Date: Thu, 27 Dec 2012 22:27:18 +0200 From: Kimmo Paasiala <kpaasial@gmail.com> To: Rainer Duffner <rainer@ultra-secure.de> Cc: freebsd-stable@freebsd.org Subject: Re: Anothe pkgng question: signing a repository Message-ID: <CA%2B7WWSc5AG1otKb_Dr-kTLreGBXA2r-GjJ-oN6EXFS0F3=Kw6g@mail.gmail.com> In-Reply-To: <20121227172256.647c6728@suse3> References: <20121227172256.647c6728@suse3>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 27, 2012 at 6:22 PM, Rainer Duffner <rainer@ultra-secure.de> wrote: > Hi, > > I'm creating my own repository and have created a key for it. > > I've created a CSR for it and used that to generate a certificate via > our internal CA. Because there was no other information available, I > used the profile that we use to generate SSL-certificates for web > servers. > > I copied the certificate to the server and adjusted pkg.conf, but when I > want to query the repository, I get: > > root@server:/etc/ssl/cert # pkg install net-snmpd > Updating repository catalogue > repo.txz > 100% 219KB 219.5KB/s 219.5KB/s 00:00 pkg: error reading public > key(/etc/ssl/pkg.conf): error:0906D06C:PEM routines:PEM_read_bio:no > start line pkg: Invalid signature, removing repository. > > > What does pkg expect to be in this file? > > > openssl x509 displays the data for the certificate correctly, so I > really don't know what's missing. > > I ktraced pkg and it is indeed reading the file. > > > > > Best Regards > Rainer See Glen Barber's page about "Maintaining your own pkgng repository". https://glenbarber.us/2012/06/11/Maintaining-Your-Own-pkgng-Repository.html HTH -Kimmo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B7WWSc5AG1otKb_Dr-kTLreGBXA2r-GjJ-oN6EXFS0F3=Kw6g>