PKG not quite ready for prime time
Lars Engels
lars.engels at 0x20.net
Sat Oct 11 12:08:58 UTC 2014
On Sat, Oct 11, 2014 at 12:15:54AM +0200, Michelle Sullivan wrote:
> Mark Felder wrote:
> > On Fri, Oct 10, 2014, at 14:47, Bryan Drewery wrote:
> >
> >> On 10/10/2014 1:12 PM, scratch65535 at att.net wrote:
> >>
> >>> On Fri, 10 Oct 2014 12:57:42 -0500, Brian Drewery wrote:
> >>>
> >>>
> >>>> find /usr/share/keys/pkg -exec sha256 {} +
> >>>>
> >>> No such file
> >>>
> >> That's your problem. You are missing the signature fingerprints to
> >> compare against. As such Pkg is refusing to do anything to prevent MITM
> >> attacks.
> >>
> >> You are missing this:
> >> https://www.freebsd.org/security/advisories/FreeBSD-EN-14:03.pkg.asc
> >>
> >> freebsd-update can provide it.
> >>
> >>
> >>
> >
> > Ahh, good point. This is better advice. Even if your system was
> > supposedly fully up to date freebsd-update would detect this is missing
> > and repair it as it was part of an SA. This is better advice than my
> > manual creation method :-)
> >
>
> Didn't on mine, I ran into the same problem - though it wasn't a show
> stopper for me as I was trying to use my own repo - which also failed
> using the docs... and nothing in the debug gave any clues or additional
> information to the problem. Fortunately, I can read/write code, so I
> fixed things myself.
Thanks for creating an PR.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 603 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20141011/18a27764/attachment.sig>
More information about the freebsd-ports
mailing list