Project

General

Profile

Feature #3365

Todo #2109: pfSense on FreeBSD 10.x

Bug #2124: Package system updates for FreeBSD 10.x

Implement package signing

Added by Chris Buechler over 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
High
Assignee:
Jeremy Porter
Category:
Package System
Target version:
Start date:
12/16/2013
Due date:
% Done:

90%

Estimated time:

Description

Need to implement PBI signing for 2.2.

Associated revisions

Revision e5b5e29c (diff)
Added by Renato Botelho over 6 years ago

Add support for signed PBI, help ticket #3365:

- Add an option to allow user to accept unsigned packages
- The only missing part is public key, that needs to be added to
/var/db/pbi/keys/pfSense.ssl

Revision 0ffc4a7b (diff)
Added by Renato Botelho about 6 years ago

Add a BETA key for PBI signature check, this will be replaced by the final one before RELEASE. Ticket #3365

History

#1 Updated by Renato Botelho over 6 years ago

  • Parent task set to #2124

#2 Updated by Renato Botelho over 6 years ago

  • % Done changed from 0 to 90

Only missing signing key and definition about how it will happen

#3 Updated by Jim Thompson about 6 years ago

  • Assignee set to Renato Botelho
  • Priority changed from Normal to High

assigned to Renato, increased priority.

please work with porter on how this gets done.

#4 Updated by Renato Botelho about 6 years ago

  • Private changed from No to Yes

#5 Updated by Renato Botelho about 6 years ago

  • Private changed from Yes to No

#6 Updated by Renato Botelho about 6 years ago

  • Status changed from New to Feedback

It's working with BETA key, let it as feedback while the final key is not ready

#7 Updated by Renato Botelho almost 6 years ago

  • Assignee changed from Renato Botelho to Jeremy Porter

Transfer to Jeremy who will work on necessary changes for the new key

#8 Updated by Chris Buechler almost 6 years ago

  • Status changed from Feedback to New

back to new for Jeremy to finalize production implementation.

#9 Updated by Jeremy Porter almost 6 years ago

After deploying hardware key storage, we need to distribute access keys to users that will be logging into builders to build signed builds.

#10 Updated by Jeremy Porter almost 6 years ago

  • Affected Documentation 0 added

We'll create a secured key repository, and signing keys will be imported into it for access. Renato will create the production keys as needed.

#11 Updated by Chris Buechler almost 6 years ago

  • Status changed from New to Resolved

After discussion with Jeremy, we're satisfied this is good for 2.2.

Also available in: Atom PDF