[tex-live] tlmgr: Package verification

Norbert Preining preining at logic.at
Wed Nov 8 00:45:29 CET 2017


> manual recently and didn't find anything: Please include that
> information there.

I committed these changes:

index 5a052686f31..831ae58ecb6 100755
--- a/Master/texmf-dist/scripts/texlive/tlmgr.pl
+++ b/Master/texmf-dist/scripts/texlive/tlmgr.pl
@@ -8554,6 +8554,13 @@ report C<(verified)> after loading the TLPDB; otherwise, they report
 C<(not verified)>.  Either way, by default the installation and/or
 updates proceed normally.

+If a program C<gpg> is available (that is, it is found in the C<PATH>),
+cryptographic signatures will be checked. In this case we require that
+the main repository is signed. This is not required for additional r
+repositories. If C<gpg> is not available, signatures are not checked
+and no verification is carried out, but C<tlmgr> proceeds normally.
+This is the behavior of C<tlmgr> up to TeX Live 2016.
+
 The attempted verification can be suppressed by specifying
 C<--no-verify-downloads> on the command line, or the entry
 C<verify-downloads = 0> in a C<tlmgr> config file (described in
@@ -8561,6 +8568,9 @@ L<CONFIGURATION FILE FOR TLMGR>).  On the other hand, it is possible to
 I<require> verification by specifying C<--require-verification> on the
 command line, or C<require-verification = 1> in a C<tlmgr> config file;
 in this case, if verification is not possible, the program quits.
+Note that as mentioned above, if C<gpg> is available, the main repository
+is always required to have a signature. Using the C<--require-verification>
+switch, C<tlmgr> also requires signatures from additional repositories.

 Cryptographic verification requires checksum checking (described just
 above) to succeed, and a working GnuPG (C<gpg>) program (see below for


If you have any further suggestions for the section
  CRYPTOGRAPHIC VERIFICATION
in the tlmgr man/help, please send them.

Thanks

Norbert

--
PREINING Norbert                               http://www.preining.info
Accelia Inc.     +    JAIST     +    TeX Live     +    Debian Developer
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13


More information about the tex-live mailing list