#
330449 |
|
05-Mar-2018 |
eadler |
MFC r326276:
various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
No functional change intended.
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
287580 |
|
08-Sep-2015 |
bapt |
Remove extra debug that crept in
|
#
287579 |
|
08-Sep-2015 |
bapt |
Implement pubkey support for the bootstrap
Note that to not interfer with finger print it expects a signature on pkg itself which is named pkg.txz.pubkeysign
To genrate it: echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /thekey \ -binary -out ./pkg.txz.pubkeysig
Note the "echo -n" which prevent signing the '\n' one would get otherwise
PR: 202622 MFC after: 1 week
|
#
287572 |
|
08-Sep-2015 |
bapt |
Fix indentation, no functional changes
|
#
286933 |
|
19-Aug-2015 |
delphij |
Issue warning and refuse to proceed further if the configured repository signature_type is unsupported by bootstrap pkg(7).
Previously, when signature_type specified an unsupported method, the bootstrap pkg(7) would proceed like when signature_type is "none". MITM attackers may be able to use this vulnerability and bypass validation and install their own versions of pkg(8).
At this time, only fingerprint and none are supported by the bootstrap pkg(7).
FreeBSD's official pkg(8) repository uses the fingerprint method and is therefore unaffected.
Errata candidate.
Discussed with: bapt@ Submitted by: Fabian Keil Obtained from: ElectroBSD
|
#
281039 |
|
03-Apr-2015 |
bapt |
Allow fetching pkg(8) even if servers/proxies are not passing Content-length
|
#
278173 |
|
03-Feb-2015 |
bapt |
Test the return of fetchParseURL(3)
CID: 1125811 MFC after: 1 week
|
#
278172 |
|
03-Feb-2015 |
bapt |
Plug resources leak
CID: 1125813 CID: 1125807 CID: 1125808 MFC after: 1 week
|
#
268728 |
|
15-Jul-2014 |
gavin |
When we fail to extract the pkg binaries (for example, / is read-only), give a more helpful error message.
MFC after: 1 week
|
#
264789 |
|
22-Apr-2014 |
bapt |
Import libucl 0.4.0 Adapt pkg(7) to the new libucl API
|
#
262418 |
|
23-Feb-2014 |
bapt |
Remove a useless newline, warnx already appends a newline
|
#
262401 |
|
23-Feb-2014 |
bapt |
Update my copyright
|
#
262400 |
|
23-Feb-2014 |
bapt |
Switch pkg(7) from libyaml to libucl
|
#
259775 |
|
23-Dec-2013 |
bapt |
Fix yet another typo
Reported by: kib
|
#
259774 |
|
23-Dec-2013 |
bapt |
Fix typos
Reported by: bryanv
|
#
259773 |
|
23-Dec-2013 |
bapt |
Do not print a question in non-interractive mode but explain why boostrapping has failed and how to allow it to happen
Reported by: jmmv
|
#
258550 |
|
25-Nov-2013 |
bapt |
Do not create pkg.conf, as it is not necessary anymore and packagesite is deprecated
Reported by: glebius MFC after: 3 days
|
#
258226 |
|
16-Nov-2013 |
bapt |
argc is now used
MFC after: 2 days
|
#
258020 |
|
11-Nov-2013 |
bdrewery |
Remove useless checks for NULL pointer before free(3)
Reported by: eadler Approved by: eadler
|
#
257945 |
|
11-Nov-2013 |
glebius |
Do not use just freed memory.
Sponsored by: Nginx, Inc.
|
#
257701 |
|
05-Nov-2013 |
bdrewery |
Remove condition which can never be true as the previous loop is never exited while remote == NULL.
Reported by: Coverity Approved by: bapt MFC after: 2 days
|
#
257505 |
|
01-Nov-2013 |
bdrewery |
Add -f support to 'pkg bootstrap' and 'pkg add' to force installation of pkg(8) even if already installed.
This is useful if you somehow messup pkg(8) and need to reinstall from remote with it already being registered in the pkg(8) /var/db/pkg database.
