initial implementation of package signatures, based on x509 certificates and

smime detached signatures.

1 files changed, 20 insertions, 2 deletions

diff --git a/usr.sbin/pkg_add/package.5 b/usr.sbin/pkg_add/package.5
index 09ff2be3858..9db2c72fd43 100644
--- a/usr.sbin/pkg_add/package.5
+++ b/usr.sbin/pkg_add/package.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: package.5,v 1.7 2008/12/14 10:56:51 jmc Exp $
+.\"	$OpenBSD: package.5,v 1.8 2009/04/14 17:53:58 espie Exp $
 .\" Copyright (c) 2005-2006 Marc Espie <espie@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -12,7 +12,7 @@
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: December 14 2008 $
+.Dd $Mdocdate: April 14 2009 $
 .Dt PACKAGE 5
 .Os
 .Sh NAME
@@ -84,6 +84,24 @@ and long link names with
 .Pa LongLink#n .
 The packing-list will hold the real file names, and the package tools
 will reconstitute the correct names behind the scenes.
+.Sh PACKAGE SIGNATURES
+All information within a package is checksummed, using SHA256 since
+.Ox 4.4 .
+During creation and creation, meta-information, such as file owners and
+permissions, are also checked: any important stuff that isn't recorded 
+in the packing-list is an error.
+.Pp
+Packing-lists can be signed. If a signature is found, then it will be checked
+during installation, and failure to verify will prevent the package from
+installing correctly.
+Currently, only x509-style signatures are supported. 
+They rely on a certificate authority file being present as
+.Pa /etc/ssl/pkgca.pem
+and all signatures will be checked against it.
+Once the packing-list signature is checked, all individual packing elements
+will be checksummed, resulting in a
+.Sq just-in-time
+signature checking.
 .Sh FAT PACKAGES DESCRIPTION
 The
 .Xr pkg_merge 1