Configuring Package Signature Properties

Use the set-property, add-property-value, remove-property-value, and unset-property subcommands to configure package signature properties.

Use the --set-property, --add-property-value, --remove-property-value, and --unset-property options of the set-publisher subcommand to specify signature policy and required names for a particular publisher.

The following example configures this image to require all packages to be signed. This example also requires the string “oracle.com” to be seen as a common name for one of the certificates in the chain of trust.

$ pkg set-property signature-policy require-names oracle.com

The following example configures this image to require all signed packages to be verified.

$ pkg set-property signature-policy verify

The following example configures this image to require that all packages installed from the publisher example.com must be signed.

$ pkg set-publisher --set-property signature-policy=require-signatures example.com

The following example adds a required signature name. This example adds the string trustedname to the image's list of common names that must be seen in a signature's chain of trust to be considered valid.

$ pkg add-property-value signature-required-names trustedname

The following example removes a required signature name. This example removes the string trustedname from the image's list of common names that must be seen in a signature's chain of trust to be considered valid.

$ pkg remove-property-value signature-required-names trustedname

The following example adds a required signature name for a specified publisher. This example adds the string trustedname to the example.com publisher's list of common names that must be seen in a signature's chain of trust to be considered valid.

$ pkg set-publisher --add-property-value \
signature-required-names=trustedname example.com