What's the "right" way to update a port to
Rainer Müller
raimue at macports.org
Sun Aug 28 10:16:13 PDT 2016
On 2016-08-28 18:46, Gabriel Rosenkoetter wrote:
> Apologies if this is a common question (if there’s a way to search PiperMail archives that isn’t “download all of them and use grep locally”, I’ve never known what it was), but I didn’t see an explicit facility to list a cryptographic signature for the distribution files.
>
> Is that a done thing?
>
> (I can see how one could do this by adding the signature file to $distfiles and then putting the signature verification in a post-checksum step, but if there’s some standardized “make sure some sort of PGP exists locally and just warn, rather than fail, if it doesn't” code, I figure it’s probably better to adhere to that.)
No, verification of PGP signatures is not provided by base. gpg is not
available on an standard OS X install. Adding that as a requirement just
to verify the distfile would be quite heavy.
I would recommend maintainers to verify the signature locally and then
generate checksums for inclusion in the Portfile.
Rainer
More information about the macports-users
mailing list