| #
3d0a0dda |
| 01-Jan-2025 |
Kyle Evans <kevans@FreeBSD.org> |
pkg: finish adding the ECC signer and signature type bits
Signature types need to be parsed out of the key/signature information
that we are presented with from the files we download. We use that t
pkg: finish adding the ECC signer and signature type bits
Signature types need to be parsed out of the key/signature information
that we are presented with from the files we download. We use that to
understand whicher signer we need to dispatch to.
The ECC signer is more-or-less lifted from pkg(8), with some changes to
slim it down for pkg(7).
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D48108
show more ...
|
| #
2e065d74 |
| 01-Jan-2025 |
Kyle Evans <kevans@FreeBSD.org> |
pkg: add a pkgsign_verify_data callback
This will be used to verify raw payloads, as if signed by pkg-key(8).
It will be used specifically in pkg(7) to verify .pubkeysig as published
by poudriere.
pkg: add a pkgsign_verify_data callback
This will be used to verify raw payloads, as if signed by pkg-key(8).
It will be used specifically in pkg(7) to verify .pubkeysig as published
by poudriere.
Amend verify_pubsignature() now to use it. For the RSA signer, we need
to verify using a sha256 of the data instead of the data itself.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D48109
show more ...
|
| #
2ecfc040 |
| 01-Jan-2025 |
Kyle Evans <kevans@FreeBSD.org> |
pkg: refactor out a pkg_read_fd()
We already have to do this for reading the pubkey, just pull it out for
other uses. The ECC signer will use this to verify the bootstrap if
the PUBKEY mechanism is
pkg: refactor out a pkg_read_fd()
We already have to do this for reading the pubkey, just pull it out for
other uses. The ECC signer will use this to verify the bootstrap if
the PUBKEY mechanism is used.
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D48107
show more ...
|
| #
5862580d |
| 01-Jan-2025 |
Kyle Evans <kevans@FreeBSD.org> |
pkg: abstract rsa out behind a pkgsign API
This mirrors a change we made in pkg(8), and will be used to next add
another signer that does ECC.
Reviewed by: bapt, emaste
Differential Revision: https
pkg: abstract rsa out behind a pkgsign API
This mirrors a change we made in pkg(8), and will be used to next add
another signer that does ECC.
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D48106
show more ...
|
| #
2629e90d |
| 01-Jan-2025 |
Kyle Evans <kevans@FreeBSD.org> |
pkg: pull rsa bits out of pkg.c
We'll eventually add a pkgsign abstraction over these similar to how we do
in pkg(8), but start by isolating these parts.
Reviewed by: bapt, emaste
Differential Revi
pkg: pull rsa bits out of pkg.c
We'll eventually add a pkgsign abstraction over these similar to how we do
in pkg(8), but start by isolating these parts.
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D48105
show more ...
|