commit: 51fc048e850000424319fa112cbb2a7071992632 Author: Florian Schmaus <flow <AT> gentoo <DOT> org> AuthorDate: Tue Sep 16 09:49:35 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Nov 1 09:48:40 2025 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=51fc048e
repos.conf: set sync-git-verify-commit-signature to 'true' https://wiki.gentoo.org/wiki/Portage_with_Git recommends eselect repository enable gentoo to enable git-based sync of ::gentoo. However, since Portage does not enable sync-git-verify-commit-signature per default, this ends up in an insecure configuration (when compared with an rsync based sync). Fix this by enabling the setting per default for the ::gentoo repository in Portage. Closes: https://bugs.gentoo.org/959831 Bug: https://bugs.gentoo.org/901385 Bug: https://github.com/gentoo/eselect-repository/issues/31 Signed-off-by: Florian Schmaus <flow <AT> gentoo.org> Part-of: https://github.com/gentoo/portage/pull/1474 Closes: https://github.com/gentoo/portage/pull/1474 Signed-off-by: Sam James <sam <AT> gentoo.org> NEWS | 3 +++ cnf/repos.conf | 1 + 2 files changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 80833242e0..0725aa52b6 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,9 @@ Features: * Prefer the 'Last-Modified' over the 'timestamp' HTTP header when querying binhosts. +* Enable sync-git-verify-commit-signature for the 'gentoo' repository + per default. + Bug fixes: * Fix timestamp comparison for Packages index by using UTC consistently diff --git a/cnf/repos.conf b/cnf/repos.conf index f16fd352ee..a97db54e5d 100644 --- a/cnf/repos.conf +++ b/cnf/repos.conf @@ -17,3 +17,4 @@ sync-openpgp-key-refresh-retry-delay-exp-base = 2 sync-openpgp-key-refresh-retry-delay-max = 60 sync-openpgp-key-refresh-retry-delay-mult = 4 sync-webrsync-verify-signature = yes +sync-git-verify-commit-signature = true
