Webrev: http://cr.opensolaris.org/~bpytlik/ips-11611-v2/
Bugs: pkg(5) should have support for cryptographic manifest signatures https://defect.opensolaris.org/bz/show_bug.cgi?id=9196 pkg5 should provide for hash validation on manifests https://defect.opensolaris.org/bz/show_bug.cgi?id=11611 Besides incorporating the feedback provided in the first round of code review and a much more thorough test suite (and fixing the many bugs the improved testing discovered), the following changes have been made: A set of certificates as well as the script and openssl config file used to generate them have been added to the deliveries. Having the certificates used change on each invocation of the test suite would make debugging much more difficult. Instead, the certificates are delivered as part of the gate. As part of pkg5TestSuite.setUp, a subdirectory of the test root is created named "data." The contents of the data directory in src/tests gets copied into that subdir of test root. Publisher CA certs that a user adds manually are stored separately from those that a publisher names in its configuration. This should help prevent confusion when we get publisher metadata updates happening correctly. File publication now happens via a file/1 post rather than a separate depot operation. m2crypto has been packaged up and the other necessary packaging changes have been made. Management of publisher CA and intermediate certs has been moved from pkg.depotd to pkgrepo. The pkgsign tests now mostly use file repos and use the api object interface to test installs to make sure the correct exceptions are being raised. pkgsend has been changed to support pkgsend append. Thanks for taking a look, Brock _______________________________________________ security-discuss mailing list [email protected]
