Add pkg bootstrapping, configuration and public keys. [EN-14:03]

Improve build repeatability for kldxref(8). [EN-14:04]
Fix data corruption with ciss(4). [EN-14:05]

Approved by:	so

16 files changed, 111 insertions, 52 deletions

diff --git a/UPDATING b/UPDATING
index d7708a106c3c..9d0d2c64078e 100644
--- a/UPDATING
+++ b/UPDATING
@@ -11,6 +11,16 @@ handbook:
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20140513:	p6	FreeBSD-EN-14:03.pkg
+			FreeBSD-EN-14:04.kldxref
+			FreeBSD-EN-14:05.ciss
+
+	Add pkg bootstrapping, configuration and public keys. [EN-14:03]
+
+	Improve build repeatability for kldxref(8). [EN-14:04]
+
+	Fix data corruption with ciss(4). [EN-14:05]
+
 20140430:	p5	FreeBSD-SA-14:08.tcp
 
         Fix TCP reassembly vulnerability. [SA-14:08]
diff --git a/etc/Makefile b/etc/Makefile
index 9c6b73ca600e..7ea77c83ca6b 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -224,6 +224,7 @@ distribution:
 	${_+_}cd ${.CURDIR}/devd; ${MAKE} install
 	${_+_}cd ${.CURDIR}/gss; ${MAKE} install
 	${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
+	${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
 	${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install
 	${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall
 	${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap
diff --git a/etc/mtree/BSD.root.dist b/etc/mtree/BSD.root.dist
index a6cba2474491..86b93e137140 100644
--- a/etc/mtree/BSD.root.dist
+++ b/etc/mtree/BSD.root.dist
@@ -52,6 +52,8 @@
             weekly
             ..
         ..
+        pkg
+        ..
         ppp
         ..
         rc.d
diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist
index b81e5f069883..6a99e6b27406 100644
--- a/etc/mtree/BSD.usr.dist
+++ b/etc/mtree/BSD.usr.dist
@@ -402,6 +402,14 @@
 		..
 	    ..
         ..
+        keys
+            pkg
+                revoked
+                ..
+                trusted
+                ..
+            ..
+        ..
         locale
             UTF-8
             ..
diff --git a/etc/pkg/FreeBSD.conf b/etc/pkg/FreeBSD.conf
new file mode 100644
index 000000000000..e4eec8f11451
--- /dev/null
+++ b/etc/pkg/FreeBSD.conf
@@ -0,0 +1,16 @@
+# $FreeBSD$
+#
+# To disable this repository, instead of modifying or removing this file,
+# create a /usr/local/etc/pkg/repos/FreeBSD.conf file:
+#
+#   mkdir -p /usr/local/etc/pkg/repos
+#   echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
+#
+
+FreeBSD: {
+  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
+  mirror_type: "srv",
+  signature_type: "fingerprints",
+  fingerprints: "/usr/share/keys/pkg",
+  enabled: yes
+}
diff --git a/etc/pkg/Makefile b/etc/pkg/Makefile
new file mode 100644
index 000000000000..abc8c64ca5cb
--- /dev/null
+++ b/etc/pkg/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+NO_OBJ=
+
+FILES=	FreeBSD.conf
+
+FILESDIR=	/etc/pkg
+FILESMODE=	644
+
+.include <bsd.prog.mk>
diff --git a/share/Makefile b/share/Makefile
index e39da7f2792e..3e613d68cafe 100644
--- a/share/Makefile
+++ b/share/Makefile
@@ -11,6 +11,7 @@ SUBDIR=	${_colldef} \
 	dtrace \
 	${_examples} \
 	${_i18n} \
+	keys \
 	${_man} \
 	${_me} \
 	misc \
diff --git a/share/keys/Makefile b/share/keys/Makefile
new file mode 100644
index 000000000000..d685b064ccd3
--- /dev/null
+++ b/share/keys/Makefile
@@ -0,0 +1,5 @@
+# $FreeBSD$
+
+SUBDIR= pkg
+
+.include <bsd.subdir.mk>
diff --git a/share/keys/pkg/Makefile b/share/keys/pkg/Makefile
