Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-doc-cvs

From: "Sven Vermeulen (swift)" <swift@g.o>
To: gentoo-doc-cvs@l.g.o
Subject: [gentoo-doc-cvs] gentoo commit in xml/htdocs/doc/en/handbook: hb-working-features.xml hb-working-portage.xml
Date: Wed, 26 Oct 2011 19:46:45
Message-Id: 20111026194619.AB7972004B@flycatcher.gentoo.org
1 swift 11/10/26 19:46:19
2
3 Modified: hb-working-features.xml hb-working-portage.xml
4 Log:
5 Adding information on emerge-webrsync gpg feature as requested on gentoo-doc
6
7 Revision Changes Path
8 1.38 xml/htdocs/doc/en/handbook/hb-working-features.xml
9
10 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml?rev=1.38&view=markup
11 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml?rev=1.38&content-type=text/plain
12 diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml?r1=1.37&r2=1.38
13
14 Index: hb-working-features.xml
15 ===================================================================
16 RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml,v
17 retrieving revision 1.37
18 retrieving revision 1.38
19 diff -u -r1.37 -r1.38
20 --- hb-working-features.xml 13 Jul 2010 00:26:59 -0000 1.37
21 +++ hb-working-features.xml 26 Oct 2011 19:46:19 -0000 1.38
22 @@ -4,7 +4,7 @@
23 <!-- The content of this document is licensed under the CC-BY-SA license -->
24 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
25
26 -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml,v 1.37 2010/07/13 00:26:59 nightmorph Exp $ -->
27 +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml,v 1.38 2011/10/26 19:46:19 swift Exp $ -->
28
29 <sections>
30
31 @@ -13,8 +13,8 @@
32 ccache and more.
33 </abstract>
34
35 -<version>1.33</version>
36 -<date>2010-07-12</date>
37 +<version>2</version>
38 +<date>2011-10-26</date>
39
40 <section>
41 <title>Portage Features</title>
42 @@ -330,4 +330,50 @@
43 </body>
44 </subsection>
45 </section>
46 +<section id="webrsync-gpg">
47 +<title>Pulling Validated Portage Tree Snapshots</title>
48 +<body>
49 +
50 +<p>
51 +As an administrator, you can opt to only update your local Portage tree with a
52 +cryptographically validated Portage tree snapshot as released by the Gentoo
53 +infrastructure. This ensures that no rogue rsync mirror is adding unwanted code
54 +or packages in the tree you are downloading.
55 +</p>
56 +
57 +<p>
58 +To configure Portage, first create a truststore in which you download and accept
59 +the keys of the Gentoo Infrastructure responsible for signing the Portage tree
60 +snapshots. Of course, if you want to, you can validate this GPG key as per the
61 +<uri link="/doc/en/gnupg-user.xml#doc_chap2_sect4">proper guidelines</uri>.
62 +</p>
63 +
64 +<pre caption="Creating a truststore for Portage">
65 +# <i>mkdir -p /etc/portage/gpg</i>
66 +# <i>gpg --homedir /etc/portage/gpg --keyserver subkeys.pgp.net --recv-keys 0x239C75C4</i>
67 +# <i>gpg --homedir /etc/portage/gpg --edit-key 0x239C75C4 trust</i>
68 +</pre>
69 +
70 +<p>
71 +Next, edit <path>/etc/make.conf</path> and enable support for validating the
72 +signed Portage tree snapshots (using <c>FEATURES="webrsync-gpg"</c>) and
73 +disabling updating the Portage tree using the regular <c>emerge --sync</c>
74 +method.
75 +</p>
76 +
77 +<pre caption="Updating Portage for signed tree validation">
78 +FEATURES="webrsync-gpg"
79 +PORTAGE_GPG_DIR="/etc/portage/gpg"
80 +SYNC=""
81 +</pre>
82 +
83 +<p>
84 +That's it. Next time you run <c>emerge-webrsync</c>, only the snapshots with
85 +a valid signature will be expanded on your file system.
86 +</p>
87 +
88 +
89 +</body>
90 +</section>
91 +
92 </sections>
93
94
95
96 1.78 xml/htdocs/doc/en/handbook/hb-working-portage.xml
97
98 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml?rev=1.78&view=markup
99 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml?rev=1.78&content-type=text/plain
100 diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml?r1=1.77&r2=1.78
101
102 Index: hb-working-portage.xml
103 ===================================================================
104 RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml,v
105 retrieving revision 1.77
106 retrieving revision 1.78
107 diff -u -r1.77 -r1.78
108 --- hb-working-portage.xml 13 Oct 2011 16:58:14 -0000 1.77
109 +++ hb-working-portage.xml 26 Oct 2011 19:46:19 -0000 1.78
110 @@ -4,7 +4,7 @@
111 <!-- The content of this document is licensed under the CC-BY-SA license -->
112 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
113
114 -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml,v 1.77 2011/10/13 16:58:14 swift Exp $ -->
115 +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml,v 1.78 2011/10/26 19:46:19 swift Exp $ -->
116
117 <sections>
118
119 @@ -13,8 +13,8 @@
120 maintain the software on his system.
121 </abstract>
122
123 -<version>3</version>
124 -<date>2011-08-12</date>
125 +<version>4</version>
126 +<date>2011-10-26</date>
127
128 <section>
129 <title>Welcome to Portage</title>
130 @@ -93,6 +93,15 @@
131 # <i>emerge-webrsync</i>
132 </pre>
133
134 +<p>
135 +An additional advantage of using <c>emerge-webrsync</c> is that it allows the
136 +administrator to only pull in portage tree snapshots that are signed by the
137 +Gentoo release engineering GPG key. More information on this can be found
138 +in the <uri link="?part=2&amp;chap=3">Portage Features</uri> section on
139 +<uri link="?part=2&amp;chap=3#webrsync-gpg">Fetching Validated Portage Tree
140 +Snapshots</uri>.
141 +</p>
142 +
143 </body>
144 </subsection>
145 </section>
Report Message
Find on MARC Find on Google Groups