tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Call for tests: pkg_install-renovation

On Sun, 25 May 2008, Joerg Sonnenberger wrote:
To sign a package, use
pkg_admin sign-package pkg.tgz signed/pkg.tgz \
        .../private/cakey.pem .../newcerts/00.pem

cool... personally I'd expect that functionality in pkg_create instead of pkg_admin. maybe that can be moved?

The signature check is enabled by setting VERIFIED_INSTALLATION accordingly.

In the environment, I guess?
Can you tell how to do the verification "manually" (using openssl?)
for all our openssl-neophytes out there that don't want to install a package (or even run netbsd/pkgsrc) to check the signature?

in general, I'm fond if digital signatures now work on a better scale and are documented better than before - great work!

 - Hubert

Home | Main Index | Thread Index | Old Index