From owner-freebsd-security@freebsd.org  Mon Jan 11 16:53:29 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0905BA6BDD7
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Mon, 11 Jan 2016 16:53:29 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
 [66.111.4.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D5FDA17D0
 for <freebsd-security@freebsd.org>; Mon, 11 Jan 2016 16:53:28 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.nyi.internal (Postfix) with ESMTP id 89F2220D77
 for <freebsd-security@freebsd.org>; Mon, 11 Jan 2016 11:53:27 -0500 (EST)
Received: from web6 ([10.202.2.216])
 by compute2.internal (MEProxy); Mon, 11 Jan 2016 11:53:27 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=zRjO6YZuh6JE3BC
 v3TNHpBpVvVE=; b=QMOrElfDss+Pt1X2PLgRTbRLXwdZXFdRsnn/HtwiqZSigdm
 Ex6Elfg1v8zkrXIGHl0lY0EgCDQwHS8na62ENV60iHxWO/JVTkP0dinPmiOoGDxv
 tG+pcM7FVIpVXBwbkMNok4U6gYjAC7MPtWp2Oa3xQtWwf4FglSMBt/AAijHU=
Received: by web6.nyi.internal (Postfix, from userid 99)
 id 51232536D6; Mon, 11 Jan 2016 11:53:27 -0500 (EST)
Message-Id: <1452531207.3689878.488878698.796CA033@webmail.messagingengine.com>
X-Sasl-Enc: ezLWpO/GShqLGNV8JHQKpgG8UvaQ4J8SWi1xlE8upCvt 1452531207
From: Mark Felder <feld@FreeBSD.org>
To: Clint Armstrong <clint@clintarmstrong.net>,
 James Keener <jim@jimkeener.com>, Dmitry Morozovsky <marck@rinet.ru>
Cc: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: MessagingEngine.com Webmail Interface - ajax-6cda141f
Subject: Re: Signed Checksums for release archives
Date: Mon, 11 Jan 2016 10:53:27 -0600
In-Reply-To: <CAJMTyCGENaExqsEFitzRdGNMtMk3CUUzzyz+x04Z=GM40=mq2w@mail.gmail.com>
References: <CAJMTyCFBmpZ7LppyhCik_4JY7YsXmWiX6U+5JUrwdHpp8=Ru3w@mail.gmail.com>
 <alpine.BSF.2.00.1601101716520.68529@woozle.rinet.ru>
 <CAJMTyCGZSR-zBtihseyodocfo9Yz6O8n=Qy4Xv-7ocSYj+MYsw@mail.gmail.com>
 <alpine.BSF.2.00.1601102251350.68529@woozle.rinet.ru>
 <A1A4E096-547E-4855-B661-55C82BF53CB0@jimkeener.com>
 <CAJMTyCGENaExqsEFitzRdGNMtMk3CUUzzyz+x04Z=GM40=mq2w@mail.gmail.com>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2016 16:53:29 -0000



On Sun, Jan 10, 2016, at 15:07, Clint Armstrong wrote:
> My use case is for creating Jails. I'm trying to script downloading and
> extracting an archive for a jail and would like to be able to verify the
> download.
>

After you have the txz extracted to the jail, use freebsd-update to
update it and then IDS to verify it.

If you have a 10.2-RELEASE host and a 9.3-RELEASE jail you would do
this:

$ UNAME_r=9.3-RELEASE freebsd-update -d /path/to/jail fetch install
$ UNAME_r=9.3-RELEASE freebsd-update -d /path/to/jail IDS


-- 
  Mark Felder
  ports-secteam member
  feld@FreeBSD.org