[tex-live] tlmgr: Package verification
Norbert Preining
preining at logic.at
Mon Nov 6 00:56:45 CET 2017
Hi Philipp,
> like to know if (and how) tlmgr ensures the integrity of
> downloaded/updated packages. I found some presentation slides from
> 2016 that seem to address that very problem, but I'm not sure if all
Yes it does.
> the things mentioned there are performed out-of-the-box.
If there is a gog installation available yes, otherwise no.
> From what I found out so far, it seems as if a separate
> GPG-installation is necessary for all the verification stuff to work?
Especially on Windows and Mac, yes. Linux installations normally have
gpg around.
> What happens if I run tlmgr (or the Windows net installer) without
> having GPG installed? Does it verify SHA512-hashes of downloaded
It works normally but gives a warning that gpg is not installed and
verification cannot performed.
> For GPG, does it suffice to download and install Gpg4Win before
> installing Tex Live/running tlmgr?
If after that gpg is in the PATH, yes. Or you can install tlgpg which is
a packaged gpg that does not pollute the PATH, see:
> What's the purpose of the repository at
> http://www.preining.info/tlgpg/ that is mentioned in the presentation?
> Do I still need tlgpg if I use tlmgr with Gpg4Win installed?
No. tlgpg *OR* Gpg4Win. The point is that there needs to be a gpg binary
available in the PATH.
Hope that helps
Norbert
--
PREINING Norbert http://www.preining.info
Accelia Inc. + JAIST + TeX Live + Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
More information about the tex-live
mailing list