tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Signed binary pkgs setup
Hey folks,
I am trying to set up a test environment to create x509 signed binary
pkgs. Signing seems to work, but pkg_info is a bit unhappy about the
result:
--8<--
> pkg_info /others/packages/x86_64/All/digest-20190127.tgz
pkg_info: Failed to verify signature
Information for /others/packages/x86_64/All/digest-20190127.tgz:
Comment:
Message digest wrapper utility
[...]
-->8--
Manually extracting the pkg and checking the included signature shows
what I'd expect:
--8<--
> openssl pkcs7 -noout -print_certs -text -in ./+PKG_SIGNATURE
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Delaware, O=The NetBSD Foundation, OU=pkgsrc, CN=pkgsrc-security/emailAddress=pkgsrc-security%NetBSD.org@localhost
Validity
Not Before: Aug 22 16:50:00 2021 GMT
Not After : Aug 22 16:50:00 2022 GMT
Subject: C=US, ST=Delaware, O=The NetBSD Foundation, OU=pkgsrc, CN=TNF owned build machines
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b7:68:c0:63:00:9c:bb:9d:ea:9d:e8:7f:d7:a4:
ba:62:4d:34:fa:ea:7b:dc:eb:0a:d7:c2:ea:cf:e8:
51:7f:9a:64:14:b2:ba:fe:b9:6a:cd:2e:d0:d4:a7:
ca:a1:83:39:91:61:17:d8:74:51:58:ad:ec:29:93:
54:00:fc:29:b8:46:2c:d9:9f:47:2e:4c:37:60:f6:
0c:80:b9:39:80:98:d7:a6:7d:b6:25:58:ea:a4:7c:
b3:d9:ff:8c:29:1d:fa:d7:74:5a:d8:f3:f2:fa:c1:
8e:e8:b7:cd:00:bc:20:d7:67:d9:8a:af:6e:7b:b8:
ab:24:8a:9a:e8:06:54:1a:8a:2f:c2:28:5b:6f:9c:
7c:a6:4b:34:e2:bc:67:00:51:3b:43:64:d7:e4:32:
75:50:f9:64:b6:5f:ed:02:df:9a:68:a3:d9:67:61:
c7:b2:0c:9b:fb:04:49:88:ef:ad:8d:1c:3f:fa:1d:
41:0d:28:72:73:5d:dc:62:b3:5c:0c:f4:01:04:e6:
60:03:27:32:a5:c8:a5:6f:47:e8:4c:96:c9:c7:d0:
77:ff:e7:db:c0:64:79:ce:8e:6d:6b:d2:9a:80:e7:
56:d0:53:c1:cf:13:f9:58:94:04:11:7b:c7:e3:ae:
1e:27:92:66:05:b0:5a:9e:0a:eb:b4:30:1f:80:ee:
8a:c9:79:d9:f9:67:5b:1b:e3:cb:f1:17:f7:49:b2:
06:12:c6:e7:9a:cd:49:e6:73:9d:7c:bf:64:56:e0:
6e:76:8e:3d:59:e9:40:3d:5a:d6:5c:85:45:9b:b2:
bf:62:5a:31:44:23:cf:f4:79:62:34:68:61:e3:2f:
cb:d3:e9:f1:b1:dc:be:f9:1d:62:57:6c:ef:af:80:
19:e8:b7:24:26:93:e8:28:a7:d2:c2:49:1b:b3:98:
ad:23:9f:f1:30:8d:c8:de:76:1d:7d:a9:74:a0:f9:
74:6d:6d:b7:59:0e:96:27:55:cb:47:ba:d5:8f:4b:
59:05:9c:f2:0c:3b:c3:8b:05:c2:42:00:ed:5f:5c:
84:05:60:ce:c4:be:40:87:ac:1c:a3:4c:c3:75:62:
86:4f:10:ad:48:db:29:ac:65:21:70:c8:70:b9:de:
a2:af:c3:50:27:43:5d:05:5c:25:a7:e4:5d:a7:86:
0d:56:3e:f2:6b:b2:81:8e:b8:ea:0c:d6:5d:aa:8a:
91:d1:2a:cd:42:58:89:a6:45:a4:e3:66:92:70:48:
f7:3e:72:4a:bf:cf:9a:eb:d9:5c:bf:52:2d:20:68:
fb:9b:4c:60:94:67:fc:1a:f8:1d:c7:bc:d2:94:e3:
d1:f1:ba:99:5a:48:12:ca:31:02:78:16:44:ad:6a:
72:62:87
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Comment:
Certificate for binary pkgsrc packages
X509v3 Subject Key Identifier:
21:1C:39:E2:E0:87:ED:CB:38:57:E6:F7:24:1E:B9:87:BC:22:30:4D
X509v3 Authority Key Identifier:
DirName:/C=US/ST=Delaware/O=The NetBSD Foundation/OU=pkgsrc/CN=pkgsrc-security/emailAddress=pkgsrc-security%NetBSD.org@localhost
serial:00
X509v3 Subject Alternative Name:
email:pkgsrc-users%NetBSD.org@localhost
X509v3 Extended Key Usage:
Code Signing, E-mail Protection
Signature Algorithm: sha256WithRSAEncryption
28:ab:80:21:ce:53:29:5d:16:ed:a4:4f:b0:b4:a5:f7:af:f7:
13:d5:97:ef:ef:06:31:43:dc:b9:74:5d:cc:c7:97:5c:f0:1f:
6b:21:a3:ab:d8:4d:da:82:2c:7b:3c:ec:7f:ca:6b:09:df:b5:
62:56:9f:f4:4e:78:95:fb:14:bd:5e:ff:eb:1c:9e:db:2d:c0:
0c:2a:cf:5f:43:8d:07:59:33:40:46:0d:bb:df:3d:c7:8a:20:
1d:60:62:4f:05:c5:0e:34:1b:dd:1e:2a:4a:bb:9a:48:0f:20:
1f:99:92:c8:8a:51:05:b2:64:6b:bf:28:1a:a1:de:00:76:d5:
d9:62:a6:ea:44:4c:90:fe:c3:0b:5c:c6:63:f5:6f:e3:cd:a3:
1d:4a:b7:5a:a4:29:35:53:45:34:02:e2:59:be:96:b3:54:1a:
75:ad:f5:f4:2a:ae:be:b6:26:a6:a2:c4:7e:49:e4:42:01:0f:
77:2c:c7:78:6f:89:cf:03:f1:88:13:d6:5b:91:82:90:83:8a:
be:c1:f6:f7:62:ca:9b:33:11:8b:d4:c0:b9:68:60:a9:58:0b:
b8:15:a6:12:4e:b6:98:9e:36:06:d4:d5:70:c9:98:9c:7d:c3:
88:b4:9f:d0:13:85:9c:cf:dc:58:01:a4:b2:cc:d3:02:00:58:
e9:18:a0:3a:5d:d3:6b:1c:8d:bb:0e:14:0f:4e:b2:39:66:8f:
30:b5:39:17:59:19:35:3c:48:f1:a9:b8:4d:3f:fc:c8:43:f9:
61:d4:3a:d2:34:37:38:d0:c0:3f:c1:68:cb:32:67:e9:fd:4a:
a8:8f:f1:80:9a:98:6f:74:1b:5e:0b:59:6b:d0:9b:03:07:1e:
79:d4:1f:dd:0b:89:43:ce:2f:53:62:2c:a1:8e:25:aa:84:91:
3a:c3:c3:82:11:d9:d4:a3:b9:9d:d2:a2:71:e8:03:8c:46:84:
de:f7:2a:5f:0a:c6:e1:26:4e:2c:c3:d0:aa:e6:aa:c9:b1:b3:
