Synch with current development:

* signatures no longer deal with zcat. Instead, we sign the gzip file
itself (stripped of the signature part of the header, of course). Thanks
Angelos.  Niels seems to think passing the header itself to sign is not
a problem, even though no-one cares about checking it ?
* gzip header handling revamped: can write to memory. Will eliminate some
pipes later on. Can stack signatures.
* taken out specific signature schemes (e.g., pgp and sha1).  Code is now
signature scheme independent, mostly, and writes with client data from
memory, e.g., check.c can invoke several checks in parallel without needing
to fork.
* need the full set of popen-like functionalities (keep track of opened
file descriptors to avoid passing them down to children)
* remove simple_check.c, functionality absorbed elsewhere.

To do:
* re-check message output and what to do with unsigned/unchecked/verified
packages,
* check pkg_add implementation and remove extra-pipe in asynchronous
checking,
* control over what to do when several signatures are stacked... Simple
way would be to disable that for now (possibility for release)
* get the code through a linter again.

1 files changed, 2 insertions, 2 deletions

diff --git a/usr.sbin/pkg_install/sign/INSTALL b/usr.sbin/pkg_install/sign/INSTALL
index 1577272fc8c..bc0a530fcee 100644
--- a/usr.sbin/pkg_install/sign/INSTALL
+++ b/usr.sbin/pkg_install/sign/INSTALL
@@ -4,8 +4,8 @@ Normally, `make' should be enough to build these tools.
 A simpler version can be built by using `make check_sign' 
 (does not depend on the existence of getpass())
 
-You should define PGP and GZCAT in the Makefile if the defaults
-(/usr/local/bin/pgp and /usr/bin/gzcat) don't apply.
+You should define PGP in the Makefile if the default
+(/usr/local/bin/pgp) doesn't apply.
 
 There is no install target, just copy pkg_sign and/or check_sign where
 you want, along with the manpage.