Local repo

[Pedro Pinho]

Hi,
Is it possible to have more than one repo defined
in /usr/pkg/etc/pkgin/repositories.conf or, am I looking for trouble?
I want to have pkgin handling an official mirror and at the same time a
local repo with pkgs built locally that officially don't exist in the main
repository.
Is this as simple as, defining two addresses in repositories.conf?
TIA

Re: How do you set $PS1 on /bin/ksh

[Robert Elz]

Date:Mon, 27 Jan 2020 11:42:13 +
From:Ottavio Caruso 
Message-ID:  

  | One more thing. Is there any trick I can 
  | use to get $PWD expanded as "~" rather than "/home/oc"?

See my earlier reply in this thread.

kre

Re: How do you set $PS1 on /bin/ksh

[Ottavio Caruso]

Op 24/01/2020 om 18:56 schreef Ottavio Caruso:

On Fri, 24 Jan 2020 at 16:34, Kamil Rytarowski  wrote:


On 24.01.2020 14:19, Ottavio Caruso wrote:

Hi,

[hoping my post doesn't arrive duplicated or triplicated]

How do you set the prompt in ksh? The man page doesn't seem to help.
OpenBSD ksh has a different manpage. Compare:
https://man.openbsd.org/ksh.1#PS1
and
https://netbsd.gw.com/cgi-bin/man-cgi?ksh

For example:
PS1="\u@\h:\w\$ "

is not expanded.

Thanks



Personally, I use:

export PS1='! $(whoami)@$(hostname) $PWD $ '



This works. Thanks.



Thank you all for your help. One more thing. Is there any trick I can 
use to get $PWD expanded as "~" rather than "/home/oc"? This takes a lot 
of real estate.


--
Ottavio Caruso

Re: pkgsrc binary packages security with pkgin

[J. Lewis Muir]

On 01/26, Johnny Billquist wrote:
> The code is not audited anyway, but just downloaded from various places, and
> then built.
 
I don't follow.  What code are you saying is not audited?  The source
code of each package?  If so, I think that's mostly true (of course
there are exceptions where the source code has been audited), but that's
no different than other package management systems such as RHEL's or
Ubuntu's.

But this thread is about pkgsrc *binary* packages.  Are you instead
talking about the distfiles downloaded in order to build the binary
packages from source?  Each pkgsrc package contains a distinfo file
which contains a checksum for each distfile (or other) downloaded from
the Internet, so those can all be downloaded from anywhere without HTTPS
and still be trusted as long as the checksum matches.

> If you really want to have some actual security, and not just a false sense
> of it, https or so on is not really the answer. Anyone who thinks that just
> because https is involved, it is somehow more secure, is really fooling
> themselves.
> 
> https is most properly something to use when submitting sensitive data to a
> web server, which you do not want someone to pick up along the way.
> 
> The total craziness of moving the whole internet to https is not really
> improving any security in most situations.

It protects against man-in-the-middle attacks, so I think for
downloading binary packages it does add something significant.

> Not to mention the question of how you would solve the replication of
> repositories. All needs their own signatures. So there are a whole bunch of
> places where to get packages from. How do you know that they are all legit,
> and have the "right" binary packages even? You cannot have a single
> signature to ensure they are legit, since https ties certificates to the
> specific host.

I'm sorry, but I also don't follow this.  By "repository replication" do
you mean mirroring repositories?  I would say that this can be done in a
number of ways including over HTTPS or SSH.

And for binary packages, each package could be digitally signed by
whoever built it.  You can trust more than one person or organization to
build packages, and if you trust whoever built it, and you can validate
the signature, then you can trust the package.

Regards,

Lewis