www.LinuxHowtos.org

qmanifest

Section: qmanifest (1)
Updated: Feb 2026
Index Return to Main Contents

NAME

qmanifest - verify or generate thick Manifest files

SYNOPSIS

qmanifest [opts] <misc args>

DESCRIPTION

qmanifest allows to verify or generate thick signed Manifests in an ebuild tree. By default, qmanifest will verify the main tree as specified by Portage's configuration (one can check which using q -o). In this mode, it will output some information about the GPG signature of the to-level Manifest file, and further reports on any problems it encounters. This applet was originally a standalone program hashgen and its alias hashverify. Aliases for these names are still available for historical reasons. With the incorporation of hashgen in portag-utils, development on the former has stopped in favour of the latter. The arguments to qmanifest can be directories or names of overlays. By default, each argument is attempted to be matched against all overlay names, and if that fails, treated as directory to presume a tree is in. This behaviour can be overridden with the -d and -o flags to force treating the arguments as directories or overlay names respectively. Note that overlay names are those as defined in repos.conf from Portage's configuration. The repo_name files from the overlays themselves (if present) are ignored. This applet does similar things as ap-portage/gemato. However, the output and implemented strategies are completely different. When compiled with USE=openmp, this applet will exploit parallelism where possible to traverse a tree. Should you want to limit the number of parallel threads, export OMP_NUM_THREADS in your environment with the desired maximum amount of threads in use by qmanifest.

OPTIONS

-g, --generate: Generate thick Manifests.
-s <arg>, --signas <arg>: Sign generated Manifest using GPG key. This key must exist in your keyring and be valid for signing.
-p, --passphrase: Ask for GPG key password (instead of relying on gp-agent). While this option is not very useful compared to gpg's ways of gathering a password, it is mainly intended for automated setups where the password is piped in using stdin.
-d, --dir: Treat arguments as directories.
-o, --overlay: Treat arguments as overlay names.
--root <arg>: Set the ROOT env var.
-v, --verbose: Report full package versions, emit more elaborate output.
-q, --quiet: Tighter output; suppress warnings.
-C, --nocolor: Don't output color.
--color: Force color in output.
-h, --help: Print this help and exit.
-V, --version: Print version and exit.

GENERATING A SIGNED TREE

By default, qmanifest will not try to sign the to-level Manifest when it generating thick Manifests. A tree as such isn't completely valid (as it misses the final signature), but still correct. To sign the to-level Manifest, the -s flag needs to be used to provide the GPG keyid to sign with. The passphrase is requested by gpg(1) itself, unless the -p flag is given, in which case qmanifest attempts to read the passphrase from stdin and then pass that passphrase onto gpg. This is useful for scenarios in which the signing of a tree is scripted.

To generate a tree signed by GPG keyid 0x123567ABC using passphrase mypasswd, one could use:

        $ echo mypasswd | qmanifest-g-s 0x123567ABC-p /path/to/tree

REPORTING BUGS

Please report bugs via http://bugs.gentoo.org/
Product: Gentoo Linux; Component: Current packages

AUTHORS

Ned Ludd <solar@gentoo.org>
Mike Frysinger <vapier@gentoo.org>
Fabian Groffen <grobian@gentoo.org>