path: root/cnf
diff options
authorZac Medico <zmedico@gentoo.org>2019-07-08 22:57:33 -0700
committerZac Medico <zmedico@gentoo.org>2019-07-10 13:28:39 -0700
commit829623eadbeda97d37c0ea50dc5f08f19bf4561b (patch)
tree48be75ed708f5e40fcd35f22b151872c826cd59e /cnf
parentImprovements for man 5 ebuild to reflect EAPI 7 changes. (diff)
repos.conf: default sync-webrsync-verify-signature
Enable sync-webrsync-verify-signature by default in repos.conf (due to dependencies the ebuild will make this conditional on USE=rsync-verify in the same way as the default sync-rsync-verify-metamanifest value). Use a new PORTAGE_TEMP_GPG_DIR variable to distinguish indirect emerge-webrsync calls that use gemato for secure key refresh, and disable direct emerge-webrsync calls. Deprecate FEATURES=webrsync-gpg and use it to trigger a backward-compatibility mode where direct emerge-webrsync calls are allowed (but trigger a warning message). Since direct emerge-webrsync calls do not use gemato for secure key refresh, this behavior will not be supported in a future release. Bug: https://bugs.gentoo.org/689506 Signed-off-by: Zac Medico <zmedico@gentoo.org>
Diffstat (limited to 'cnf')
1 files changed, 1 insertions, 0 deletions
diff --git a/cnf/repos.conf b/cnf/repos.conf
index 2d73b3e35..e71b704db 100644
--- a/cnf/repos.conf
+++ b/cnf/repos.conf
@@ -16,6 +16,7 @@ sync-openpgp-key-refresh-retry-overall-timeout = 1200
sync-openpgp-key-refresh-retry-delay-exp-base = 2
sync-openpgp-key-refresh-retry-delay-max = 60
sync-openpgp-key-refresh-retry-delay-mult = 4
+sync-webrsync-verify-signature = yes
# for daily squashfs snapshots
#sync-type = squashdelta