Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.gentoo.dev > #70474
| Path | csiph.com!fu-berlin.de!bofh.it!news.nic.it!robomod |
|---|---|
| From | Sam James <sam@gentoo.org> |
| Newsgroups | linux.gentoo.dev |
| Subject | [gentoo-dev] [PATCH] 2026-04-29-portage-default-binpkg-verification: new news item |
| Date | Wed, 29 Apr 2026 03:20:01 +0200 |
| Message-ID | <MP1KN-1aky-3@gated-at.bofh.it> (permalink) |
| X-Original-To | gentoo-dev@lists.gentoo.org |
| X-Mailer | git-send-email 2.54.0 |
| List-ID | Gentoo Linux mail <gentoo-dev.gentoo.org> |
| Reply-To | gentoo-dev@lists.gentoo.org |
| X-Auto-Response-Suppress | DR, RN, NRN, OOF, AutoReply |
| MIME-Version | 1.0 |
| Content-Transfer-Encoding | 8bit |
| Approved | robomod@news.nic.it |
| Lines | 61 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | pr@gentoo.org, dev-portage@gentoo.org, binhost@gentoo.org, Sam James <sam@gentoo.org> |
| X-Original-Date | Wed, 29 Apr 2026 02:15:05 +0100 |
| X-Original-Message-ID | <520342fc754b06878381a6a1fbdb80341d0b0b87.1777425305.git.sam@gentoo.org> |
| Xref | csiph.com linux.gentoo.dev:70474 |
Show key headers only | View raw
Warn users running their own binary hosts that they will need to either start signing binary packages or disable verification explicitly. Bug: https://bugs.gentoo.org/930730 Bug: https://bugs.gentoo.org/945384 Signed-off-by: Sam James <sam@gentoo.org> --- ...portage-default-binpkg-verification.en.txt | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 2026-04-29-portage-default-binpkg-verification/2026-04-29-portage-default-binpkg-verification.en.txt diff --git a/2026-04-29-portage-default-binpkg-verification/2026-04-29-portage-default-binpkg-verification.en.txt b/2026-04-29-portage-default-binpkg-verification/2026-04-29-portage-default-binpkg-verification.en.txt new file mode 100644 index 0000000..d256f6c --- /dev/null +++ b/2026-04-29-portage-default-binpkg-verification/2026-04-29-portage-default-binpkg-verification.en.txt @@ -0,0 +1,40 @@ +Title: Portage defaulting to binpkg signature verification +Author: Sam James <sam@gentoo.org> +Posted: 2026-04-29 +Revision: 1 +News-Item-Format: 2.0 + +Newer versions of Portage will default to verifying binary package +signatures by default. + +This news item is only for those who run their own binary package hosts. + +Official binhost users +====================== + +No action is required, for two reasons: +1) all of the documentation included FEATURES="binpkg-request-signature", and +2) attempting to install a binpkg that is signed without any configuration + would fail early. + +The only impact is that future binary package installs will need less +setup. + +Custom binhosts +=============== + +If you don't know what this means, this section does not apply to you. + +Users who host their own binary packages and redistribute them to their +machines will need to either: +1) start signing their binpkgs [0], or +2) set `verify-signature = false` in /etc/portage/binrepos.conf/* for + the relevant configuration file for your binhost. + +Otherwise, fetched binpkgs will fail verification. + +This does not apply if your binhost uses the old XPAK binary package +format, but we encourage switching to BINPKG_FORMAT="gpkg" if that is +the case. + +[0] https://wiki.gentoo.org/wiki/Binary_package_guide#Binary_package_OpenPGP_signing base-commit: 841acfa1f5709b242ce24d1ac88293bae9e9227b -- 2.54.0
Back to linux.gentoo.dev | Previous | Next — Next in thread | Find similar
[gentoo-dev] [PATCH] 2026-04-29-portage-default-binpkg-verification: new news item Sam James <sam@gentoo.org> - 2026-04-29 03:20 +0200
[gentoo-dev] [PATCH v2] 2026-04-29-portage-default-binpkg-verification: new news item Sam James <sam@gentoo.org> - 2026-04-29 03:50 +0200
[gentoo-dev] [PATCH v2] range-diff Sam James <sam@gentoo.org> - 2026-04-29 04:40 +0200
csiph-web