Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 27 Dec 2012 22:27:18 +0200
From:      Kimmo Paasiala <kpaasial@gmail.com>
To:        Rainer Duffner <rainer@ultra-secure.de>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: Anothe pkgng question: signing a repository
Message-ID:  <CA%2B7WWSc5AG1otKb_Dr-kTLreGBXA2r-GjJ-oN6EXFS0F3=Kw6g@mail.gmail.com>
In-Reply-To: <20121227172256.647c6728@suse3>
References:  <20121227172256.647c6728@suse3>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 27, 2012 at 6:22 PM, Rainer Duffner <rainer@ultra-secure.de> wrote:
> Hi,
>
> I'm creating my own repository and have created a key for it.
>
> I've created a CSR for it and used that to generate a certificate via
> our internal CA. Because there was no other information available, I
> used the profile that we use to generate SSL-certificates for web
> servers.
>
> I copied the certificate to the server and adjusted pkg.conf, but when I
> want to query the repository, I get:
>
> root@server:/etc/ssl/cert # pkg install net-snmpd
> Updating repository catalogue
> repo.txz
> 100%  219KB 219.5KB/s 219.5KB/s   00:00 pkg: error reading public
> key(/etc/ssl/pkg.conf): error:0906D06C:PEM routines:PEM_read_bio:no
> start line pkg: Invalid signature, removing repository.
>
>
> What does pkg expect to be in this file?
>
>
> openssl x509 displays the data for the certificate correctly, so I
> really don't know what's missing.
>
> I ktraced pkg and it is indeed reading the file.
>
>
>
>
> Best Regards
> Rainer


See Glen Barber's page about "Maintaining your own pkgng repository".

https://glenbarber.us/2012/06/11/Maintaining-Your-Own-pkgng-Repository.html

HTH

-Kimmo



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B7WWSc5AG1otKb_Dr-kTLreGBXA2r-GjJ-oN6EXFS0F3=Kw6g>