What's the "right" way to update a port to

Rainer Müller raimue at macports.org
Sun Aug 28 10:16:13 PDT 2016

On 2016-08-28 18:46, Gabriel Rosenkoetter wrote:
> Apologies if this is a common question (if there’s a way to search PiperMail archives that isn’t “download all of them and use grep locally”, I’ve never known what it was), but I didn’t see an explicit facility to list a cryptographic signature for the distribution files.
> Is that a done thing?
> (I can see how one could do this by adding the signature file to $distfiles and then putting the signature verification in a post-checksum step, but if there’s some standardized “make sure some sort of PGP exists locally and just warn, rather than fail, if it doesn't” code, I figure it’s probably better to adhere to that.)

No, verification of PGP signatures is not provided by base. gpg is not
available on an standard OS X install. Adding that as a requirement just
to verify the distfile would be quite heavy.

I would recommend maintainers to verify the signature locally and then
generate checksums for inclusion in the Portfile.


More information about the macports-users mailing list