The kmod repositories were added shortly after 14.2-RELEASE. Point at
them here so that users don't need to manually add the configuration
in order to get e.g. working graphics.
Approved by: re (cperciva)
MFC after: 1 minute
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D50583
(cherry picked from commit 29f076ae0cb536d1e891d3375edf28f1bc82df79)
(cherry picked from commit 8a2ce9f9dd6745e77bdfe78f03e96ddc8ad1b9d7)
- Fix allocation size in config_get_repositories().
- Fix a memory leak in read_conf_file().
- Avoid a null pointer dereference in an error path in
verify_pubsignature().
Fixes: e3b4a51580fc ("pkg(7): expand VERSION_MAJOR, VERSION_MINOR, RELEASE and OSNAME")
Fixes: dc4581589a32 ("pkg: clean support for repositories")
(cherry picked from commit c1557708f1fae1bb9c8e23e3bbb2aa2b055e1211)
Catchup with pkg(8) by expanding more variable when parsing repositories
The only missing variable now is ARCH, this will have to wait for
pkg 2.0 to be the lowest supported version.
(cherry picked from commit e3b4a51580fcd4a1ddf0d61feb5f325ff1de5420)
with pkg(8) it is possible to overwrite a configuration like adding
FreeBSD {
enabled: false
}
in /usr/local/etc/pkg/repo/overwrite.conf which allows to change any
value which can have been reviously configured in anything in
/etc/pkg/*.conf
now the bootstrap supports the same
MFC After: 3 weeks
(cherry picked from commit 5c341fe5123d4aa6961066542de63dd4431d004d)
Rework the way the bootstrap fetches pkg, by implementing a full support
for the repositories, the boostrap will now loop over all available repo
and try to fetch the full package from there. It will at the first valid
package found.
Fallback to packagesite (which has been deprecated for a while) if needed, by
transforming it into a repo, if no repo is found.
MFC After: 3 weeks
(cherry picked from commit dc4581589a3256667fafd46a30c67abdfd86618f)
My local environment seems to be seeing some pollution; we need
<string.h> for strlen.
PR: 284021
Fixes: 2e065d74a5b0e ("pkg: add a pkgsign_verify_data [...]")
(cherry picked from commit b8770ce1dfed52fcb7249cdf3cf4d4d16357b9fd)
Signature types need to be parsed out of the key/signature information
that we are presented with from the files we download. We use that to
understand whicher signer we need to dispatch to.
The ECC signer is more-or-less lifted from pkg(8), with some changes to
slim it down for pkg(7).
Reviewed by: bapt
(cherry picked from commit 3d0a0dda3a7d57bbd4eaf65ba8da0f2a36089c0e)
This will be used to verify raw payloads, as if signed by pkg-key(8).
It will be used specifically in pkg(7) to verify .pubkeysig as published
by poudriere.
Amend verify_pubsignature() now to use it. For the RSA signer, we need
to verify using a sha256 of the data instead of the data itself.
Reviewed by: bapt
(cherry picked from commit 2e065d74a5b0ea32db7d4f6e3f78eaa17ee7685e)
This mirrors a change we made in pkg(8), and will be used to next add
another signer that does ECC.
Reviewed by: bapt, emaste
(cherry picked from commit 5862580ded35e23581291a2e1052f04428369ead)
We already have to do this for reading the pubkey, just pull it out for
other uses. The ECC signer will use this to verify the bootstrap if
the PUBKEY mechanism is used.
Reviewed by: bapt, emaste
(cherry picked from commit 2ecfc040a09f8c42f67bbfdcc4bd02ef84dac8b7)
We'll eventually add a pkgsign abstraction over these similar to how we do
in pkg(8), but start by isolating these parts.
Reviewed by: bapt, emaste
(cherry picked from commit 2629e90dd05fb69d767525f960101d7d055ffae0)
Print the complete list of url that have failed
PR: 281924
Co-authored-by: Baptiste Daroussin <bapt@FreeBSD.org>
Differential Revision: https://reviews.freebsd.org/D46983
(cherry picked from commit be9243409d6be99f5d7815b6d074a85a6e84f7ce)
.pkg is the default extension as of commit c244b1d8a3, falling back to
.txz if not found.
PR: 281924
Reviewed by: bapt
Fixes: a2aac2f5e5 ("pkg(7): when bootstrapping first search for pkg.bsd file then pkg.txz")
Fixes: c244b1d8a3 ("pkg: settle the uniq extension to .pkg instead of .bsd")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46977
(cherry picked from commit f5c847ae849aab9354d0956afd683f1c90bfd91e)
Previously the local ABI string was written to an on-stack buffer and
the pointer to that buffer was saved in a global before the function
returned. This had two issues: c[ABI].val pointed to a
no-longer-valid on-stack buffer after config_init returned, and the
string could potentially be truncated. Fix both of those by changing
pkg_get_myabi to return a pointer to a string allocated by asprintf.
Note that the allocated string is left in the global config array
until it is implicitly freed on process exit.
