Cryptographic signatures of installer sets
Glen Barber
gjb at freebsd.org
Wed Feb 12 15:22:24 UTC 2020
On Tue, Feb 11, 2020 at 11:31:32PM +0000, Nathan Dorfman wrote:
> > The patch I have at the moment looks for the MANIFEST (rather, the
> > <arch>-<target_arch>-<X.Y-RELEASE>) file in the location they are
> > installed by the misc/freebsd-release-manifests package.
>
> This seems reasonable, but I think the checksum script is also used by
> the system installer (not just the jail setup script).
>
No, they are two different sets of functionality. The system installer
*always* uses the MANIFEST from the installation medium, but when fixing
that, I did not notice the jail subcommand, nor that it fetches a remote
MANIFEST file.
> Have you considered the possibility of simply publishing a detached
> signature with every MANIFEST, in a similar manner to what is done for
> the installer images?
>
I have not, as a change to the misc/freebsd-release-manifests port will
generate an email (or at minimum, a change in the repository), which
would be a red flag for nefarious behavior.
Glen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20200212/3a71df15/attachment.sig>
More information about the freebsd-security
mailing list