From 3e56f8a6498cd90a7d5fe472febf586455c3bad7 Mon Sep 17 00:00:00 2001
From: "Andreas K. Hüttel" <dilfridge@gentoo.org>
Date: Wed, 30 Aug 2023 19:57:19 +0200
Subject: Run PORTAGE_TRUST_HELPER before remote binary package operations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Right now this is somewhat suboptimal because the helper is only
called if FEATURES="binpkg-request-signature" is set, but existing
signatures are also verified otherwise.

Closes: https://github.com/gentoo/portage/pull/1085
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
---
 cnf/make.globals | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'cnf')

diff --git a/cnf/make.globals b/cnf/make.globals
index f951bb317..bfefcc523 100644
--- a/cnf/make.globals
+++ b/cnf/make.globals
@@ -150,6 +150,9 @@ PORTAGE_ELOG_MAILFROM="portage@localhost"
 # Signing command used by egencache
 PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes --default-key \"\${PORTAGE_GPG_KEY}\" --homedir \"\${PORTAGE_GPG_DIR}\" \"\${FILE}\""
 
+# Trust helper executable for installing and updating package verification keys
+PORTAGE_TRUST_HELPER="/usr/bin/getuto"
+
 # btrfs.* attributes are irrelevant, see bug #527636.
 # security.* attributes may be special (see bug 461868), but
 # security.capability is specifically not excluded (bug 548516).
-- 
cgit v1.2.3-65-gdbad