Also add some sanity checks to 'pkg add'.
Approved by: bapt MFC after: 2 days
|
#
257377 |
|
30-Oct-2013 |
bdrewery |
Add a 'pkg bootstrap' command which will bootstrap pkg(8) without forwarding any command to it after installation.
This is useful if the only goal is to install pkg(8) without any extra output.
Requested by: cperciva Approved by: bapt MFC after: 2 days
|
#
257193 |
|
26-Oct-2013 |
bdrewery |
Fix build with GCC.
BIO_new_mem_buf takes a void* buf, but internally it never modifies the buf. It assigns the buffer to another pointer and then marks it as read-only. So deconsting it should be safe here.
Also fix warning about 'buf' possibly being unused in parse_cert()
Approved by: bapt MFC after: 2 days X-MFC-With: r257147
|
#
257149 |
|
26-Oct-2013 |
bdrewery |
Add support to check the signature of a local pkg.txz file being added with "pkg add". If the pkg.conf is configured to check for signature, then the pkg.txz.sig file will be expected and validated per r257147
Approved by: bapt MFC after: 2 days
|
#
257148 |
|
26-Oct-2013 |
bdrewery |
Tell which fingerprint pkg is being validated against.
Approved by: bapt MFC after: 2 days
|
#
257147 |
|
26-Oct-2013 |
bdrewery |
Support checking signature for pkg bootstrap.
If the pkg.conf is configured with SIGNATURE_TYPE: FINGERPRINTS, and FINGERPRINTS: /etc/keys/pkg then a pkg.sig file is fetched along with pkg.txz. The signature contains the signature provided by the signing server, and the public key. The .sig is the exact output from the signing server in the following format:
SIGNATURE <openssl signed> CERT <rsa public key> END
The signature is verified with the following logic:
- If the .sig file is missing, it fails. - If the .sig doesn't validate, it fails. - If the public key in the .sig is not in the known trusted fingerprints, it fails. - If the public key is in the revoked key list, it fails.
Approved by: bapt MFC after: 2 days Discussed by: bapt with des, jonathan, gavin
|
#
257146 |
|
26-Oct-2013 |
bdrewery |
Be verbose and tell where pkg(8) is being bootstrapped from.
Approved by: bapt MFC after: 2 days
|
#
257142 |
|
26-Oct-2013 |
bdrewery |
Wrap long lines
Approved by: bapt MFC after: 2 days
|
#
257051 |
|
24-Oct-2013 |
bdrewery |
Add support for using "pkg+http://" for the PACKAGESITE.
pkg 1.2 is adding this support as well. This should help lessen the confusion on why the default SRV PACKAGESITE does not load in a browser.
Adapated from: matthew's upstream pkg change Approved by: bapt MFC after: 2 days
|
#
256971 |
|
23-Oct-2013 |
bapt |
Allow to bootstrap by doing pkg add ./a/path/to/a/pkg_package.txz
Requested by: many MFC after: 3 days
|
#
256968 |
|
23-Oct-2013 |
bapt |
Improve SRV records support for the pkg(8) bootstrap: - order srv records by priorities - for all entries of the same priority, order randomly respect the weight - select the port where to fetch from respect the port provided in the SRV record
Obtained from: pkg git repo MFC after: 3 days
|
#
256770 |
|
19-Oct-2013 |
gavin |
Improve bootstrapping message
MFC after: 3 days
|
#
248033 |
|
08-Mar-2013 |
bapt |
Fix bootstrapping pkgng by not appending "/latest/" to PACKAGESITE.
Reporter by : Alexander Yerenkow (via irc)
|
#
247841 |
|
05-Mar-2013 |
bapt |
Add the ability to correctly read pkg.conf is exists.
Only look for boostrap useful options: - PACKAGESITE - ABI - MIRROR_TYPE - ASSUME_ALWAYS_YES
While here makes PACKAGESITE expand the ${ABI} variable. Allow to deactivate any SRV record look up (MIRROR_TYPE=none) Use the same mechanism as for pkgng itself: first get configuration out of environment variable and fallback on pkg.conf if exists.
