/[gentoo]/xml/htdocs/doc/en/handbook/hb-working-features.xml
Gentoo

Diff of /xml/htdocs/doc/en/handbook/hb-working-features.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.37 Revision 1.38
2<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> 2<!DOCTYPE sections SYSTEM "/dtd/book.dtd">
3 3
4<!-- The content of this document is licensed under the CC-BY-SA license --> 4<!-- The content of this document is licensed under the CC-BY-SA license -->
5<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> 5<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
6 6
7<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml,v 1.37 2010/07/13 00:26:59 nightmorph Exp $ --> 7<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/handbook/hb-working-features.xml,v 1.38 2011/10/26 19:46:19 swift Exp $ -->
8 8
9<sections> 9<sections>
10 10
11<abstract> 11<abstract>
12Discover the features Portage has, such as support for distributed compiling, 12Discover the features Portage has, such as support for distributed compiling,
13ccache and more. 13ccache and more.
14</abstract> 14</abstract>
15 15
16<version>1.33</version> 16<version>2</version>
17<date>2010-07-12</date> 17<date>2011-10-26</date>
18 18
19<section> 19<section>
20<title>Portage Features</title> 20<title>Portage Features</title>
21<body> 21<body>
22 22
328</p> 328</p>
329 329
330</body> 330</body>
331</subsection> 331</subsection>
332</section> 332</section>
333<section id="webrsync-gpg">
334<title>Pulling Validated Portage Tree Snapshots</title>
335<body>
336
337<p>
338As an administrator, you can opt to only update your local Portage tree with a
339cryptographically validated Portage tree snapshot as released by the Gentoo
340infrastructure. This ensures that no rogue rsync mirror is adding unwanted code
341or packages in the tree you are downloading.
342</p>
343
344<p>
345To configure Portage, first create a truststore in which you download and accept
346the keys of the Gentoo Infrastructure responsible for signing the Portage tree
347snapshots. Of course, if you want to, you can validate this GPG key as per the
348<uri link="/doc/en/gnupg-user.xml#doc_chap2_sect4">proper guidelines</uri>.
349</p>
350
351<pre caption="Creating a truststore for Portage">
352# <i>mkdir -p /etc/portage/gpg</i>
353# <i>gpg --homedir /etc/portage/gpg --keyserver subkeys.pgp.net --recv-keys 0x239C75C4</i>
354# <i>gpg --homedir /etc/portage/gpg --edit-key 0x239C75C4 trust</i>
355</pre>
356
357<p>
358Next, edit <path>/etc/make.conf</path> and enable support for validating the
359signed Portage tree snapshots (using <c>FEATURES="webrsync-gpg"</c>) and
360disabling updating the Portage tree using the regular <c>emerge --sync</c>
361method.
362</p>
363
364<pre caption="Updating Portage for signed tree validation">
365FEATURES="webrsync-gpg"
366PORTAGE_GPG_DIR="/etc/portage/gpg"
367SYNC=""
368</pre>
369
370<p>
371That's it. Next time you run <c>emerge-webrsync</c>, only the snapshots with
372a valid signature will be expanded on your file system.
373</p>
374
375
376</body>
377</section>
378
333</sections> 379</sections>

Legend:
Removed from v.1.37  
changed lines
  Added in v.1.38

  ViewVC Help
Powered by ViewVC 1.1.20