On 06-04-2024 12:57:23 +0100, Eddie Chapman wrote: > There is one significant thing that breaks, which is Gemato > (app-portage/gemato). Gemato requires lzma support in core python in > order to do GPG signature verification. This means you will have to say > goodbye (for now) to verifying upstream GPG signatures on distfiles, and > verification of Portage metadata after doing an emerge --sync. These > features have been added to Portage relatively recently (2022?) so are > "nice to have", without them your system is just less hardened, but > still with the very high level of security that Gentoo systems have has > always had prior to these features, in my opinion. Personally I can live > without them for now. Verifying hashes in Manifest files still works > fine and that's the main thing. You may disagree in which case, well, > don't do this then. I'm going to figure out an alternative way I can > verify Portage metadata soon, as there are other ways if you are creative.
If you just want to verify signatures and manifests after sync, qmanifest from portage-utils can help you do this. Thanks, Fabian -- Fabian Groffen Gentoo on a different level
signature.asc
Description: PGP signature
