| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
My local environment seems to be seeing some pollution; we need
<string.h> for strlen.
PR: 284021
Fixes: 2e065d74a5b0e ("pkg: add a pkgsign_verify_data [...]")
(cherry picked from commit b8770ce1dfed52fcb7249cdf3cf4d4d16357b9fd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Signature types need to be parsed out of the key/signature information
that we are presented with from the files we download. We use that to
understand whicher signer we need to dispatch to.
The ECC signer is more-or-less lifted from pkg(8), with some changes to
slim it down for pkg(7).
Reviewed by: bapt
(cherry picked from commit 3d0a0dda3a7d57bbd4eaf65ba8da0f2a36089c0e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This will be used to verify raw payloads, as if signed by pkg-key(8).
It will be used specifically in pkg(7) to verify .pubkeysig as published
by poudriere.
Amend verify_pubsignature() now to use it. For the RSA signer, we need
to verify using a sha256 of the data instead of the data itself.
Reviewed by: bapt
(cherry picked from commit 2e065d74a5b0ea32db7d4f6e3f78eaa17ee7685e)
|
| |
|
|
|
|
|
|
|
| |
This mirrors a change we made in pkg(8), and will be used to next add
another signer that does ECC.
Reviewed by: bapt, emaste
(cherry picked from commit 5862580ded35e23581291a2e1052f04428369ead)
|
| |
|
|
|
|
|
|
|
|
| |
We already have to do this for reading the pubkey, just pull it out for
other uses. The ECC signer will use this to verify the bootstrap if
the PUBKEY mechanism is used.
Reviewed by: bapt, emaste
(cherry picked from commit 2ecfc040a09f8c42f67bbfdcc4bd02ef84dac8b7)
|
| |
|
|
|
|
|
|
|
| |
We'll eventually add a pkgsign abstraction over these similar to how we do
in pkg(8), but start by isolating these parts.
Reviewed by: bapt, emaste
(cherry picked from commit 2629e90dd05fb69d767525f960101d7d055ffae0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the local ABI string was written to an on-stack buffer and
the pointer to that buffer was saved in a global before the function
returned. This had two issues: c[ABI].val pointed to a
no-longer-valid on-stack buffer after config_init returned, and the
string could potentially be truncated. Fix both of those by changing
pkg_get_myabi to return a pointer to a string allocated by asprintf.
Note that the allocated string is left in the global config array
until it is implicitly freed on process exit.
Reported by: GCC 13 -Wdangling-pointer
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D42623
(cherry picked from commit fd9ae9ac04edf9acef4a2ffbf663698a2b8e7ced)
|
| |
|
|
|
|
|
|
|
|
|
| |
Print the complete list of url that have failed
PR: 281924
Co-authored-by: Baptiste Daroussin <bapt@FreeBSD.org>
Differential Revision: https://reviews.freebsd.org/D46983
(cherry picked from commit be9243409d6be99f5d7815b6d074a85a6e84f7ce)
(cherry picked from commit 2f29060f46138bbfc52c5944825293d598cc68de)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
.pkg is the default extension as of commit c244b1d8a387, falling back to
.txz if not found.
PR: 281924
Reviewed by: bapt
Fixes: a2aac2f5e564 ("pkg(7): when bootstrapping first search for pkg.bsd file then pkg.txz")
Fixes: c244b1d8a387 ("pkg: settle the uniq extension to .pkg instead of .bsd")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46977
(cherry picked from commit f5c847ae849aab9354d0956afd683f1c90bfd91e)
(cherry picked from commit fef1f3fecd5b6e7bf040f6dd2e31177332c3c0ec)
|
| |
|
|
|
|
|
| |
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
Similar commit in main:
(cherry picked from commit fa9896e082a1)
|
| |
|
|
|
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
Similar commit in main:
(cherry picked from commit d0b2dbfa0ecf)
|
| |
|
|
|
|
|
| |
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
Similar commit in main:
(cherry picked from commit 1d386b48a555)
|
| |
|
|
|
|
|
| |
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
Similar commit in main:
(cherry picked from commit b3e7694832e8)
|
| |
|
|
|
|
|
|
|
|
|
| |
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
(cherry picked from commit 4d846d260e2b9a3d4d0a701462568268cbfe7a5b)
|
| |
|
|
|
|
|
|
|
|
| |
Use SHA256_Fd and SHA256_Data instead of home made equivalent.
wrap those functions into hash.c to avoid header collition between
openssl and libmd
Suggested by: kevans
(cherry picked from commit e5dd5bfa55dc82686870330f547932486ba48db2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 3.0 has deprecated the sha256 api, let's use libmd which has the
same API instead.