new file mode 100644
index 000000000000..1d83caf9bfe8
--- /dev/null
+++ b/share/keys/pkg/Makefile
@@ -0,0 +1,5 @@
+# $FreeBSD$
+
+SUBDIR=	trusted
+
+.include <bsd.subdir.mk>
diff --git a/share/keys/pkg/trusted/Makefile b/share/keys/pkg/trusted/Makefile
new file mode 100644
index 000000000000..ee0d4c9224cd
--- /dev/null
+++ b/share/keys/pkg/trusted/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+NO_OBJ=
+
+FILES=	pkg.freebsd.org.2013102301
+
+FILESDIR=	/usr/share/keys/pkg/trusted
+FILESMODE=	644
+
+.include <bsd.prog.mk>
diff --git a/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 b/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
new file mode 100644
index 000000000000..3a144a338f29
--- /dev/null
+++ b/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
@@ -0,0 +1,4 @@
+# $FreeBSD$
+
+function: "sha256"
+fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438"
diff --git a/share/man/man7/hier.7 b/share/man/man7/hier.7
index d514075f329b..a89098ddc51f 100644
--- a/share/man/man7/hier.7
+++ b/share/man/man7/hier.7
@@ -32,7 +32,7 @@
 .\"	@(#)hier.7	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd January 21, 2010
+.Dd October 29, 2013
 .Dt HIER 7
 .Os
 .Sh NAME
@@ -546,6 +546,16 @@ ASCII text files used by various games
 device description file for device name
 .It Pa info/
 GNU Info hypertext system
+.It Pa keys/
+known trusted and revoked keys.
+.Bl -tag -width ".Pa keys/pkg/" -compact
+.It Pa keys/pkg/
+fingerprints for
+.Xr pkg 7
+and
+.Xr pkg 8
+.El
+.Pp
 .It Pa locale/
 localization files;
 see
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index ad61dbd9d59a..e80e7fc6c2cb 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.2"
-BRANCH="RELEASE-p5"
+BRANCH="RELEASE-p6"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi
diff --git a/sys/dev/ciss/ciss.c b/sys/dev/ciss/ciss.c
index 2c876fdc8a43..4a25fab438c5 100644
--- a/sys/dev/ciss/ciss.c
+++ b/sys/dev/ciss/ciss.c
@@ -180,8 +180,6 @@ static int	ciss_cam_emulate(struct ciss_softc *sc, struct ccb_scsiio *csio);
 static void	ciss_cam_poll(struct cam_sim *sim);
 static void	ciss_cam_complete(struct ciss_request *cr);
 static void	ciss_cam_complete_fixup(struct ciss_softc *sc, struct ccb_scsiio *csio);
-static struct cam_periph *ciss_find_periph(struct ciss_softc *sc,
-					   int bus, int target);
 static int	ciss_name_device(struct ciss_softc *sc, int bus, int target);
 
 /* periodic status monitoring */
@@ -3389,27 +3387,6 @@ ciss_cam_complete_fixup(struct ciss_softc *sc, struct ccb_scsiio *csio)
 
 
 /********************************************************************************
- * Find a peripheral attached at (target)
- */
-static struct cam_periph *
-ciss_find_periph(struct ciss_softc *sc, int bus, int target)
-{
-    struct cam_periph	*periph;
-    struct cam_path	*path;
-    int			status;
-
-    status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]),
-			     target, 0);
-    if (status == CAM_REQ_CMP) {
-	periph = cam_periph_find(path, NULL);
-	xpt_free_path(path);
-    } else {
-	periph = NULL;
-    }
-    return(periph);
-}
-
-/********************************************************************************
  * Name the device at (target)
  *
  * XXX is this strictly correct?
@@ -3418,12 +3395,22 @@ static int
 ciss_name_device(struct ciss_softc *sc, int bus, int target)
 {
     struct cam_periph	*periph;
+    struct cam_path	*path;
+    int			status;
 
