Commit Graph

18 Commits

Author SHA1 Message Date
bapt
57a6813e1e Implement pubkey support for the bootstrap
Note that to not interfer with finger print it expects a signature on pkg itself
which is named pkg.txz.pubkeysign

To genrate it:
echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /thekey \
    -binary -out ./pkg.txz.pubkeysig

Note the "echo -n" which prevent signing the '\n' one would get otherwise

PR:		202622
MFC after:	1 week
2015-09-08 21:25:36 +00:00
nwhitehorn
e2253425db Use pkg-1.4-style platform identifiers based on MACHINE_ARCH (e.g.
FreeBSD:11:amd64 instead of freebsd:11:x86:64) when bootstrapping pkg.
Thanks to portmgr for providing symlinks so both styles work.

Reviewed by:	bapt
MFC after:	3 weeks
2014-10-27 23:19:51 +00:00
bapt
8286a6069a Import libucl 0.4.0
Adapt pkg(7) to the new libucl API
2014-04-22 22:02:06 +00:00
bdrewery
bea222febe Fix ASSUME_ALWAYS_YES not being parsed properly from config after UCL conversion.
Sponsored by:	EMC / Isilon Storage Division
MFC after:	1 week
2014-03-14 17:37:38 +00:00
bdrewery
6540958349 Fix ABI from /usr/local/etc/pkg.conf not being respected.
Regression from r259266.

Sponsored by:	EMC / Isilon Storage Division
MFC after:	1 week
2014-03-14 17:20:45 +00:00
bapt
0f16562aeb Update my copyright 2014-02-23 22:04:03 +00:00
bapt
21c1fff027 Switch pkg(7) from libyaml to libucl 2014-02-23 21:55:07 +00:00
bapt
a8cec1a9dd Implicit include of sys/queue.h instead of relying on gelf.h/libelf.h to bring it
Newer version of gelf.h and libelf.h does not include sys/queue.h anymore

Submitted by:	kaiw
MFC after:	3 days
2014-01-20 22:54:11 +00:00
bdrewery
0a119c2870 Fix multi-repository support by properly respecting 'enabled' flag.
This will read the REPOS_DIR env/config setting (default is /etc/pkg
and /usr/local/etc/pkg/repos) and use the last enabled repository.

This can be changed in the environment using a comma-separated list,
or in /usr/local/etc/pkg.conf with JSON array syntax of:
    REPOS_DIR: ["/etc/pkg", "/usr/local/etc/pkg/repos"]

Approved by:	bapt
MFC after:	1 week
2013-12-12 17:59:09 +00:00
bdrewery
bd4bf7cc91 Support checking signature for pkg bootstrap.
If the pkg.conf is configured with SIGNATURE_TYPE: FINGERPRINTS,
and FINGERPRINTS: /etc/keys/pkg then a pkg.sig file is fetched along
with pkg.txz. The signature contains the signature provided by the
signing server, and the public key. The .sig is the exact output
from the signing server in the following format:

  SIGNATURE
  <openssl signed>
  CERT
  <rsa public key>
  END

The signature is verified with the following logic:

 - If the .sig file is missing, it fails.
 - If the .sig doesn't validate, it fails.
 - If the public key in the .sig is not in the known trusted fingerprints,
   it fails.
 - If the public key is in the revoked key list, it fails.

Approved by:	bapt
MFC after:	2 days
Discussed by:	bapt with des, jonathan, gavin
2013-10-26 03:43:02 +00:00
bdrewery
389ffca6d6 Add support for reading configuration files from /etc/pkg.
For now only /etc/pkg/FreeBSD.conf is supported. Its style is:

Repo: {
   URL: "...",
   MIRROR_TYPE: "...",
   ...
}

The configuration will be read from /usr/local/etc/pkg.conf if exists,
otherwise /etc/pkg/FreeBSD.conf

Approved by:	bapt
MFC after: 	2 days
2013-10-26 03:31:05 +00:00
bdrewery
607606f251 Wrap long lines
Approved by:	bapt
MFC after:	2 days
2013-10-26 03:21:08 +00:00
bdrewery
01c7972332 Add support for using "pkg+http://" for the PACKAGESITE.
pkg 1.2 is adding this support as well. This should help
lessen the confusion on why the default SRV PACKAGESITE
does not load in a browser.

Adapated from:	matthew's upstream pkg change
Approved by:	bapt
MFC after:	2 days
2013-10-24 10:49:55 +00:00
bdrewery
ae7fa1acd1 Rename libbsdyml to libyaml, make private, and bump
SHLIB_MAJOR to 1.0

Suggested by:	des
Approved by:	bapt
MFC after:	1 week
2013-10-14 18:31:15 +00:00
bapt
aed5107b91 Add support to detect arm vs armv6
There are two different versions of the ARM ABI depending on the
TARGET_ARCH. As these are sligntly different a package built for
one may not work on another. We need to detect which one we are on
by parsing the .ARM.attributes section.

This will only work on the ARM EABI as this section is part of the
ABI definition. As armv6 only supports the ARM EABI this is not a
problem for the oabi.

Older versions of libelf in FreeBSD fail to read the
.ARM.attributes section needed. As armv6 is unsupported on these
versions we can assume we are running on arm.

Submitted by:	andrew
Approved by:	re (delphij)
Obtained from:	pkgng git
2013-09-10 20:56:01 +00:00
bapt
f16e768e50 Fix detection of arm ABIs
Submitted by:	andrew
Obtained from:	pkg git
2013-07-28 20:11:31 +00:00
bapt
c7071f4d0a choose in priority the allocated ABI if any to do the ${ABI} substitution in PACKAGESITE
Reviewed by:	bdrewery
2013-03-05 14:08:36 +00:00
bapt
94bcfee7d0 Add the ability to correctly read pkg.conf is exists.
Only look for boostrap useful options:
 - PACKAGESITE
 - ABI
 - MIRROR_TYPE
 - ASSUME_ALWAYS_YES

While here makes PACKAGESITE expand the ${ABI} variable.
Allow to deactivate any SRV record look up (MIRROR_TYPE=none)
Use the same mechanism as for pkgng itself: first get configuration out of
environment variable and fallback on pkg.conf if exists.

Reviewed by:	bdrewery
2013-03-05 13:31:06 +00:00