Replying to my own email for the archives... It appears you can't do this. pkg is hard coded to use "verify" as the signature-policy.
The workaround is to install the zone and before booting, pfexec pkg -R /path/to/zone/root set-publisher --set-property signature-policy=require-signatures omnios to set the property, then pfexec pkg -R /path/to/zone/root fix to check all the signatures and correct any errors. Ben On 8 Feb 2014, at 16:00, Ben Summers <b...@fluffy.co.uk> wrote: > > Hello, > > r151008 now includes signed packages, but the default signature-policy is > verify, so it's still vulnerable to MITM if the attacker simply removes the > signatures from the manifests. > > I can run > > pkg set-publisher --set-property signature-policy=require-signatures omnios > > immediately after install from the iso to make sure any updates in the global > zone are properly checked. > > However, when I install a zone, the zone's signature-policy is the default of > verify. pkg downloads files from the IPS server, so anything in the zone's > image is vulnerable. > > Is it possible to specify signature-policy=require-signatures for new zones > in the initial configuration? > > Thanks, > > Ben > > > _______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
