From owner-cvs-all Tue Feb 6 2:22:56 2001 Delivered-To: cvs-all@freebsd.org Received: from shale.csir.co.za (shale.csir.co.za [146.64.46.5]) by hub.freebsd.org (Postfix) with ESMTP id 5E8F037B401; Tue, 6 Feb 2001 02:22:12 -0800 (PST) Received: from C992631-A.pinol1.sfba.home.com (C992631-A.pinol1.sfba.home.com [24.12.58.155]) by shale.csir.co.za (8.9.3/8.9.3) with ESMTP id MAA64522; Tue, 6 Feb 2001 12:21:40 +0200 (SAT) (envelope-from reg@shale.csir.co.za) Received: (from reg@localhost) by C992631-A.pinol1.sfba.home.com (8.11.1/8.11.1) id f16AKxk86824; Tue, 6 Feb 2001 02:20:59 -0800 (PST) (envelope-from reg) Date: Tue, 6 Feb 2001 02:20:59 -0800 From: Jeremy Lea To: Wes Peters Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/pkg_install/sign Makefile README check.c common.c extern.h gzip.c gzip.h main.c pgp.h pgp_check.c pgp_sign.c pkg_sign.1 sha1.c sign.c stand.c stand.h x509.c Message-ID: <20010206022059.G8780@shale.csir.co.za> Mail-Followup-To: Jeremy Lea , Wes Peters , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org References: <200102060646.f166kgf65013@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102060646.f166kgf65013@freefall.freebsd.org>; from wes@FreeBSD.org on Mon, Feb 05, 2001 at 10:46:42PM -0800 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, On Mon, Feb 05, 2001 at 10:46:42PM -0800, Wes Peters wrote: > Add package signing utilities; somebody might actually want them. > These are not enabled in the pkg_install Makefile as of yet; > adding the "sign" directory to the SUBDIR list will enable > building of sign. I've been giving this problem some thought, and I think that this is implemented in the wrong place: In pkg_add we don't see the gzip'ed tarball - it's piped directly into tar. Also, if we change the packaging format, we have to change the means of signing. We have a packaging list, which contains MD5 checksums for all of our files (well not all in the current version, but all in my development version). The packaging list is not self referenced in the packaging list - since all packages must have one. Thus the packing list by its self is a certificate for the rest of the package - and we can use a standard text based signature, attached to the packaging list, as a verification of the entire package. This could be included as a seperate file (which would not be listed in the packaging list, or as a @comment at the end of the list. This way we would not have to play special tricks with the tarballs. We will still need a key management protocol for the package tools though. I'll take a look at this code and see what I can merge in with my development version of the pkg_* tools. Regards, -Jeremy -- FreeBSD - Because the best things in life are free... http://www.freebsd.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message