| 1 |
Yesterday, I have found out that the first invocation |
| 2 |
of emerge-webrsync command can not download |
| 3 |
a snapshot of the portage tree if webrsync-gpg |
| 4 |
feature has been set in make.conf because stage3 |
| 5 |
does not have Gentoo signing keys and I can not |
| 6 |
install Gentoo package with Gentoo signing keys |
| 7 |
because there is no portage tree in stage3. |
| 8 |
(Just to remind: according to Gentoo handbook, |
| 9 |
the first invocation of emege-webrsync |
| 10 |
command is done after chrooting.) |
| 11 |
|
| 12 |
After disabling webrsync-gpg feature in make.conf |
| 13 |
emerge-wibrsync command worked as described in |
| 14 |
Gentoo handbook. However, as a result, the |
| 15 |
downloaded portage tree has not been verified! |
| 16 |
|
| 17 |
So, Gentoo handbook contains instructions that |
| 18 |
lead to downloading and using unverified portage |
| 19 |
tree that is unacceptable, especially taking into |
| 20 |
account the security issues Gentoo already had |
| 21 |
this year! |
| 22 |
|
| 23 |
P.S. I now recall that I hit the same issue in 2013 |
| 24 |
and earlier this year as well. Than I had to download, |
| 25 |
verify and untar a snapshot of the portage tree before |
| 26 |
chrooting, what never has been described |
| 27 |
in the Gentoo handbook. |
Archives