1 .\" $FreeBSD: src/usr.sbin/pkg_install/sign/pkg_sign.1,v 1.1.2.5 2002/06/21 16:42:20 charnier Exp $
2 .\" $DragonFly: src/usr.sbin/pkg_install/sign/Attic/pkg_sign.1,v 1.2 2003/06/17 04:29:59 dillon Exp $
3 .\" $OpenBSD: pkg_sign.1,v 1.6 2000/04/15 02:15:20 aaron Exp $
5 .\" Copyright (c) 1999 Marc Espie.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
10 .\" 1. Redistributions of source code must retain the above copyright
11 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
15 .\" 3. All advertising materials mentioning features or use of this software
16 .\" must display the following acknowledgement:
17 .\" This product includes software developed by Marc Espie for the OpenBSD
20 .\" THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS
21 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 .\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 .\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD
24 .\" PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 .\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 .\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 .Dd September 24, 1999
37 .Nd handle package signatures
53 utility embeds a cryptographic signature within a gzip file
66 it will always prompt you for a passphrase to unlock your private
67 pgp key, even if you don't use a passphrase (which is a bad idea, anyway).
74 which will be recorded as the name of the package, and printed as the
79 utility checks that cryptographic signature.
80 It currently disregards
82 and checks only the topmost signature.
86 and verifies that the result matches the list of checksums recorded in
87 .Pa /var/db/pkg/SHA1 .
93 can be used to force package signing or signature checking mode.
99 to use to sign the package or verify the signature can be forced with
104 the signing key or verification certificate may be
107 option. If not specified, packages are signed or verified with the
108 default keys and certificates documented below.
116 reads from the standard input.
118 Package signing uses a feature of the gzip format, namely that one can
121 in the gzip header and store extra data between the gzip header and the
122 compressed file proper.
125 signing scheme uses eight bytes markers such
129 + length for its signatures (those markers are conveniently
136 utilities return with an exit code >0 if anything went wrong for any
140 this usually indicates that the package is not signed, or that the
143 .It "File %s is already signed"
144 There is a signature embedded within the gzip file already.
147 utility currently does not handle multiple signatures.
148 .It "File %s is not a signed gzip file"
149 This is an unsigned package.
150 .It "File %s is not a gzip file"
151 The program couldn't find a proper gzip header.
152 .It "File %s contains an unknown extension"
153 The extended area of the gzip file has been used for an unknown purpose.
154 .It "File %s uses old signatures, no longer supported"
155 The gzip file uses a very early version of package signing that was
156 substantially slower.
160 is an ill-designed program, which is hard to interface with.
161 For instance, the `separate signing scheme' it pretends to offer is
162 useless, as it can't be used with pipes, so that
164 needs to kludge it by knowing the length of a pgp signature, and invoking
165 pgp in `seamless' signature mode, without compression of the main file,
166 and just retrieving the signature.
168 The checking scheme is little less convoluted, namely we rebuild the file
169 that pgp expects on the fly.
174 the checksum file are hard-coded to avoid tampering and hinder flexibility.
176 .Bl -tag -width "/usr/local/bin/pgp" -compact
178 Temporary file built by
182 .It Pa /usr/local/bin/pgp
185 .It Pa /var/db/pkgs/SHA1
187 .It Pa /etc/ssl/pkg.key
188 Default package signing key.
189 .It Pa /etc/ssl/pkg.crt
190 Default package verification certificate(s).
201 utility was created by
209 .An Wes Peters Aq wes@softweyr.com .