Reviewed by: bdrewery
|
#
247060 |
|
20-Feb-2013 |
bapt |
Do not use deprecated functions from libarchive
|
#
246790 |
|
14-Feb-2013 |
bapt |
In case of failure of the pkg boostrap advice the user to either change the PACKAGESITE they use or install from ports directly indicating where the port is localted in the port collection
Submitted by: kientzle
|
#
244639 |
|
23-Dec-2012 |
matthew |
Remove extraneous space and new-line.
Submitted by: pjd, gcooper Approved by: bapt MFC after: 2 weeks
|
#
244608 |
|
23-Dec-2012 |
matthew |
Third time's the charm. pkg -N output needs to go to stderr.
Approved by: bapt MFC after: 2 weeks
|
#
244594 |
|
22-Dec-2012 |
matthew |
Switch from 'pkg -n' to 'pkg -N' as the test for pkgn activation status. '-n' is already used extensively elsewhere in pkgng (to mean 'dry-run') and this reduces the potential confusion
Submitted by: eadler Approved by: bapt MFC after: 2 weeks
|
#
244553 |
|
21-Dec-2012 |
matthew |
In preparation for making 'pkg -n' the one true method of determining whether a system has been configured to use pkgng, cause /usr/sbin/pkg recognise a -n option and exit with a failure code when the pkg port is not installed.
Approved by: bapt MFC after: 2 weeks
|
#
243883 |
|
05-Dec-2012 |
bapt |
if PACKAGESITE url scheme is not 'file://', always try to revolv SRV records and use them if any. It allows the bootstrap to use directly pkg.FreeBSD.org instead of pkgbeta.FreeBSD.org
MFC after: 1 month
|
#
239664 |
|
24-Aug-2012 |
bapt |
Fix confirmation logic when detecting a tty
Reported by: mjg
|
#
239663 |
|
24-Aug-2012 |
bapt |
- change ALWAYS_ASSUME_YES to ASSUME_ALWAYS_YES for consistency with pkg(8) - if not on a tty prompt about the missing pkg(8) but default on 'no' except if ASSUME_ALWAYS_YES is set
MFC after: 2 days
|
#
238461 |
|
15-Jul-2012 |
kan |
Make pkg bootstrap program ask for confirmation before proceeding.
The previous behaviour was to silently download and install the pkg package, without ever telling user about what it was doing and why.
Discussed with: bapt Reviewed by: kib
|
#
235726 |
|
21-May-2012 |
bapt |
Add missing \n when generating pkg.conf
Reported by: beat Approved by: des (mentor) MFC after: 1 day
|
#
234870 |
|
01-May-2012 |
bapt |
- close the open file after fetching - create a default /usr/local/etc/pkg.conf
Approved by: des (mentor)
|
#
234351 |
|
16-Apr-2012 |
bapt |
- Use _PATH_TMP instead of hardcoded /tmp - more style(9) fixes - some refactoring - better error detection - Add the DPADD to Makefile
Submitted by: Garrett Cooper <yanegomi@gmail.com> Approved by: des (mentor)
|
#
234322 |
|
15-Apr-2012 |
bapt |
- Fix style(9) bugs + inconsistencies
Submitted by: marius Approved by: des (mentor)
|
#
234315 |
|
15-Apr-2012 |
bapt |
Do not do double initialisation style(9) says for (;;) not while (1)
Reported by: culot Approved by: des
|
#
234313 |
|
15-Apr-2012 |
bapt |
add usr.sbin/pkg which is a bootstrap tool for pkgng. it respects PACKAGESITE, PACKAGEROOT, and a new environment variable ABI (if a user want to use a different API from the base one for its packages) it has no man page on purpose to avoid hidding the pkg(8) man page from the pkgng package. for now uses pkgbeta.FreeBSD.org as default mirror to find its package it respects MK_PKGTOOLS
Approved by: des (mentor)
|