From owner-freebsd-pkg@FreeBSD.ORG Tue Jan 14 12:10:30 2014 Return-Path: Delivered-To: freebsd-pkg@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 65902554 for ; Tue, 14 Jan 2014 12:10:30 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 0BDDC1E9E for ; Tue, 14 Jan 2014 12:10:29 +0000 (UTC) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.7/8.14.7) with ESMTP id s0ECANfM075891 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 14 Jan 2014 12:10:23 GMT (envelope-from m.seaman@infracaninophile.co.uk) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s0ECANfM075891 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1389701423; bh=f4D387ZmrViqrKH3+PUnLFIbmaerSbDfBTi2QBXzI/Y=; h=Date:From:To:Subject:References:In-Reply-To; z=Date:=20Tue,=2014=20Jan=202014=2012:10:14=20+0000|From:=20Matthew =20Seaman=20|To:=20Yuri=20,=20freebsd-pkg@freebsd.org|Subject:=20Re:=20Does=20pkg=2 0check=20signatures?|References:=20<52D5269A.5090803@rawbw.com>|In -Reply-To:=20<52D5269A.5090803@rawbw.com>; b=mjCRh5j/iVh40xN5DKU+E6YNmGpkgJXCX+JsqzhrN1Xn9qQ5JoS0j2hD8inga+oWa w03iT8FJsaxVwn8rJXK3FBuMuShhhJd1wL4rWrMue4vvsVi7JAslIcmMT3D3yDI4nh EIauwnn3LNsFkZbIf1Xu+k3HdCOn+6cbSE/nOYyM= X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <52D52926.5090104@infracaninophile.co.uk> Date: Tue, 14 Jan 2014 12:10:14 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Yuri , freebsd-pkg@freebsd.org Subject: Re: Does pkg check signatures? References: <52D5269A.5090803@rawbw.com> In-Reply-To: <52D5269A.5090803@rawbw.com> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6JP1Q8BpIqmfXPrTxtwES8kh9JfOvSKGF" X-Virus-Scanned: clamav-milter 0.98 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-0.4 required=5.0 tests=AWL,BAYES_00,DCC_CHECK, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_RP_RNBL,RDNS_NONE autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2014 12:10:30 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6JP1Q8BpIqmfXPrTxtwES8kh9JfOvSKGF Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 01/14/14 11:59, Yuri wrote: > In October announcement has been made that pkg-1.2 will support package= > signing: > https://lists.freebsd.org/pipermail/freebsd-pkg/2013-October/000107.htm= l > Now I am running 'pkg install' using pkg-1.2.5 on 9.2, and don't see it= > opening any files related to keys/signatures in ktrace log. pkg is fully capable of checking cryptographic signatures if configured to do so. Specifically you need 'signature-type' and 'fingerprints' defined in your repo.conf Try using the standard /etc/pkg/FreeBSD.conf available here: http://svnweb.freebsd.org/base/head/etc/pkg/FreeBSD.conf?view=3Dlog and the public key in /usr/share/keys/pkg available here: http://svnweb.freebsd.org/base/head/share/keys/pkg/trusted/pkg.freebsd.or= g.2013102301?view=3Dlog Cheers, Matthew --6JP1Q8BpIqmfXPrTxtwES8kh9JfOvSKGF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJS1SkuXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnJHUP/1r4AiVKw/mTnqeYH715jEvm g4iX59ECjkZzKXpitn/gOCN0F1rPOZniVhATXUaMC8NjcH9ej65wO3y4ZJ77Eell 5UqwyuYZmq8hLC5ZpisbfIRmOlwP5znVrkKx0Y9xHxTlM95lO3ntWV6AurMsveze pqUv0p2IaXREb0aPlVgcr2IK/S7XhbWE6U93/UGatlOnONU7yp8zq/EFFH2q0u2F 1mUyhUZzxspMtaABPNHCc6qGGaUZ2tTKy1rEEOA6bakLxLGqQMk3whdQhDV/ImpO ve4LGp7vM+8d+Jl8eyoH5DSptWZuyxDaX4LStvEOylss62D1gRg+gN8unh/untpf Iychu2e+hZ9t0PwqqavEj/WBSbsykvSj4U9mp1DL/9YEGI98OVoXCPjqNBbrTKnK 4fATcqxJu2vqKo/DvcP5CrWZPoeRBmSoC5296J9XSs9pILrgrobR3d4Q8pNrOKcO EVhdRiG94UvdL5PPYAhItIq4r3U5CYpIupriGUm/EGWHJYddmYUjgIDM4A04boHn ZYywezwn23ejIjrlpzzsG3tiqv0p0xZgd0kfs4H+0GFHeImzKBgC2tDT6RI0ChzG oBhnflm8psve0+h90kJNAcK2UjrijH3ztdDd5g5INd6daVVYd64BGgi9NbhsVZV4 3qHjSq+r2IzIpqbPsW6Q =HOqR -----END PGP SIGNATURE----- --6JP1Q8BpIqmfXPrTxtwES8kh9JfOvSKGF--