PKG not quite ready for prime time
Royce Williams
royce at tycho.org
Fri Oct 10 21:23:01 UTC 2014
On Fri, Oct 10, 2014 at 11:55 AM, Mark Felder <feld at freebsd.org> wrote:
>
>
> On Fri, Oct 10, 2014, at 14:47, Bryan Drewery wrote:
>> On 10/10/2014 1:12 PM, scratch65535 at att.net wrote:
>> > On Fri, 10 Oct 2014 12:57:42 -0500, Brian Drewery wrote:
>> >
>> >> find /usr/share/keys/pkg -exec sha256 {} +
>> >
>> > No such file
>>
>> That's your problem. You are missing the signature fingerprints to
>> compare against. As such Pkg is refusing to do anything to prevent MITM
>> attacks.
>>
>> You are missing this:
>> https://www.freebsd.org/security/advisories/FreeBSD-EN-14:03.pkg.asc
>>
>> freebsd-update can provide it.
>
> Ahh, good point. This is better advice. Even if your system was
> supposedly fully up to date freebsd-update would detect this is missing
> and repair it as it was part of an SA. This is better advice than my
> manual creation method :-)
I'm glad that Mark managed to get an answer to this question.
But could pkg be adapted to help uninitiated users to discover this
for themselves on the spot?
Royce
More information about the freebsd-ports
mailing list