MFC r326276:

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Remove extra debug that crept in

Implement pubkey support for the bootstrap

Note that to not interfer with finger print it expects a signature on pkg itself
which is named pkg.txz.pubkeysign

To genrate it:
echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /thekey \
-binary -out ./pkg.txz.pubkeysig

Note the "echo -n" which prevent signing the '\n' one would get otherwise

PR: 202622
MFC after: 1 week

Fix indentation, no functional changes

Issue warning and refuse to proceed further if the configured
repository signature_type is unsupported by bootstrap pkg(7).

Previously, when signature_type specified an unsupported method,
the bootstrap pkg(7) would proceed like when signature_type is
"none". MITM attackers may be able to use this vulnerability and
bypass validation and install their own versions of pkg(8).

At this time, only fingerprint and none are supported by the
bootstrap pkg(7).

FreeBSD's official pkg(8) repository uses the fingerprint method
and is therefore unaffected.

Errata candidate.

Discussed with: bapt@
Submitted by: Fabian Keil
Obtained from: ElectroBSD

Allow fetching pkg(8) even if servers/proxies are not passing Content-length

Test the return of fetchParseURL(3)

CID: 1125811
MFC after: 1 week

Plug resources leak

CID: 1125813
CID: 1125807
CID: 1125808
MFC after: 1 week

When we fail to extract the pkg binaries (for example, / is read-only),
give a more helpful error message.

MFC after: 1 week

Import libucl 0.4.0
Adapt pkg(7) to the new libucl API

Remove a useless newline, warnx already appends a newline

Update my copyright

Switch pkg(7) from libyaml to libucl

Fix yet another typo

Reported by: kib

Fix typos

Reported by: bryanv

Do not print a question in non-interractive mode but explain why boostrapping
has failed and how to allow it to happen

Reported by: jmmv

Do not create pkg.conf, as it is not necessary anymore and packagesite is deprecated

Reported by: glebius
MFC after: 3 days

argc is now used

MFC after: 2 days

Remove useless checks for NULL pointer before free(3)

Reported by: eadler
Approved by: eadler

Do not use just freed memory.

Sponsored by: Nginx, Inc.

Remove condition which can never be true as the previous loop
is never exited while remote == NULL.

Reported by: Coverity
Approved by: bapt
MFC after: 2 days

Add -f support to 'pkg bootstrap' and 'pkg add' to force installation
of pkg(8) even if already installed.

This is useful if you somehow messup pkg(8) and need to reinstall from
remote with it already being registered in the pkg(8) /var/db/pkg database.

Also add some sanity checks to 'pkg add'.

Approved by: bapt
MFC after: 2 days

Add a 'pkg bootstrap' command which will bootstrap pkg(8) without
forwarding any command to it after installation.

This is useful if the only goal is to install pkg(8) without any extra
output.

Requested by: cperciva
Approved by: bapt
MFC after: 2 days

Fix build with GCC.

BIO_new_mem_buf takes a void* buf, but internally it never modifies the
buf. It assigns the buffer to another pointer and then marks it as
read-only. So deconsting it should be safe here.

Also fix warning about 'buf' possibly being unused in parse_cert()

Approved by: bapt
MFC after: 2 days
X-MFC-With: r257147

Add support to check the signature of a local pkg.txz file being
added with "pkg add". If the pkg.conf is configured to check for
signature, then the pkg.txz.sig file will be expected and validated
per r257147

Approved by: bapt
MFC after: 2 days

Tell which fingerprint pkg is being validated against.

Approved by: bapt
MFC after: 2 days

Support checking signature for pkg bootstrap.

If the pkg.conf is configured with SIGNATURE_TYPE: FINGERPRINTS,
and FINGERPRINTS: /etc/keys/pkg then a pkg.sig file is fetched along
with pkg.txz. The signature contains the signature provided by the
signing server, and the public key. The .sig is the exact output
from the signing server in the following format:

SIGNATURE
<openssl signed>
CERT
<rsa public key>
END

The signature is verified with the following logic:

- If the .sig file is missing, it fails.
- If the .sig doesn't validate, it fails.
- If the public key in the .sig is not in the known trusted fingerprints,
it fails.
- If the public key is in the revoked key list, it fails.

Approved by: bapt
MFC after: 2 days
Discussed by: bapt with des, jonathan, gavin

Be verbose and tell where pkg(8) is being bootstrapped from.

