On 2016-08-28 18:46, Gabriel Rosenkoetter wrote: > Apologies if this is a common question (if there’s a way to search PiperMail > archives that isn’t “download all of them and use grep locally”, I’ve never > known what it was), but I didn’t see an explicit facility to list a > cryptographic signature for the distribution files. > > Is that a done thing? > > (I can see how one could do this by adding the signature file to $distfiles > and then putting the signature verification in a post-checksum step, but if > there’s some standardized “make sure some sort of PGP exists locally and just > warn, rather than fail, if it doesn't” code, I figure it’s probably better to > adhere to that.)
No, verification of PGP signatures is not provided by base. gpg is not available on an standard OS X install. Adding that as a requirement just to verify the distfile would be quite heavy. I would recommend maintainers to verify the signature locally and then generate checksums for inclusion in the Portfile. Rainer _______________________________________________ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
