Both system installer and poudriere jails take images from
http://ftp.freebsd.org/pub/FreeBSD/releases/
But I can't see that there is a signature anywhere there that is
verified during the download.
For example, pkg(8) uses the key fingerprint
/usr/share/keys/pkg/trusted/pkg.freebsd.org.2013
On Wed, Jun 29, 2016 at 02:21:00PM -0700, Yuri wrote:
> Both system installer and poudriere jails take images from
> http://ftp.freebsd.org/pub/FreeBSD/releases/
>
> But I can't see that there is a signature anywhere there that is verified
> during the download.
>
> For example, pkg(8) uses the k
On 06/29/2016 14:32, Glen Barber wrote:
But you raise a good point, poudriere does not have a good way to
validate the base.txz unless it also unpacks bootonly.iso (or any of the
installer media) and compares the checksums.
The possible solution is that poudriere should supply a public key as
On Wed, Jun 29, 2016 at 02:46:26PM -0700, Yuri wrote:
> On 06/29/2016 14:32, Glen Barber wrote:
> >But you raise a good point, poudriere does not have a good way to
> >validate the base.txz unless it also unpacks bootonly.iso (or any of the
> >installer media) and compares the checksums.
>
>
> Th
On 06/29/2016 14:59, Glen Barber wrote:
If I understand what you mean correctly, that would imply poudriere is
responsible for the contents of base.txz, which it is not. I think the
better solution (if I understood correctly) is RE needs to PGP-sign the
releases/${TARGET}/${TARGET_ARCH}/X.Y-RELE
On Wed, Jun 29, 2016 at 03:22:33PM -0700, Yuri wrote:
> On 06/29/2016 14:59, Glen Barber wrote:
> >If I understand what you mean correctly, that would imply poudriere is
> >responsible for the contents of base.txz, which it is not. I think the
> >better solution (if I understood correctly) is RE n
On 6/29/2016 4:03 PM, Glen Barber wrote:
> On Wed, Jun 29, 2016 at 03:22:33PM -0700, Yuri wrote:
>> On 06/29/2016 14:59, Glen Barber wrote:
>>> If I understand what you mean correctly, that would imply poudriere is
>>> responsible for the contents of base.txz, which it is not. I think the
>>> bett
On Wed, Jun 29, 2016 at 04:38:05PM -0700, Bryan Drewery wrote:
> On 6/29/2016 4:03 PM, Glen Barber wrote:
> > On Wed, Jun 29, 2016 at 03:22:33PM -0700, Yuri wrote:
> >> On 06/29/2016 14:59, Glen Barber wrote:
> >>> If I understand what you mean correctly, that would imply poudriere is
> >>> respons
On Wed, Jun 29, 2016 at 11:46:45PM +, Glen Barber wrote:
> On Wed, Jun 29, 2016 at 04:38:05PM -0700, Bryan Drewery wrote:
> > On 6/29/2016 4:03 PM, Glen Barber wrote:
> > > On Wed, Jun 29, 2016 at 03:22:33PM -0700, Yuri wrote:
> > >> On 06/29/2016 14:59, Glen Barber wrote:
> > >>> If I understa
On 06/29/16 16:38, Bryan Drewery wrote:
> Around that time (January 2016), Colin Percival has been maintaining a
> copy of the MANIFESTS in ports-mgmt/poudriere as well.
For the record, I obtained these files by downloading the release ISOs,
verifying their hashes against the signed release announ
On Wed, Jun 29, 2016 at 04:50:55PM -0700, Colin Percival wrote:
> On 06/29/16 16:38, Bryan Drewery wrote:
> > Around that time (January 2016), Colin Percival has been maintaining a
> > copy of the MANIFESTS in ports-mgmt/poudriere as well.
>
> For the record, I obtained these files by downloading
11 matches
Mail list logo
