- Fix allocation size in config_get_repositories().
- Fix a memory leak in read_conf_file().
- Avoid a null pointer dereference in an error path in
verify_pubsignature().
Fixes: e3b4a51580fc ("pkg(7): expand VERSION_MAJOR, VERSION_MINOR, RELEASE and OSNAME")
Fixes: dc4581589a32 ("pkg: clean support for repositories")
(cherry picked from commit c1557708f1fae1bb9c8e23e3bbb2aa2b055e1211)
Rework the way the bootstrap fetches pkg, by implementing a full support
for the repositories, the boostrap will now loop over all available repo
and try to fetch the full package from there. It will at the first valid
package found.
Fallback to packagesite (which has been deprecated for a while) if needed, by
transforming it into a repo, if no repo is found.
MFC After: 3 weeks
(cherry picked from commit dc4581589a3256667fafd46a30c67abdfd86618f)
Signature types need to be parsed out of the key/signature information
that we are presented with from the files we download. We use that to
understand whicher signer we need to dispatch to.
The ECC signer is more-or-less lifted from pkg(8), with some changes to
slim it down for pkg(7).
Reviewed by: bapt
(cherry picked from commit 3d0a0dda3a7d57bbd4eaf65ba8da0f2a36089c0e)
This will be used to verify raw payloads, as if signed by pkg-key(8).
It will be used specifically in pkg(7) to verify .pubkeysig as published
by poudriere.
Amend verify_pubsignature() now to use it. For the RSA signer, we need
to verify using a sha256 of the data instead of the data itself.
Reviewed by: bapt
(cherry picked from commit 2e065d74a5b0ea32db7d4f6e3f78eaa17ee7685e)
This mirrors a change we made in pkg(8), and will be used to next add
another signer that does ECC.
Reviewed by: bapt, emaste
(cherry picked from commit 5862580ded35e23581291a2e1052f04428369ead)
We already have to do this for reading the pubkey, just pull it out for
other uses. The ECC signer will use this to verify the bootstrap if
the PUBKEY mechanism is used.
Reviewed by: bapt, emaste
(cherry picked from commit 2ecfc040a09f8c42f67bbfdcc4bd02ef84dac8b7)
We'll eventually add a pkgsign abstraction over these similar to how we do
in pkg(8), but start by isolating these parts.
Reviewed by: bapt, emaste
(cherry picked from commit 2629e90dd05fb69d767525f960101d7d055ffae0)
Print the complete list of url that have failed
PR: 281924
Co-authored-by: Baptiste Daroussin <bapt@FreeBSD.org>
Differential Revision: https://reviews.freebsd.org/D46983
(cherry picked from commit be9243409d6be99f5d7815b6d074a85a6e84f7ce)
.pkg is the default extension as of commit c244b1d8a3, falling back to
.txz if not found.
PR: 281924
Reviewed by: bapt
Fixes: a2aac2f5e5 ("pkg(7): when bootstrapping first search for pkg.bsd file then pkg.txz")
Fixes: c244b1d8a3 ("pkg: settle the uniq extension to .pkg instead of .bsd")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46977
(cherry picked from commit f5c847ae849aab9354d0956afd683f1c90bfd91e)
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
Use SHA256_Fd and SHA256_Data instead of home made equivalent.
wrap those functions into hash.c to avoid header collition between
openssl and libmd
Suggested by: kevans
OpenSSL 3.0 has deprecated the sha256 api, let's use libmd which has the
same API instead.
In order to avoid the collision in definitions (sha256.h cannot be
included in the same file as a file where openssl headers has been
included) let's move the sha256 related code in its own file
PR: 270023
Reported by: ngie
Add an internal debug level global:
- Level 1 (-d) currently does nothing.
- Level 2 (-d -d) enables libfetch debugging (quite verbose) so it's
possible to see what pkg is attempting to download without having
to sniff traffic.
Reviewed by: debdrup, bapt
Differential Revision: https://reviews.freebsd.org/D35756
While pkg(7) add only handles a single 'add' argument, pkg-add(8) fully
handles multiple arguments.
Stop rejecting it, just turn off local-bootstrap mode and proceed to
remote bootstrap if we need it.
While we're here, check if the first argument to pkg add is even a pkg
package. If it's not, also do remote bootstrap instead. Future work
could improve this altogether by picking out a pkg package out of many
and local bootstrap then pass the rest through to the newly installed
pkg.
