Summary: | [Future EAPI] Add GPG --verify and/or GPG Array function in eBuilds | ||
---|---|---|---|
Product: | Gentoo Hosted Projects | Reporter: | tonemgub |
Component: | PMS/EAPI | Assignee: | PMS/EAPI <pms> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
tonemgub
2016-10-30 18:08:02 UTC
Since PMS doesn't even specify Manifest verification, this rather looks like GLEP territory (GLEP 57 to 61), not like something that should go into PMS. *** This bug has been marked as a duplicate of bug 472594 *** For overlays, there will be a system that involves the use of gkeys from the gentoo-keys project that will be integrated into portage/layman to verify the content of a repository. But I think these functions could be needed for other content/purposes. The problem though involves the management of the multitude of keys being needed, their refresh updates, etc.. That is something the gentoo-keys project was formed to deal with. There is a lot of the main code done already, but nothing has been done specifically for overlays as yet. There is still some more work to do for the main tree which is the initial target. Once that is in place overlays will be relatively easy to add gpg verification as the tools will be in place. |