The behaviour of pkg_sign acts as if -i is always specified and won't
sign/resign a package if it exists in the output directory.
In OpenBSD/PkgSign.pm sign_existing_package $state->opt('i')
path is always taken. Does this come from some shared code
setting a default interactive level for pkg_add's different -i option?
$ pkg_info -v ./hexedit-1.2.12.tgz
...
@signer openbsd-60-pkg
@digital-signature
signify:2016-06-05T21:12:25Z:RWQHIajRlT2mX2Co5PKjLtNprvAe8NjNXbxUabL3ySmJfLzFxod5BlCn+RvTB2coDd41rJdPJ+Ob/AUQMeAmEFETgJIVpn5YhAo=
$ signify -Gn -p test-pkg.pub -s test-pkg.sec
$ doas cp test-pkg.pub /etc/signify/
$ pkg_sign -v -D resign -s signify -s test-pkg.sec ./hexedit-1.2.12.tgz
Signed ./hexedit-1.2.12.tgz: ok
$ pkg_info -v ./hexedit-1.2.12.tgz
..
@signer openbsd-60-pkg
@digital-signature
signify:2016-06-05T21:12:25Z:RWQHIajRlT2mX2Co5PKjLtNprvAe8NjNXbxUabL3ySmJfLzFxod5BlCn+RvTB2coDd41rJdPJ+Ob/AUQMeAmEFETgJIVpn5YhAo=
$ mkdir out
$ pkg_sign -v -o out -D resign -s signify -s test-pkg.sec ./hexedit-1.2.12.tgz
Resigning hexedit-1.2.12
Signed ./hexedit-1.2.12.tgz: ok
$ pkg_info -v ./out/hexedit-1.2.12.tgz
..
@signer test-pkg
@digital-signature
signify:2016-06-06T05:47:46Z:RWRwvf7+8LjZmCFrf65S/RhowUT4+QvgVnEHg4ztH6ZIEVWDVWjlGyd/SWvb1apmxcoaO+lNFm+83OhvvuGsTyEGC95pcA2PTgc=
$ zfgrep signer ./dtb-4.6.tgz
$
$ pkg_sign -v -s signify -s test-pkg.sec ./dtb-4.6.tgz
$ zfgrep signer ./dtb-4.6.tgz
$
