From owner-freebsd-ports@FreeBSD.ORG Tue Oct 8 06:23:22 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 03290C98 for ; Tue, 8 Oct 2013 06:23:22 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 99F99266C for ; Tue, 8 Oct 2013 06:23:21 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.7/8.14.7) with ESMTP id r986N6iB087295 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 8 Oct 2013 07:23:13 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk r986N6iB087295 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1381213394; bh=jhSycydaxi7tujbcGfwZUafZozKJ/UQn4VSE4R0aJo8=; h=Date:From:To:CC:Subject:References:In-Reply-To; z=Date:=20Tue,=2008=20Oct=202013=2007:22:57=20+0100|From:=20Matthew =20Seaman=20|To:=20mexas@bris.ac. uk|CC:=20freebsd-ports@freebsd.org|Subject:=20Re:=20pkg:=20explain =20PUBKEY|References:=20<201310072037.r97KbAYH054287@mech-cluster2 41.men.bris.ac.uk>|In-Reply-To:=20<201310072037.r97KbAYH054287@mec h-cluster241.men.bris.ac.uk>; b=jl5W6fmBAhJAm+sY/yN9wIsxh6rBUJCcLaJ3uEQvOmws7/MS7q9ZQxFkIHzUdjEVj fIoz48YC8ouRik5gTDlpV37v1Bvm7tJFFNKg7lVgoNJ2OPhK/YflaL/drv2kchNyZe xdgEl2UGd5IYw0XOWqPcs4FhzCKEBlhB5rRzKRkk= Message-ID: <5253A4C1.9020202@infracaninophile.co.uk> Date: Tue, 08 Oct 2013 07:22:57 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: mexas@bris.ac.uk Subject: Re: pkg: explain PUBKEY References: <201310072037.r97KbAYH054287@mech-cluster241.men.bris.ac.uk> In-Reply-To: <201310072037.r97KbAYH054287@mech-cluster241.men.bris.ac.uk> X-Enigmail-Version: 1.5.2 OpenPGP: id=E7F39EBF Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0tr2NAjOcNMEva5kTKje2euM2jHrJpiFD" X-Virus-Scanned: clamav-milter 0.97.8 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Cc: freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2013 06:23:22 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0tr2NAjOcNMEva5kTKje2euM2jHrJpiFD Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 07/10/2013 21:37, Anton Shterenlikht wrote: > The pkg.conf(5) man page only > says: >=20 > PUBKEY: string Specifies the location to the public R= SA key > used for signing the repository databa= se. > The default value for this file is > /etc/ssl/pkg.conf >=20 > I'm not clear which side creates this file: > the server which builds the packages? > Or the client that gets the packages > from the server? Or something else > altogether? This is an optional function. You can just leave the entry blank if you don't need to sign the packages. Otherwise, you can create an RSA keypair using the instructions shown in Glen's blog, and copy the pub key onto all your client machines. https://glenbarber.us/2012/06/11/Maintaining-Your-Own-pkgng-Repository.ht= ml I note that there are changes to the digital signing code coming with pkg-1.2 to support package signatures for 10.x Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matthew@infracaninophile.co.uk --0tr2NAjOcNMEva5kTKje2euM2jHrJpiFD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJSU6TKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATiK0P/3hdvK3eSApV9e+IPPTYqGDQ k8r6WE0RHUANJxJAtTajx6njakd0bBafY8BRa+xl1U4b0KylT5kUc6t0NvWy7hXC hcD0+1c7edLk7bxlqhbSSS4VEYM8L+rMq6AdyJaq/oUd2a1UfEXZfpvqrTfipXsz D7F12PdwN8TR67h3+N95DY1GLwMF1clKaARyKbZXKmeo2rRshinroVqqi/MsUFcR rY58oW3chDsVfI2xYYn+rCzPmpwAyD5OZ5WTFivRDcmB5UoX/vCFkiR0rnE3PRKc vlKvQLSG36L+wpMZwZq+T7eY+H8udmyysYlr8ZwjC3i+/pLxSUXakmde5f4K736e 4VM+i/GwotpWS10JNG1IY+6hfbLkPd5Vat7PMWCa4y4/2ls7Xmk26+zBRnMZmtO5 CN6AN2ACwORx/7GUV9tjTRPeFsum7oBeb458e9ac51fTUhX8r6Z7yKpG/7gOyo4V V119zEPCvQflrn5kG/go/duDixc0+Kfc7j9Jmd5ZNcmGPa6HKT07vTXUOVsVfvic GVNv5JWPdnb7fShcG1RTwnZ57qH5liG4Sckq2vdshQEOT5qC9loKY4E67i+amzaA yMua1jtJ8YuU5jEeNcdAmSNh7/affVczkvTMc2tQQFDHlahBIXrbx0g6c+B3sz8e QbWlAsd1QGSv7vimrQb3 =pM9p -----END PGP SIGNATURE----- --0tr2NAjOcNMEva5kTKje2euM2jHrJpiFD--