[ << ] [ < ] [ Home ] [ > ] [ >> ]

6. Manifest Signing Guide

6.a. How to sign Manifests?

Requirements:

>=sys-apps/portage-2.0.51_pre10
>=app-crypt/gnupg-1.2.4

Key Setup:

Create a new DSA GnuPG key with at least a 1024 bit keylength, an expiration period no longer than 6 months and a good passphrase.
Upload the key to a keyserver.

Portage Configuration:

Set PORTAGE_GPG_DIR to your ~/.gnupg/ directory (or the directory where the keyring with your new key is).
Set PORTAGE_GPG_KEY to the key id of your new key.
Set FEATURES="sign".

Now you should be able to sign your Manifests on repoman commit. Repoman will ask you for your passphrase before committing the Manifest. This step is after it has committed the other files. At the moment repoman doesn't check if the Manifest is already signed, so others are able to "unsign" your package later. This will change before signing is made mandatory.

[ << ] [ < ] [ Home ] [ > ] [ >> ]

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

View all

Updated October 16, 2009

Summary: This section describes how developers can sign Manifests in the Portage tree using GPG.

Sven Vermeulen
Author

Seemant Kulleen
Author

Shyam Mani
Author

Karl Trygve Kalleberg
Author

Mike Frysinger
Author

Alastair Tse
Author

Paul De Vrieze
Author

Nicholas D. Wolfwood
Author

Marius Mauch
Author

Daniel Black
Author

Wernfried Haas
Author

Chrissy Fullam
Author

Łukasz Damentko
Author

Daniel Robbins (Retired)
Author

John P. Davis (Retired)
Author

Tim Yamin (Retired)
Author

Jorge Paulo (Retired)
Author

Zack Gilburd (Retired)
Author

Benny Chuang (Retired)
Author

Erwin (Retired)
Author

Jon Portnoy (Retired)
Author

Carl Anderson (Retired)
Author

Donny Davies (Retired)
Author

Peter Gavin (Retired)
Author

Dan Armak (Retired)
Author

Owen Stampflee
Author

Ciaran McCreesh (Retired)
Author

Donate to support our development efforts.