commit: cccb00310f9ea2d025823fd60aae13920d2edc73 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Fri Dec 26 19:36:04 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Fri Dec 26 19:36:04 2025 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=cccb0031
Remaining GPG -> GnuPG stragglers Signed-off-by: Sam James <sam <AT> gentoo.org> cnf/make.conf.example | 14 +++++++------- cnf/make.globals | 12 ++++++------ lib/_emerge/actions.py | 4 ++-- lib/portage/exception.py | 2 +- lib/portage/tests/conftest.py | 2 +- man/make.conf.5 | 30 +++++++++++++++--------------- 6 files changed, 32 insertions(+), 32 deletions(-) diff --git a/cnf/make.conf.example b/cnf/make.conf.example index 6f4ec90fea..0f18d90820 100644 --- a/cnf/make.conf.example +++ b/cnf/make.conf.example @@ -188,7 +188,7 @@ # This ftp connection is active ftp. #PORTAGE_BINHOST="ftp://login:[email protected]:21*/pub/grp/i686/athlon-xp/"; -# Binary packages GPG commands +# Binary packages GnuPG commands # ============================ # # Only works with GPKG format. @@ -197,30 +197,30 @@ # binpkgs must have signature. # You need uncomment related commands and set "USER" and "SIGN_KEY" to yours. # -# Binary package GPG singing base command +# Binary package GnuPG signing base command # Basic command for all signature operations. # You need change this if you want to use other configurations, # Note that some configurations are configured separately below, # please do not add duplicate configurations #BINPKG_GPG_SIGNING_BASE_COMMAND="/usr/bin/flock /run/lock/portage-binpkg-gpg.lock /usr/bin/gpg --sign --armor [PORTAGE_CONFIG]" -# Binary package GPG signature digests algorithm. +# Binary package GnuPG signature digests algorithm. #BINPKG_GPG_SIGNING_DIGEST="SHA512" # gnupg home directory used for signing. #BINPKG_GPG_SIGNING_GPG_HOME="/root/.gnupg" -# GPG key ID used for signing. +# GnuPG key ID used for signing. #BINPKG_GPG_SIGNING_KEY="0x1234567890ABCD!" -# Binary package GPG verify base command. +# Binary package GnuPG verify base command. # Basic command for all verify operations. #BINPKG_GPG_VERIFY_BASE_COMMAND="/usr/bin/gpg --verify --batch --no-tty --no-auto-check-trustdb --status-fd 2 [PORTAGE_CONFIG] [SIGNATURE]" -# GPG home directory where store all trust binary package public keys. +# GPG home directory where all trusted public keys for binary packages are stored. #BINPKG_GPG_VERIFY_GPG_HOME="/etc/portage/gnupg" -# The user and group will be used when drop root privileges during GPG verify +# This user and group will be used for dropping root privileges during GnuPG verification #GPG_VERIFY_USER_DROP="nobody" #GPG_VERIFY_GROUP_DROP="nogroup" diff --git a/cnf/make.globals b/cnf/make.globals index 48c72fe20f..efb596d57b 100644 --- a/cnf/make.globals +++ b/cnf/make.globals @@ -42,20 +42,20 @@ BINPKG_COMPRESS="zstd" # Set to "xpak" to use the old gentoo binary package format. BINPKG_FORMAT="gpkg" -# The binary package default GPG signing command. -# flock is used to avoid a racing condition of gnupg +# The binary package default GnuPG signing command. +# flock is used to avoid a race condition of gnupg BINPKG_GPG_SIGNING_BASE_COMMAND="/usr/bin/flock /run/lock/portage-binpkg-gpg.lock /usr/bin/gpg --sign --armor [PORTAGE_CONFIG]" -# The default binary package GPG digests algorithm. +# The default binary package GnuPG digests