1 |
This is a bit long but it's mostly just stuff copied from my terminal |
2 |
for completeness. |
3 |
-MWK |
4 |
|
5 |
On Wed, Aug 6, 2014 at 5:58 PM, Duncan <1i5t5.duncan@×××.net> wrote: |
6 |
> Mark Knecht posted on Wed, 06 Aug 2014 14:33:28 -0700 as excerpted: |
7 |
> |
8 |
>> OK, I've modified make.conf as such: |
9 |
>> |
10 |
>> FEATURES="buildpkg strict webrsync-gpg" |
11 |
>> PORTAGE_GPG_DIR="/etc/portage/gpg" |
12 |
>> |
13 |
>> and created /etc/portage/gpg: |
14 |
> |
15 |
>> drwxr-xr-x 2 root root 4096 Jul 6 09:42 |
16 |
> |
17 |
<SNIP> |
18 |
> |
19 |
> Or wait! Actually I can, as google says that's actually part of the |
20 |
> gentoo handbook! =:^) (Watch the link-wrap and reassemble as necessary, |
21 |
> I'm lazy today. The arch doesn't matter for this bit so x86/amd64, it's |
22 |
> all the same.) |
23 |
> |
24 |
> https://www.gentoo.org/doc/en/handbook/handbook-x86.xml? |
25 |
> part=2&chap=3#webrsync-gpg |
26 |
> |
27 |
|
28 |
Great link! Thanks. So I think the important stuff is here, the first |
29 |
2 lines I managed |
30 |
on my own, but the gpg part is what's new to me: |
31 |
|
32 |
[QUOTE] |
33 |
# mkdir -p /etc/portage/gpg |
34 |
# chmod 0700 /etc/portage/gpg |
35 |
(... Substitute the keys with those mentioned on the release |
36 |
engineering site ...) |
37 |
# gpg --homedir /etc/portage/gpg --keyserver subkeys.pgp.net |
38 |
--recv-keys 0xDB6B8C1F96D8BF6D |
39 |
# gpg --homedir /etc/portage/gpg --edit-key 0xDB6B8C1F96D8BF6D trust |
40 |
[/QOUTE] |
41 |
|
42 |
From the comment about the Release Engineering site, I think that's here: |
43 |
|
44 |
https://www.gentoo.org/proj/en/releng/ |
45 |
|
46 |
And the keys match with is good. |
47 |
|
48 |
Anyway, running the first command is fine. The second command wants me to |
49 |
make a choice. For now I chose to 'ultimately trust'. (Aren't I gullible!?!) |
50 |
|
51 |
[COPY] |
52 |
c2RAID6 ~ # gpg --homedir /etc/portage/gpg --edit-key 0xDB6B8C1F96D8BF6D trust |
53 |
gpg (GnuPG) 2.0.25; Copyright (C) 2013 Free Software Foundation, Inc. |
54 |
This is free software: you are free to change and redistribute it. |
55 |
There is NO WARRANTY, to the extent permitted by law. |
56 |
|
57 |
|
58 |
pub 4096R/96D8BF6D created: 2011-11-25 expires: 2015-11-24 usage: C |
59 |
trust: unknown validity: unknown |
60 |
sub 4096R/C9189250 created: 2011-11-25 expires: 2015-11-24 usage: S |
61 |
[ unknown] (1). Gentoo Portage Snapshot Signing Key (Automated Signing Key) |
62 |
|
63 |
pub 4096R/96D8BF6D created: 2011-11-25 expires: 2015-11-24 usage: C |
64 |
trust: unknown validity: unknown |
65 |
sub 4096R/C9189250 created: 2011-11-25 expires: 2015-11-24 usage: |
66 |
S |
67 |
[ unknown] (1). Gentoo Portage Snapshot Signing Key (Automated Signing |
68 |
Key) |
69 |
|
70 |
Please decide how far you trust this user to correctly verify other |
71 |
users' keys |
72 |
(by looking at passports, checking fingerprints from different |
73 |
sources, etc.) |
74 |
|
75 |
1 = I don't know or won't say |
76 |
2 = I do NOT trust |
77 |
3 = I trust marginally |
78 |
4 = I trust fully |
79 |
5 = I trust ultimately |
80 |
m = back to the main menu |
81 |
|
82 |
Your decision? 5 |
83 |
Do you really want to set this key to ultimate trust? (y/N) y |
84 |
|
85 |
pub 4096R/96D8BF6D created: 2011-11-25 expires: 2015-11-24 usage: |
86 |
C |
87 |
trust: ultimate validity: unknown |
88 |
sub 4096R/C9189250 created: 2011-11-25 expires: 2015-11-24 usage: |
89 |
S |
90 |
[ unknown] (1). Gentoo Portage Snapshot Signing Key (Automated Signing |
91 |
Key) |
92 |
Please note that the shown key validity is not necessarily correct |
93 |
unless you restart the program. |
94 |
|
95 |
gpg> list |
96 |
|
97 |
pub 4096R/96D8BF6D created: 2011-11-25 expires: 2015-11-24 usage: C |
98 |
trust: ultimate validity: unknown |
99 |
sub 4096R/C9189250 created: 2011-11-25 expires: 2015-11-24 usage: S |
100 |
[ unknown] (1)* Gentoo Portage Snapshot Signing Key (Automated Signing Key) |
101 |
|
102 |
gpg> check |
103 |
uid Gentoo Portage Snapshot Signing Key (Automated Signing Key) |
104 |
sig!3 96D8BF6D 2011-11-25 [self-signature] |
105 |
6 signatures not checked due to missing keys |
106 |
|
107 |
gpg> quit |
108 |
c2RAID6 ~ # |
109 |
|
110 |
|
111 |
[/COPY] |
112 |
|
113 |
|
114 |
|
115 |
I'm not sure how to short of a reboot 'restart the program', nor what the line |
116 |
|
117 |
6 signatures not checked due to missing keys |
118 |
|
119 |
really means. That said it appears to be working better than yesterday: |
120 |
|
121 |
|
122 |
|
123 |
|
124 |
c2RAID6 ~ # eix-sync -w |
125 |
* Running emerge-webrsync |
126 |
Fetching most recent snapshot ... |
127 |
Trying to retrieve 20140806 snapshot from http://gentoo.osuosl.org ... |
128 |
Fetching file portage-20140806.tar.xz.md5sum ... |
129 |
Fetching file portage-20140806.tar.xz.gpgsig ... |
130 |
Fetching file portage-20140806.tar.xz ... |
131 |
Checking digest ... |
132 |
Checking signature ... |
133 |
gpg: Signature made Wed Aug 6 17:55:26 2014 PDT using RSA key ID C9189250 |
134 |
gpg: checking the trustdb |
135 |
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model |
136 |
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u |
137 |
gpg: next trustdb check due at 2015-11-24 |
138 |
gpg: Good signature from "Gentoo Portage Snapshot Signing Key |
139 |
(Automated Signing Key)" [ultimate] |
140 |
Getting snapshot timestamp ... |
141 |
Syncing local tree ... |
142 |
|
143 |
Number of files: 178933 |
144 |
Number of files transferred: 6846 |
145 |
Total file size: 327.27M bytes |
146 |
Total transferred file size: 19.96M bytes |
147 |
Literal data: 19.96M bytes |
148 |
Matched data: 0 bytes |
149 |
File list size: 4.32M |
150 |
File list generation time: 0.001 seconds |
151 |
File list transfer time: 0.000 seconds |
152 |
Total bytes sent: 12.38M |
153 |
Total bytes received: 156.23K |
154 |
|
155 |
sent 12.38M bytes received 156.23K bytes 166.03K bytes/sec |
156 |
total size is 327.27M speedup is 26.11 |
157 |
Cleaning up ... |
