On Wed, Feb 13, 2019 at 04:41:56PM +0100, Oleg Pahl wrote: > Hi all, > > I use 6.4 Release. > I install fm on my laptop from http://firmware.openbsd.org/firmware/6.4/ > This URL i found in man page FW_UPDATE(1) > You can see that ( index.txt ) has one file more then as on server!
It doesn't matter. Getting a consistent global SHA256 / SHA256.sig for distributed sets of packages or firmwares is difficult at best. For precisely that reason, packages are individually signed. And both pkg_add *and* fw_update will refuse to install anything that's not signed *by default*. You can actually check the signature yourself, it's directly in the gzip header comment (so that you can't pass unsigned data through zlib for decompressions). RTFM signify(1) -z mode