tweak documentation to match what's going on

3 files changed, 32 insertions, 19 deletions

diff --git a/usr.sbin/pkg_add/package.5 b/usr.sbin/pkg_add/package.5
index 1803bb4e67c..46d2bd6b73b 100644
--- a/usr.sbin/pkg_add/package.5
+++ b/usr.sbin/pkg_add/package.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: package.5,v 1.17 2014/01/05 10:29:16 espie Exp $
+.\"	$OpenBSD: package.5,v 1.18 2014/01/17 11:09:36 espie Exp $
 .\" Copyright (c) 2005-2006 Marc Espie <espie@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -12,7 +12,7 @@
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: January 5 2014 $
+.Dd $Mdocdate: January 17 2014 $
 .Dt PACKAGE 5
 .Os
 .Sh NAME
@@ -186,10 +186,9 @@ by
 .Xr pkg_add 1 .
 .Pp
 .It Cm @signer
-Internal annotation corresponding to
-.Xr pkg_create 1 Ns 's
-.Fl D Ar SIGNER
-option.
+Internal annotation necessary to identify packages signed with
+.Xr signify 1
+keys, as those keys don't carry any identity.
 .Pp
 .It Cm @wantlib Ar libspec
 Record a library requirement declared using the option
diff --git a/usr.sbin/pkg_add/pkg_add.1 b/usr.sbin/pkg_add/pkg_add.1
index 59f316e1849..ed33f2b4f34 100644
--- a/usr.sbin/pkg_add/pkg_add.1
+++ b/usr.sbin/pkg_add/pkg_add.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pkg_add.1,v 1.120 2014/01/11 18:34:20 espie Exp $
+.\"	$OpenBSD: pkg_add.1,v 1.121 2014/01/17 11:09:36 espie Exp $
 .\"
 .\" Documentation and design originally from FreeBSD. All the code has
 .\" been rewritten since. We keep the documentation's notice:
@@ -15,7 +15,7 @@
 .\" Jordan K. Hubbard
 .\"
 .\"
-.Dd $Mdocdate: January 11 2014 $
+.Dd $Mdocdate: January 17 2014 $
 .Dt PKG_ADD 1
 .Os
 .Sh NAME
@@ -298,10 +298,12 @@ external scripts may fail.
 list of trusted signers, separated by commas.
 Corresponds to list of public keys under
 .Pa /etc/signify
-we can trust.
-Defaults to official packages or firmwares matched to the current
-version as reported by
-.Xr uname 1 .
+we want to trust.
+Defaults to any key matching
+.Sq *pkg
+for packages, and any key matching
+.Sq *fw
+for firmwares.
 .It Ar updatedepends
 force update even if forward dependencies no longer match.
 .El
diff --git a/usr.sbin/pkg_add/pkg_create.1 b/usr.sbin/pkg_add/pkg_create.1
index 912fb2ac858..70c57f6b7a3 100644
--- a/usr.sbin/pkg_add/pkg_create.1
+++ b/usr.sbin/pkg_add/pkg_create.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pkg_create.1,v 1.93 2014/01/14 13:57:20 naddy Exp $
+.\"	$OpenBSD: pkg_create.1,v 1.94 2014/01/17 11:09:36 espie Exp $
 .\"
 .\" Documentation and design originally from FreeBSD. All the code has
 .\" been rewritten since. We keep the documentation's notice:
@@ -21,7 +21,7 @@
 .\" [jkh] Took John's changes back and made some additional extensions for
 .\" better integration with FreeBSD's new ports collection.
 .\"
-.Dd $Mdocdate: January 14 2014 $
+.Dd $Mdocdate: January 17 2014 $
 .Dt PKG_CREATE 1
 .Os
 .Sh NAME
@@ -49,12 +49,10 @@
 .Ek
 .Nm pkg_create
 .Op Fl s Ar signature-parameter
-.Op Fl D Ar SIGNER Ns = Ns Ar value
 .Fl f Ar packinglist
 .Nm pkg_create
 .Fl s Ar signature-parameter ...
 .Op Fl j Ar maxjobs
-.Op Fl D Ar SIGNER Ns = Ns Ar value
 .Op Fl o Ar dir
 .Op Fl S Ar source
 .Op Ar pkgfile ...
@@ -156,11 +154,18 @@ Strongly recommended, otherwise updates won't work.
 If defined, appended to the description.
 .It Ar MAINTAINER
 If defined, appended to the description.
+.It Ar resign
+Allows signing over already signed packages.
+Obviously, this checks the existing signature first,
+so the
+.Fl D Ar SIGNER
+and
+.Fl D Ar nosig
+apply with the same semantics as
+.Xr pkg_add 1 .
 .It Ar USE_GROFF
 Set to 1 to have groff format manpages behind the scenes during
 package creation.
-.It Ar SIGNER
-Specify a signer name, used for signing packages.
 .El
 .It Fl d No [-] Ns Ar desc
 Fetch long description for package from file
@@ -242,7 +247,7 @@ This can be any url admissible for a
 .Ev PKG_PATH ,
 so that it is possible to sign packages during a transfer, e.g.,
 .Bd -literal -offset indent
-pkg_create -s signify -s mykey -DSIGNER=me \e
+pkg_create -s signify -s mykey-pkg.sec \e
 	-o output -S scp://build-machine/packages/
 .Ed
 .It Xo
@@ -261,6 +266,13 @@ or X.509-style signatures.
 the path to the signer's certificate (X.509 only)
 .It Ar privkey
 the path to the signer's private key.
+For
+.Xr signify ,
+the private key name is used to set the
+.Cm \@signer
+annotation.
+If a corresponding public key is found, the first signatures will be
+checked for key mismatches.
 .El
 .Pp
 For X.509, the signer's certificate and the signer's private key