In order to avoid the collision in definitions (sha256.h cannot be
included in the same file as a file where openssl headers has been
included) let's move the sha256 related code in its own file
PR: 270023
Reported by: ngie
(cherry picked from commit b2654064c2d11a1ee36667b3ff8b0f4d2536af74)
|
| |
|
|
|
| |
PR: 263458
(cherry picked from commit 60b92ba9323c2dd249ba3a3349b207c2d0b9d212)
|
| |
|
|
|
|
| |
- s/that that/that/
(cherry picked from commit 990878b07f4a452d3e4c01e98001f94e3a868fb1)
|
| |
|
|
|
|
| |
MFC after: 1 week
(cherry picked from commit 3beedc3840c29f3f728ed28cbc1450e1b9999f61)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As with i386 and amd64, "latest" packages are available on stable
branches for arm64/aarch64.
Reviewed by: manu
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35445
(cherry picked from commit f92e0d6acda3abd16c6d411bf90ef26c4e3c40c4)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
And put pkg and its keys in it.
It's easier for small image to depend on this package rather than the
larger utilities one.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33458
(cherry picked from commit ec0ea6efa1ad229d75c394c1a9b9cac33af2b1d3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting CONFSNAME directly is a little more complicated for downstream
consumers, as any additional CONFS that are added here will inherit the
group name by default. This is perhaps arguably a design flaw in CONFS
because inheriting NAME will never give a good result when additional
files are added, but this is a low-effort change.
While we're here, pull FreeBSD.conf.${branch} out into a PKGCONF
variable so one can just drop a new repo config in entirely with a new
naming scheme. CONFSNAME gets set based on chopping anything off after
".conf", so that, e.g.:
- FooBSD.conf => FooBSD.conf
- FooBSD.conf.internal => FooBSD.conf
(cherry picked from commit d35164539b14a6d14fb587e58a0c7a1668d7643a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While pkg(7) add only handles a single 'add' argument, pkg-add(8) fully
handles multiple arguments.
Stop rejecting it, just turn off local-bootstrap mode and proceed to
remote bootstrap if we need it.
While we're here, check if the first argument to pkg add is even a pkg
package. If it's not, also do remote bootstrap instead. Future work
could improve this altogether by picking out a pkg package out of many
and local bootstrap then pass the rest through to the newly installed
pkg.
(cherry picked from commit 40b9f924b189ce8fa871db600b4abc99b03c6a65)
|
| |
|
|
|
|
|
|
|
|
| |
The file already includes sys/param.h and should use that definition.
I found this while testing D28332.
Reviewed By: bapt
Differential Revision: https://reviews.freebsd.org/D28331
(cherry picked from commit 9a0a48b12d3d85f0f00b99439e6a8779f5f1abb6)
|
| |
|
|
|
|
|
|
|
|
|
| |
open_memstream(3) is a standard way to obtain the same feature we do get
by using sbuf(9) (aka dynamic size buffer), switching to using it makes
pkg(7) more portable, and reduces its number of dependencies.
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D30005
(cherry picked from commit cc9a8a116d19daf224222506441e91a3d329160e)
|
| |
|
|
|
|
| |
Non functional changes
(cherry picked from commit f648d757b76d70d58bbda7c3ed3ff79261d24d0f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The package extension is going to be changed to .pkg to be among other
things resilient to the change of compression format used and reduce
the impact of all third party tool of that change.
Ensure the bootstrap knows about it
Reviewed by: manu
Differential revision: https://reviews.freebsd.org/D29232
(cherry picked from commit a2aac2f5e5642740507a3cadb98046f3dd434ce4)
(cherry picked from commit c244b1d8a38731041d0f3ff4191192a85dd8608b)
|
| |
|
|
|
|
|
|
|
|
| |
Modify /usr/sbin/pkg to use environment variables specified in pkg.conf.
This allows control over underlying libraries like fetch(3), which can
be configured by setting HTTP_PROXY.
Differential Revision: https://reviews.freebsd.org/D29820
(cherry picked from commit e869d3c60147bbb226b5ad97d2ef73391aeebafa)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- One (1) spurious whitespace.
- One (1) occurrence of "random(3) bad, arc4random(3)" good.
- Three (3) writes that will never be seen.
The latter two points are complaints from clang-analyze. Switching to
arc4random(3) is decidedly a good idea because we weren't doing any kind
of PRNG seeding anyways. The discarded assignments are arguably good
for future-proofing, but it's better to improve the S/N ratio from
clang-analyze.
(cherry picked from commit b2c4ca8d2872bc4410626f2b1ceafa49de5828ce)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is limited to bootstrap/add because some real pkg(8) commands
have -r flags with an incompatible meaning/usage, e.g., pkg-audit.
pkg(7) will still commence the search as it has, but it will ignore any
repo objects without the given name so that overrides and whatnot still
work as expected.
The use of it for add is noted in the manpage; notably, that the
signature config for that repository will be used over global config if
it's specified. i.e., pkg(7) should assume that the given pkg did come
from that repository and treat it appropriately.
(cherry picked from commit 18418e1936b59c34a9c4a02a1ba5fe0d00dde1b3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rework the arguments handling around using getopt_long:
* add long option support
* add -4 and -6 support to enforce ipv4 or ipv6
While here fix a regression which occured between FreeBSD 12.1 and
FreeBSD 12.2 where pkg bootstrap -y stopped working
PR: 252270
MFC after: 2 weeks
Submitted by: evilham <contact@evilham.com>
Differential Revision: https://reviews.freebsd.org/D27860
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
local software base directory, as committed in SVN rev. 367813.
