Date: Mon, 01 Jan 2001 09:19:03 -0700 From: Wes Peters <wes@softweyr.com> To: "Michael C . Wu" <keichii@peorth.iteration.net> Cc: bmah@freebsd.org, Will Andrews <will@physics.purdue.edu>, ports@FreeBSD.ORG, Robert Watson <rwatson@FreeBSD.ORG>, Warner Losh <imp@village.org>, Kris Kennaway <kris@FreeBSD.ORG> Subject: Re: Package signing tools Message-ID: <3A50ADF7.207F50E5@softweyr.com> References: <3A4ED1C0.14061CE5@softweyr.com> <20001231003920.A24519@peorth.iteration.net> <20001231014344.T305@argon.firepipe.net> <3A4EDE33.84C7072@softweyr.com> <20001231022101.A24801@peorth.iteration.net> <3A4F72F2.E273B8C9@softweyr.com> <20001231123327.A27808@peorth.iteration.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Michael C . Wu" wrote: > > On Sun, Dec 31, 2000 at 10:54:58AM -0700, Wes Peters scribbled: > | Oh, I see. What we really need is a PGP library, which I think GPG was > | supposed to provide someday. Having a non-GPL PGP library would sure be > | nice. > > Yes and yes > > I also think that we should have a default signing scheme. > Personally, I like X.509. It does not really matter which one, just pick > it yourself to avoid the bikeshed. X.509 has the added benefit of not requiring an external executable like PGP does. I'm astonished nobody has created a PGP library yet, so other programs could do PGP signing and verification without calling another program. > | It's major output is a "yes" or "no" answer. Keep in mind this only works > | on the .tgz file, not on the package after installed on the system. It > | would be simple to extend pkg_info or pkg_version to report if a .tgz has a > | signature and if so, if it matches, by the return value from pkg_check. I'm > | not certain the return values are maintained that carefully right now, but > | I'll look through the code and make it return 0 for "has signature, is > | verified", negative for "has signature, not verified" and positive for "no > | signature". Would that suffice? > > Yes, and we also need to modify 'pkg_version -c'. So that, instead of > compiling the ports, we can have 'pkg_version -c' fetch the packages > instead, along with verifying the signature of the .tgz's. > This way, the user can simply do "sh `pkg_version -c`", get the packages, > update his entire installation, and so forth via one command. Ah, yes. That should be simple enough to do, and transparent. If pkg_check doesn't exist, don't call it; if it does exist, call it and check the return value. As I wrote before, I'll need to audit the code to make sure pkg_check returns consistent values to signal "no signature", "has signature, didn't match", and "has signature, did match." -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A50ADF7.207F50E5>