue Apr 25, 2017 7:47 pm    Post subject: Reply with quote

emerge-webrsync leaves the tarball in $DISTFILES. You can do your gpg/sha256 verification on that manually, if you don't want to use webrsync-gpg.
_________________
Quantity is not quality.
overlay | runit-scripts
Back to top
View user's profile Send private message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Tue Apr 25, 2017 10:42 pm    Post subject: Validated Gentoo repository snapshots during installation Reply with quote

This guide will help you to download and validate a repository snapshot while installing Gentoo.

It was writen for the AMD64 version of the handbook but should be relevant to other architectures.

A quote from the Gentoo handbook on validated gentoo repository snapshots found here.
Quote:
This ensures that no rogue rsync mirror is adding unwanted code or packages to the tree the system is downloading.


These steps can be followed once you have completed the "Downloading the stage tarball" section of the handbook.
Code:
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Stage#Downloading_the_stage_tarball

Chose a mirror near you
Code:
https://www.gentoo.org/downloads/mirrors/

Download the snapshot, gpgsig and md5sum.
Code:
wget https://mirrors.evowise.com/gentoo/snapshots/portage-latest.tar.bz2{,.gpgsig,.md5sum}

Download the snapshot keys.
Code:
gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0xDB6B8C1F96D8BF6D

Verify the gpg signiture.
Code:
gpg --verify portage-latest.tar.bz2.gpgsig portage-latest.tar.bz2

Verify the md5sum.
Code:
md5sum -c portage-latest.tar.bz2.md5sum

Then instead of following the sections "Installing an ebuild repository snapshot from the web" and "Updating the Gentoo ebuild repository".
Code:
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Base#Installing_an_ebuild_repository_snapshot_from_the_web
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Base#Optional:_Updating_the_Gentoo_ebuild_repository

Extract the snapshot.
Code:
tar xvjf portage-latest.tar.bz2 -C usr

Remove the cruft.
Code:
rm portage-latest.*

Then follow the handbook as normal. After installation is complete, follow the instructions here to enable verification of future updates.
Code:
https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Validated_Gentoo_repository_snapshots


Last edited by reddragon on Wed Apr 26, 2017 2:39 pm; edited 7 times in total
Back to top
View user's profile Send private message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Tue Apr 25, 2017 10:43 pm    Post subject: Reply with quote

mods should i update the first post?
Back to top
View user's profile Send private message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Tue Apr 25, 2017 10:44 pm    Post subject: Reply with quote

Ant P. wrote:
emerge-webrsync leaves the tarball in $DISTFILES. You can do your gpg/sha256 verification on that manually, if you don't want to use webrsync-gpg.


i didnt think you could do webrsync-gpg during install. how do you do it?
Back to top
View user's profile Send private message
R0b0t1
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2008
Posts: 87

PostPosted: Wed Apr 26, 2017 11:16 pm    Post subject: Reply with quote

The installation CD comes with GnuPG, what I usually do is download the portage snapshot and verify it from outside of the chroot. Then enter the chroot, set up make.conf so that webrsync-gpg is used, and emerge GnuPG and the Gentoo keyrings.
Back to top
View user's profile Send private message
Ant P.
Advocate
Advocate


Joined: 18 Apr 2009
Posts: 4074
Location: UK

PostPosted: Wed Apr 26, 2017 11:37 pm    Post subject: Reply with quote

reddragon wrote:
Ant P. wrote:
emerge-webrsync leaves the tarball in $DISTFILES. You can do your gpg/sha256 verification on that manually, if you don't want to use webrsync-gpg.


i didnt think you could do webrsync-gpg during install. how do you do it?

It only needs the signing keys to be present in $PORTAGE_GPG_DIR. It doesn't care how they get there; you don't need to emerge gentoo-keys first.
_________________
Quantity is not quality.
overlay | runit-scripts
Back to top
View user's profile Send private message
reddragon
n00b
n00b


Joined: 04 Apr 2017
Posts: 24

PostPosted: Thu May 11, 2017 1:06 am    Post subject: Reply with quote

Ant P. wrote:
reddragon wrote:
Ant P. wrote:
emerge-webrsync leaves the tarball in $DISTFILES. You can do your gpg/sha256 verification on that manually, if you don't want to use webrsync-gpg.


i didnt think you could do webrsync-gpg during install. how do you do it?

It only needs the signing keys to be present in $PORTAGE_GPG_DIR. It doesn't care how they get there; you don't need to emerge gentoo-keys first.


I dont think this will work because, gpg in not included in the default gentoo install.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum