catalog Info Catalog previous tlbuild: tlmgr CONFIGURATION FILE FOR TLMGR up tlbuild: tlmgr next tlbuild: tlmgr USER MODE

tlbuild: tlmgr CRYPTOGRAPHIC VERIFICATION

 
 B.8 CRYPTOGRAPHIC VERIFICATION
 ==============================
 
 'tlmgr' and 'install-tl' perform cryptographic verification if possible.
 If verification is performed and successful, the programs report
 '(verified)' after loading the TLPDB; otherwise, they report '(not
 verified)'.  But either way, by default the installation and/or updates
 proceed normally.
 
    If a program named 'gpg' is available (that is, found in 'PATH'), by
 default cryptographic signatures will be checked: we require the main
 repository be signed, but not any additional repositories.  If 'gpg' is
 not available, by default signatures are not checked and no verification
 is carried out, but 'tlmgr' still proceeds normally.
 
    The behavior of the verification can be controlled by the command
 line and config file option 'verify-repo' which takes one of the
 following values: 'none', 'main', or 'all'.  With 'none', no
 verification whatsoever is attempted.  With 'main' (the default)
 verification is required only for the main repository, and only if 'gpg'
 is available; though attempted for all, missing signatures of subsidiary
 repositories will not result in an error.  Finally, in the case of
 'all', 'gpg' must be available and all repositories need to be signed.
 
    In all cases, if a signature is checked and fails to verify, an error
 is raised.
 
    Cryptographic verification requires checksum checking (described just
 above) to succeed, and a working GnuPG ('gpg') program (see below for
 search method).  Then, unless cryptographic verification has been
 disabled, a signature file ('texlive.tlpdb.*.asc') of the checksum file
 is downloaded and the signature verified.  The signature is created by
 the TeX Live Distribution GPG key 0x0D5E5D9106BAB6BC, which in turn is
 signed by Karl Berry's key 0x0716748A30D155AD and Norbert Preining's key
 0x6CACA448860CDC13.  All of these keys are obtainable from the standard
 key servers.
 
    Additional trusted keys can be added using the 'key' action.

Menu

 
· tlmgr Configuration of GnuPG invocation
catalog Info Catalog previous tlbuild: tlmgr CONFIGURATION FILE FOR TLMGR up tlbuild: tlmgr next tlbuild: tlmgr USER MODE