PKG not quite ready for prime time

Michelle Sullivan michelle at sorbs.net
Sat Oct 11 13:00:16 UTC 2014 

Lars Engels wrote:
> On Sat, Oct 11, 2014 at 12:15:54AM +0200, Michelle Sullivan wrote:
>   
>> Mark Felder wrote:
>>     
>>> On Fri, Oct 10, 2014, at 14:47, Bryan Drewery wrote:
>>>   
>>>       
>>>> On 10/10/2014 1:12 PM, scratch65535 at att.net wrote:
>>>>     
>>>>         
>>>>> On Fri, 10 Oct 2014 12:57:42 -0500, Brian Drewery wrote:
>>>>>
>>>>>       
>>>>>           
>>>>>> find /usr/share/keys/pkg -exec sha256 {} +
>>>>>>         
>>>>>>             
>>>>> No such file
>>>>>       
>>>>>           
>>>> That's your problem. You are missing the signature fingerprints to
>>>> compare against. As such Pkg is refusing to do anything to prevent MITM
>>>> attacks.
>>>>
>>>> You are missing this:
>>>> https://www.freebsd.org/security/advisories/FreeBSD-EN-14:03.pkg.asc
>>>>
>>>> freebsd-update can provide it.
>>>>
>>>>
>>>>     
>>>>         
>>> Ahh, good point. This is better advice. Even if your system was
>>> supposedly fully up to date freebsd-update would detect this is missing
>>> and repair it as it was part of an SA. This is better advice than my
>>> manual creation method :-)
>>>   
>>>       
>> Didn't on mine, I ran into the same problem - though it wasn't a show
>> stopper for me as I was trying to use my own repo - which also failed
>> using the docs...  and nothing in the debug gave any clues or additional
>> information to the problem.  Fortunately, I can read/write code, so I
>> fixed things myself.
>>     
>
> Thanks for creating an PR.
>   
Actually I noticed about 72 hours ago, and I'm still trying to fix
everything that was broken by the forced change... so there is no way
I'm going to be doing any PRs until that's all done...  and 23rd Oct my
boss has me flying to SFO to discuss with the Eng & Ops team about
changing all my servers over from FreeBSD to Redhat - exactly what I
thought they would - been unable to update/patch any of my prod servers
against the Bash bug because the entire build system is broken because
of the 'End of life = This is the day its all going to break' issue...
so not really got any motivation to log any PRs now... or ever again.

Regards,

-- 
Michelle Sullivan
http://www.mhix.org/

More information about the freebsd-ports mailing list