1. Forum
  2. Usenet
  3. LINUX.GENTOO.USER

  • [gentoo-user] verify-sig

    From William Kenworthy@21:1/5 to All on Sat Apr 9 09:00:01 2022
    A new use has shown up named "verify-sig".  It seems simple enough from
    its euse description but its causing a large number of packages to be
    rebuilt unnecessarily (it defaults to off on my sytems).  Should I
    enable it? - I can find much info on it and it looks like it will cause
    major user hassles considering its effects so far - I am surprised there
    has been no news item for it which probably means its not considered a
    useful use flag.

    BillK

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From William Kenworthy@21:1/5 to Ionen Wolkens on Sat Apr 9 10:10:01 2022
    Thanks.

    BillK


    On 9/4/22 15:32, Ionen Wolkens wrote:
    On Sat, Apr 09, 2022 at 02:50:30PM +0800, William Kenworthy wrote:
    A new use has shown up named "verify-sig".  It seems simple enough from
    its euse description but its causing a large number of packages to be
    rebuilt unnecessarily (it defaults to off on my sytems).  Should I
    enable it? - I can find much info on it and it looks like it will cause
    major user hassles considering its effects so far - I am surprised there
    has been no news item for it which probably means its not considered a
    useful use flag.
    Use --changed-use/-U rather than --newuse/-N when using emerge.

    With --changed-use, if USE is changing from to:
    enabled -> removed = rebuilds
    disabled -> removed = ignores (changes nothing, no rebuild needed)
    missing -> disabled = ignores (likewise, this is the verify-sig)
    missing -> enabled = rebuilds

    While --newuse rebuilds in all 4 cases.

    There's largely no reason to enable verify-sig as you're already
    verifying through the Manifest. This is primarily intended for
    developers, albeit for users it can give some assurance that
    signatures were checked.


    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ionen Wolkens@21:1/5 to William Kenworthy on Sat Apr 9 09:40:01 2022
    On Sat, Apr 09, 2022 at 02:50:30PM +0800, William Kenworthy wrote:
    A new use has shown up named "verify-sig".  It seems simple enough from
    its euse description but its causing a large number of packages to be rebuilt unnecessarily (it defaults to off on my sytems).  Should I
    enable it? - I can find much info on it and it looks like it will cause major user hassles considering its effects so far - I am surprised there
    has been no news item for it which probably means its not considered a useful use flag.

    Use --changed-use/-U rather than --newuse/-N when using emerge.

    With --changed-use, if USE is changing from to:
    enabled -> removed = rebuilds
    disabled -> removed = ignores (changes nothing, no rebuild needed)
    missing -> disabled = ignores (likewise, this is the verify-sig)
    missing -> enabled = rebuilds

    While --newuse rebuilds in all 4 cases.

    There's largely no reason to enable verify-sig as you're already
    verifying through the Manifest. This is primarily intended for
    developers, albeit for users it can give some assurance that
    signatures were checked.

    --
    ionen

    -----BEGIN PGP SIGNATURE-----

    iQEzBAABCAAdFiEEx3SLh1HBoPy/yLVYskQGsLCsQzQFAmJRNoQACgkQskQGsLCs QzRMMAf7BuQS73GOryrtNoN90JCKpP8no4PGzTUF9BgxA1CWnfwqffDnUbWLotIu unF7mBVNbKvLlo2lF9cu+scvQe2utlHaNZ9Pa04iVg3QGo3gpfsnew3dJW2tO0aG Hyn9t3QueksRKR2qpBz5KU9t2AKBFQxKj+/UoKDVlQ6IwxJ2XkD32H77B8LaYrfy lT3hOqWou3uTdsGZaEkszZdRw72S2mc9/hqMaVnfHWos4odET/bZ8rfpknyI/AJj pw+AdpQ3LSXUgWNQYJ7Plx9sg6CSYBEnXYirnLh8IdlBMUnn49OPxnhfYT2+0vQ3 3AjJooySOvYDbSWf9nA+c1w+zdwk3w==
    =4Y0F
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)