From owner-freebsd-security@FreeBSD.ORG Fri Mar 12 00:18:28 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA5FC106564A for ; Fri, 12 Mar 2010 00:18:28 +0000 (UTC) (envelope-from m@micheas.net) Received: from mail-bw0-f216.google.com (mail-bw0-f216.google.com [209.85.218.216]) by mx1.freebsd.org (Postfix) with ESMTP id 732E08FC13 for ; Fri, 12 Mar 2010 00:18:27 +0000 (UTC) Received: by bwz8 with SMTP id 8so618533bwz.3 for ; Thu, 11 Mar 2010 16:18:27 -0800 (PST) Received: by 10.204.36.70 with SMTP id s6mr2694082bkd.22.1268353106737; Thu, 11 Mar 2010 16:18:26 -0800 (PST) Received: from [10.0.1.3] (c-24-5-79-127.hsd1.ca.comcast.net [24.5.79.127]) by mx.google.com with ESMTPS id l1sm2345404bkl.2.2010.03.11.16.18.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 11 Mar 2010 16:18:25 -0800 (PST) From: Micheas Herman To: freebsd-security@freebsd.org In-Reply-To: <4B993458.8000403@gmail.com> References: <4B97AB28.8060403@gmail.com> <20100310185328.GD37825@server.vk2pj.dyndns.org> <4B97C1D1.7050209@gmail.com> <4B993458.8000403@gmail.com> Content-Type: text/plain; charset="UTF-8" Date: Thu, 11 Mar 2010 16:18:21 -0800 Message-ID: <1268353101.32610.26916.camel@vcampaign> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit Subject: Re: online cheksum verification for FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: m@micheas.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Mar 2010 00:18:28 -0000 On Thu, 2010-03-11 at 19:20 +0100, Elmar Stellnberger wrote: > Giancarlo Rubio schrieb: > > rodando nos 2 servidores!!! > > > Could anyone help me in how to obtain online cheksums for FreeBSD? Um, most FreeBSD users compile from source with a custom /etc/make.conf file. There online pkgs, but I don't know of anyone that commonly uses them. I know people uses them for openoffice and a few of the things that take a long time to download, but not commonly. You can download the packages from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-stable/ and run pkg_check You might be able to extract the signature from the package. The packages themselves are signed. There is no separate signature file. /etc/ssl/pkg.crt is the location of the public key for the packages. Basically, there are no online checksums for FreeBSD. http://www.gsp.com/cgi-bin/man.cgi?section=1&topic=pkg_sign might help you. Personally I don't bother to sign my packages because I never install them on more the four machines and never more than a few hours after the package was built. If I had more FreeBSD machines to deal with, I might sign my packages just as a best practice, but I doubt it would really do any good, except that the machines would only accept packages from the build server, and not upstream with out squawking. I hope this points you in a helpful way. Micheas > Then it should be no problem to port checkroot. I have received some > valueable input from the openSUSE community in this regard before > venturing the current implementation. Where do we have people who > are familiar with the package management of FreeBSD? > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- I was gratified to be able to answer promptly, and I did. I said I didn't know. -- Mark Twain