The pkg and mailwrapper programs used the LOCALBASE environment variable
for this purpose and this functionality is preserved by getlocalbase().
After this change, the value of the user.localbase sysctl variable is used
if present (and not overridden in the environment).
The nvmecontrol program gains support of a dynamic path to its plugin
directory with this update.
Differential Revision: https://reviews.freebsd.org/D27237
Notes:
svn path=/head/; revision=367816
|
| |
|
|
|
|
|
| |
hashed out.
Notes:
svn path=/head/; revision=367711
|
| |
|
|
|
|
|
|
| |
getlocalbase API. Also don't erroneously subtract the lenth from the
buffer a second time.
Notes:
svn path=/head/; revision=367702
|
| |
|
|
|
|
|
| |
Reviewed by: imp, se
Notes:
svn path=/head/; revision=367687
|
| |
|
|
| |
Notes:
svn path=/head/; revision=367434
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Literal references to /usr/local exist in a large number of files in
the FreeBSD base system. Many are in contributed software, in configuration
files, or in the documentation, but 19 uses have been identified in C
source files or headers outside the contrib and sys/contrib directories.
This commit makes it possible to set _PATH_LOCALBASE in paths.h to use
a different prefix for locally installed software.
In order to avoid changes to openssh source files, LOCALBASE is passed to
the build via Makefiles under src/secure. While _PATH_LOCALBASE could have
been used here, there is precedent in the construction of the path used to
a xauth program which depends on the LOCALBASE value passed on the compiler
command line to select a non-default directory.
This could be changed in a later commit to make the openssh build
consistently use _PATH_LOCALBASE. It is considered out-of-scope for this
commit.
Reviewed by: imp
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D26942
Notes:
svn path=/head/; revision=367075
|
| |
|
|
| |
Notes:
svn path=/head/; revision=366828
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now, the bootstrap will gloss over things like pkg bootstrap -x or
pkg bootstrap -f pkg. Make it more clear that this is incorrect, and hint
at the correct formatting.
Reported by: jhb (IIRC via IRC)
Approved by: bapt, jhb, manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24750
Notes:
svn path=/head/; revision=363421
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current message when bootstapping pkg fails for any reason implies that pkg
is not available. We have the error code from fetch so if bootstrap failed due
to address resolution say so.
Reviewed by: bapt, bz
Approved by: bz (co-mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D25323
Notes:
svn path=/head/; revision=362541
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'quarterly' package sets do not exist for head, so explicitly
install the 'latest' configuration file there. Otherwise,
fall back to the original conditional evaluation to determine
if the 'latest' or 'quarterly' configuration file should be
installed.
Reported by: manu
Reviewed by: manu
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=353320
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
message:
On non-x86 systems, use "quarterly" packages.
x86 architectures have "latest" package builds on stable/*, so keep using
those (they'll get switched over to "quarterly" during releases).
The original commit was a direct commit to stable/12, as at the time it
was presumed it would not be necessary for head. However, when it is time
to create a releng branch or switch from PRERELEASE/STABLE to BETA/RC, the
pkg(7) Makefile needs further adjusting. This commit includes those
further adjustments, evaluating the BRANCH variable from release/Makefile
to determine the pkg(7) repository to use.
MFC after: immediate (if possible)
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=352520
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
points at the "latest" branch and one which points at the "quarterly"
branch. Install the "latest" version unless overridden via the newly
added PKGCONFBRANCH variable.
This does not change user-visible behaviour (assuming said vairable is
not set) but will make it easier to change the defaults in the future --
on stable branches we will want "latest" on x86 but "quarterly" elsewhere.
Discussed with: gjb
MFC after: 3 days
X-MFC: After MFCing this I'll make a direct commit to stable/* to
switch non-x86 architectures to "quarterly".
Notes:
svn path=/head/; revision=346628
|
| |
|
|
|
|
|
|
| |
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D16491
Notes:
svn path=/head/; revision=336978
|
| |
|
|
|
|
|
|
|
|
|
|
| |
By popular demand, pkg now walks thought the arguments passed and
if it finds -y or --yes it does accept those as equivalent of
ASSUME_ALWAYS_YES env var.
Requested by: many
MFC after: 1 week
Notes:
svn path=/head/; revision=332484
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
Notes:
svn path=/head/; revision=326276
|
| |
|
|
|
|
|
| |
Sponsored by: Dell EMC Isilon
Notes:
svn path=/head/; revision=325188
|
| |
|
|
|
|
|
| |
through pipes/tee(1)/whatever
Notes:
svn path=/head/; revision=317771
|
| |
|
|
|
|
|
|
|
|
| |
This simplifies make logic/output
MFC after: 1 month
Sponsored by: Dell EMC Isilon
Notes:
svn path=/head/; revision=314659
|
| |
|
|
| |
Notes:
svn path=/head/; revision=303527
|
