Re: Call for tests: pkg_install-renovation

On Sun, 25 May 2008, Joerg Sonnenberger wrote:

To sign a package, use
pkg_admin sign-package pkg.tgz signed/pkg.tgz \
        .../private/cakey.pem .../newcerts/00.pem

cool... personally I'd expect that functionality in pkg_create instead ofpkg_admin. maybe that can be moved?

The signature check is enabled by setting VERIFIED_INSTALLATIONaccordingly.


In the environment, I guess?
Can you tell how to do the verification "manually" (using openssl?)

for all our openssl-neophytes out there that don't want to install apackage (or even run netbsd/pkgsrc) to check the signature?

in general, I'm fond if digital signatures now work on a better scale andare documented better than before - great work!



 - Hubert

Follow-Ups:
- Re: Call for tests: pkg_install-renovation
  - From: Joerg Sonnenberger

References:
- Call for tests: pkg_install-renovation
  - From: Joerg Sonnenberger
- Re: Call for tests: pkg_install-renovation
  - From: Alistair Crooks
- Re: Call for tests: pkg_install-renovation
  - From: Joerg Sonnenberger
- Re: Call for tests: pkg_install-renovation
  - From: Alistair Crooks
- Re: Call for tests: pkg_install-renovation
  - From: Joerg Sonnenberger

Home | Main Index | Thread Index | Old Index