Reported by: GCC 13 -Wdangling-pointer
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D42623
(cherry picked from commit fd9ae9ac04edf9acef4a2ffbf663698a2b8e7ced)
Switch the repository to use https by default, base is providing a CA
root bundle suitable to validate the certificates used by the project.
This can now be activated without requiring another packages to be installed
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D40473
(cherry picked from commit d557a86c879a8515d59e8380b083b2265e9a3547)
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
Use SHA256_Fd and SHA256_Data instead of home made equivalent.
wrap those functions into hash.c to avoid header collition between
openssl and libmd
Suggested by: kevans
OpenSSL 3.0 has deprecated the sha256 api, let's use libmd which has the
same API instead.
In order to avoid the collision in definitions (sha256.h cannot be
included in the same file as a file where openssl headers has been
included) let's move the sha256 related code in its own file
PR: 270023
Reported by: ngie
Add an internal debug level global:
- Level 1 (-d) currently does nothing.
- Level 2 (-d -d) enables libfetch debugging (quite verbose) so it's
possible to see what pkg is attempting to download without having
to sniff traffic.
Reviewed by: debdrup, bapt
Differential Revision: https://reviews.freebsd.org/D35756
As with i386 and amd64, "latest" packages are available on stable
branches for arm64/aarch64.
Reviewed by: manu
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35445
And put pkg and its keys in it.
It's easier for small image to depend on this package rather than the
larger utilities one.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33458
Setting CONFSNAME directly is a little more complicated for downstream
consumers, as any additional CONFS that are added here will inherit the
group name by default. This is perhaps arguably a design flaw in CONFS
because inheriting NAME will never give a good result when additional
files are added, but this is a low-effort change.
While we're here, pull FreeBSD.conf.${branch} out into a PKGCONF
variable so one can just drop a new repo config in entirely with a new
naming scheme. CONFSNAME gets set based on chopping anything off after
".conf", so that, e.g.:
- FooBSD.conf => FooBSD.conf
- FooBSD.conf.internal => FooBSD.conf
Reviewed by: bapt, manu
Differential Revision: https://reviews.freebsd.org/D28767
While pkg(7) add only handles a single 'add' argument, pkg-add(8) fully
handles multiple arguments.
Stop rejecting it, just turn off local-bootstrap mode and proceed to
remote bootstrap if we need it.
While we're here, check if the first argument to pkg add is even a pkg
package. If it's not, also do remote bootstrap instead. Future work
could improve this altogether by picking out a pkg package out of many
and local bootstrap then pass the rest through to the newly installed
pkg.
Reviewed by: bapt, manu (earlier version)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D28766
open_memstream(3) is a standard way to obtain the same feature we do get
by using sbuf(9) (aka dynamic size buffer), switching to using it makes
pkg(7) more portable, and reduces its number of dependencies.
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D30005
Modify /usr/sbin/pkg to use environment variables specified in pkg.conf.
This allows control over underlying libraries like fetch(3), which can
be configured by setting HTTP_PROXY.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D29820
The package extension is going to be changed to .bsd to be among other
things resilient to the change of compression format used and reduce
the impact of all third party tool of that change.
Ensure the bootstrap knows about it
Reviewed by: manu
Differential revision: https://reviews.freebsd.org/D29232
- One (1) spurious whitespace.
- One (1) occurrence of "random(3) bad, arc4random(3)" good.
- Three (3) writes that will never be seen.
The latter two points are complaints from clang-analyze. Switching to
arc4random(3) is decidedly a good idea because we weren't doing any kind
of PRNG seeding anyways. The discarded assignments are arguably good
for future-proofing, but it's better to improve the S/N ratio from
clang-analyze.
Reviewed by: bapt, manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28525
This is limited to bootstrap/add because some real pkg(8) commands
have -r flags with an incompatible meaning/usage, e.g., pkg-audit.
pkg(7) will still commence the search as it has, but it will ignore any
repo objects without the given name so that overrides and whatnot still
work as expected.
The use of it for add is noted in the manpage; notably, that the
signature config for that repository will be used over global config if
it's specified. i.e., pkg(7) should assume that the given pkg did come
from that repository and treat it appropriately.
Reviewed by: bapt, manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28524
The file already includes sys/param.h and should use that definition.
I found this while testing D28332.
Reviewed By: bapt
Differential Revision: https://reviews.freebsd.org/D28331
Rework the arguments handling around using getopt_long:
* add long option support
* add -4 and -6 support to enforce ipv4 or ipv6
While here fix a regression which occured between FreeBSD 12.1 and
FreeBSD 12.2 where pkg bootstrap -y stopped working
PR: 252270
MFC after: 2 weeks
Submitted by: evilham <contact@evilham.com>
Differential Revision: https://reviews.freebsd.org/D27860
local software base directory, as committed in SVN rev. 367813.
The pkg and mailwrapper programs used the LOCALBASE environment variable
for this purpose and this functionality is preserved by getlocalbase().
After this change, the value of the user.localbase sysctl variable is used
if present (and not overridden in the environment).
The nvmecontrol program gains support of a dynamic path to its plugin
directory with this update.
Differential Revision: https://reviews.freebsd.org/D27237