8c:ee:a5:19:b2:99:c9:1b:89:91:4d:7e:06:f3:9f:e9:e0:39:
d0:42:67:57:da:b5:bf:06:5e:7f:fd:f5:df:43:d5:db:f1:78:
03:a6:cb:1c:35:c2:76:60:e6:dc:9e:1b:2c:4f:39:fb:23:4c:
70:36:89:52:fd:8c:8e:20:b8:f3:c6:f1:4e:5a:a5:54:7e:d2:
f2:1b:94:74:87:1d:29:6d:10:da:7d:0b:c6:41:fa:5b:39:31:
b0:ad:d4:ec:eb:22:7e:d1:31:69:96:26:0b:57:a7:70:e8:e5:
a4:d5:c3:96:b2:4b:7f:6a:a0:24:c7:ff:90:86:5f:ed:26:27:
d5:a9:5d:6a:d6:33:33:92
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 0 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Delaware, O=The NetBSD Foundation, OU=pkgsrc, CN=pkgsrc-security/emailAddress=pkgsrc-security%NetBSD.org@localhost
Validity
Not Before: Aug 22 16:45:55 2021 GMT
Not After : Aug 22 16:45:55 2022 GMT
Subject: C=US, ST=Delaware, O=The NetBSD Foundation, OU=pkgsrc, CN=pkgsrc-security/emailAddress=pkgsrc-security%NetBSD.org@localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:a6:78:0c:9a:84:96:0c:67:1b:17:b4:37:6c:e7:
f1:86:af:82:ae:68:da:9f:17:0d:eb:cf:16:e6:30:
c8:99:bc:88:a1:52:49:94:98:6b:18:65:50:95:b1:
de:ae:73:55:6f:12:f9:8b:41:8a:74:61:ab:56:a5:
11:1e:d4:f0:f0:23:7e:4d:ef:0c:87:e6:1e:dc:24:
3e:d2:ea:61:0b:34:3f:a2:2e:e8:83:40:a6:6f:4a:
15:74:98:62:d3:b6:cc:c1:72:be:70:2c:c6:e6:6f:
51:89:a1:7c:fd:26:f7:77:a4:29:ea:d5:1a:27:df:
be:93:15:d7:da:54:7c:02:53:6c:65:c3:1a:0d:1d:
91:f2:15:e2:df:ec:63:89:fb:b9:41:09:54:02:9a:
22:82:09:d7:2f:d1:50:36:ad:ad:b3:cb:c3:1b:2f:
27:ff:82:74:82:d3:07:4a:43:4f:77:65:9b:13:12:
bf:e8:f6:35:f2:d7:fd:b9:79:30:92:66:44:e0:e5:
ea:b5:40:36:e8:da:eb:55:fc:5a:2d:d2:cf:9a:53:
2c:97:d5:87:53:b5:1a:61:00:3a:88:19:b1:9b:c3:
78:d9:77:a5:19:c7:ef:40:f9:ff:99:36:61:f4:b5:
2c:5a:13:78:55:b5:67:e5:3f:d9:65:8c:44:7e:c1:
6e:73:1b:07:74:ea:2a:b9:d9:10:bd:64:c5:77:01:
b3:7c:b8:ee:1c:99:c5:6c:f1:1a:e9:51:80:fa:a1:
f3:57:0e:8f:3b:80:17:7a:c5:97:1d:1e:fe:5c:d6:
15:0c:91:e0:3c:b5:d1:e6:d5:55:1f:a1:e2:e7:74:
92:8c:75:de:78:8a:7a:a0:ec:4a:04:62:e6:78:ec:
bd:a9:83:ec:a5:b5:47:ef:48:2b:55:48:6d:2b:db:
17:cd:45:e7:d3:6d:7d:cf:ab:66:04:2b:c4:1d:97:
dc:7a:c9:c7:eb:4c:66:0e:13:bd:2b:41:ce:d2:65:
46:fe:43:48:1c:a4:00:33:e9:e0:15:13:b8:df:c9:
1f:cb:62:f2:a8:35:86:c9:e3:bc:ef:1b:c1:b1:1d:
6c:18:54:6f:23:f4:f1:78:bd:ad:c0:cf:03:68:aa:
7e:6b:5f:2b:f9:ff:73:e5:41:ff:e8:1c:9f:fd:83:
3e:1d:cf:27:92:48:c7:42:fc:f4:ed:a7:7d:41:8d:
df:6e:3b:2e:23:c1:ba:a7:10:bc:2d:d0:8b:4a:fb:
db:f7:1a:e4:25:5a:88:69:c9:b7:a2:23:4c:9f:59:
34:27:8d:e8:f3:ac:d5:5a:47:9c:81:fa:fb:47:af:
81:24:10:80:8b:fe:6c:09:d4:6e:26:8a:f4:45:98:
42:66:65
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
1a:cc:a2:97:96:8a:00:fe:7c:97:a7:b0:11:57:99:35:d9:2a:
8e:12:92:30:9d:a8:0f:b5:4e:38:24:1b:cb:64:87:ea:c3:6a:
2d:e5:01:d4:8a:25:b9:2d:20:28:ec:d7:71:a6:26:ff:d4:d8:
d9:b7:f0:16:c2:b0:c1:c8:f2:c3:db:7e:60:b5:14:c2:e7:47:
82:83:f2:8c:08:79:63:5a:9b:36:04:7e:d2:1e:f4:c0:94:6d:
5e:53:9c:cd:b6:ce:6a:fe:82:05:8b:3e:71:88:21:65:02:64:
e8:95:b8:05:3f:75:72:02:7d:f1:3c:1d:60:06:c6:67:4b:c2:
3e:78:5b:f2:fb:7e:92:47:2b:5d:9a:0f:cd:e9:fd:de:55:e6:
97:ba:20:b6:64:e7:57:28:59:30:c3:05:d0:1b:e5:bf:77:a3:
17:1d:c6:70:e1:a1:23:09:0a:bf:63:17:c9:0f:f1:21:3f:2d:
ff:7b:84:6f:db:96:18:d3:b4:50:c5:30:a3:ae:49:77:74:9c:
51:d2:d3:13:15:f0:c7:aa:c2:88:07:e7:c3:61:2f:ee:a3:ca:
2c:55:e2:ad:7d:f3:da:88:5e:87:70:a8:44:b3:7b:eb:27:7c:
57:b3:99:e6:93:05:a3:5c:06:cb:8a:40:ab:64:44:cf:20:d2:
a6:35:d4:27:f8:3e:83:e3:25:74:e4:c8:1f:ff:84:85:a5:52:
e0:dd:be:f9:ce:82:36:c0:85:2d:fa:c8:bc:e8:df:f1:a5:13:
2d:38:df:9f:c7:dd:2a:03:ae:c2:a7:b2:f9:d2:ff:04:41:f5:
cc:0b:1e:85:6f:34:a1:ca:d9:2a:76:46:0c:d2:55:69:2b:e3:
68:fe:29:ff:6d:c9:a9:a4:a3:33:38:86:e2:9f:81:18:77:ef:
6c:f1:85:ce:c6:42:b5:63:cd:85:15:bf:63:e8:bc:6d:f3:b9:
ad:ad:db:35:b3:b2:ab:8a:23:5f:a5:0a:cd:01:ab:df:e9:de:
98:ef:9b:49:cc:62:e9:e3:77:15:54:2c:68:3d:10:32:b7:ef:
a1:58:40:1a:f0:a7:d9:89:65:64:24:60:17:b3:3f:6d:b8:4f:
10:11:91:44:07:c3:9c:b4:a5:cd:23:94:32:d4:c2:b5:71:8a:
0f:a5:9d:3a:6c:34:ac:b6:5e:cc:54:70:3b:c1:40:27:c3:06:
10:59:7d:e0:fe:3e:96:20:e0:b3:58:de:9e:97:c4:22:c9:58:
e2:ce:96:51:9d:b5:23:8d:e7:ad:48:93:a2:8f:7b:b9:a7:b4:
02:67:c7:f5:4f:9e:24:b0:cd:c2:3c:e2:1b:c1:08:fe:50:17:
15:5c:04:7c:97:0d:ca:7e
-->8--
and these match CERTIFICATE_ANCHOR_PKGS (Not Before: Aug 22 16:50:00 2021 GMT)
and CERTIFICATE_CHAIN (Not Before: Aug 22 16:45:55 2021 GMT).
What am I missing?
Martin
Home |
Main Index |
Thread Index |
Old Index