On Tue, Oct 04, 2016 at 03:15:18PM +0200, Marc Espie wrote: > - the new scheme is slightly more unflexible with respect to unsigned > data: by default, every .tgz is piped thru signify -Zs, so > pkg_add/pkg_info/fw_update WON'T even see any data if it's not signed. > Error reporting is inadequate, to say the least. I'm working on fixing > that, but there is some code I do not like, so there is a great deal of > rewrite.
There was actually a trivial bug in some code, so that you should now get error reports that make sense, though slightly verbose. At the very least, you will now get 'unsigned packages' messages on localhost. I've also trimmed ftp/signify interactions a bit. > - I'm working on ways to mix unsigned and signed packages in a sane way. > I've added TRUSTED_PKG_PATH, and I will have a mechanism that says > some sources are safe (/usr/ports/packages/%a/all, for instance). > This is unnecessary if you only install official binary stuff, but it is > necessary for development or for people who really want to tinker with > their machines. /usr/ports/packages/%a/all is surprisingly difficult to normalize every time (File::Spec->abs2rel tends to yield the "wrong" location for me thx to /usr/ports being a symlink), so this is likely not to happen.
