pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap

Baptiste Daroussin bapt at
Sun Aug 26 12:58:50 UTC 2012

On Sun, Aug 26, 2012 at 02:26:50PM +0200, Jilles Tjoelker wrote:
> On Sat, Aug 25, 2012 at 06:34:43PM -0500, CyberLeo Kitsana wrote:
> > On 08/24/2012 07:01 PM, Baptiste Daroussin wrote:
> > > Can anyone give me he details on the security related problem?
> > Off the top of my head, it seems to represent a break in the chain of
> > trust: how does the bootstrapper verify that the tarball it just
> > downloaded to bootstrap pkg is genuine, and not, for example, a
> > trojan? The source in usr.sbin/pkg/pkg.c[1] doesn't seem to suggest it
> > cares.
> Indeed it does not care, and the current security features are
> insufficient (unless the bootstrapper can use the signed sqlite db to
> verify the pkg package).
> I think the fix is to modify 'pkg repo' so it detects the pkg package
> and creates a separate signature for it which can be verified by the
> bootstrapper, without needing sqlite.
> The public key for this signature will have to be distributed with base
> (like the public keys for freebsd-update and portsnap).

The is the longer plan but this with also true with pkg_add -r, and the pkg
bootstrap may it be pkg-bootstrap or /usr/sbin/pkg. We have been discussing with
Security officers and we are waiting for the plan being written and setup by
them, so we can improved security in both pkgng and the bootstrap. This should
have happen in BSDCan, but lack of time from everyone, didn't made it happen, we
are now aiming at Cambridge DevSummit for that.

Given that such a security issue is already in with the current pkg_* tools, it
was accepting that we can still go that way until the policy is written, given
that the final goal is to have the pkgng package checked against a signature.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url :

More information about the freebsd-ports mailing list