Gentoo Archives: gentoo-scm

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-scm@l.g.o
Subject: Re: [gentoo-scm] gentoo-x86 on git - Manifests
Date: Fri, 20 Feb 2009 20:12:32
Message-Id: 20090220192932.GN20371@curie-int.orbis-terrarum.net
In Reply to: Re: [gentoo-scm] gentoo-x86 on git - Manifests by Robert Buchholz
On Fri, Feb 20, 2009 at 11:50:07AM +0100, Robert Buchholz wrote:
> On Friday 20 February 2009, Robin H. Johnson wrote: > > Remember that Portage will only verify hashes that exist in the file. > > If they aren't in the file, they don't get verified. The fix you > > describe is unneeded. > If you use FEATURES=digest, Portage ignores missing lines or errors in > the Manifest completely. So either overlays must ship full Manifests or > Portage would need a feature to fix slim Manifests.
[snip some paragraphs missing the point]. Portage needs minor changes for slim Manifests anyway: specifically, to check the files against the Git index rather than the Manifest. It's NOT that the files from the tree directly are unsigned, but rather that their digests/signatures exist in Git instead of the Manifest. The commits in the Git tree should be signed anyway to increase security. -- Robin Hugh Johnson Gentoo Linux Developer & Infra Guy E-Mail : robbat2@g.o GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85

Replies

Subject Author
Re: [gentoo-scm] gentoo-x86 on git - Manifests Donnie Berkholz <dberkholz@g.o>
Re: [gentoo-scm] gentoo-x86 on git - Manifests "Robin H. Johnson" <robbat2@g.o>