swift 11/10/26 19:46:19 Modified: hb-working-features.xml hb-working-portage.xml Log: Adding information on emerge-webrsync gpg feature as requested on gentoo-doc
Revision Changes Path 1.38 xml/htdocs/doc/en/handbook/hb-working-features.xml file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml?rev=1.38&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml?rev=1.38&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml?r1=1.37&r2=1.38 Index: hb-working-features.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- hb-working-features.xml 13 Jul 2010 00:26:59 -0000 1.37 +++ hb-working-features.xml 26 Oct 2011 19:46:19 -0000 1.38 @@ -4,7 +4,7 @@ <!-- The content of this document is licensed under the CC-BY-SA license --> <!-- See http://creativecommons.org/licenses/by-sa/2.5 --> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml,v 1.37 2010/07/13 00:26:59 nightmorph Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml,v 1.38 2011/10/26 19:46:19 swift Exp $ --> <sections> @@ -13,8 +13,8 @@ ccache and more. </abstract> -<version>1.33</version> -<date>2010-07-12</date> +<version>2</version> +<date>2011-10-26</date> <section> <title>Portage Features</title> @@ -330,4 +330,50 @@ </body> </subsection> </section> +<section id="webrsync-gpg"> +<title>Pulling Validated Portage Tree Snapshots</title> +<body> + +<p> +As an administrator, you can opt to only update your local Portage tree with a +cryptographically validated Portage tree snapshot as released by the Gentoo +infrastructure. This ensures that no rogue rsync mirror is adding unwanted code +or packages in the tree you are downloading. +</p> + +<p> +To configure Portage, first create a truststore in which you download and accept +the keys of the Gentoo Infrastructure responsible for signing the Portage tree +snapshots. Of course, if you want to, you can validate this GPG key as per the +<uri link="/doc/en/gnupg-user.xml#doc_chap2_sect4">proper guidelines</uri>. +</p> + +<pre caption="Creating a truststore for Portage"> +# <i>mkdir -p /etc/portage/gpg</i> +# <i>gpg --homedir /etc/portage/gpg --keyserver subkeys.pgp.net --recv-keys 0x239C75C4</i> +# <i>gpg --homedir /etc/portage/gpg --edit-key 0x239C75C4 trust</i> +</pre> + +<p> +Next, edit <path>/etc/make.conf</path> and enable support for validating the +signed Portage tree snapshots (using <c>FEATURES="webrsync-gpg"</c>) and +disabling updating the Portage tree using the regular <c>emerge --sync</c> +method. +</p> + +<pre caption="Updating Portage for signed tree validation"> +FEATURES="webrsync-gpg" +PORTAGE_GPG_DIR="/etc/portage/gpg" +SYNC="" +</pre> + +<p> +That's it. Next time you run <c>emerge-webrsync</c>, only the snapshots with +a valid signature will be expanded on your file system. +</p> + + +</body> +</section> + </sections> 1.78 xml/htdocs/doc/en/handbook/hb-working-portage.xml file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml?rev=1.78&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml?rev=1.78&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml?r1=1.77&r2=1.78 Index: hb-working-portage.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml,v retrieving revision 1.77 retrieving revision 1.78 diff -u -r1.77 -r1.78 --- hb-working-portage.xml 13 Oct 2011 16:58:14 -0000 1.77 +++ hb-working-portage.xml 26 Oct 2011 19:46:19 -0000 1.78 @@ -4,7 +4,7 @@ <!-- The content of this document is licensed under the CC-BY-SA license --> <!-- See http://creativecommons.org/licenses/by-sa/2.5 --> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml,v 1.77 2011/10/13 16:58:14 swift Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-portage.xml,v 1.78 2011/10/26 19:46:19 swift Exp $ --> <sections> @@ -13,8 +13,8 @@ maintain the software on his system. </abstract> -<version>3</version> -<date>2011-08-12</date> +<version>4</version> +<date>2011-10-26</date> <section> <title>Welcome to Portage</title> @@ -93,6 +93,15 @@ # <i>emerge-webrsync</i> </pre> +<p> +An additional advantage of using <c>emerge-webrsync</c> is that it allows the +administrator to only pull in portage tree snapshots that are signed by the +Gentoo release engineering GPG key. More information on this can be found +in the <uri link="?part=2&chap=3">Portage Features</uri> section on +<uri link="?part=2&chap=3#webrsync-gpg">Fetching Validated Portage Tree +Snapshots</uri>. +</p> + </body> </subsection> </section>
