Subject: Re: signed binary pkgs [was: Re: BPG call for use cases]
To: Curt Sampson <>
From: Todd Vierling <>
List: tech-pkg
Date: 07/23/2005 10:47:56
On Sat, 23 Jul 2005, Curt Sampson wrote:

> > You'd need to sign the +INSTALL and +DEINSTALL scripts too, as they can
> > generate files not tracked by +CONTENTS.
> Anything not in the +CONTENTS file itself also needs to be signed
> somehow, right?

+CONTENTS *should* contain all pure files present in the tarball, even
though some of +CONTENTS may be automatically generated.  Some extra
plus-files need signing, however, as they (specifically the
INSTALL/DEINSTALL scripts) can generate files not present in +CONTENTS or
the tarball itself at pkg_add time.

-- Todd Vierling <> <> <>