Gentoo Archives: gentoo-scm

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-scm@l.g.o
Subject: Re: [gentoo-scm] gentoo-x86 on git - Manifests
Date: Fri, 20 Feb 2009 20:12:32
Message-Id: 20090220192932.GN20371@curie-int.orbis-terrarum.net
In Reply to: Re: [gentoo-scm] gentoo-x86 on git - Manifests by Robert Buchholz
1 On Fri, Feb 20, 2009 at 11:50:07AM +0100, Robert Buchholz wrote:
2 > On Friday 20 February 2009, Robin H. Johnson wrote:
3 > > Remember that Portage will only verify hashes that exist in the file.
4 > > If they aren't in the file, they don't get verified. The fix you
5 > > describe is unneeded.
6 > If you use FEATURES=digest, Portage ignores missing lines or errors in
7 > the Manifest completely. So either overlays must ship full Manifests or
8 > Portage would need a feature to fix slim Manifests.
9 [snip some paragraphs missing the point].
10 Portage needs minor changes for slim Manifests anyway: specifically, to
11 check the files against the Git index rather than the Manifest. It's NOT
12 that the files from the tree directly are unsigned, but rather that
13 their digests/signatures exist in Git instead of the Manifest.
14
15 The commits in the Git tree should be signed anyway to increase
16 security.
17
18 --
19 Robin Hugh Johnson
20 Gentoo Linux Developer & Infra Guy
21 E-Mail : robbat2@g.o
22 GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85

Replies

Subject Author
Re: [gentoo-scm] gentoo-x86 on git - Manifests Donnie Berkholz <dberkholz@g.o>
Re: [gentoo-scm] gentoo-x86 on git - Manifests "Robin H. Johnson" <robbat2@g.o>