From nobody Tue Jun 27 09:55:27 2023 X-Original-To: freebsd-pkg@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qr0Sy5Mt9z4hlgN for ; Tue, 27 Jun 2023 09:55:30 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qr0Sy4yrFz4Mks; Tue, 27 Jun 2023 09:55:30 +0000 (UTC) (envelope-from bapt@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687859730; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=uKNrFx6A/vbbfhRDbQ8Ec2sqcEubhknG+/XhM4dULVg=; b=AQTt/erPsSxs/96Y0tcyxEWVN5zoL+fNrGkxvl0HJyoNAjcnUqves/Zsav7Gz3fyjLc0C1 N0lPPIsKVhHUK/7FmiZYFcGWigXsN4TAi405nnflxwMYcttWulpglDZS94eAwwZtYWmQMp qTRIgrDMyM2C4gdedAKPyDONI0chnKzxWq5bGMb2+Ec9NBxAFi8A8r1MVfqELp5eXXlaan /2zCdRueUxNJhxGkBw/Qkug3tVW3EO6XKGtwONhRAHWE9B6UPK7ChKLNXjqH5ONpqU0XlL 3SwE4NHsC8lwX1CSMZuuprBIdiFfRbkR0sMOJXsXdZQ6D6nsvQcT9zpASRvNKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687859730; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=uKNrFx6A/vbbfhRDbQ8Ec2sqcEubhknG+/XhM4dULVg=; b=RpQlRDf7jw/dfoMC4y06Y4pUmsKb7wi6EPpkhPHjF6sMaukd6qjTkA6wgr4GsvMOqy86Mq uRagh95jr6H6kC/e69xIeNZ/nmSggTu0dbXIVoWh0hctXL3lgK57hqoqF100sV6bZmLOmi A3+AHBpTuBLC0hx7+ITtX1Haml6y8kq057FbpjSbKFHXUq4CJs6feK8zgN/5qVfChv/rGB QNtUFQanwXEmTWBph2C4KX49A2cf6Svvi2vXkPvq7gTUsOwY+K6ilslHUmSLCgzItz2fxg Xq7+PcYKRV93svjYoRw2iOKzvZDO7dnVTn/bzrJ0FxkTv/e03kJVj5ygv0o1tA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687859730; a=rsa-sha256; cv=none; b=el1DqjqxSfD6CnwzA11PBokrqLs4dvnzEnR19dkeXXrRJ6b7XDZcHcPXQ7zXQopqXVaYxn a7dtshx+Gd03tltQ3hLO1YFm6j4OR2PxdmjYmB9IJ3FBDoL2G39vszAxHmb/16CdKdNdWJ p9LgjcKSMOtfPqIT4TQxurUCooTRSP3JS+joz8HVEig4m/OFtyMPGIEn0lpevBzTsn2/Gu mmD39pdYVHlIST0U1BZRpJuVXCk8ftm0HNBBeX2PEwNyY1QnG9qOBfV2yzHRJRPtff0hQi TJqcZiOHHbcnT2U3Ohl2XKU8slZ8Hh28e2keywkXKQDfnCJAVriOCycEICvw2A== Received: from aniel.nours.eu (nours.eu [IPv6:2001:41d0:8:3a4d::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: bapt) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Qr0Sy3LqPz1K3N; Tue, 27 Jun 2023 09:55:30 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: by aniel.nours.eu (Postfix, from userid 1001) id A641E18F06F; Tue, 27 Jun 2023 11:55:27 +0200 (CEST) Date: Tue, 27 Jun 2023 11:55:27 +0200 From: Baptiste Daroussin To: FiLiS Cc: freebsd-pkg@freebsd.org Subject: Re: poudriere/pkg signing issue Message-ID: References: <5f1affe5-e776-6eb3-2663-afafb4e2cd2a@arch.jocks.cc> List-Id: Binary package management and package tools discussion List-Archive: https://lists.freebsd.org/archives/freebsd-pkg List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkg@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5f1affe5-e776-6eb3-2663-afafb4e2cd2a@arch.jocks.cc> X-ThisMailContainsUnwantedMimeParts: N On Tue, Jun 27, 2023 at 10:50:53AM +0200, FiLiS wrote: > Hej there, > > I hope someone has an idea regarding this: > I've just encountered something pretty odd. We've been using poudriere since > quite some time, so we automated the cert deployment of our pkg repository > on all consuming machines. As of today, pkg refuses to play ball: > I have reverted the change. meaning this feature is broken with openssl3 (self signing repositories) but this is only on current we have time to fix. Bapt