On Wed, Feb 13, 2019 at 04:41:56PM +0100, Oleg Pahl wrote:
> Hi all,
> 
> I use 6.4 Release.
> I install fm on my laptop from http://firmware.openbsd.org/firmware/6.4/
> This URL i found in man page FW_UPDATE(1)
> You can see that ( index.txt ) has one file more then as on server!

It doesn't matter.

Getting a consistent global SHA256 / SHA256.sig  for distributed sets
of packages or firmwares   is  difficult at best.

For precisely that reason, packages are individually signed.

And both pkg_add *and* fw_update will refuse to install anything that's
not signed *by default*.

You can actually check the signature yourself, it's directly in the gzip
header comment (so that you can't pass unsigned data through zlib for
decompressions).

RTFM signify(1)  -z mode

Reply via email to