From owner-freebsd-ports@FreeBSD.ORG Fri Oct 10 19:55:43 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 005BDCDE for ; Fri, 10 Oct 2014 19:55:42 +0000 (UTC) Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C4723AEF for ; Fri, 10 Oct 2014 19:55:42 +0000 (UTC) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by gateway2.nyi.internal (Postfix) with ESMTP id 87DA11FAD for ; Fri, 10 Oct 2014 15:55:41 -0400 (EDT) Received: from web6 ([10.202.2.216]) by compute3.internal (MEProxy); Fri, 10 Oct 2014 15:55:41 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:in-reply-to :references:subject:date; s=smtpout; bh=JIKQKs2SNa3R+hwWqL5yk/Z7 qaY=; b=UMbPPiRbeqHk2Mw0cB6Jsb4ElbkFt1ZItAqt9HprkLXmt4kwMB0lPI0m feSkSnmgvTWI0JlT4UcfElMRe1gdvARL7Tmd5a5qUiWfRJJF9JJW0KH1aGlvOdUd YVBpj2zj9tJbFhgkng8EONmsvQgHG9jJzgGPJphVTuBA5iNi17M= Received: by web6.nyi.internal (Postfix, from userid 99) id 575FE5C1DD4; Fri, 10 Oct 2014 15:55:41 -0400 (EDT) Message-Id: <1412970941.2397812.177601925.2135B6F5@webmail.messagingengine.com> X-Sasl-Enc: xP8trU8KH69GZzmdS+3JPWsHPQqyJfTrQzsG7FWUnPhZ 1412970941 From: Mark Felder To: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-7434a20c In-Reply-To: <543837CF.9070607@FreeBSD.org> References: <543817AA.8080305@gmx.de> <54381E16.9070609@FreeBSD.org> <1a8g3athvnun67c4kljhjtsjjlc30116j1@4ax.com> <543837CF.9070607@FreeBSD.org> Subject: Re: PKG not quite ready for prime time Date: Fri, 10 Oct 2014 14:55:41 -0500 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Oct 2014 19:55:43 -0000 On Fri, Oct 10, 2014, at 14:47, Bryan Drewery wrote: > On 10/10/2014 1:12 PM, scratch65535@att.net wrote: > > On Fri, 10 Oct 2014 12:57:42 -0500, Brian Drewery wrote: > > > >> find /usr/share/keys/pkg -exec sha256 {} + > > > > No such file > > That's your problem. You are missing the signature fingerprints to > compare against. As such Pkg is refusing to do anything to prevent MITM > attacks. > > You are missing this: > https://www.freebsd.org/security/advisories/FreeBSD-EN-14:03.pkg.asc > > freebsd-update can provide it. > > Ahh, good point. This is better advice. Even if your system was supposedly fully up to date freebsd-update would detect this is missing and repair it as it was part of an SA. This is better advice than my manual creation method :-)