From owner-freebsd-hackers@freebsd.org Mon Jan 18 18:11:52 2021 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DA7F94F2590 for ; Mon, 18 Jan 2021 18:11:52 +0000 (UTC) (envelope-from anrxc@sysphere.org) Received: from mail.sysphere.org (sysphere.org [216.18.171.198]) by mx1.freebsd.org (Postfix) with ESMTP id 4DKKcR6F9bz4n4N for ; Mon, 18 Jan 2021 18:11:51 +0000 (UTC) (envelope-from anrxc@sysphere.org) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.sysphere.org (Postfix) with ESMTP id 4695A61CE4 for ; Mon, 18 Jan 2021 19:11:46 +0100 (CET) Date: Mon, 18 Jan 2021 19:11:46 +0100 From: "Adrian C." To: freebsd-hackers@freebsd.org Subject: pkg signing with an agent Message-ID: User-Agent: Alpine 2.11 (LNX 23 2013-08-11) Organization: sysphere dot org X-GPG-PUBLIC-KEY: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD20A0618 X-GPG-FINGERPRINT: 02A5 628A D8EE 2A93 996E 929F D5CB 31B7 D20A 0618 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Rspamd-Queue-Id: 4DKKcR6F9bz4n4N X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of anrxc@sysphere.org has no SPF policy when checking 216.18.171.198) smtp.mailfrom=anrxc@sysphere.org X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[216.18.171.198:from]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; SPAMHAUS_ZRD(0.00)[216.18.171.198:from:127.0.2.255]; DMARC_NA(0.00)[sysphere.org]; NEURAL_HAM_SHORT(-1.00)[-0.997]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:29789, ipnet:216.18.160.0/19, country:US]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jan 2021 18:11:52 -0000 Hello. I made a tool to do pkg signing with an (ssh/gpg) agent. If this has already been done and it's common knowledge I apologize for the noise and you can ignore the rest. I couldn't find anything on search engines. It's a python tool and uses py37-paramiko (readily available as a package or port) for the agent protocol. Unfortunately a small patch was required to add RSA sign flags support, I don't know if they will accept the feature request. If anyone on the python team has any influence with them and could impart on them its usefulness I would be grateful. If you want the tool: http://git.sysphere.org/freebsd-pkgsign/plain/pkgsign If you want a tutorial: http://sysphere.org/~anrxc/j/archives/2021/01/16/freebsd_pkg_signing_with_an_agent/index.html Thanks.