From owner-freebsd-ports@FreeBSD.ORG Fri Oct 10 21:23:01 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6EFF1BA2 for ; Fri, 10 Oct 2014 21:23:01 +0000 (UTC) Received: from mail-la0-x22c.google.com (mail-la0-x22c.google.com [IPv6:2a00:1450:4010:c03::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EAA6A61C for ; Fri, 10 Oct 2014 21:23:00 +0000 (UTC) Received: by mail-la0-f44.google.com with SMTP id hs14so4033506lab.17 for ; Fri, 10 Oct 2014 14:22:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=Li2fhqtIKwUm4s34TdgWXLQMel+H2VWK7OQg//a4ShI=; b=h0AvHLhmgTJwCXIC20ZfHm/es48ozIEyCJTzORvBMl5z05U9fq7Lr8FsZt7wzBqf8l b2A/4Rr31eE3VyjdUGNYjgYmuRL4OvwKXOvcrpZBfkH3ltOURvm3uchx5z+k6bEUQYzm dOdScbayCKPb5vKcsAqnvD3yY8r7csA57JkJfY+Ub28fhzU2l6LNzgnD/YdhnOwx38OI 8jct47gFKtaYG2Lki8Dz9/ysX98/Tbjv2Vu+dpdc4ga8Uz53O/+VmpLKfJlE5sSXJKt1 AmkY0iCBrgn67RpY46GSSEUrlvN/yftgcx5WdsuqPsJfZhcUZWXBPKoZ/qhMP9YkaAed fhrw== X-Received: by 10.112.137.162 with SMTP id qj2mr7474691lbb.60.1412976178884; Fri, 10 Oct 2014 14:22:58 -0700 (PDT) MIME-Version: 1.0 Sender: royce.williams@gmail.com Received: by 10.112.171.73 with HTTP; Fri, 10 Oct 2014 14:22:38 -0700 (PDT) In-Reply-To: <1412970941.2397812.177601925.2135B6F5@webmail.messagingengine.com> References: <543817AA.8080305@gmx.de> <54381E16.9070609@FreeBSD.org> <1a8g3athvnun67c4kljhjtsjjlc30116j1@4ax.com> <543837CF.9070607@FreeBSD.org> <1412970941.2397812.177601925.2135B6F5@webmail.messagingengine.com> From: Royce Williams Date: Fri, 10 Oct 2014 13:22:38 -0800 X-Google-Sender-Auth: b0_DSJg_8IIC-cpQ5Y9QQriavRA Message-ID: Subject: Re: PKG not quite ready for prime time To: FreeBSD Mailing List Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Oct 2014 21:23:01 -0000 On Fri, Oct 10, 2014 at 11:55 AM, Mark Felder wrote: > > > On Fri, Oct 10, 2014, at 14:47, Bryan Drewery wrote: >> On 10/10/2014 1:12 PM, scratch65535@att.net wrote: >> > On Fri, 10 Oct 2014 12:57:42 -0500, Brian Drewery wrote: >> > >> >> find /usr/share/keys/pkg -exec sha256 {} + >> > >> > No such file >> >> That's your problem. You are missing the signature fingerprints to >> compare against. As such Pkg is refusing to do anything to prevent MITM >> attacks. >> >> You are missing this: >> https://www.freebsd.org/security/advisories/FreeBSD-EN-14:03.pkg.asc >> >> freebsd-update can provide it. > > Ahh, good point. This is better advice. Even if your system was > supposedly fully up to date freebsd-update would detect this is missing > and repair it as it was part of an SA. This is better advice than my > manual creation method :-) I'm glad that Mark managed to get an answer to this question. But could pkg be adapted to help uninitiated users to discover this for themselves on the spot? Royce