Approved by: bapt
MFC after: 2 days

Wrap long lines

Approved by: bapt
MFC after: 2 days

Add support for using "pkg+http://" for the PACKAGESITE.

pkg 1.2 is adding this support as well. This should help
lessen the confusion on why the default SRV PACKAGESITE
does not load in a browser.

Adapated from: matthew's upstream pkg change
Approved by: bapt
MFC after: 2 days

Allow to bootstrap by doing pkg add ./a/path/to/a/pkg_package.txz

Requested by: many
MFC after: 3 days

Improve SRV records support for the pkg(8) bootstrap:
- order srv records by priorities
- for all entries of the same priority, order randomly respect the weight
- select the port where to fetch from respect the port provided in the SRV record

Obtained from: pkg git repo
MFC after: 3 days

Improve bootstrapping message

MFC after: 3 days

Fix bootstrapping pkgng by not appending "/latest/" to PACKAGESITE.

Reporter by : Alexander Yerenkow (via irc)

Add the ability to correctly read pkg.conf is exists.

Only look for boostrap useful options:
- PACKAGESITE
- ABI
- MIRROR_TYPE
- ASSUME_ALWAYS_YES

While here makes PACKAGESITE expand the ${ABI} variable.
Allow to deactivate any SRV record look up (MIRROR_TYPE=none)
Use the same mechanism as for pkgng itself: first get configuration out of
environment variable and fallback on pkg.conf if exists.

Reviewed by: bdrewery

Do not use deprecated functions from libarchive

In case of failure of the pkg boostrap advice the user to either change the
PACKAGESITE they use or install from ports directly indicating where the port
is localted in the port collection

Submitted by: kientzle

Remove extraneous space and new-line.

Submitted by: pjd, gcooper
Approved by: bapt
MFC after: 2 weeks

Third time's the charm. pkg -N output needs to go to stderr.

Approved by: bapt
MFC after: 2 weeks

Switch from 'pkg -n' to 'pkg -N' as the test for pkgn activation
status. '-n' is already used extensively elsewhere in pkgng (to mean
'dry-run') and this reduces the potential confusion

Submitted by: eadler
Approved by: bapt
MFC after: 2 weeks

In preparation for making 'pkg -n' the one true method of determining
whether a system has been configured to use pkgng, cause /usr/sbin/pkg
recognise a -n option and exit with a failure code when the pkg port
is not installed.

Approved by: bapt
MFC after: 2 weeks

if PACKAGESITE url scheme is not 'file://', always try to revolv SRV records and
use them if any. It allows the bootstrap to use directly pkg.FreeBSD.org instead
of pkgbeta.FreeBSD.org

MFC after: 1 month

Fix confirmation logic when detecting a tty

Reported by: mjg

- change ALWAYS_ASSUME_YES to ASSUME_ALWAYS_YES for consistency with pkg(8)
- if not on a tty prompt about the missing pkg(8) but default on 'no' except if
ASSUME_ALWAYS_YES is set

MFC after: 2 days

Make pkg bootstrap program ask for confirmation before proceeding.

The previous behaviour was to silently download and install the pkg
package, without ever telling user about what it was doing and why.

Discussed with: bapt
Reviewed by: kib

Add missing \n when generating pkg.conf

Reported by: beat
Approved by: des (mentor)
MFC after: 1 day

- close the open file after fetching
- create a default /usr/local/etc/pkg.conf

Approved by: des (mentor)

- Use _PATH_TMP instead of hardcoded /tmp
- more style(9) fixes
- some refactoring
- better error detection
- Add the DPADD to Makefile

Submitted by: Garrett Cooper <yanegomi@gmail.com>
Approved by: des (mentor)

- Fix style(9) bugs + inconsistencies

Submitted by: marius
Approved by: des (mentor)

Do not do double initialisation
style(9) says for (;;) not while (1)

Reported by: culot
Approved by: des

add usr.sbin/pkg which is a bootstrap tool for pkgng.
it respects PACKAGESITE, PACKAGEROOT, and a new environment variable ABI (if a user want to use a different API from the base one for its packages)
it has no man page on purpose to avoid hidding the pkg(8) man page from the pkgng package.
for now uses pkgbeta.FreeBSD.org as default mirror to find its package
it respects MK_PKGTOOLS

Approved by: des (mentor)