Handle updates and pkg_sign question

Fri, 17 Mar 2017 05:22:44 -0700 

Hi,

I managed to create proper packages using "pkg_create" for two versions
of "mypkg". Now I'm trying to handle upgrades and signatures.

Although I'm setting the "FULLPKGPATH" options, upgrades are not handled
cleanly:

----
sudo pkg_add -D unsigned -Uvv -i mypkg-3.99.2228-obsd6.tgz
Update candidates: quirks-2.241 -> quirks-2.241
quirks-2.241 signed on 2016-07-26T16:56:10Z
No change in quirks-2.241
parsing mypkg-3.99.2228-obsd6
Skipping mypkg-3.0.1865-obsd6 (update candidate for
mypkg-3.0.1865-obsd6)
        mypkg-3.0.1865-obsd6 pkgpaths:
        mypkg-3.0.1865-obsd6 pkgpaths:
Skipping mypkg-3.99.2228-obsd6 (update candidate for
mypkg-3.0.1865-obsd6)
        mypkg-3.0.1865-obsd6 pkgpaths:
        mypkg-3.99.2228-obsd6 pkgpaths:
No need to update mypkg-3.0.1865-obsd6
[mypkg-3.0.1865-obsd6]mypkg-3.99.2228-obsd6: internal conflict between
mypkg-3.99.2228-obsd6 and mypkg-3.0.1865-obsd6
----

How does "pkg_add" handle updates? The creation of the package is made
using the following command:

----
pkg_create -A $arch \
           -d $pkg_desc \
           -f $pkg_list \
           -B $base \
           -p $prefix \
           -D COMMENT="$comment" -D MAINTAINER="$maintainer" -D
           FULLPKGPATH=$prefix \
           "nxlog-$version-$osrel.tgz"
----

Note that prefix is "/opt/mypkg" in my case. I thought that setting  "
FULLPKGPATH=" pkg_add will handle updates based on version numbers
alone. I don't use any "conflict" keywords.

I'm trying to use signify to distribute packages as safely as possible.
First off, thanks to Ted for signify, it's very easy to work with.

Apart from creating and signings SHA files I'd like to know why OpenBSD
complains with "Couldn't check signature" since the pub key is under
"/etc/signify/" ?

----
$ pkg_sign -s signify -s mypkg-signify.key -o signed/ -S packages/

$ pkg_info -d signed/mypkg-3.99.2228-obsd6.tgz
 Package signed by untrusted party mypkg-signify.key
 Fatal error: Couldn't check signature for mypkg-3.99.2228-obsd6.tgz
  at /usr/libdata/perl5/OpenBSD/PkgInfo.pm line 397.

$ ls -l /etc/signify/mypkg-signify.key.pub
 -rw-r--r--  1 root  wheel  109 Mar 17 12:52
 /etc/signify/mypkg-signify.key.pub
----

Same errors come up with -C and -S of course.

Thanks!

--
Panagiotis (atmosx) Atmatzidis

email:  a...@convalesco.org
URL:    http://www.convalesco.org
GnuPG ID: 0x1A7BFEC5
gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5

"Everyone thinks of changing the world, but no one thinks of changing
himself.” - Leo Tolstoy

Reply via email to