are you trying to package something into /bin ? you probably should package it for /usr/bin instead (/bin is a symlink to /usr/bin)

the .mog would rewrite bin to usr/bin

I messed up the prefix

This looks interesting and it seems the infrastructure is availanle in illumos aswell. Any plan to use elfsign in the future? c0t0d0s0.org/blog/republishedsignedbinaries.html

signed binaries are nothing really new, but the issue is, signing "random" binaries will not give you much (except that you can validate those binaries of course).

we can validate binaries already in context of pkg repo - of course it is a bit different context than having signed system.

signed elf binaries do have on great feature, however. Once you revoke the sign cert, you can not run those binaries any more, so there is a mechanism to force people to update the system;)

is there a list of GIDs and UIDs created by packages?

oninoshiko - github.com/omniosorg/omnios-extra/blob/master/doc/idlist.md

andyf: Thanks!