Date: Mon, 01 Jan 2001 09:19:03 -0700 From: Wes Peters <wes@softweyr.com> To: "Michael C . Wu" <keichii@peorth.iteration.net> Cc: bmah@freebsd.org, Will Andrews <will@physics.purdue.edu>, ports@FreeBSD.ORG, Robert Watson <rwatson@FreeBSD.ORG>, Warner Losh <imp@village.org>, Kris Kennaway <kris@FreeBSD.ORG> Subject: Re: Package signing tools Message-ID: <3A50ADF7.207F50E5@softweyr.com> References: <3A4ED1C0.14061CE5@softweyr.com> <20001231003920.A24519@peorth.iteration.net> <20001231014344.T305@argon.firepipe.net> <3A4EDE33.84C7072@softweyr.com> <20001231022101.A24801@peorth.iteration.net> <3A4F72F2.E273B8C9@softweyr.com> <20001231123327.A27808@peorth.iteration.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Michael C . Wu" wrote:
>
> On Sun, Dec 31, 2000 at 10:54:58AM -0700, Wes Peters scribbled:
> | Oh, I see. What we really need is a PGP library, which I think GPG was
> | supposed to provide someday. Having a non-GPL PGP library would sure be
> | nice.
>
> Yes and yes
>
> I also think that we should have a default signing scheme.
> Personally, I like X.509. It does not really matter which one, just pick
> it yourself to avoid the bikeshed.
X.509 has the added benefit of not requiring an external executable like
PGP does. I'm astonished nobody has created a PGP library yet, so other
programs could do PGP signing and verification without calling another
program.
> | It's major output is a "yes" or "no" answer. Keep in mind this only works
> | on the .tgz file, not on the package after installed on the system. It
> | would be simple to extend pkg_info or pkg_version to report if a .tgz has a
> | signature and if so, if it matches, by the return value from pkg_check. I'm
> | not certain the return values are maintained that carefully right now, but
> | I'll look through the code and make it return 0 for "has signature, is
> | verified", negative for "has signature, not verified" and positive for "no
> | signature". Would that suffice?
>
> Yes, and we also need to modify 'pkg_version -c'. So that, instead of
> compiling the ports, we can have 'pkg_version -c' fetch the packages
> instead, along with verifying the signature of the .tgz's.
> This way, the user can simply do "sh `pkg_version -c`", get the packages,
> update his entire installation, and so forth via one command.
Ah, yes. That should be simple enough to do, and transparent. If pkg_check
doesn't exist, don't call it; if it does exist, call it and check the return
value.
As I wrote before, I'll need to audit the code to make sure pkg_check returns
consistent values to signal "no signature", "has signature, didn't match", and
"has signature, did match."
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A50ADF7.207F50E5>