158 |
* Copying old database to /var/cache/eix/previous.eix |
159 |
* Running eix-update |
160 |
Reading Portage settings .. |
161 |
<SNIP> |
162 |
[474] "zx2c4" layman/zx2c4 (cache: eix* |
163 |
/tmp/eix-remote.MbcFER9d/zx2c4.eix [*/zx2c4]) |
164 |
Reading Packages .. Finished |
165 |
Applying masks .. |
166 |
Calculating hash tables .. |
167 |
Writing database file /var/cache/eix/remote.eix .. |
168 |
Database contains 31587 packages in 234 categories. |
169 |
* Calling eix-diff |
170 |
Diffing databases (17596 -> 17598 packages) |
171 |
[>] == games-util/umodpack (0.5_beta16-r1 -> 0.5_beta16-r2): |
172 |
portable and useful [un]packer for Unreal Tournament's Umod files |
173 |
[U] == media-libs/libbluray (0.5.0-r1{tbz2}@06/19/14; |
174 |
(~)0.5.0-r1{tbz2} -> (~)0.6.1): Blu-ray playback libraries |
175 |
[>] == net-misc/chrony (1.30^t -> 1.30-r1^t): NTP client and server programs |
176 |
[U] == sys-devel/gnuconfig (20131128{tbz2}@02/18/14; 20131128{tbz2} |
177 |
-> 20140212): Updated config.sub and config.guess file from GNU |
178 |
[U] == virtual/libgudev (215(0/0){tbz2}@08/05/14; 215(0/0){tbz2} -> |
179 |
215-r1(0/0)): Virtual for libgudev providers |
180 |
[U] == virtual/libudev (215(0/1){tbz2}@08/05/14; 215(0/1){tbz2} -> |
181 |
215-r1(0/1)): Virtual for libudev providers |
182 |
[D] == www-client/google-chrome-beta |
183 |
(37.0.2062.58_p1{tbz2}@08/05/14; (~)37.0.2062.58_p1^msd{tbz2} -> |
184 |
~37.0.2062.68_p1^msd): The web browser from Google |
185 |
[U] == www-client/google-chrome-unstable |
186 |
(38.0.2107.3_p1{tbz2}@08/06/14; (~)38.0.2107.3_p1^msd{tbz2} -> |
187 |
(~)38.0.2114.2_p1^msd): The web browser from Google |
188 |
[N] >> dev-ruby/prawn-table (~0.1.0): Provides support for tables in Prawn |
189 |
[N] >> sys-apps/cv (~0.4.1): Coreutils Viewer: show progress for cp, |
190 |
rm, dd, and so forth |
191 |
* Time statistics: |
192 |
136 seconds for syncing |
193 |
43 seconds for eix-update |
194 |
2 seconds for eix-diff |
195 |
197 seconds total |
196 |
c2RAID6 ~ # |
197 |
|
198 |
|
199 |
|
200 |
|
201 |
So that's all looking pretty good, as a first step. If it's a matter |
202 |
of 3 1/2 minutes instead of 1-2 minutes then I can live with that |
203 |
part. However that's just (I think) the portage tree and not signed |
204 |
source code, correct? |
205 |
|
206 |
Now, is the idea that I have a validated portage snapshot at this |
207 |
point and stiff have to actually get the code using the regular emerge |
208 |
which will do the checking because I have: |
209 |
|
210 |
FEATURES="buildpkg strict webrsync-gpg" |
211 |
|
212 |
I don't see any evidence that emerge checked what it downloaded, but |
213 |
maybe those checks are only done when I really build the code? |
214 |
|
215 |
|
216 |
|
217 |
|
218 |
c2RAID6 ~ # emerge -fDuN @world |
219 |
Calculating dependencies... done! |
220 |
|
221 |
>>> Fetching (1 of 5) sys-devel/gnuconfig-20140212 |
222 |
>>> Downloading 'http://gentoo.osuosl.org/distfiles/gnuconfig-20140212.tar.bz2' |
223 |
