10.2-RELEASE-p2 lost ability to bootstrap pkg with signature_type="pubkey"

Bryan Drewery bdrewery at FreeBSD.org
Mon Sep 14 22:44:03 UTC 2015

On 9/9/15 12:14 AM, Marko Cupać wrote:
> On Tue, 8 Sep 2015 23:28:59 +0200
> Baptiste Daroussin <bapt at FreeBSD.org> wrote:
>> On Tue, Sep 08, 2015 at 12:38:38PM +0200, Marko Cupać wrote:
>>> Hi,
>>> I just found out that 10.2-RELEASE-p2 lost ability to bootstrap pkg
>>> with signature_type="pubkey".
>>> Quick search returns:
>>> https://github.com/freebsd/pkg/issues/1309
>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202622
>>> I guess it is not hard to switch repo to fingerprints, however I
>>> would not expect to lose this functionality by updating to
>>> patchlevel.
>> Implemented in head: r287579 I will MFC it asap. And see if it cannot
>> be added asap to a next patchlevel update.
>> Best regards,
>> Bapt
> Thanx!
> Just a few quick not-completely-related questions: poudriere has the
> ability to sign repos with PKG_REPO_SIGNING_KEY, but not with external
> command, right?

Poudriere already has SIGNING_COMMAND support for external command. It
is used for the fingerprints signing on pkg.FreeBSD.org.

What is lacking is signing pkg with the new format added in r287579 when
using pubkey.

I am adding it in now for the next release.

 Is there a plan to support it? Can I build packages in
> poudriere without PKG_REPO_SIGNING_KEY, and sign repo later on with
> external command?
> Regards,

Bryan Drewery

More information about the freebsd-stable mailing list