Date: Mon, 14 Sep 2015 15:45:24 -0700 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Shawn Webb <shawn.webb@hardenedbsd.org>, freebsd-stable@freebsd.org Cc: Baptiste Daroussin <bapt@freebsd.org> Subject: Re: 10.2-RELEASE-p2 lost ability to bootstrap pkg with signature_type="pubkey" Message-ID: <55F74E04.1010706@FreeBSD.org> In-Reply-To: <2724677.3oEEqWz8m7@hbsd-dev-laptop> References: <20150908123838.238e5e74@efreet> <20150909091412.350c51ed@efreet> <20150909085620.GF38185@ivaldir.etoilebsd.net> <2724677.3oEEqWz8m7@hbsd-dev-laptop>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/9/15 6:21 AM, Shawn Webb wrote: > Is the signing_command option to `pkg repo` really only used in generating > pkg.txz.sig? Is there any formal documentation about the cryptography design > and architecture in relation to pkg's repositories? No. It is used for all signing needs. Both the repo and pkg.txz.sig. pkg repo: JNETNAME="n" injail ${PKG_BIN} repo \ -o /tmp/packages ${PKG_META} /packages \ ${SIGNING_COMMAND:+signing_command: ${SIGNING_COMMAND}} pkg.txz.sig: rm -f "${pkgfile}.sig" sha256 -q "${pkgfile}" | ${SIGNING_COMMAND} > "${pkgfile}.sig" -- Regards, Bryan Drewery
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55F74E04.1010706>