From 3e56f8a6498cd90a7d5fe472febf586455c3bad7 Mon Sep 17 00:00:00 2001
From: "Andreas K. Hüttel" <dilfridge@gentoo.org>
Date: Wed, 30 Aug 2023 19:57:19 +0200
Subject: Run PORTAGE_TRUST_HELPER before remote binary package operations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Right now this is somewhat suboptimal because the helper is only
called if FEATURES="binpkg-request-signature" is set, but existing
signatures are also verified otherwise.

Closes: https://github.com/gentoo/portage/pull/1085
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
---
 man/make.conf.5 | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'man')

diff --git a/man/make.conf.5 b/man/make.conf.5
index a1a433b10..2a28d2b6f 100644
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -1208,6 +1208,15 @@ Defaults to /var/tmp.
 
 This should not be set to point anywhere under location of any repository.
 .TP
+\fBPORTAGE_TRUST_HELPER\fR = \fI[path]\fR
+Defines an executable file which initializes and maintains
+/etc/portage/gnupg, installing keys that are trusted for binary package
+signing, and refreshing these keys from a key server. This helper is called
+before all operations involving remote binary packages if and only if
+binpkg-request-signature is in \fBFEATURES\fR.
+.br
+Defaults to "/usr/bin/getuto" (provided by app-portage/getuto).
+.TP
 \fBPORTAGE_USERNAME\fR = \fI[user]\fR
 Defines the username to use when executing in userpriv/etc... modes (i.e.
 non-root).
-- 
cgit v1.2.3-65-gdbad