Does pkg check signatures?
Matthew Seaman
m.seaman at infracaninophile.co.uk
Tue Jan 14 12:10:30 UTC 2014
On 01/14/14 11:59, Yuri wrote:
> In October announcement has been made that pkg-1.2 will support package
> signing:
> https://lists.freebsd.org/pipermail/freebsd-pkg/2013-October/000107.html
> Now I am running 'pkg install' using pkg-1.2.5 on 9.2, and don't see it
> opening any files related to keys/signatures in ktrace log.
pkg is fully capable of checking cryptographic signatures if configured
to do so. Specifically you need 'signature-type' and 'fingerprints'
defined in your repo.conf
Try using the standard /etc/pkg/FreeBSD.conf available here:
http://svnweb.freebsd.org/base/head/etc/pkg/FreeBSD.conf?view=log
and the public key in /usr/share/keys/pkg available here:
http://svnweb.freebsd.org/base/head/share/keys/pkg/trusted/pkg.freebsd.org.2013102301?view=log
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1029 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-pkg/attachments/20140114/6edab3fe/attachment.sig>
More information about the freebsd-pkg
mailing list