Florian Schmaus <[email protected]> writes: > News item draft, feedback welcome…
I've made some tweaks in response to user feedback and reports. > > Title: Portage to verify git-synced ::gentoo per default > Author: Florian Schmaus <[email protected]> > Posted: 2025-11-XX > Revision: 1 > News-Item-Format: 2.0 > Display-If-Installed: sys-apps/portage > > Portage is about to implicitly enable OpenPGP verification of the > ::gentoo repository when synchronizing using git [1]. That is, a > future Portage version will set > sync-git-verify-commit-signature = true > for the ::gentoo repository as default. > > This behavior change requires action from users who are synchronizing > the "raw" ::gentoo git repository, as otherwise synchronization may > fail due to validation errors. > > Users > - synchronizing the "sync friendly" ::gentoo git repository, > - using rsync as synchronization mechanism > - or, using emerge-webrsync > are *not* required to take any action. > > Remotes of the "sync friendly" ::gentoo git repository include: > - https://github.com/gentoo-mirror/gentoo > - https://anongit.gentoo.org/git/repo/sync/gentoo.git > - https://gitweb.gentoo.org/repo/sync/gentoo.git > > No action is required when using one of these remotes. > > However, users of the "raw" ::gentoo remote repository need to adjust > the repository configuration to verify against the "gentoo developers" > keyfile. Ensure that sec-keys/openpgp-keys-gentoo-developers, > providing this keyfile, is installed. Furthermore, the key refresh > method should be set to 'keyserver' (as WKD is not supported in this > case). > > Remotes of this category include: > - https://github.com/gentoo/gentoo > - https://gitweb.gentoo.org/repo/gentoo.git/ > > An typical adjusted configuration may look like the following: > > [gentoo] > location = /var/db/repos/gentoo > sync-type = git > sync-uri = https://github.com/gentoo/gentoo.git > sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-developers.asc > sync-openpgp-key-refresh = keyserver > > > 1: https://bugs.gentoo.org/959831 > > [2. OpenPGP public key --- application/pgp-keys; > OpenPGP_0x8CAC2A9678548E35.asc]...
