Bootstrapping pkg from a package

Matthew Seaman matthew at FreeBSD.org
Sun Aug 2 11:54:55 UTC 2015 

On 02/08/2015 04:51, Carl Johnson wrote:
> I was just bringing up my Raspberry Pi from the 10.2-RC2 image and tried
> to install some packages that I had saved previously.  The pkg(7)
> manpage states that the pkg in the base system can use 'pkg add <pkg>'
> to install the pkg package instead of getting the package from the
> repository (which isn't available for arm).  When I tried that I just
> got the message 'Signature for pkg not available.'  I don't have a
> signature for it, and don't know where to get it from or how to generate
> it.  Once I install it from ports, I can use that to add other saved
> packages without any signature being necessary.

You'll only get this error message if SIGNATURE_TYPE='fingerprints'
somewhere in your pkg.conf and you're using pkg(7) to run
'pkg add something' -- otherwise it will just go ahead and install from
the pkg.txz tarball without checking the package integrity and authenticity.

> The manpage makes it appear that should work, so is there something else
> that I need to do?  Thanks for any information.

Check for the presence of pkg.txz.sig -- that has to be present in the
same directory as the pkg.txz you're trying to install from before
signature checking will work -- and also that you have the current
FreeBSD repository public key:

/usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301

which should look like this:

% cat pkg.freebsd.org.2013102301
# $FreeBSD: stable/10/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
260608 2014-01-13 22:07:36Z bdrewery $

function: "sha256"
fingerprint:
"b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438"

Each of these files should be present on the installation media, if they
haven't already been installed on the system.

Otherwise I believe you can turn off signature checking by setting:

SIGNATURE_TYPE=none

in the environment before you call pkg(7).  If putting it in the
environment doesn't work, then you could try adding that to
/usr/local/etc/pkg.conf -- note that this will not have any effect on
pkg(8) once installed.  pkg(8) would want that setting in a per-repo
file eg. /usr/local/etc/pkg/repos/FreeBSD.conf, and the format is a bit
different:

FreeBSD: { signature_type: none }

However it would be preferable to have signature checking enabled.

	Cheers,

	Matthew



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 971 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150802/cd85aa99/attachment.bin>

More information about the freebsd-questions mailing list