algorithm. BINPKG_GPG_SIGNING_DIGEST="SHA512" -# The binary package default GPG verify command. +# The binary package default GnuPG verify command. BINPKG_GPG_VERIFY_BASE_COMMAND="/usr/bin/gpg --verify --batch --no-tty --no-auto-check-trustdb --status-fd 2 [PORTAGE_CONFIG] [SIGNATURE]" -# The binary package default GPG home directory for verify +# The binary package default GnuPG home directory for verify BINPKG_GPG_VERIFY_GPG_HOME="/etc/portage/gnupg" -# The user and group will be used when drop root privileges during GPG verify +# This user and group will be used for dropping root privileges during GnuPG verification GPG_VERIFY_USER_DROP="nobody" GPG_VERIFY_GROUP_DROP="nogroup" diff --git a/lib/_emerge/actions.py b/lib/_emerge/actions.py index 3f901dc7c6..d9bd9080db 100644 --- a/lib/_emerge/actions.py +++ b/lib/_emerge/actions.py @@ -602,7 +602,7 @@ def action_build( ) return 1 - # unlock GPG if needed + # Unlock GnuPG if needed if ( need_write_bindb and (eroot in ebuild_eroots) @@ -627,7 +627,7 @@ def action_build( ) return 1 - portage.writemsg_stdout(">>> Unlocking GPG... ") + portage.writemsg_stdout(">>> Unlocking GnuPG... ") sys.stdout.flush() gpg = GPG(trees[eroot]["root_config"].settings) try: diff --git a/lib/portage/exception.py b/lib/portage/exception.py index 7b48aa919e..a078c41f8e 100644 --- a/lib/portage/exception.py +++ b/lib/portage/exception.py @@ -241,7 +241,7 @@ class DigestException(SignatureException): class GPGException(SignatureException): - """GPG operation failed""" + """GnuPG operation failed""" class MissingSignature(SignatureException): diff --git a/lib/portage/tests/conftest.py b/lib/portage/tests/conftest.py index 2b05ed9ade..6f15e34daa 100644 --- a/lib/portage/tests/conftest.py +++ b/lib/portage/tests/conftest.py @@ -67,7 +67,7 @@ def prepare_environment(): os.environ["PATH"] = ":".join(path) try: - # Copy GPG test keys to temporary directory + # Copy GnuPG test keys to temporary directory gpg_path = tempfile.mkdtemp(prefix="gpg_") shutil.copytree( diff --git a/man/make.conf.5 b/man/make.conf.5 index e980b87e0a..f2d6f0e001 100644 --- a/man/make.conf.5 +++ b/man/make.conf.5 @@ -157,7 +157,7 @@ This variable is used to add additional arguments only for the specified \ BINPKG_COMPRESS_FLAGS_ZSTD="-9" .fi .TP -\fBBINPKG_GPG_SIGNING_BASE_COMMAND\fR = \fI"GPG command and arguments \ +\fBBINPKG_GPG_SIGNING_BASE_COMMAND\fR = \fI"GnuPG command and arguments \ [PORTAGE_CONFIG]"\fR The base command will be used for all signing operations. Portage will replace \fB[PORTAGE_CONFIG]\fR under different operations. @@ -167,20 +167,20 @@ Defaults to "/usr/bin/flock /run/lock/portage-binpkg-gpg.lock /usr/bin/gpg \ --sign --armor [PORTAGE_CONFIG]". .br .TP -\fBBINPKG_GPG_SIGNING_DIGEST=\fR = \fI"GPG supported digest"\fR +\fBBINPKG_GPG_SIGNING_DIGEST=\fR = \fI"GnuPG supported digest"\fR The digest that will be used for signature. .br Defaults to "SHA512" .br .TP \fBBINPKG_GPG_SIGNING_GPG_HOME\fR = \fI[path]\fR -The GPG home where the signing private key located. +The GnuPG home where the signing private key located. .br Defaults to "/root/.gnupg" .br .TP -\fBBINPKG_GPG_SIGNING_KEY\fR = \fI"GPG key ID"\fR -GPG key ID used to sign binary packages, must exists in \ +\fBBINPKG_GPG_SIGNING_KEY\fR = \fI"GnuPG key ID"\fR +GnuPG key ID used to sign binary packages, must exists in \ \fBBINPKG_GPG_SIGNING_GPG_HOME\fR. .br