1 |
Ühel kenal päeval, L, 30.06.2018 kell 15:33, kirjutas Rich Freeman: |
2 |
> On Sat, Jun 30, 2018 at 12:50 PM Nikos Chantziaras <realnc@×××××.com> |
3 |
> wrote: |
4 |
> > |
5 |
> > On 30/06/18 19:15, Rich Freeman wrote: |
6 |
> > > |
7 |
> > > If you are using git syncing I believe that portage will verify |
8 |
> > > that |
9 |
> > > the top commit (which is the only one that really matters) is |
10 |
> > > using a |
11 |
> > > trusted key if you put the following line in repos.conf for the |
12 |
> > > repository: |
13 |
> > > sync-git-verify-commit-signature = true |
14 |
> > > |
15 |
> > > Obviously this only works with repositories signed by one of the |
16 |
> > > Gentoo keys. |
17 |
> > |
18 |
> > When using git to sync portage, aren't you supposed to use: |
19 |
> > |
20 |
> > git://anongit.gentoo.org/repo/sync/gentoo.git |
21 |
> > |
22 |
> > anyway instead of GitHub? |
23 |
> > |
24 |
> |
25 |
> A few comments there: |
26 |
> |
27 |
> 1. That particular repository isn't ideal since it lacks metadata. |
28 |
> You'll benefit from the better performance of git vs rsync, but |
29 |
> you'll |
30 |
> lose out regenerating the cache. It is of course the right place to |
31 |
> pull for patches/etc. |
32 |
> 2. The gentoo-mirror stable branch that benefits from CI+metadata |
33 |
> isn't available on Gentoo infra as far as I'm aware. |
34 |
|
35 |
That repo/sync/gentoo.git is EXACTLY that. Same thing as gentoo-mirror |
36 |
on GH. Has metadata cache and is pushed only to if CI passes. |
37 |
I think the underlying setup just pushes to both gentoo-mirror and |
38 |
there now. |
39 |
|
40 |
Note the /sync/ in path, it's not the main tree devs push to. |
41 |
|
42 |
|
43 |
Mart |