Date: Fri, 10 Oct 2014 13:22:38 -0800 From: Royce Williams <royce@tycho.org> To: FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: PKG not quite ready for prime time Message-ID: <CA%2BE3k92OxJUFHsEMWJw=c6LA1nXTNgsBmCwL%2Bjn1QgA9QEyTSQ@mail.gmail.com> In-Reply-To: <1412970941.2397812.177601925.2135B6F5@webmail.messagingengine.com> References: <sl4g3adpms8lkd2rr38n3666et8eptsp9i@4ax.com> <543817AA.8080305@gmx.de> <he6g3apojoln19fd9d8gr2rs0koq3a6940@4ax.com> <54381E16.9070609@FreeBSD.org> <1a8g3athvnun67c4kljhjtsjjlc30116j1@4ax.com> <543837CF.9070607@FreeBSD.org> <1412970941.2397812.177601925.2135B6F5@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 10, 2014 at 11:55 AM, Mark Felder <feld@freebsd.org> wrote:
>
>
> On Fri, Oct 10, 2014, at 14:47, Bryan Drewery wrote:
>> On 10/10/2014 1:12 PM, scratch65535@att.net wrote:
>> > On Fri, 10 Oct 2014 12:57:42 -0500, Brian Drewery wrote:
>> >
>> >> find /usr/share/keys/pkg -exec sha256 {} +
>> >
>> > No such file
>>
>> That's your problem. You are missing the signature fingerprints to
>> compare against. As such Pkg is refusing to do anything to prevent MITM
>> attacks.
>>
>> You are missing this:
>> https://www.freebsd.org/security/advisories/FreeBSD-EN-14:03.pkg.asc
>>
>> freebsd-update can provide it.
>
> Ahh, good point. This is better advice. Even if your system was
> supposedly fully up to date freebsd-update would detect this is missing
> and repair it as it was part of an SA. This is better advice than my
> manual creation method :-)
I'm glad that Mark managed to get an answer to this question.
But could pkg be adapted to help uninitiated users to discover this
for themselves on the spot?
Royce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BE3k92OxJUFHsEMWJw=c6LA1nXTNgsBmCwL%2Bjn1QgA9QEyTSQ>