Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Jun 2016 14:46:26 -0700
From:      Yuri <yuri@rawbw.com>
To:        Glen Barber <gjb@FreeBSD.org>
Cc:        freebsd-pkgbase@FreeBSD.org
Subject:   Re: Are signatures of system images verified?
Message-ID:  <5f72274d-6932-fbf2-8abd-86a865aec0d1@rawbw.com>
In-Reply-To: <20160629213252.GI1453@FreeBSD.org>
References:  <2cde3a9e-8b4d-8c5e-408a-053710986e29@rawbw.com> <20160629213252.GI1453@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On 06/29/2016 14:32, Glen Barber wrote:
> But you raise a good point, poudriere does not have a good way to
> validate the base.txz unless it also unpacks bootonly.iso (or any of the
> installer media) and compares the checksums.


The possible solution is that poudriere should supply a public key as a 
part of the package, and all binaries that it downloads are also signed 
with the corresponding private key.


Yuri




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5f72274d-6932-fbf2-8abd-86a865aec0d1>