March 27, 2011

Signing Manifests is easy

There is a discussion about unsigned Manifest commits, and I decided to finally start signing the commits. It was indeed ridiculously easy, and there is even a Manifest Signing Guide.

No separate GPG key is needed, you can (and probably should) just use your developer GPG key.

If you are not sure what value to use for PORTAGE_GPG_KEY, here is an example how to extract it:


$ gpg --list-public-keys
/home/%%%%%/.gnupg/pubring.gpg
---------------------------
pub   1024D/30427902 20%%-%%-%% [expires: 20%%-%%-%%]
uid                  Pawel Hajdan Jr <%%%@%%%>

Now the value you want in this example is 30427902. They key ID is also present on the roll-call page.

I've put those PORTAGE_GPG_ configuration values just in /etc/make.conf. Here's how it all looks like:

FEATURES="... sign ..."



PORTAGE_GPG_DIR="/home/%%%%%/.gnupg"
PORTAGE_GPG_KEY="30427902"

By the way, if you are using the developer profile (and I'd encourage you to do so), FEATURES="sign" is already enabled there by default.


About 40% of the Manifests in the portage tree are signed. I think this is pretty good, and in fact I was expecting a much lower value before I've seen the stats.

It's really really easy to get this to work. What are you waiting for? Start signing Manifests!

March 17, 2011

Unbreaking net-print/foo2zjs

If you happen to be using a printer that requires foo2zjs drivers (or foo2xqx, foo2hp, foo2lava, foo2qpdl, foo2slx, foo2hiperc, foo2oak - they are all part of net-print/foo2zjs package), you may be frustrated about numerous issues with broken digests for Gentoo's foo2zjs package.

Well, I also have a printer that requires one of those drivers, and decided to add a working ebuild to the tree. The upstream changes the tarball in place and requires downloading additional files from the network, so I decided to make a live ebuild. You can see bug #356695 and [gentoo-dev] unbreaking net-print/foo2zjs for the full story.

The end result is that there is a working net-print/foo2zjs solution on Gentoo now. The live ebuild requires one step to enable it:

# echo "=net-print/foo2zjs-99999999 **" >> /etc/portage/package.keywords

Then you should be able to just install it:

# emerge -av net-print/foo2zjs

Enjoy!