pkg: explain PUBKEY

Matthew Seaman m.seaman at
Tue Oct 8 06:23:22 UTC 2013

On 07/10/2013 21:37, Anton Shterenlikht wrote:
> The pkg.conf(5) man page only
> says:
>      PUBKEY: string              Specifies the location to the public RSA key
>                                  used for signing the repository database.
>                                  The default value for this file is
>                                  /etc/ssl/pkg.conf
> I'm not clear which side creates this file:
> the server which builds the packages?
> Or the client that gets the packages
> from the server? Or something else
> altogether?

This is an optional function.  You can just leave the entry blank if you
don't need to sign the packages.  Otherwise, you can create an RSA
keypair using the instructions shown in Glen's blog, and copy the pub
key onto all your client machines.

I note that there are changes to the digital signing code coming with
pkg-1.2 to support package signatures for 10.x



Dr Matthew J Seaman MA, D.Phil.

JID: matthew at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-ports mailing list