summaryrefslogtreecommitdiff
path: root/usr.sbin/pkg_install/sign/pkg_sign.1
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/pkg_install/sign/pkg_sign.1')
-rw-r--r--usr.sbin/pkg_install/sign/pkg_sign.173
1 files changed, 50 insertions, 23 deletions
diff --git a/usr.sbin/pkg_install/sign/pkg_sign.1 b/usr.sbin/pkg_install/sign/pkg_sign.1
index 2f46b9ca094..a3b19eae961 100644
--- a/usr.sbin/pkg_install/sign/pkg_sign.1
+++ b/usr.sbin/pkg_install/sign/pkg_sign.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pkg_sign.1,v 1.1 1999/09/27 21:40:04 espie Exp $
+.\" $OpenBSD: pkg_sign.1,v 1.2 1999/10/04 21:46:29 espie Exp $
.\" Copyright (c) 1999 Marc Espie.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -36,28 +36,44 @@
.Sh SYNOPSIS
.Nm pkg_sign
.Op Fl sc
-.Op Fl u Ar userid
+.Op Fl t Ar type
+.Op Fl u Ar id
.Op Ar
.Nm pkg_check
.Op Fl sc
-.Op Fl u Ar userid
+.Op Fl u Ar id
.Op Ar
.Sh DESCRIPTION
.Nm pkg_sign
-embeds a cryptographic signature (currently PGP) within a gzip file
+embeds a cryptographic signature within a gzip file
.Ar file .
-It will always prompt you for a passphrase to unlock your private pgp key,
-even if you don't use a passphrase (which is a bad idea, anyway).
-.Nm pkg_check
-cheks that cryptographic signature.
+.Ar type
+can be
+.Li pgp
+(default) or
+.Li
+sha1 .
+If
+.Ar type
+is
+.Li pgp ,
+it will always prompt you for a passphrase to unlock your private
+pgp key, even if you don't use a passphrase (which is a bad idea, anyway).
+If
+.Ar type
+is
+.Li sha1 ,
+you must supply an
+.Ar id,
+which will be recorded as the name of the package, and printed as the
+SHA1 checksum.
.Pp
-This uses a feature of the gzip format, namely that one can set a flag
-.Dv EXTRA_FIELD
-in the gzip header and store extra data between the gzip header and the
-compressed file proper.
-The OpenBSD signing scheme uses `SigPGP\\0\\xa8'
-as a magic number for its signature (this marker is conveniently 8 bytes
-long, and the `\\0\\xa8' is the length of the pgp signature proper).
+.Nm pkg_check
+checks that cryptographic signature. It currently disregards
+.Ar type
+and checks only the topmost signature. For sha1, it checksums the file
+and verifies that the result matches the list of checksums recorded in
+.Pa /var/db/pkg/SHA1 .
.Pp
Options
.Fl s
@@ -65,8 +81,8 @@ and
.Fl c
can be used to force package signing or signature checking mode.
.Pp
-The
-.Ar userid
+For pgp, the
+.Ar id
to use to sign the package or verify the signature can be forced with
.Fl u .
.Pp
@@ -77,6 +93,15 @@ is a single dash
or absent,
.Nm check_sign
reads from the standard input.
+.Pp
+Package signing uses a feature of the gzip format, namely that one can
+set a flag
+.Dv EXTRA_FIELD
+in the gzip header and store extra data between the gzip header and the
+compressed file proper.
+The OpenBSD signing scheme uses eight bytes markers such `SIGPGP' \+ length
+or `CKSHA1' \+ length for its signatures (those markers are conveniently
+eight bytes long).
.Sh RESULTS
.Nm pkg_sign
and
@@ -99,6 +124,9 @@ This is an unsigned package.
The program couldn't find a proper gzip header.
.It "File %s contains an unknown extension"
The extended area of the gzip file has been used for an unknown purpose.
+.It "File %s uses old signatures, no longer supported"
+The gzip file uses a very early version of package signing that was
+substantially slower.
.El
.Sh BUGS
.Xr pgp 1
@@ -116,8 +144,7 @@ that pgp expects on the fly.
Paths to
.Nm pgp
and
-.Nm gzcat
-are hard-coded to avoid tampering and hinder flexibility.
+the checksum file are hard-coded to avoid tampering and hinder flexibility.
.Sh FILES
.Bl -tag -width "/usr/local/bin/pgp" -compact
.It Pa file.sign
@@ -128,11 +155,11 @@ from
.It Pa /usr/local/bin/pgp
Default path to
.Xr pgp 1 .
-.It Pa /usr/bin/gzcat
-Default path to
-.Xr gzcat 1 .
+.It Pa /var/db/pkgs/SHA1
+Recorded checksums.
.El
.Sh SEE ALSO
+.Xr gzip 1 ,
.Xr pgp 1 ,
.Xr pkg_add 1 ,
-.Xr gzip 1
+.Xr sha1 1