On Mon, Jun 06, 2016 at 04:14:12PM +1000, Jonathan Gray wrote: > The behaviour of pkg_sign acts as if -i is always specified and won't > sign/resign a package if it exists in the output directory. > > In OpenBSD/PkgSign.pm sign_existing_package $state->opt('i') > path is always taken. Does this come from some shared code > setting a default interactive level for pkg_add's different -i option? > > $ pkg_info -v ./hexedit-1.2.12.tgz > ... > @signer openbsd-60-pkg > @digital-signature > signify:2016-06-05T21:12:25Z:RWQHIajRlT2mX2Co5PKjLtNprvAe8NjNXbxUabL3ySmJfLzFxod5BlCn+RvTB2coDd41rJdPJ+Ob/AUQMeAmEFETgJIVpn5YhAo= > > $ signify -Gn -p test-pkg.pub -s test-pkg.sec > $ doas cp test-pkg.pub /etc/signify/ > > $ pkg_sign -v -D resign -s signify -s test-pkg.sec ./hexedit-1.2.12.tgz > Signed ./hexedit-1.2.12.tgz: ok > $ pkg_info -v ./hexedit-1.2.12.tgz > .. > @signer openbsd-60-pkg > @digital-signature > signify:2016-06-05T21:12:25Z:RWQHIajRlT2mX2Co5PKjLtNprvAe8NjNXbxUabL3ySmJfLzFxod5BlCn+RvTB2coDd41rJdPJ+Ob/AUQMeAmEFETgJIVpn5YhAo= > > $ mkdir out > $ pkg_sign -v -o out -D resign -s signify -s test-pkg.sec ./hexedit-1.2.12.tgz > Resigning hexedit-1.2.12 > Signed ./hexedit-1.2.12.tgz: ok > $ pkg_info -v ./out/hexedit-1.2.12.tgz > .. > @signer test-pkg > @digital-signature > signify:2016-06-06T05:47:46Z:RWRwvf7+8LjZmCFrf65S/RhowUT4+QvgVnEHg4ztH6ZIEVWDVWjlGyd/SWvb1apmxcoaO+lNFm+83OhvvuGsTyEGC95pcA2PTgc= > > $ zfgrep signer ./dtb-4.6.tgz > $ > $ pkg_sign -v -s signify -s test-pkg.sec ./dtb-4.6.tgz > $ zfgrep signer ./dtb-4.6.tgz > $
Yep, definitely inherited that when -i became the default in pkg_add I'm afraid... gonna see to it.