Date: Sun, 31 Dec 2000 03:43:58 -0600 From: Jeremy Shaffner <jeremy@external.org> To: "Michael C . Wu" <keichii@peorth.iteration.net>, ports@freebsd.org Subject: Re: Package signing tools Message-ID: <20001231034357.M40238@external.org> In-Reply-To: <20001231022101.A24801@peorth.iteration.net>; from keichii@iteration.net on Sun, Dec 31, 2000 at 02:21:01AM -0600 References: <3A4ED1C0.14061CE5@softweyr.com> <20001231003920.A24519@peorth.iteration.net> <20001231014344.T305@argon.firepipe.net> <3A4EDE33.84C7072@softweyr.com> <20001231022101.A24801@peorth.iteration.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <3A4EDE33.84C7072@softweyr.com> Wes Peters writes: > The functions are not related this program signs a a package and checks the > signature on apackage is valid; pkg_info and pkg_version do other things. Then: On Sun, Dec 31, 2000 at 02:21:01AM -0600, Michael C . Wu wrote: > On Sun, Dec 31, 2000 at 12:20:19AM -0700, Wes Peters scribbled: > > | > Yes, PLEASE don't create a new program. Integrate this functionality > | > (checking signatures) into pkg_info or pkg_version (I prefer the former > | > myself). > > By integration, I meant that the output should be parseable by pkg_version > and pkg_info. pkg_info(1) seems more appropriate. pkg_version(1) operates on currently installed packages. If you've already installed an insecure binary, it's too late to worry about signatures. And pkg_info doens't only check /var/db/pkg/<pkg-name>, but will also extract info from packages files named on the command line (according to TECHNICAL DETAILS in the man page.) I would exepct pkg_add(1) to also have an option to check the signature before installing also. While "pkg_check" sounds like a valid name for checking signatures, it doesn't for creating them. I think the signing should be done by pkg_create(1) and even see a "make package SIGN=YES KEY=/path/to/foo" option for anyone making their own packages. -- --------------------------------------------------------------------- Jeremy Shaffner | This space for rent. jeremy@external.org | $ grep happiness life http://www.external.org/~jeremy/pgp.key | FreeBSD: The Power to Serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001231034357.M40238>