tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/usr.bin/nbsvtool



On Mon, 14 Jul 2008, Dieter Baron wrote:
attached is an updated version of the man page, please review.

Looking at the rendered page:

     sign file                         Sign file, placing the signature in
                                       file .sp7.  The options -f and -k are

There's an extra space between "file" and ".sp7" here.


     verify file [signature]           Verify signature for file.  If
                                       signature is not specified, file .sp7

Same here.

While there, this makes me wonder how verification of signatures via FTP/HTTP is intended. does pkg_add automatically download the .sp7 (== checksum?) file? How does nbsvtool integrate with pkg_add, at all?


     verify-code file [signature]      This is a short cut for verify with the
                                       option --u code.

Are the two dashes intended?


     -a anchor-certificates        A file containing one or more (concate-
                                   nated) keys that are considered trusted.

Details! What kind of files, where do they come from, how does one create them?

The writer of that manpage seems to assume a lot of knowledge that I doubt is available...

This also goes for all other files - at least giving a hint via a filename suffix may help a bit.

The EXAMPLES section sounds useful from the remote, but it needs more steps to get to a point where it can be used. Setup of the CA and whatever else needs to be done should be documented - not in this manpage, I guess, as other parts (postfix? ldap? httpd? ...?) may need the same knowledge. Put this into a common manpage, and reference it!

Details:

     Verify that the signature hello.sp7 is valid for file hello
      and that the certificate used allows code signing.
           nbsvtool verify-code hello hello.sp7

     Same as above, but for file file.
           nbsvtool -u code verify file file.sp7

I don't get the difference here. Is it only the filename? Why use "verify-code" in one place, and "-u code verify" in the other place? And what is "code" anyways, in the latter example?


SEE ALSO
     openssl_smime(1)

That file seems to describe something similar as the manpage at hands, yet it also lacks the steps to setup the whole process (it seems to me).

Way to go until this is foolproof... :-(


 - Hubert


Home | Main Index | Thread Index | Old Index