--2014-08-07 11:12:11-- |
224 |
http://gentoo.osuosl.org/distfiles/gnuconfig-20140212.tar.bz2 |
225 |
Resolving gentoo.osuosl.org... 140.211.166.134 |
226 |
Connecting to gentoo.osuosl.org|140.211.166.134|:80... connected. |
227 |
HTTP request sent, awaiting response... 200 OK |
228 |
Length: 44808 (44K) [application/x-bzip2] |
229 |
Saving to: '/usr/portage/distfiles/gnuconfig-20140212.tar.bz2' |
230 |
|
231 |
100%[================================================================>] |
232 |
44,808 113KB/s in 0.4s |
233 |
|
234 |
2014-08-07 11:12:13 (113 KB/s) - |
235 |
'/usr/portage/distfiles/gnuconfig-20140212.tar.bz2' saved |
236 |
[44808/44808] |
237 |
|
238 |
* gnuconfig-20140212.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ... |
239 |
[ ok ] |
240 |
|
241 |
>>> Fetching (2 of 5) media-libs/libbluray-0.6.1 |
242 |
>>> Downloading 'http://gentoo.osuosl.org/distfiles/libbluray-0.6.1.tar.bz2' |
243 |
--2014-08-07 11:12:13-- |
244 |
http://gentoo.osuosl.org/distfiles/libbluray-0.6.1.tar.bz2 |
245 |
Resolving gentoo.osuosl.org... 140.211.166.134 |
246 |
Connecting to gentoo.osuosl.org|140.211.166.134|:80... connected. |
247 |
HTTP request sent, awaiting response... 200 OK |
248 |
Length: 586646 (573K) [application/x-bzip2] |
249 |
Saving to: '/usr/portage/distfiles/libbluray-0.6.1.tar.bz2' |
250 |
|
251 |
100%[================================================================>] |
252 |
586,646 716KB/s in 0.8s |
253 |
|
254 |
2014-08-07 11:12:15 (716 KB/s) - |
255 |
'/usr/portage/distfiles/libbluray-0.6.1.tar.bz2' saved [586646/586646] |
256 |
|
257 |
* libbluray-0.6.1.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ... |
258 |
[ ok ] |
259 |
|
260 |
>>> Fetching (3 of 5) virtual/libudev-215-r1 |
261 |
|
262 |
>>> Fetching (4 of 5) virtual/libgudev-215-r1 |
263 |
|
264 |
>>> Fetching (5 of 5) www-client/google-chrome-unstable-38.0.2114.2_p1 |
265 |
>>> Downloading 'http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-unstable/google-chrome-unstable_38.0.2114.2-1_amd64.deb' |
266 |
--2014-08-07 11:12:16-- |
267 |
http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-unstable/google-chrome-unstable_38.0.2114.2-1_amd64.deb |
268 |
Resolving dl.google.com... 74.125.239.2, 74.125.239.6, 74.125.239.4, ... |
269 |
Connecting to dl.google.com|74.125.239.2|:80... connected. |
270 |
HTTP request sent, awaiting response... 200 OK |
271 |
Length: 47472462 (45M) [application/x-debian-package] |
272 |
Saving to: '/usr/portage/distfiles/google-chrome-unstable_38.0.2114.2-1_amd64.deb' |
273 |
|
274 |
100%[================================================================>] |
275 |
47,472,462 6.81MB/s in 7.1s |
276 |
|
277 |
2014-08-07 11:12:23 (6.37 MB/s) - |
278 |
'/usr/portage/distfiles/google-chrome-unstable_38.0.2114.2-1_amd64.deb' |
279 |
saved [47472462/47472462] |
280 |
|
281 |
* google-chrome-unstable_38.0.2114.2-1_amd64.deb SHA256 SHA512 |
282 |
WHIRLPOOL size ;-) ... [ ok ] |
283 |
c2RAID6 ~ # |
284 |
|
285 |
|
286 |
Cheers, |
287 |
Mark |