-.\" $OpenBSD: package.5,v 1.17 2014/01/05 10:29:16 espie Exp $
+.\" $OpenBSD: package.5,v 1.18 2014/01/17 11:09:36 espie Exp $
.\" Copyright (c) 2005-2006 Marc Espie <espie@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: January 5 2014 $
+.Dd $Mdocdate: January 17 2014 $
.Dt PACKAGE 5
.Os
.Sh NAME
.Xr pkg_add 1 .
.Pp
.It Cm @signer
-Internal annotation corresponding to
-.Xr pkg_create 1 Ns 's
-.Fl D Ar SIGNER
-option.
+Internal annotation necessary to identify packages signed with
+.Xr signify 1
+keys, as those keys don't carry any identity.
.Pp
.It Cm @wantlib Ar libspec
Record a library requirement declared using the option
-.\" $OpenBSD: pkg_add.1,v 1.120 2014/01/11 18:34:20 espie Exp $
+.\" $OpenBSD: pkg_add.1,v 1.121 2014/01/17 11:09:36 espie Exp $
.\"
.\" Documentation and design originally from FreeBSD. All the code has
.\" been rewritten since. We keep the documentation's notice:
.\" Jordan K. Hubbard
.\"
.\"
-.Dd $Mdocdate: January 11 2014 $
+.Dd $Mdocdate: January 17 2014 $
.Dt PKG_ADD 1
.Os
.Sh NAME
list of trusted signers, separated by commas.
Corresponds to list of public keys under
.Pa /etc/signify
-we can trust.
-Defaults to official packages or firmwares matched to the current
-version as reported by
-.Xr uname 1 .
+we want to trust.
+Defaults to any key matching
+.Sq *pkg
+for packages, and any key matching
+.Sq *fw
+for firmwares.
.It Ar updatedepends
force update even if forward dependencies no longer match.
.El
-.\" $OpenBSD: pkg_create.1,v 1.93 2014/01/14 13:57:20 naddy Exp $
+.\" $OpenBSD: pkg_create.1,v 1.94 2014/01/17 11:09:36 espie Exp $
.\"
.\" Documentation and design originally from FreeBSD. All the code has
.\" been rewritten since. We keep the documentation's notice:
.\" [jkh] Took John's changes back and made some additional extensions for
.\" better integration with FreeBSD's new ports collection.
.\"
-.Dd $Mdocdate: January 14 2014 $
+.Dd $Mdocdate: January 17 2014 $
.Dt PKG_CREATE 1
.Os
.Sh NAME
.Ek
.Nm pkg_create
.Op Fl s Ar signature-parameter
-.Op Fl D Ar SIGNER Ns = Ns Ar value
.Fl f Ar packinglist
.Nm pkg_create
.Fl s Ar signature-parameter ...
.Op Fl j Ar maxjobs
-.Op Fl D Ar SIGNER Ns = Ns Ar value
.Op Fl o Ar dir
.Op Fl S Ar source
.Op Ar pkgfile ...
If defined, appended to the description.
.It Ar MAINTAINER
If defined, appended to the description.
+.It Ar resign
+Allows signing over already signed packages.
+Obviously, this checks the existing signature first,
+so the
+.Fl D Ar SIGNER
+and
+.Fl D Ar nosig
+apply with the same semantics as
+.Xr pkg_add 1 .
.It Ar USE_GROFF
Set to 1 to have groff format manpages behind the scenes during
package creation.
-.It Ar SIGNER
-Specify a signer name, used for signing packages.
.El
.It Fl d No [-] Ns Ar desc
Fetch long description for package from file
.Ev PKG_PATH ,
so that it is possible to sign packages during a transfer, e.g.,
.Bd -literal -offset indent
-pkg_create -s signify -s mykey -DSIGNER=me \e
+pkg_create -s signify -s mykey-pkg.sec \e
-o output -S scp://build-machine/packages/
.Ed
.It Xo
the path to the signer's certificate (X.509 only)
.It Ar privkey
the path to the signer's private key.
+For
+.Xr signify ,
+the private key name is used to set the
+.Cm \@signer
+annotation.
+If a corresponding public key is found, the first signatures will be
+checked for key mismatches.
.El
.Pp
For X.509, the signer's certificate and the signer's private key
projects / openbsd / commitdiff