[OpenAFS] Providing signed packages (was Re: any experiences with OpenAFS client ...)

Garrett Wollman wollman@csail.mit.edu
Thu, 23 Oct 2014 15:35:29 -0400

<<On Thu, 23 Oct 2014 14:14:04 -0400, D Brashear <shadow@gmail.com> said:

> I don't think until very recently AIX had a way; Solaris we let our
> packages bitrot
> and now the mechanism to make packages is different; and I haven't kept
> track of FreeBSD.

Ben built the 1.6.9 packages currently being distributed on
openafs.org.  FreeBSD does not have signed packages, only signed
*repositories*, and openafs.org is not set up to be a package
repository (although it could be fairly easily), at which point
someone responsible would have to decide whether and how to sign it.
Certificates (i.e., X.509 PKI) are not used.

Official FreeBSD packages are built from the ports collection on a
weekly basis, but the OpenAFS port cannot be built because the FreeBSD
package builders do not have the necessary kernel compile tree
available.  It might be possible to make this work, but it hasn't
reached the top of anyone's heap yet.