From owner-freebsd-stable@FreeBSD.ORG Thu Dec 27 20:27:25 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2B985910 for ; Thu, 27 Dec 2012 20:27:25 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com [209.85.212.175]) by mx1.freebsd.org (Postfix) with ESMTP id AFE838FC0A for ; Thu, 27 Dec 2012 20:27:24 +0000 (UTC) Received: by mail-wi0-f175.google.com with SMTP id hm11so7968854wib.14 for ; Thu, 27 Dec 2012 12:27:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9BNZzQJHuG3zGyc8IXq/wVfqOK1FA/vjxeVlbmWarUg=; b=U0hUm+5slo4aA8czW+ZNEN2AdD34pKkQ+1fxQSiqlfsCuyd6fmmb+nDd7oqAqRnksX /YzMyeSRfnNSNzmAa8nGanSaJw64VXrIrzKOCSj2izfNLOkPCvQJKxs6ZQ2qOqnbgdvy kCBcyC0o9tdRMYLOCSDCGUVDLFJJ8EfDyRyY0+CgewJT5pIRnUaaFJd8GFS15XwzX/CY V/x08E6fLSGgrNqIylwzzxzp1IpzgIv1EPMZvvi2m3YplSLcXOWgKd7ymOiGdapIETSN cre8n1yYuz09UmrvAkX501X7S2TAlqbN59PbtDuMlnTVNYucsLzzaTKYyQy+7KwIq89h gKQA== MIME-Version: 1.0 Received: by 10.194.9.162 with SMTP id a2mr50495773wjb.33.1356640038217; Thu, 27 Dec 2012 12:27:18 -0800 (PST) Received: by 10.216.172.197 with HTTP; Thu, 27 Dec 2012 12:27:18 -0800 (PST) In-Reply-To: <20121227172256.647c6728@suse3> References: <20121227172256.647c6728@suse3> Date: Thu, 27 Dec 2012 22:27:18 +0200 Message-ID: Subject: Re: Anothe pkgng question: signing a repository From: Kimmo Paasiala To: Rainer Duffner Content-Type: text/plain; charset=UTF-8 Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Dec 2012 20:27:25 -0000 On Thu, Dec 27, 2012 at 6:22 PM, Rainer Duffner wrote: > Hi, > > I'm creating my own repository and have created a key for it. > > I've created a CSR for it and used that to generate a certificate via > our internal CA. Because there was no other information available, I > used the profile that we use to generate SSL-certificates for web > servers. > > I copied the certificate to the server and adjusted pkg.conf, but when I > want to query the repository, I get: > > root@server:/etc/ssl/cert # pkg install net-snmpd > Updating repository catalogue > repo.txz > 100% 219KB 219.5KB/s 219.5KB/s 00:00 pkg: error reading public > key(/etc/ssl/pkg.conf): error:0906D06C:PEM routines:PEM_read_bio:no > start line pkg: Invalid signature, removing repository. > > > What does pkg expect to be in this file? > > > openssl x509 displays the data for the certificate correctly, so I > really don't know what's missing. > > I ktraced pkg and it is indeed reading the file. > > > > > Best Regards > Rainer See Glen Barber's page about "Maintaining your own pkgng repository". https://glenbarber.us/2012/06/11/Maintaining-Your-Own-pkgng-Repository.html HTH -Kimmo