This filesystem checks signatures on the files in it.  If the
signatures do not come from a trusted source, then an EACCES is
returned on any read or open attempts.

1.  You will need to install gnupg (gpg).  This file system uses the
verification program (gpgv) to verify signatures (gpg uses isatty(3)).

2.  You will need to set up the gpg key ring for trusted signatures. 
This is taken from ~/.gnupg/trustedkeys.gpg by default.

3.  To make this file system function correctly, a file system
hierarchy with detached signatures is needed:

	[23:52:54] agc@inspiron1300 ~ 79 > ls -al ~/signed/bin
	total 266
	drwxr-xr-x  2 agc  agc     512 Mar 25 23:52 .
	drwxr-xr-x  3 agc  agc     512 Mar 25 10:35 ..
	-rw-r--r--  1 agc  agc  125659 Mar 25 22:50 pax
	-rw-r--r--  1 agc  agc     280 Mar 25 23:45 pax.sig
	-rw-r--r--  1 agc  agc  135493 Mar 25 22:51 sh
	-rw-r--r--  1 agc  agc     280 Mar 25 22:54 sh.sig
	[23:53:03] agc@inspiron1300 ~ 80 >

(the included mksigs shell script can be used to make this)

4. The signedfs file system should then be mounted:

	[23:53:59] agc@inspiron1300 ...examples/refuse/signedfs 134 > priv ./signedfs -s ~/signed/bin /mnt

and then we can access it:

	[23:55:20] agc@inspiron1300 ~ 81 > /mnt/sh
	$ w
	11:55PM  up 10:38, 0 users, load averages: 0.04, 0.05, 0.00
	USER     TTY     FROM              LOGIN@  IDLE WHAT
	$ uptime
	11:55PM  up 10:38, 0 users, load averages: 0.04, 0.05, 0.00
	$ exit
	[23:55:42] agc@inspiron1300 ~ 82 >

If we now change the signature file so that it cannot match the binary:

	[23:56:49] agc@inspiron1300 ~ 83 > /mnt/pax -v -z -f /usr/sets/20070311/sets/xetc.tgz
	/mnt/pax: Permission denied.
	[23:57:02] agc@inspiron1300 ~ 84 >

Verification messages are printed on the window where signedfs was started.


Alistair Crooks (agc@netbsd.org)
Mon Mar 26 13:39:40 BST 2007
