Subject: [ CVS commit: basesrc/usr.sbin/pkg_install/add]
To: None <>
From: Alistair Crooks <>
List: tech-pkg
Date: 09/25/2001 13:25:58
The attached changes to pkg_add(1) add the ability to verify the
contents of a binary package by using digital signatures. This
has been accomplished by adding a "-s verification-type" command
line argument to pkg_add.

At the moment, the ability to verify packages is limited to those
which are not specified by URL. We are looking at removing this

The following verification types have been defined: gpg,
(pkgsrc/security/gnupg) pgp5 (pkgsrc/security/pgp5) and none.
Callouts are made to the relevant programs to verify the contents
of the binary package, and its provenance. You are then asked
whether you want to proceed with the installation. The "none"
verification type is the same as the existing behaviour, and is
also the default - in which case, no verification of the binary
package is done.

The verification type is passed onto recursive pkg_add invocations
for dependent packages.

I don't foresee any problems, but if you do find any, please
send-pr them in the usual way.


% sudo pkg_add -s gpg $PKGREPOSITORY/skill-4.0.tgz
gpg: Signature made Fri Sep 21 13:07:56 2001 BST using DSA key ID 26B1CB95
gpg: Good signature from "Alistair Crooks "TEST KEY" <>"
Proceed with addition of /usr/packages/i386/skill-4.0.tgz: [y/n]? y

----- Forwarded message from "Alistair G. Crooks" <> -----

From: "Alistair G. Crooks" <>
Subject: CVS commit: basesrc/usr.sbin/pkg_install/add
Date: Tue, 25 Sep 2001 13:28:17 +0300 (EEST)

Module Name:	basesrc
Committed By:	agc
Date:		Tue Sep 25 10:28:17 UTC 2001

Modified Files:
	basesrc/usr.sbin/pkg_install/add: Makefile main.c perform.c pkg_add.1
Added Files:
	basesrc/usr.sbin/pkg_install/add: verify.c verify.h

Log Message:
Add a "-s verification-type" argument to pkg_add, which adds a callout
to a verification program for a binary package. The following callouts
are defined: "none", "gpg" and "pgp5".

This feature allows you to verify a binary package against a detached
signature file, and to proceed with the installation or not, depending
upon the level of trust you place in the signatory of the binary

Digital signatures will be checked in a recursive manner (i.e. if
pkg_add is called with a verification type which is not "none", the
verification type will be passed to subsequent invocations of pkg_add
for the dependent packages).

At the current time, digital signatures cannot be used with the URL
form of pkg_add(1) - the detached signature file must be in the same
directory as the binary package, either locally or mounted by NFS.

If no -s argument is given, pkg_add(1) retains its current behaviour -
the package will not be verified before installation takes place.

To generate a diff of this commit:
cvs rdiff -r1.4 -r1.5 basesrc/usr.sbin/pkg_install/add/Makefile
cvs rdiff -r1.22 -r1.23 basesrc/usr.sbin/pkg_install/add/main.c
cvs rdiff -r1.60 -r1.61 basesrc/usr.sbin/pkg_install/add/perform.c
cvs rdiff -r1.29 -r1.30 basesrc/usr.sbin/pkg_install/add/pkg_add.1
cvs rdiff -r0 -r1.1 basesrc/usr.sbin/pkg_install/add/verify.c \

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

----- End forwarded message -----