10.2-RELEASE-p2 lost ability to bootstrap pkg with signature_type="pubkey"

Bryan Drewery bdrewery at FreeBSD.org
Mon Sep 14 22:45:28 UTC 2015

On 9/9/15 6:21 AM, Shawn Webb wrote:
> Is the signing_command option to `pkg repo` really only used in generating 
> pkg.txz.sig? Is there any formal documentation about the cryptography design 
> and architecture in relation to pkg's repositories?

No. It is used for all signing needs. Both the repo and pkg.txz.sig.

pkg repo:

JNETNAME="n" injail ${PKG_BIN} repo \
    -o /tmp/packages ${PKG_META} /packages \
    ${SIGNING_COMMAND:+signing_command: ${SIGNING_COMMAND}}


rm -f "${pkgfile}.sig"
sha256 -q "${pkgfile}" | ${SIGNING_COMMAND} > "${pkgfile}.sig"

Bryan Drewery

More information about the freebsd-stable mailing list