From owner-freebsd-ports Sun Dec 31 10:33:10 2000 From owner-freebsd-ports@FreeBSD.ORG Sun Dec 31 10:33:06 2000 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from peorth.iteration.net (peorth.iteration.net [208.190.180.178]) by hub.freebsd.org (Postfix) with ESMTP id 0C1EF37B402; Sun, 31 Dec 2000 10:33:04 -0800 (PST) Received: by peorth.iteration.net (Postfix, from userid 1001) id BB199574E4; Sun, 31 Dec 2000 12:33:27 -0600 (CST) Date: Sun, 31 Dec 2000 12:33:27 -0600 From: "Michael C . Wu" To: Wes Peters , bmah@freebsd.org Cc: Will Andrews , ports@FreeBSD.ORG, Robert Watson , Warner Losh , Kris Kennaway Subject: Re: Package signing tools Message-ID: <20001231123327.A27808@peorth.iteration.net> Reply-To: "Michael C . Wu" References: <3A4ED1C0.14061CE5@softweyr.com> <20001231003920.A24519@peorth.iteration.net> <20001231014344.T305@argon.firepipe.net> <3A4EDE33.84C7072@softweyr.com> <20001231022101.A24801@peorth.iteration.net> <3A4F72F2.E273B8C9@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A4F72F2.E273B8C9@softweyr.com>; from wes@softweyr.com on Sun, Dec 31, 2000 at 10:54:58AM -0700 X-PGP-Fingerprint: 5025 F691 F943 8128 48A8 5025 77CE 29C5 8FA1 2E20 X-PGP-Key-ID: 0x8FA12E20 Sender: keichii@peorth.iteration.net Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Dec 31, 2000 at 10:54:58AM -0700, Wes Peters scribbled: | Oh, I see. What we really need is a PGP library, which I think GPG was | supposed to provide someday. Having a non-GPL PGP library would sure be | nice. Yes and yes I also think that we should have a default signing scheme. Personally, I like X.509. It does not really matter which one, just pick it yourself to avoid the bikeshed. | It's major output is a "yes" or "no" answer. Keep in mind this only works | on the .tgz file, not on the package after installed on the system. It | would be simple to extend pkg_info or pkg_version to report if a .tgz has a | signature and if so, if it matches, by the return value from pkg_check. I'm | not certain the return values are maintained that carefully right now, but | I'll look through the code and make it return 0 for "has signature, is | verified", negative for "has signature, not verified" and positive for "no | signature". Would that suffice? Yes, and we also need to modify 'pkg_version -c'. So that, instead of compiling the ports, we can have 'pkg_version -c' fetch the packages instead, along with verifying the signature of the .tgz's. This way, the user can simply do "sh `pkg_version -c`", get the packages, update his entire installation, and so forth via one command. -- +------------------------------------------------------------------+ | keichii@peorth.iteration.net | keichii@bsdconspiracy.net | | http://peorth.iteration.net/~keichii | Yes, BSD is a conspiracy. | +------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message