Hitchhiker's Guide to Openbsd


etc/ssl/private/pkgca.key -out /etc/ssl/pkgca.pem


Download 1.27 Mb.
Pdf ko'rish
bet253/258
Sana04.04.2023
Hajmi1.27 Mb.
#1328980
1   ...   250   251   252   253   254   255   256   257   258
Bog'liq
obsd-faq49

etc/ssl/private/pkgca.key -out /etc/ssl/pkgca.pem
Now we are going to create a build certificate and key which will be used to sign our packages. For the 
example, we'll use a validity of 1 year. We will also create a corresponding Certificate Signing Request 
which will be used by our CA to sign the certificate. 
openssl genrsa -out /etc/ssl/private/pkg.key 2048
openssl req -new -key /etc/ssl/private/pkg.key -out /etc/
ssl/private/pkg.csr
Now let's sign the certificate using the CA we created in the first step. 
openssl x509 -req -days 365 -in /etc/ssl/private/pkg.csr -
CA /etc/ssl/pkgca.pem -CAkey /etc/ssl/private/pkgca.key -
CAcreateserial -out /etc/ssl/pkg.crt
rm /etc/ssl/private/pkg.csr
Finally, we add the following line to 
/etc/mk.conf
to build signed packages by default. 
PKG_CREATE=/usr/sbin/pkg_create -s x509 -s /etc/ssl/pkg.crt 
-s /etc/ssl/private/pkg.key
When installing signed packages, you will see an added line at the end of the output informing you of 
the number of signed package(s) you just installed. 
sudo pkg_add vte-0.24.3.tgz
vte-0.24.3: ok
Packages with signatures: 1
If you run into trouble dealing with signed packages (e.g. expired certificate...), you can force the (re-)
installation and/or removal using one of the following (according to what you want to achieve): 
sudo pkg_add -r -D installed PKGNAME
sudo pkg_add -D nosig PKGNAME
sudo pkg_delete -q PKGNAME
15.4 - FAQ
15.4.1 - I'm getting all kinds of crazy errors. I just can't seem to get this ports 
stuff working at all.
http://www.openbsd.org/faq/faq15.html (21 of 27)9/4/2011 10:02:29 AM


15 - The OpenBSD packages and ports system
It is very likely that you are using a system and ports tree which are not in sync. 
Sorry? 

Read EVERYTHING about 
OpenBSD's Flavors
: -release, -stable, and -current. The short 
summary is as follows, but please do read the document mentioned above to get an idea about 
which one it is you want to use. 

Release
: What is on the CD. 

Stable
: Release, plus security and reliability enhancements. 

Current
: The development version of OpenBSD. 

Do NOT check out a -current ports tree and expect it to work on a -release or -stable system. This 
is one of the most common errors and you will irritate people when you ask for help about why 
"nothing seems to work!" If you follow -current, you need both a -current system and a -

Download 1.27 Mb.

Do'stlaringiz bilan baham:
1   ...   250   251   252   253   254   255   256   257   258




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling