MFC: r287579

Implement pubkey support for the bootstrap

Note that to not interfer with finger print it expects a signature on pkg itself
which is named pkg.txz.pubkeysign

To genrate it:
echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /thekey \
-binary -out ./pkg.txz.pubkeysig

Note the "echo -n" which prevent signing the '\n' one would get otherwise

PR: 202622

MFC r259266:

Fix multi-repository support by properly respecting 'enabled' flag.

This will read the REPOS_DIR env/config setting (default is /etc/pkg
and /usr/local/etc/pkg/repos) and use the last enabled repository.

This can be changed in the environment using a comma-separated list,
or in /usr/local/etc/pkg.conf with JSON array syntax of:
REPOS_DIR: ["/etc/pkg", "/usr/local/etc/pkg/repos"]

Approved by: bapt (mentor)

MFC: r256770,r257142,r257145,r257146,r257147,r257148,
r257149,r257150,r257158,r257159,r257164,r257168,
r257193

- Support checking signature for pkg bootstrap from remote
and for 'pkg add ./pkg.txz'

- Be verbose on where pkg is being bootstrapped from.

- Add support for reading configuration files from /etc/pkg.
For now only /etc/pkg/FreeBSD.conf is supported.

- Add test package signing key fingerprint into /etc/keys/pkg/trusted.

- Disable fingerprint checking by default for now as the official
packages are not yet signed.

Approved by: bapt
Approved by: re (glebius)

MFC r257051:

Add support for using "pkg+http://" for the PACKAGESITE.

pkg 1.2 is adding this support as well. This should help
lessen the confusion on why the default SRV PACKAGESITE
does not load in a browser.

Approved by: bapt
Approved by: re (glebius)

MFC: r287579

Implement pubkey support for the bootstrap

Note that to not interfer with finger print it expects a signature on pkg itself
which is named pkg.txz.pubkeysign

To genrate it:
echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /thekey \
-binary -out ./pkg.txz.pubkeysig

Note the "echo -n" which prevent signing the '\n' one would get otherwise

PR: 202622

MFC r259266:

Fix multi-repository support by properly respecting 'enabled' flag.

This will read the REPOS_DIR env/config setting (default is /etc/pkg
and /usr/local/etc/pkg/repos) and use the last enabled repository.

This can be changed in the environment using a comma-separated list,
or in /usr/local/etc/pkg.conf with JSON array syntax of:
REPOS_DIR: ["/etc/pkg", "/usr/local/etc/pkg/repos"]

Approved by: bapt (mentor)

MFC: r256770,r257142,r257145,r257146,r257147,r257148,
r257149,r257150,r257158,r257159,r257164,r257168,
r257193

- Support checking signature for pkg bootstrap from remote
and for 'pkg add ./pkg.txz'

- Be verbose on where pkg is being bootstrapped from.

- Add support for reading configuration files from /etc/pkg.
For now only /etc/pkg/FreeBSD.conf is supported.

- Add test package signing key fingerprint into /etc/keys/pkg/trusted.

- Disable fingerprint checking by default for now as the official
packages are not yet signed.

Approved by: bapt
Approved by: re (glebius)

MFC r257051:

Add support for using "pkg+http://" for the PACKAGESITE.

pkg 1.2 is adding this support as well. This should help
lessen the confusion on why the default SRV PACKAGESITE
does not load in a browser.

Approved by: bapt
Approved by: re (glebius)