User:Maffblaster/Archives/Gkeys Handbook section

Validated Gentoo repository snapshots
Administrators can opt to update the local Gentoo ebuild repository with a cryptographically validated snapshot as released by the Gentoo infrastructure. This ensures that no rogue rsync mirror is adding unwanted code or packages to the repositories the system will be downloading.

The Gentoo release media OpenPGP keys are now available as a binary keyring. These can be installed via the package:

This will install the keyring to the location.

Make sure that package is installed:

Use to verify that the keys in the keyring are the correct keys:

Verify the fingerprints of the key(s) against those listed on the official Gentoo release engineering project page.

Repeat the following command for each key you wish to trust. (Substitute the keyid '0x...' for the desired key you wish to trust.)

Should a GPG command-line menu appear, fully trust the key and quit the program by entering the following:

The system is now set-up to sync using only OpenPGP/gpg verified snapshots. Several command options are available to perform the sync.