path: root/FAQ.html
diff options
authorJason Woodward2007-06-16 06:41:11 +0000
committerJason Woodward2007-06-16 06:41:11 +0000
commit3faba5e19be6cea47ce315e4ee5aca032eea1090 (patch)
tree6febf3e1591b8067bf6913100d67bde979c2b91b /FAQ.html
parent549fdf52b1b021c0f608e0a5285461f4e5f6d782 (diff)
* added GPG signature verification via gpgme (thanks Pat Volkerding for
adding gpgme to -current) * Updated downloading in libslapt for better notification. This also resulted in some simplification in code. Removed unused DEBUG ifdefs. Removed deprecated translation strings. Added error condition strings and slapt_strerror() function. New translation strings. Bumped to 0.9.12.
Diffstat (limited to 'FAQ.html')
1 files changed, 13 insertions, 0 deletions
diff --git a/FAQ.html b/FAQ.html
index cab7701..669bb27 100644
--- a/FAQ.html
+++ b/FAQ.html
@@ -67,6 +67,7 @@
<a href="#slgFAQ50">50. What about mirror fall back / fail-over ?</a>
<a href="#slgFAQ51">51. How do I install a kernel rather than upgrade the existing kernel?</a>
<a href="#slgFAQ52">52. What are the relationships of CHECKSUMS.md5, PACKAGES.TXT and package_data?</a>
+<a href="#slgFAQ53">53. Does slapt-get support the GPG/PGP signature verification?</a>
@@ -1181,6 +1182,18 @@
source and continue.
+<a name="slgFAQ53"><b>53. Does slapt-get support the GPG/PGP signature verification?</b></a>
+ Yes, as of 0.9.12 slapt-get can be built with gpgme support that allows
+ slapt-get to verify the signature of the CHECKSUMS file on each mirror.
+ This requires the presence of the signature file and the GPG-KEY file on
+ the package source. The GPG-KEY is imported into the local keychain using
+ the --add-keys option. When running --update, the signature file for the
+ CHECKSUMS listing is downloaded and verification is attempted. If the key
+ is not present slapt-get mentions this and continues on. slapt-get only halts
+ if verification failed.