10.2-RELEASE-p2 lost ability to bootstrap pkg with signature_type="pubkey"
Bryan Drewery
bdrewery at FreeBSD.org
Mon Sep 14 22:45:28 UTC 2015
On 9/9/15 6:21 AM, Shawn Webb wrote:
> Is the signing_command option to `pkg repo` really only used in generating
> pkg.txz.sig? Is there any formal documentation about the cryptography design
> and architecture in relation to pkg's repositories?
No. It is used for all signing needs. Both the repo and pkg.txz.sig.
pkg repo:
JNETNAME="n" injail ${PKG_BIN} repo \
-o /tmp/packages ${PKG_META} /packages \
${SIGNING_COMMAND:+signing_command: ${SIGNING_COMMAND}}
pkg.txz.sig:
rm -f "${pkgfile}.sig"
sha256 -q "${pkgfile}" | ${SIGNING_COMMAND} > "${pkgfile}.sig"
--
Regards,
Bryan Drewery
More information about the freebsd-stable
mailing list