The package extension is going to be changed to .bsd to be among other
things resilient to the change of compression format used and reduce
the impact of all third party tool of that change.
Ensure the bootstrap knows about it
Reviewed by: manu
Differential revision: https://reviews.freebsd.org/D29232
- One (1) spurious whitespace.
- One (1) occurrence of "random(3) bad, arc4random(3)" good.
- Three (3) writes that will never be seen.
The latter two points are complaints from clang-analyze. Switching to
arc4random(3) is decidedly a good idea because we weren't doing any kind
of PRNG seeding anyways. The discarded assignments are arguably good
for future-proofing, but it's better to improve the S/N ratio from
clang-analyze.
Reviewed by: bapt, manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28525
This is limited to bootstrap/add because some real pkg(8) commands
have -r flags with an incompatible meaning/usage, e.g., pkg-audit.
pkg(7) will still commence the search as it has, but it will ignore any
repo objects without the given name so that overrides and whatnot still
work as expected.
The use of it for add is noted in the manpage; notably, that the
signature config for that repository will be used over global config if
it's specified. i.e., pkg(7) should assume that the given pkg did come
from that repository and treat it appropriately.
Reviewed by: bapt, manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28524
Rework the arguments handling around using getopt_long:
* add long option support
* add -4 and -6 support to enforce ipv4 or ipv6
While here fix a regression which occured between FreeBSD 12.1 and
FreeBSD 12.2 where pkg bootstrap -y stopped working
PR: 252270
MFC after: 2 weeks
Submitted by: evilham <contact@evilham.com>
Differential Revision: https://reviews.freebsd.org/D27860
local software base directory, as committed in SVN rev. 367813.
The pkg and mailwrapper programs used the LOCALBASE environment variable
for this purpose and this functionality is preserved by getlocalbase().
After this change, the value of the user.localbase sysctl variable is used
if present (and not overridden in the environment).
The nvmecontrol program gains support of a dynamic path to its plugin
directory with this update.
Differential Revision: https://reviews.freebsd.org/D27237
Literal references to /usr/local exist in a large number of files in
the FreeBSD base system. Many are in contributed software, in configuration
files, or in the documentation, but 19 uses have been identified in C
source files or headers outside the contrib and sys/contrib directories.
This commit makes it possible to set _PATH_LOCALBASE in paths.h to use
a different prefix for locally installed software.
In order to avoid changes to openssh source files, LOCALBASE is passed to
the build via Makefiles under src/secure. While _PATH_LOCALBASE could have
been used here, there is precedent in the construction of the path used to
a xauth program which depends on the LOCALBASE value passed on the compiler
command line to select a non-default directory.
This could be changed in a later commit to make the openssh build
consistently use _PATH_LOCALBASE. It is considered out-of-scope for this
commit.
Reviewed by: imp
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D26942
Right now, the bootstrap will gloss over things like pkg bootstrap -x or
pkg bootstrap -f pkg. Make it more clear that this is incorrect, and hint
at the correct formatting.
Reported by: jhb (IIRC via IRC)
Approved by: bapt, jhb, manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24750
The current message when bootstapping pkg fails for any reason implies that pkg
is not available. We have the error code from fetch so if bootstrap failed due
to address resolution say so.
Reviewed by: bapt, bz
Approved by: bz (co-mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D25323
By popular demand, pkg now walks thought the arguments passed and
if it finds -y or --yes it does accept those as equivalent of
ASSUME_ALWAYS_YES env var.
Requested by: many
MFC after: 1 week
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
Note that to not interfer with finger print it expects a signature on pkg itself
which is named pkg.txz.pubkeysign
To genrate it:
echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /thekey \
-binary -out ./pkg.txz.pubkeysig
Note the "echo -n" which prevent signing the '\n' one would get otherwise
PR: 202622
MFC after: 1 week
repository signature_type is unsupported by bootstrap pkg(7).
Previously, when signature_type specified an unsupported method,
the bootstrap pkg(7) would proceed like when signature_type is
"none". MITM attackers may be able to use this vulnerability and
bypass validation and install their own versions of pkg(8).
At this time, only fingerprint and none are supported by the
bootstrap pkg(7).
FreeBSD's official pkg(8) repository uses the fingerprint method
and is therefore unaffected.
Errata candidate.
Discussed with: bapt@
Submitted by: Fabian Keil
Obtained from: ElectroBSD
of pkg(8) even if already installed.
This is useful if you somehow messup pkg(8) and need to reinstall from
remote with it already being registered in the pkg(8) /var/db/pkg database.
Also add some sanity checks to 'pkg add'.
Approved by: bapt
MFC after: 2 days
forwarding any command to it after installation.
This is useful if the only goal is to install pkg(8) without any extra
output.
Requested by: cperciva
Approved by: bapt
MFC after: 2 days
BIO_new_mem_buf takes a void* buf, but internally it never modifies the
buf. It assigns the buffer to another pointer and then marks it as
read-only. So deconsting it should be safe here.
Also fix warning about 'buf' possibly being unused in parse_cert()
Approved by: bapt
MFC after: 2 days
X-MFC-With: r257147
added with "pkg add". If the pkg.conf is configured to check for
signature, then the pkg.txz.sig file will be expected and validated
per r257147
Approved by: bapt
MFC after: 2 days
If the pkg.conf is configured with SIGNATURE_TYPE: FINGERPRINTS,
and FINGERPRINTS: /etc/keys/pkg then a pkg.sig file is fetched along
with pkg.txz. The signature contains the signature provided by the
signing server, and the public key. The .sig is the exact output
from the signing server in the following format:
SIGNATURE
<openssl signed>
CERT
<rsa public key>
END
The signature is verified with the following logic:
- If the .sig file is missing, it fails.
- If the .sig doesn't validate, it fails.
- If the public key in the .sig is not in the known trusted fingerprints,
it fails.
- If the public key is in the revoked key list, it fails.
Approved by: bapt
MFC after: 2 days
Discussed by: bapt with des, jonathan, gavin
pkg 1.2 is adding this support as well. This should help
lessen the confusion on why the default SRV PACKAGESITE
does not load in a browser.
Adapated from: matthew's upstream pkg change
Approved by: bapt
MFC after: 2 days
- order srv records by priorities
- for all entries of the same priority, order randomly respect the weight
- select the port where to fetch from respect the port provided in the SRV record
Obtained from: pkg git repo
MFC after: 3 days
Only look for boostrap useful options:
- PACKAGESITE
- ABI
- MIRROR_TYPE
- ASSUME_ALWAYS_YES
While here makes PACKAGESITE expand the ${ABI} variable.
Allow to deactivate any SRV record look up (MIRROR_TYPE=none)
Use the same mechanism as for pkgng itself: first get configuration out of
environment variable and fallback on pkg.conf if exists.
Reviewed by: bdrewery
