src/usr.sbin/pkg/pkg.c, branch releng/11.3

src/usr.sbin/pkg/pkg.c, branch releng/11.3 FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F11.3 2018-03-05T07:26:05Z MFC r326276: 2018-03-05T07:26:05Z Eitan Adler eadler@FreeBSD.org 2018-03-05T07:26:05Z urn:sha1:25d4b2c1b89d42d752e23f9935692f481cb272ea various: general adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. No functional change intended. Remove extra debug that crept in 2015-09-08T22:24:20Z Baptiste Daroussin bapt@FreeBSD.org 2015-09-08T22:24:20Z urn:sha1:4c79e0d6c177743db3631629aa8a6eead3644ad4 Implement pubkey support for the bootstrap 2015-09-08T21:25:36Z Baptiste Daroussin bapt@FreeBSD.org 2015-09-08T21:25:36Z urn:sha1:61acb4582f75158bd8118a63258ed19524e32357 Note that to not interfer with finger print it expects a signature on pkg itself which is named pkg.txz.pubkeysign To genrate it: echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /thekey \ -binary -out ./pkg.txz.pubkeysig Note the "echo -n" which prevent signing the '\n' one would get otherwise PR: 202622 MFC after: 1 week Fix indentation, no functional changes 2015-09-08T19:25:15Z Baptiste Daroussin bapt@FreeBSD.org 2015-09-08T19:25:15Z urn:sha1:b50756c7599cd98ba90abc1adac357a5d1ed5126 Issue warning and refuse to proceed further if the configured 2015-08-19T18:24:39Z Xin LI delphij@FreeBSD.org 2015-08-19T18:24:39Z urn:sha1:48f92706898f2cd5f8eaa6161b42433eca114cdf repository signature_type is unsupported by bootstrap pkg(7). Previously, when signature_type specified an unsupported method, the bootstrap pkg(7) would proceed like when signature_type is "none". MITM attackers may be able to use this vulnerability and bypass validation and install their own versions of pkg(8). At this time, only fingerprint and none are supported by the bootstrap pkg(7). FreeBSD's official pkg(8) repository uses the fingerprint method and is therefore unaffected. Errata candidate. Discussed with: bapt@ Submitted by: Fabian Keil Obtained from: ElectroBSD Allow fetching pkg(8) even if servers/proxies are not passing Content-length 2015-04-03T17:35:30Z Baptiste Daroussin bapt@FreeBSD.org 2015-04-03T17:35:30Z urn:sha1:cc36fe49264ebb9782cc177227a8b7cecd1bf3f5 Test the return of fetchParseURL(3) 2015-02-04T00:18:06Z Baptiste Daroussin bapt@FreeBSD.org 2015-02-04T00:18:06Z urn:sha1:79fe80ef1084ced4d21aa303f1ad5f5db5b6b872 CID: 1125811 MFC after: 1 week Plug resources leak 2015-02-04T00:10:57Z Baptiste Daroussin bapt@FreeBSD.org 2015-02-04T00:10:57Z urn:sha1:92947daacfb681797cd651a77b8c8d6cab3b8487 CID: 1125813 CID: 1125807 CID: 1125808 MFC after: 1 week When we fail to extract the pkg binaries (for example, / is read-only), 2014-07-16T00:12:57Z Gavin Atkinson gavin@FreeBSD.org 2014-07-16T00:12:57Z urn:sha1:4622bc4e31f19430847e9e8aa96371d9fe4961ee give a more helpful error message. MFC after: 1 week Import libucl 0.4.0 2014-04-22T22:02:06Z Baptiste Daroussin bapt@FreeBSD.org 2014-04-22T22:02:06Z urn:sha1:b04a7a0baf6523245034b8ccd06cd0176b8a18cf Adapt pkg(7) to the new libucl API