--- a/src/man/pkg.1 Mon Aug 15 15:10:42 2011 -0700
+++ b/src/man/pkg.1 Fri Aug 19 11:17:59 2011 -0700
@@ -1349,7 +1349,7 @@
.ad
.RS 22n
.rt
-Ignore signatures for all manifests. This is the default value.
+Ignore signatures for all manifests.
.RE
.sp
@@ -1360,7 +1360,7 @@
.ad
.RS 22n
.rt
-Verify that all manifests with signatures are validly signed, but do not require all installed packages to be signed.
+Verify that all manifests with signatures are validly signed, but do not require all installed packages to be signed. This is the default value.
.RE
.sp
--- a/src/modules/client/sigpolicy.py Mon Aug 15 15:10:42 2011 -0700
+++ b/src/modules/client/sigpolicy.py Fri Aug 19 11:17:59 2011 -0700
@@ -188,4 +188,5 @@
Policy._policies[RequireNames.name] = RequireNames
-DEFAULT_POLICY = "ignore"
+DEFAULT_POLICY = "verify"
+
--- a/src/tests/cli/t_pkg_composite.py Mon Aug 15 15:10:42 2011 -0700
+++ b/src/tests/cli/t_pkg_composite.py Fri Aug 19 11:17:59 2011 -0700
@@ -256,6 +256,9 @@
# Create an image and verify no packages are known.
self.image_create(self.empty_rurl, prefix=None)
+ self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
self.pkg("list -a", exit=1)
# Verify list output for multiple, disparate sources using
@@ -407,6 +410,9 @@
# Create an image and verify no packages are known.
#
self.image_create(self.empty_rurl, prefix=None)
+ self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
self.pkg("list -a", exit=1)
# Verify that packages with dependencies can be installed when
--- a/src/tests/cli/t_pkg_temp_sources.py Mon Aug 15 15:10:42 2011 -0700
+++ b/src/tests/cli/t_pkg_temp_sources.py Fri Aug 19 11:17:59 2011 -0700
@@ -679,6 +679,9 @@
# Create an image and verify no packages are known.
#
self.image_create(self.empty_rurl, prefix=None)
+ self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
self.pkg("list -a", exit=1)
# Verify graceful failure if source doesn't exist.
--- a/src/tests/cli/t_pkgsign.py Mon Aug 15 15:10:42 2011 -0700
+++ b/src/tests/cli/t_pkgsign.py Fri Aug 19 11:17:59 2011 -0700
@@ -959,12 +959,15 @@
# Test that the cli handles an UnverifiedSignature exception.
self.pkg("install example_pkg", exit=1)
self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
api_obj = self.get_img_api_obj()
self._api_install(api_obj, ["example_pkg"])
self._api_uninstall(api_obj, ["example_pkg"])
self.pkg("unset-property signature-policy")
api_obj = self.get_img_api_obj()
- self._api_install(api_obj, ["example_pkg"])
+ self.assertRaises(apx.UnverifiedSignature, self._api_install,
+ api_obj, ["example_pkg"])
def test_mismatched_hashes(self):
"""Test that if the hash signature isn't correct, an error
@@ -990,12 +993,22 @@
self.assertRaises(apx.UnverifiedSignature, self._api_install,
api_obj, ["example_pkg"])
self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
api_obj = self.get_img_api_obj()
self._api_install(api_obj, ["example_pkg"])
self._api_uninstall(api_obj, ["example_pkg"])
self.pkg("unset-property signature-policy")
+ # Make sure the manifest is locally stored.
+ self.pkg("install -n example_pkg")
+ # Append an action to the manifest.
+ pfmri = fmri.PkgFmri(plist[0])
+ s = self.get_img_manifest(pfmri)
+ s += "\nset name=foo value=bar"
+ self.write_img_manifest(pfmri, s)
api_obj = self.get_img_api_obj()
- self._api_install(api_obj, ["example_pkg"])
+ self.assertRaises(apx.UnverifiedSignature, self._api_install,
+ api_obj, ["example_pkg"])
def test_unknown_sig_alg(self):
"""Test that if the certificate can't validate the signature,
@@ -1014,6 +1027,9 @@
self.pkg_image_create(self.rurl1)
self.seed_ta_dir("ta3")
+ self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
# Make sure the manifest is locally stored.
api_obj = self.get_img_api_obj()
for pd in api_obj.gen_plan_install(["example_pkg"],
@@ -1083,6 +1099,8 @@
# Tests that the cli can handle an UnsupportedCriticalExtension.
self.pkg("install example_pkg", exit=1)
self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
api_obj = self.get_img_api_obj()
self._api_install(api_obj, ["example_pkg"])
@@ -1175,6 +1193,8 @@
self.assertRaises(apx.BrokenChain, self._api_install, api_obj,
["example_pkg"])
self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
api_obj = self.get_img_api_obj()
self._api_install(api_obj, ["example_pkg"])
@@ -1204,6 +1224,8 @@
# exception.
self.pkg("install example_pkg", exit=1)
self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
api_obj = self.get_img_api_obj()
self._api_install(api_obj, ["example_pkg"])
@@ -1269,6 +1291,8 @@
# Tests that the cli can handle an UnsupportedCriticalExtension.
self.pkg("install example_pkg", exit=1)
self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
api_obj = self.get_img_api_obj()
self._api_install(api_obj, ["example_pkg"])
@@ -1296,6 +1320,8 @@
self.assertRaises(apx.UnsupportedExtensionValue,
self._api_install, api_obj, ["example_pkg"])
self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
api_obj = self.get_img_api_obj()
self._api_install(api_obj, ["example_pkg"])
@@ -1749,6 +1775,8 @@
# exception.
self.pkg("install example_pkg", exit=1)
self.pkg("set-property signature-policy ignore")
+ self.pkg("set-publisher --set-property signature-policy=ignore "
+ "test")
api_obj = self.get_img_api_obj()
self._api_install(api_obj, ["example_pkg"])
self.pkg("set-property signature-policy require-signatures")