Hitchhiker's Guide to Openbsd
etc/ssl/private/pkgca.key -out /etc/ssl/pkgca.pem
Download 1.27 Mb. Pdf ko'rish
|
obsd-faq49
- Bu sahifa navigatsiya:
- If you follow -current, you need both a -current system and a
|
etc/ssl/private/pkgca.key -out /etc/ssl/pkgca.pem
Now we are going to create a build certificate and key which will be used to sign our packages. For the example, we'll use a validity of 1 year. We will also create a corresponding Certificate Signing Request which will be used by our CA to sign the certificate. # openssl genrsa -out /etc/ssl/private/pkg.key 2048 # openssl req -new -key /etc/ssl/private/pkg.key -out /etc/ ssl/private/pkg.csr Now let's sign the certificate using the CA we created in the first step. # openssl x509 -req -days 365 -in /etc/ssl/private/pkg.csr - CA /etc/ssl/pkgca.pem -CAkey /etc/ssl/private/pkgca.key - CAcreateserial -out /etc/ssl/pkg.crt # rm /etc/ssl/private/pkg.csr Finally, we add the following line to /etc/mk.conf to build signed packages by default. PKG_CREATE=/usr/sbin/pkg_create -s x509 -s /etc/ssl/pkg.crt -s /etc/ssl/private/pkg.key When installing signed packages, you will see an added line at the end of the output informing you of the number of signed package(s) you just installed. $ sudo pkg_add vte-0.24.3.tgz vte-0.24.3: ok Packages with signatures: 1 If you run into trouble dealing with signed packages (e.g. expired certificate...), you can force the (re-) installation and/or removal using one of the following (according to what you want to achieve): $ sudo pkg_add -r -D installed PKGNAME $ sudo pkg_add -D nosig PKGNAME $ sudo pkg_delete -q PKGNAME 15.4 - FAQ 15.4.1 - I'm getting all kinds of crazy errors. I just can't seem to get this ports stuff working at all. http://www.openbsd.org/faq/faq15.html (21 of 27)9/4/2011 10:02:29 AM 15 - The OpenBSD packages and ports system It is very likely that you are using a system and ports tree which are not in sync. Sorry? ● Read EVERYTHING about OpenBSD's Flavors : -release, -stable, and -current. The short summary is as follows, but please do read the document mentioned above to get an idea about which one it is you want to use. ❍ Release : What is on the CD. ❍ Stable : Release, plus security and reliability enhancements. ❍ Current : The development version of OpenBSD. ● Do NOT check out a -current ports tree and expect it to work on a -release or -stable system. This is one of the most common errors and you will irritate people when you ask for help about why "nothing seems to work!" If you follow -current, you need both a -current system and a - Download 1.27 Mb. Do'stlaringiz bilan baham: 
|