Date: Sun, 2 Aug 2015 12:54:34 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: Bootstrapping pkg from a package Message-ID: <55BE04FA.6040301@FreeBSD.org> In-Reply-To: <87y4hugxf4.fsf@elk.localnet> References: <87y4hugxf4.fsf@elk.localnet>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On 02/08/2015 04:51, Carl Johnson wrote:
> I was just bringing up my Raspberry Pi from the 10.2-RC2 image and tried
> to install some packages that I had saved previously. The pkg(7)
> manpage states that the pkg in the base system can use 'pkg add <pkg>'
> to install the pkg package instead of getting the package from the
> repository (which isn't available for arm). When I tried that I just
> got the message 'Signature for pkg not available.' I don't have a
> signature for it, and don't know where to get it from or how to generate
> it. Once I install it from ports, I can use that to add other saved
> packages without any signature being necessary.
You'll only get this error message if SIGNATURE_TYPE='fingerprints'
somewhere in your pkg.conf and you're using pkg(7) to run
'pkg add something' -- otherwise it will just go ahead and install from
the pkg.txz tarball without checking the package integrity and authenticity.
> The manpage makes it appear that should work, so is there something else
> that I need to do? Thanks for any information.
Check for the presence of pkg.txz.sig -- that has to be present in the
same directory as the pkg.txz you're trying to install from before
signature checking will work -- and also that you have the current
FreeBSD repository public key:
/usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
which should look like this:
% cat pkg.freebsd.org.2013102301
# $FreeBSD: stable/10/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
260608 2014-01-13 22:07:36Z bdrewery $
function: "sha256"
fingerprint:
"b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438"
Each of these files should be present on the installation media, if they
haven't already been installed on the system.
Otherwise I believe you can turn off signature checking by setting:
SIGNATURE_TYPE=none
in the environment before you call pkg(7). If putting it in the
environment doesn't work, then you could try adding that to
/usr/local/etc/pkg.conf -- note that this will not have any effect on
pkg(8) once installed. pkg(8) would want that setting in a per-repo
file eg. /usr/local/etc/pkg/repos/FreeBSD.conf, and the format is a bit
different:
FreeBSD: { signature_type: none }
However it would be preferable to have signature checking enabled.
Cheers,
Matthew
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
iQJ8BAEBCgBmBQJVvgUCXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATAUoP+wc6ncXsa+nD+/2AqUx5iBLh
dzGxTVnJFrQeDnb1ABb7nZGUY/ti7ErL/qaS7fH86hUHvNcgGUnVmxcg4vA/gTPy
Oysm3Wiod9eYRJ5cVQ0JhBbXk0zo3/IijUoxPo9WyO7SfX9kqljLjCqR87k7CSMy
VmBo+mdK1lo6vOBURONssNGiFJbwnTSqtW25HwsQfUFO08LIcq+etTmlZzofGDNw
rRWJRH0sbdCtqkMLKu4K+vP5QXJudl5AayvmzmJm/TIlcsZrQFGEZRjqZ1GG2rOo
X0sMBSRGAWPPanh54kfnt1tR2TkmynhIxAyoAUwK7gpdzKFZME19Mx6lyGcXlFjH
2YpPbARxytlV6/o8B8sc1WMLLUiiysWnESyBpLbWBbjlpTD66CXSOVO5P7n0kESY
bbDzyA0y9OBO6vx3tj4N9e0bnn1d/uk8dO1n3hbWGwZGDx9MyDduCAjq8DVV/TKP
EIgbaDIoeoPKrQzb039/vAUmG37Tz9nAISAroFQRDP5Dag5JzNsoWsdmGx673yJW
Mv9l77vou2gG2Fa9I/CGoGyvB52vgixuCZ00CK6+QI3+w7/i7YA+fYt5xSh39OEV
Qkil56Y2KicYrC4Hk7CfmpJvIF3bOpWpIv0imAmpXMwG7qMbYrXq67u2rNnvIz5c
0cGDaXadj+SSyS+uOGTI
=+fhN
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55BE04FA.6040301>