On Mon, Jun 06, 2016 at 04:14:12PM +1000, Jonathan Gray wrote:
> The behaviour of pkg_sign acts as if -i is always specified and won't
> sign/resign a package if it exists in the output directory.
>
> In OpenBSD/PkgSign.pm sign_existing_package $state->opt('i')
> path is always taken. Does this come from some shared code
> setting a default interactive level for pkg_add's different -i option?
>
> $ pkg_info -v ./hexedit-1.2.12.tgz
> ...
> @signer openbsd-60-pkg
> @digital-signature
> signify:2016-06-05T21:12:25Z:RWQHIajRlT2mX2Co5PKjLtNprvAe8NjNXbxUabL3ySmJfLzFxod5BlCn+RvTB2coDd41rJdPJ+Ob/AUQMeAmEFETgJIVpn5YhAo=
>
> $ signify -Gn -p test-pkg.pub -s test-pkg.sec
> $ doas cp test-pkg.pub /etc/signify/
>
> $ pkg_sign -v -D resign -s signify -s test-pkg.sec ./hexedit-1.2.12.tgz
> Signed ./hexedit-1.2.12.tgz: ok
> $ pkg_info -v ./hexedit-1.2.12.tgz
> ..
> @signer openbsd-60-pkg
> @digital-signature
> signify:2016-06-05T21:12:25Z:RWQHIajRlT2mX2Co5PKjLtNprvAe8NjNXbxUabL3ySmJfLzFxod5BlCn+RvTB2coDd41rJdPJ+Ob/AUQMeAmEFETgJIVpn5YhAo=
>
> $ mkdir out
> $ pkg_sign -v -o out -D resign -s signify -s test-pkg.sec ./hexedit-1.2.12.tgz
> Resigning hexedit-1.2.12
> Signed ./hexedit-1.2.12.tgz: ok
> $ pkg_info -v ./out/hexedit-1.2.12.tgz
> ..
> @signer test-pkg
> @digital-signature
> signify:2016-06-06T05:47:46Z:RWRwvf7+8LjZmCFrf65S/RhowUT4+QvgVnEHg4ztH6ZIEVWDVWjlGyd/SWvb1apmxcoaO+lNFm+83OhvvuGsTyEGC95pcA2PTgc=
>
> $ zfgrep signer ./dtb-4.6.tgz
> $
> $ pkg_sign -v -s signify -s test-pkg.sec ./dtb-4.6.tgz
> $ zfgrep signer ./dtb-4.6.tgz
> $
Yep, definitely inherited that when -i became the default in pkg_add
I'm afraid...
gonna see to it.
