Some tests. I do not have the colors package installed, so I'm fetching it via http. The good news pkg_info checks the signature. The bad news is the messages are confusing and user hostile.
First, what happens when the key is missing? $ pkg_info colorls Can't find key /etc/signify/openbsd-59-pkg.pub for signer /etc/signify/openbsd-59-pkg.pub Fatal error: colorls-5.9 is corrupted at /usr/libdata/perl5/OpenBSD/PkgInfo.pm line 387. The first error makes sense, the second does not. The package is not corrupted. This error may also appear if I'm trying to install a package from a third party. Next, I restored the pubkey, but modified it so the signature wouldn't match. $ pkg_info colorls signify: signature verification failed system(/usr/bin/signify, -V, -q, -p, /etc/signify/openbsd-59-pkg.pub, -e, -x, -, -m, /dev/null) failed: exit(1) Can't locate object method "log" via package "OpenBSD::PkgInfo::State" at /usr/libdata/perl5/OpenBSD/signify.pm line 109. The stderr message from signify is helpful, but unintentional I think, but then come the perl messages that aren't helpful.
