Contributed by tbert on 2014-01-21 from the puffy's-signature-is-$10-a-pop dept.

It's probably time to talk about it. Yes, we are now distributing signed packages. A lot of people have probably noticed because there was a key mismatch on at least one batch of signed packages. Obviously, we haven't finished testing yet. Don't read too much into that. "Signed packages" just mean you can use an insecure medium, such as ftp, to download packages: if the key matches, it means the package hasn't been tampered with since it was signed. The cryptographic framework used to sign packages is called signify(1), mostly written by Ted Unangst, with a lot of feedback from (mostly) Theo and I. The signing framework in pkg_add/pkg_create is much older than that, if was written for x509 a few years ago, but signify(1) will probably be more robust and ways simpler. In particular, there's no "chain-of-trust", so you keep complete control on the sources YOU trust. Signatures should be transparent in use: the package is opened, the packing-list signature is checked, and then files are checksummed while extracted against the packing-list embedded checksums (there are provisions to ensure any dangerous meta-data is also encoded in the packing-list as @mode/@user/@group annotations. So, barring problems, you shouldn't even notice signatures.

Marc Espie (espie@) lets the cat out of the bag

And Theo de Raadt (deraadt@) talks about signed base sets for installations and upgrades:

I suspect only a few have noticed, so it probably should be mentioned that install/upgrades are also signed now. The documentation isn't written yet because change is ongoing. Here is a rough primer, for one or two usage cases. More install methods will work, but some are not perfect yet. As detailed in the new signify(1) manual page, if you download bsd.rd you can: Verify a bsd.rd before an upgrade: $ signify -V -e -p /etc/signify/55base.pub -x SHA256.sig -m - | \ sha256 -C - bsd.rd The same can be done with cd55.iso or install55.iso, of course. If this is OK, you can boot that bsd.rd (OK, you are trusting your pre-existing bootblocks, though you could verify new ones). When you install or upgrade from the net, it will use the SHA256.sig file first, verify it using signify, then collect the base sets and compare them against the SHA256 hashes. They are all downloaded to a spare place on the disk, and then extracted. This change also makes upgrades more "atomic". There are a few raw edges still, but we would appreciate if this is tried by a few people.. please give us feedback. This mechanism was designed by Ted Unangst; a few pieces here and there by Todd Fries and myself; the bulk of the install script changes by Alexander Hall and Robert Peichaer.

For those of you who wanted signed releases, you finally get your wish. As always, ensuring the continued quality of OpenBSD software entails you, the user, making use of and reporting problems.