Configuring Package Signature Properties
Use the set-property
, add-property-value
, remove-property-value
, and unset-property
subcommands to configure package signature properties.
Use the --set-property
, --add-property-value
, --remove-property-value
, and --unset-property
options of the set-publisher
subcommand to specify signature policy and required names for a particular publisher.
The following example configures this image to require all packages to be signed. This example also requires the string “oracle.com” to be seen as a common name for one of the certificates in the chain of trust.
$ pkg set-property signature-policy require-names oracle.com
The following example configures this image to require all signed packages to be verified.
$ pkg set-property signature-policy verify
The following example configures this image to require that all packages installed from the publisher example.com
must be signed.
$ pkg set-publisher --set-property signature-policy=require-signatures example.com
The following example adds a required signature name. This example adds the string trustedname
to the image's list of common names that must be seen in a signature's chain of trust to be considered valid.
$ pkg add-property-value signature-required-names trustedname
The following example removes a required signature name. This example removes the string trustedname
from the image's list of common names that must be seen in a signature's chain of trust to be considered valid.
$ pkg remove-property-value signature-required-names trustedname
The following example adds a required signature name for a specified publisher. This example adds the string trustedname
to the example.com
publisher's list of common names that must be seen in a signature's chain of trust to be considered valid.
$ pkg set-publisher --add-property-value \ signature-required-names=trustedname example.com