Hello freebsd-ports@, I'm trying to build and maintain my own package repository and understand how everything is put together in the process. Right now, I'm having trouble understanding how the signatures are made and verified. The following should illustrate both the problem I'm having and how I think things are supposed to work.
My environment
--------------
# pkg -v
1.2.6
# openssl version
OpenSSL 0.9.8y 5 Feb 2013
# uname -a
FreeBSD XXXX.saltant.net 9.2-STABLE FreeBSD 9.2-STABLE #1 r260112: Mon
Dec 30 18:26:07 EST 2013
r...@xxxx.saltant.net:/usr/obj/usr/src/sys/NARB amd64
Build a package
---------------
# cd /usr/ports/devel/pkgconf
# make PACKAGES=/tmp/packages package
[...]
===> Building package for pkgconf-0.9.4
# ls -lR /tmp/packages
total 4
drwxr-xr-x 2 root wheel 512 Feb 8 18:32 All
/tmp/packages/All:
total 24
-rw-r--r-- 1 root wheel 23488 Feb 8 18:32 pkgconf-0.9.4.txz
Prepare the keys
----------------
# cd /tmp/keys
# openssl genrsa -out repo.key 2048
Generating RSA private key, 2048 bit long modulus
....+++
...............................................................+++
e is 65537 (0x10001)
# openssl rsa -in repo.key -pubout repo.pub
writing RSA key
Generate the repo
-----------------
# pkg repo /tmp/packages /tmp/keys/repo.key
Generating repository catalog in /tmp/packages: done!
Testing the signature
---------------------
# cd /tmp/test
# tar xf /tmp/packages/digests.txz
# openssl dgst -verify /tmp/keys/repo.pub \
-signature signature -sha256 digests
Verification Failure
Making and testing a new signature
----------------------------------
# openssl dgst -sign /tmp/repo.key -sha256 -binary digests > test_sig
# openssl dgst -verify /tmp/keys/repo.pub \
-signature test_sig -sha256 digests
Verified OK
I would be grateful if somebody could point me in the right direction,
or disabuse me of some obvious misconception.
Regards,
John
signature.asc
Description: OpenPGP digital signature
