[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/usr.bin/nbsvtool
On Tue, Jul 15, 2008 at 12:56:46AM +0200, Hubert Feyrer wrote:
> While there, this makes me wonder how verification of signatures via
> FTP/HTTP is intended. does pkg_add automatically download the .sp7 (==
> checksum?) file? How does nbsvtool integrate with pkg_add, at all?
pkg_add in HEAD supports only GPG and only for local packages.
pkg_add on pkg_install-renovation wraps the package with a signature
header. The signature itself is the same format as nbsvtool can handle.
So most of the description here would apply for pkg_admin and
pkg_install.conf(5) as well.
But this is not about pkg_add.
>> -a anchor-certificates A file containing one or more (concate-
>> nated) keys that are considered trusted.
> Details! What kind of files, where do they come from, how does one create
PEM format as written in the other mail. You obtain them through some
not yet specificed means or as part of the system installation --> this
is part of the non-existing policy.
> This also goes for all other files - at least giving a hint via a
> filename suffix may help a bit.
All files are expected to be PEM encoded. It is the default output used
for example by the CA.sh script.
> The EXAMPLES section sounds useful from the remote, but it needs more
> steps to get to a point where it can be used. Setup of the CA and
> whatever else needs to be done should be documented - not in this
> manpage, I guess, as other parts (postfix? ldap? httpd? ...?) may need
> the same knowledge. Put this into a common manpage, and reference it!
I don't think a man page is the right place to describe how to setup a
CA. /usr/share/examples/openssl/CA.sh can do most of that, but it is
> I don't get the difference here. Is it only the filename? Why use
> "verify-code" in one place, and "-u code verify" in the other place? And
> what is "code" anyways, in the latter example?
"code" is an attribute of the certificate used. The filename is the only
difference, otherwise the two samples are equivalent.
> That file seems to describe something similar as the manpage at hands,
> yet it also lacks the steps to setup the whole process (it seems to me).
No surprise as nbsvtool is supposed to make usage easier, e.g. by
providing only a restricted subset of openssl/smime.
Main Index |
Thread Index |