*** UNIX MANUAL PAGE BROWSER ***

A Nergahak database for man pages research.

Navigation

Location: Home > OpenBSD > Section 1 > pkg_sign
Quick Actions: [Home] [Up]

Directory Browser

1Browse 4.4BSD4.4BSD
1Browse Digital UNIXDigital UNIX 4.0e
1Browse FreeBSDFreeBSD 14.3
1Browse MINIXMINIX 3.4.0rc6-d5e4fc0
1Browse NetBSDNetBSD 10.1
1Browse OpenBSDOpenBSD 7.7
1Browse UNIX v7Version 7 UNIX
1Browse UNIX v10Version 10 UNIX

Manual Page Search

Manual Page Result

0 Command: pkg_sign | Section: 1 | Source: OpenBSD | File: pkg_sign.1
PKG_SIGN(1) FreeBSD General Commands Manual PKG_SIGN(1) NAME pkg_sign - sign binary packages for distribution SYNOPSIS pkg_sign [-Cvi] [-D name[=value]] [-j maxjobs] [-o dir] -s signify2 -s privkey [-S source] [pkg-name ...] DESCRIPTION The pkg_sign command is used to sign existing collections of binary packages created by pkg_create(1). It will sign the packages and optionally, produce a SHA256 manifest file in the output directory. The options are as follows: -C Append sha256(1) checksums to SHA256 in the output directory, then sort it. -i Incremental mode. Ignore packages that are already in the output repository. Note that, in verbose mode, they will still show up as `Signed' in the listing. -j maxjobs Sign existing packages in parallel. -o dir Specify output directory for signing packages. Otherwise, signed packages are created in the current directory. -S source Source repository for packages to be signed. -s signify2 -s privkey Specify signature parameters for signed packages. Option parameters are as follows: signify2 Choose signify(1) new style signatures, where the gzip(1) compressed data is signed. privkey The path to the signer's private key. For signify, the private key name is used to set the @signer annotation. If a corresponding public key is found, the first signatures will be checked for key mismatches. -v Turn on verbose output, display `Signed output/pkg.tgz' after each package is signed. SIGNATURE DETAILS The signature is stored within the gzip(1) comment, as plain text data, according to signify(1) -zS mode. It contains the ed25519 signature, some meta-information, and SHA512/256 checksums for each 64K block of compressed data. Additionally, for further manual checking, the packing-list contains a complete manifest of files within the package, checksummed with sha256(1) and annotated with proper @mode, @user, @group annotations, so that pkg_add(1) will refuse to give special rights to any file which isn't properly annotated, and so that it will abort on installation of a file whose checksum does not match. Meta-information from signify(1) gets inserted in the packing-list during extraction, adding a @digital-signature annotation and a @signer annotation for further manual inspection. SEE ALSO cksum(1), pkg_add(1), signify(1), tar(1), package(5) HISTORY The pkg_sign command first appeared in OpenBSD 5.5. The signature process was completely redesigned for OpenBSD 6.1. AUTHORS Marc Espie FreeBSD 14.1-RELEASE-p8 February 11, 2022 FreeBSD 14.1-RELEASE-p8

Navigation Options

Actions: [Home] [Back] [New Search]
Browse: [Browse OpenBSD] [Section 1]
Print/Export: [Print] [Raw Text]
Date: 2025-08-18 Time: 19:21:29 SAST |
Page generated in 0.0909 seconds
Nergahak ManpageViewer v1.4
[Back to Top]