From owner-freebsd-pkgbase@freebsd.org Wed Jun 29 23:48:42 2016 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CA73CB87048 for ; Wed, 29 Jun 2016 23:48:42 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id A29E2291D; Wed, 29 Jun 2016 23:48:42 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by freefall.freebsd.org (Postfix) with ESMTP id 56EFB1AC2; Wed, 29 Jun 2016 23:48:42 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Wed, 29 Jun 2016 23:48:41 +0000 From: Glen Barber To: Bryan Drewery Cc: freebsd-pkgbase@FreeBSD.org, Colin Percival Subject: Re: Are signatures of system images verified? Message-ID: <20160629234841.GP1453@FreeBSD.org> References: <2cde3a9e-8b4d-8c5e-408a-053710986e29@rawbw.com> <20160629213252.GI1453@FreeBSD.org> <5f72274d-6932-fbf2-8abd-86a865aec0d1@rawbw.com> <20160629215944.GJ1453@FreeBSD.org> <7ac94438-4d39-2695-7b79-9ce04373e7e1@rawbw.com> <20160629230324.GL1453@FreeBSD.org> <5d642659-944b-d65d-9fc9-2aeab36acd98@FreeBSD.org> <20160629234645.GO1453@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="EkxpYdHiqGHPYbUt" Content-Disposition: inline In-Reply-To: <20160629234645.GO1453@FreeBSD.org> X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event X-PEKBAC-Definition: Problem Exists, Keyboard Between Admin/Computer User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 23:48:42 -0000 --EkxpYdHiqGHPYbUt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 29, 2016 at 11:46:45PM +0000, Glen Barber wrote: > On Wed, Jun 29, 2016 at 04:38:05PM -0700, Bryan Drewery wrote: > > On 6/29/2016 4:03 PM, Glen Barber wrote: > > > On Wed, Jun 29, 2016 at 03:22:33PM -0700, Yuri wrote: > > >> On 06/29/2016 14:59, Glen Barber wrote: > > >>> If I understand what you mean correctly, that would imply poudriere= is > > >>> responsible for the contents of base.txz, which it is not. I think= the > > >>> better solution (if I understood correctly) is RE needs to PGP-sign= the > > >>> releases/${TARGET}/${TARGET_ARCH}/X.Y-RELEASE/MANIFEST file, and in= clude > > >>> it in the announcement email for the release, as well as on the web= site. > > >>> > > >>> Please correct me if I did misunderstand. > > >>> > > >>> This way, poudriere could verify the hash of the file against what = it > > >>> has downloaded, in addition to verifying the PGP fingerprint. > > >> > >=20 > > FYI since Poudriere 3.1.11, it has compared the checksums in the > > MANIFEST against the downloaded packages. It also now uses > > https://download.freebsd.org by default. It requires > > security/ca_root_nss. I thought I had forced that dependency but it was > > missing. It is added now. > >=20 >=20 > Ah, great, thank you. To those interested, the MANIFEST files included > were obtained in a secure manner, i.e., bootonly.iso was downloaded and > extracted after the checksum was compared to the PGP-signed email. >=20 Uhm, to lessen confusion, this last sentence... > > Around that time (January 2016), Colin Percival has been maintaining a > > copy of the MANIFESTS in ports-mgmt/poudriere as well. Those get > > installed with Poudriere and used during jail -c after fetching if > > available, so that relying on https isn't required. These were missing > > for ports-mgmt/poudriere-devel until just now. I've moved them to > > misc/freebsd-release-manifests and made both ports depend on it. > >=20 >=20 > I completely forgot about this. Thank you. >=20 =2E.. should have been here. :( Glen --EkxpYdHiqGHPYbUt Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXdF5ZAAoJEAMUWKVHj+KTtcMP/ApeNIeaHhXQrTLBHZE8oeMr NV8W31fTHWA9FT3wvl3iGcSQ2xKfGgfxOw5OfsN46wdHmW5Mu9uO4rrK72XglSGN oIU16dXGVUgXlXtTcXSF7CF0InF2WIhzsGFT5t8Rw/NNdhuHtIE9bap3F46yLPSR MRu1DumRhUwuVXQyU+fWgSpXsO+06VverQbjP2LsUnD87yYmBRWKQ+HRD8OiR+mY /stIHgrFy2NLIDCwfVz4ejZpJplLgQMlbR2lLVShMBF4JGpEJvxzwggvB03DIYwZ RCq1fTSC2e9y+dcbcbxkdsenNQ8nk65n0Ju5BMftugnyE68aYiURXdCrhRdrktz5 r/bdcNAitWTQ1+T4GHzcv0ynU7PBd1fF/3XyKLvNgMSSDh0xWH0fQ7t4JCHc63OB eoOpHNK3mmdw8PPxIGKuBwUYc5WeO/qaNWHEr5uMxAjALqT1x38Utm88ORqDhoKU p9S/wBqYVGFadsDtKutsduHF2qMebEP/Y6DHmf36g5CXKGemJoQLZFQFArls/EMj ioVf2L8hkpcYn1vczgovZZjSzzT2U9ovcXWzJTwlm4a4SnSu5va+S+Uzj3/5x+ks zeMq89+8OEEjNz/gLKig7kbDlyjOES/1oYa35Z1GXs9eInmi5yWHA/mSY00QcqPY PIh21tGwixMM4Um16K2B =Nqwy -----END PGP SIGNATURE----- --EkxpYdHiqGHPYbUt--