On 2014-05-14, Stuart Henderson <s...@spacehopper.org> wrote: > On 2014-05-14, Stuart Henderson <s...@spacehopper.org> wrote: >> On 2014-05-14, Marc Espie <es...@nerim.net> wrote: >>> On Tue, May 13, 2014 at 06:42:53PM +0000, Alexej wrote: >>>> Greetings gentlemen, >>>> >>>> Downloaded and installed install55.iso, SHA256 was verified successfuly. >>>> >>>> Downloaded firefox-26.0p1.tgz from Canada (Alberta) mirror site along with >>>> SHA256 files. >>>> >>>> /pub/OpenBSD/5.5/packages/amd64/SHA256 >>>> /pub/OpenBSD/5.5/packages/amd64/SHA256.sig >>>> /pub/OpenBSD/5.5/packages/amd64/firefox-26.0p1.tgz >>>> >>>> Then performed a check and got a result: >>>> >>>> Signature Verified >>>> firefox-26.0p1.tgz: FAIL >> >> When reporting such a problem, please include the command you have run... >> >> This problem excepted (which I think is with pkg_sign -C), there's something > > I'm wrong here, pkg_sign -C is ok.
... but doesn't provide what signify -C is looking for, specifically signify -C wants a base16 hash, the SHA256 file in the package directory uses base64. So, correct use of this file at present: $ signify -V -p /etc/signify/openbsd-55-pkg.pub -m SHA256 Signature Verified $ sha256 -C SHA256 moo-1.3p1.tgz Though I agree with Marc's comment to just use the embedded signature in the packages for verification. >> wrong going on with signify -C; check out the timings: >> >> $ \time -l signify -C -p /etc/signify/openbsd-55-pkg.pub -x SHA256.sig >> moo-1.3p1.tgz >> Signature Verified >> moo-1.3p1.tgz: FAIL >> 65.83 real 31.48 user 34.32 sys This was due to malloc flags 'S' or more specifically the 'G' (guard pages) component of this. (yes, from 0.06s to 65.83s).
