tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Signing vs pbulk in 2015Q3 and current



Hi all,

There is an issue with pbulk in 2015Q3 and presently in current if you
are signing packages at build time, as the new sync_packages feature
in pbulk means the signing is never actually performed due to
switching from the 'package' target to 'stage-package-create'.

I am running with the following diff for my 2015Q3 builds:

  https://github.com/joyent/pkgsrc/commit/cfadfb9

and would appreciate testing and feedback on it, especially if you
have esoteric setups, so we can fix this ASAP.

As well as fixing this issue, it should be noted that the diff also
provides an additional benefit over what exists currently, as it
allows you to set VERIFIED_INSTALLATION=always in your build
pkg_install.conf to ensure that packages are signed or fail.

Previously this wasn't possible as the package that was installed at
the end of the build was the unsigned file, which is why I only
noticed that all our packages were unsigned when I came to QA the
final set rather than being informed during the build process.

Thanks,

-- 
Jonathan Perkin  -  Joyent, Inc.  -  www.joyent.com


Home | Main Index | Thread Index | Old Index