From owner-freebsd-ports@FreeBSD.ORG  Fri Apr 25 19:03:11 2014
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C447A68D
 for <freebsd-ports@freebsd.org>; Fri, 25 Apr 2014 19:03:11 +0000 (UTC)
Received: from kaywinnit.conundrum.com (smtp.conundrum.com
 [IPv6:2001:4900:1:213::2:20])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A191B1A44
 for <freebsd-ports@freebsd.org>; Fri, 25 Apr 2014 19:03:11 +0000 (UTC)
Received: from tor-gateway.afilias.info ([199.15.87.4] helo=[10.10.66.12])
 by kaywinnit.conundrum.com with esmtpsa (TLSv1:AES128-SHA:128)
 (Exim 4.82 (FreeBSD)) (envelope-from <matt@conundrum.com>)
 id 1WdlOv-000GEL-FU; Fri, 25 Apr 2014 19:03:09 +0000
From: Matthew Pounsett <matt@conundrum.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Date: Fri, 25 Apr 2014 15:03:05 -0400
Subject: Setting up SIGNATURE_TYPE: PUBKEY in a custom repository
To: freebsd-ports@freebsd.org
Message-Id: <212C2827-685B-4144-A40C-BF29E5AC1068@conundrum.com>
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
X-Mailer: Apple Mail (2.1874)
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2014 19:03:11 -0000


I=92m setting up a local package repository using PGP signatures for =
verification.  The man page for pkg.conf says that the option =93PUBKEY=94=
 (for setting the path to the public key) is deprecated, but fails to =
mention what the new method for managing this is.   I=92ve tried =
googling about this, but all I find is people still having problems with =
PACKAGESITE in the default pkg.conf (still think it=92s amusing that pkg =
installs a default config file it can=92t use).

pkg seems to accept SIGNATURE_TYPE: PUBKEY, and a PUBKEY path, but it is =
not actually doing any signature verification.  I can test this by =
deleting the public key from the client machine where this config =
resides, and pkg produces no errors.

Can anyone point me to real (current) documentation for setting this up?

Thanks!=