On Thu, 2006-01-05 at 10:57, Joerg Schilling wrote: > Darren J Moffat <[EMAIL PROTECTED]> wrote: > > > On Wed, 2006-01-04 at 13:49, Richard Lowe wrote: > > > You're right though, it doesn't appear to be documented in pkgadd(1M), > > > or anywhere else I can find. > > > > It is documented as the last sentence of the paragraph describing > > the "-d" option on pkgadd(1m). > > Not even in the man pages that come with SX B27 > > What man pages to you refer to?
The machine I was logged into is running snv_30. > > One other thing, packages (and patches) can also be signed see this URL > > for more info on that: > > http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5t9?a=view > > Thank you for this hint, but... > > Signing seems to be a general "problem" when dealing with OpenSolaris. > If you only allow Sun to sign a core packages, you will not be able > to deal with OpenSolaris needs and if you allow everyone to sign, > yhe only advantage would be to know who did create the package. It isn't restricted to only using Sun issued certs at all. It is just that the documentation talks about how to use the Sun certs as the trust anchors because thats all that has been done so far. The pkgadm(1m) command allows you to specify which certificates in the keystore are trusted, the examples on that page even show how to do it. So given that I don't see that anything needs to be done for OpenSolaris but OpenSolaris distro builders like yourself may wish to create certs for themselves and use them. Note that there is one caveat to all of this, you must use stream format packages. -- Darren J Moffat _______________________________________________ opensolaris-discuss mailing list [email protected]