Defaults to "" @@ -188,7 +188,7 @@ Defaults to "" Example: "0x40DCF18E97150795!" .br .TP -\fBBINPKG_GPG_VERIFY_BASE_COMMAND=\fR = \fI"GPG command and arguments"\fR +\fBBINPKG_GPG_VERIFY_BASE_COMMAND=\fR = \fI"GnuPG command and arguments"\fR The base command will be used for all verify operations. Portage will replace \fB[PORTAGE_CONFIG]\fR and \fB[SIGNATURE]\fR under \ different operations. @@ -199,7 +199,7 @@ Defaults to "/usr/bin/gpg --verify --batch --no-tty --no-auto-check-trustdb \ .br .TP \fBBINPKG_GPG_VERIFY_GPG_HOME\fR = \fI[path]\fR -The GPG home where the trusted keys located. Please make sure the target \ +The GnuPG home where the trusted keys located. Please make sure the target \ directory is globally readable, as the user will be dropped to \fBnobody\fR \ during verification. .br @@ -358,7 +358,7 @@ strips (or splits) them before installing. \fBbinpkg\-dostrip\fR must be enabled for \fBinstallsources\fR to work. .TP .B binpkg-ignore-signature -This will disable GPG signature check for all binary packages. Enable this +This will disable GnuPG signature checks for all binary packages. Enabling this could be dangerous if you get binary packages from remote site or use third party packages. If enabled, takes precedence over \fBbinrepos.conf\fR. .TP @@ -395,13 +395,13 @@ It is also possible to remove packages manually, and then run This feature is enabled by default. .TP .B binpkg-request-signature -Binary packages are requested to be signed by trusted GPG signature. -Portage will reject to process any binary package without a valid GPG +Binary packages are requested to be signed by a trusted GnuPG signature. +Portage will reject to process any binary package without a valid GnuPG signature. The verify command is defined in \fBBINPKG_GPG_VERIFY_COMMAND\fR variable. If enabled, takes precedence over \fBbinrepos.conf\fR. .TP .B binpkg-signing -Binary packages will be signed by given GPG command. The signing command +Binary packages will be signed by given GnuPG command. The signing command is defined in \fBBINPKG_GPG_SIGNING_COMMAND\fR variable. .TP .B buildpkg @@ -535,8 +535,8 @@ Force emerges to always try to fetch files from the \fIPORTAGE_BINHOST\fR. See \fBmake.conf\fR(5) for more information. .TP .B gpg-keepalive -Run GPG unlock command every 5 mins to avoid the passphrase expired. -If your GPG is auto unlocked on login, you do not need this. +Run GnuPG unlock command every 5 mins to avoid passphrase expiry. +If your GnuPG keyring is auto unlocked on login, you do not need this. .TP .B home\-dir\-template\-copy As part of the ebuild environment setup, copy the PORTAGE_USERNAME (default @@ -765,7 +765,7 @@ See also \fIsuidctl\fR below. .TP .B sign When committing work to cvs with \fBrepoman\fR(1), sign the Manifest with -a GPG key. Read about the \fIPORTAGE_GPG_KEY\fR variable in +a GnuPG key. Read about the \fIPORTAGE_GPG_KEY\fR variable in \fBmake.conf\fR(5). .TP .B skiprocheck @@ -867,7 +867,7 @@ operation. Warn if portage is about to execute a child process with a large environment. .TP .B webrsync-gpg -Enable GPG verification when using \fIemerge\-webrsync\fR. This feature is +Enable GnuPG verification when using \fIemerge\-webrsync\fR. This feature is deprecated and has been replaced by the \fBrepos.conf\fR \fIsync\-webrsync\-verify\-signature\fR setting, see \fBportage\fR(5). .TP