Reviewed by: bapt, manu (earlier version)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D28766
open_memstream(3) is a standard way to obtain the same feature we do get
by using sbuf(9) (aka dynamic size buffer), switching to using it makes
pkg(7) more portable, and reduces its number of dependencies.
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D30005
The package extension is going to be changed to .bsd to be among other
things resilient to the change of compression format used and reduce
the impact of all third party tool of that change.
Ensure the bootstrap knows about it
Reviewed by: manu
Differential revision: https://reviews.freebsd.org/D29232
- One (1) spurious whitespace.
- One (1) occurrence of "random(3) bad, arc4random(3)" good.
- Three (3) writes that will never be seen.
The latter two points are complaints from clang-analyze. Switching to
arc4random(3) is decidedly a good idea because we weren't doing any kind
of PRNG seeding anyways. The discarded assignments are arguably good
for future-proofing, but it's better to improve the S/N ratio from
clang-analyze.
Reviewed by: bapt, manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28525
This is limited to bootstrap/add because some real pkg(8) commands
have -r flags with an incompatible meaning/usage, e.g., pkg-audit.
pkg(7) will still commence the search as it has, but it will ignore any
repo objects without the given name so that overrides and whatnot still
work as expected.
The use of it for add is noted in the manpage; notably, that the
signature config for that repository will be used over global config if
it's specified. i.e., pkg(7) should assume that the given pkg did come
from that repository and treat it appropriately.
Reviewed by: bapt, manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28524
Rework the arguments handling around using getopt_long:
* add long option support
* add -4 and -6 support to enforce ipv4 or ipv6
While here fix a regression which occured between FreeBSD 12.1 and
FreeBSD 12.2 where pkg bootstrap -y stopped working
PR: 252270
MFC after: 2 weeks
Submitted by: evilham <contact@evilham.com>
Differential Revision: https://reviews.freebsd.org/D27860
local software base directory, as committed in SVN rev. 367813.
The pkg and mailwrapper programs used the LOCALBASE environment variable
for this purpose and this functionality is preserved by getlocalbase().
After this change, the value of the user.localbase sysctl variable is used
if present (and not overridden in the environment).
The nvmecontrol program gains support of a dynamic path to its plugin
directory with this update.
Differential Revision: https://reviews.freebsd.org/D27237
Literal references to /usr/local exist in a large number of files in
the FreeBSD base system. Many are in contributed software, in configuration
files, or in the documentation, but 19 uses have been identified in C
source files or headers outside the contrib and sys/contrib directories.
This commit makes it possible to set _PATH_LOCALBASE in paths.h to use
a different prefix for locally installed software.
In order to avoid changes to openssh source files, LOCALBASE is passed to
the build via Makefiles under src/secure. While _PATH_LOCALBASE could have
been used here, there is precedent in the construction of the path used to
a xauth program which depends on the LOCALBASE value passed on the compiler
command line to select a non-default directory.
This could be changed in a later commit to make the openssh build
consistently use _PATH_LOCALBASE. It is considered out-of-scope for this
commit.
Reviewed by: imp
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D26942
Right now, the bootstrap will gloss over things like pkg bootstrap -x or
pkg bootstrap -f pkg. Make it more clear that this is incorrect, and hint
at the correct formatting.
Reported by: jhb (IIRC via IRC)
Approved by: bapt, jhb, manu
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24750
The current message when bootstapping pkg fails for any reason implies that pkg
is not available. We have the error code from fetch so if bootstrap failed due
to address resolution say so.
Reviewed by: bapt, bz
Approved by: bz (co-mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D25323
By popular demand, pkg now walks thought the arguments passed and
if it finds -y or --yes it does accept those as equivalent of
ASSUME_ALWAYS_YES env var.
Requested by: many
MFC after: 1 week
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
Note that to not interfer with finger print it expects a signature on pkg itself
which is named pkg.txz.pubkeysign
To genrate it:
echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /thekey \
-binary -out ./pkg.txz.pubkeysig
Note the "echo -n" which prevent signing the '\n' one would get otherwise
PR: 202622
MFC after: 1 week
repository signature_type is unsupported by bootstrap pkg(7).
Previously, when signature_type specified an unsupported method,
the bootstrap pkg(7) would proceed like when signature_type is
"none". MITM attackers may be able to use this vulnerability and
bypass validation and install their own versions of pkg(8).
At this time, only fingerprint and none are supported by the
bootstrap pkg(7).
FreeBSD's official pkg(8) repository uses the fingerprint method
and is therefore unaffected.
Errata candidate.
Discussed with: bapt@
Submitted by: Fabian Keil
Obtained from: ElectroBSD