     if (CISS_IS_PHYSICAL(bus))
 	return (0);
-    if ((periph = ciss_find_periph(sc, bus, target)) != NULL) {
+
+    status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]),
+			     target, 0);
+
+    if (status == CAM_REQ_CMP) {
+    	mtx_lock(&sc->ciss_mtx);
+	periph = cam_periph_find(path, NULL);
 	sprintf(sc->ciss_logical[bus][target].cl_name, "%s%d",
 		periph->periph_name, periph->unit_number);
+    	mtx_unlock(&sc->ciss_mtx);
+	xpt_free_path(path);
 	return(0);
     }
     sc->ciss_logical[bus][target].cl_name[0] = 0;
diff --git a/usr.sbin/kldxref/kldxref.c b/usr.sbin/kldxref/kldxref.c
index 16b9058d4d88..9144ba030563 100644
--- a/usr.sbin/kldxref/kldxref.c
+++ b/usr.sbin/kldxref/kldxref.c
@@ -274,6 +274,16 @@ usage(void)
 	exit(1);
 }
 
+static int
+compare(const FTSENT *const *a, const FTSENT *const *b)
+{
+	if ((*a)->fts_info == FTS_D && (*b)->fts_info != FTS_D)
+		return 1;
+	if ((*a)->fts_info != FTS_D && (*b)->fts_info == FTS_D)
+		return -1;
+	return strcmp((*a)->fts_name, (*b)->fts_name);
+}
+
 int
 main(int argc, char *argv[])
 {
@@ -315,7 +325,7 @@ main(int argc, char *argv[])
 		err(1, "%s", argv[0]);
 	}
 
-	ftsp = fts_open(argv, fts_options, 0);
+	ftsp = fts_open(argv, fts_options, compare);
 	if (ftsp == NULL)
 		exit(1);
 
diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c
index 1b3146b2cf26..dbc2c987c914 100644
--- a/usr.sbin/pkg/pkg.c
+++ b/usr.sbin/pkg/pkg.c
@@ -284,13 +284,10 @@ bootstrap_pkg(void)
 {
 	struct url *u;
 	FILE *remote;
-	FILE *config;
-	char *site;
 	struct dns_srvinfo *mirrors, *current;
 	/* To store _https._tcp. + hostname + \0 */
 	char zone[MAXHOSTNAMELEN + 13];
 	char url[MAXPATHLEN];
-	char conf[MAXPATHLEN];
 	char abi[BUFSIZ];
 	char tmppkg[MAXPATHLEN];
 	char buf[10240];
@@ -306,7 +303,6 @@ bootstrap_pkg(void)
 	max_retry = 3;
 	ret = -1;
 	remote = NULL;
-	config = NULL;
 	current = mirrors = NULL;
 
 	printf("Bootstrapping pkg please wait\n");
@@ -387,26 +383,6 @@ bootstrap_pkg(void)
 	if ((ret = extract_pkg_static(fd, pkgstatic, MAXPATHLEN)) == 0)
 		ret = install_pkg_static(pkgstatic, tmppkg);
 
-	snprintf(conf, MAXPATHLEN, "%s/etc/pkg.conf",
-	    getenv("LOCALBASE") ? getenv("LOCALBASE") : _LOCALBASE);
-
-	if (access(conf, R_OK) == -1) {
-		site = strrchr(url, '/');
-		if (site == NULL)
-			goto cleanup;
-		site[0] = '\0';
-		site = strrchr(url, '/');
-		if (site == NULL)
-			goto cleanup;
-		site[0] = '\0';
-
-		config = fopen(conf, "w+");
-		if (config == NULL)
-			goto cleanup;
-		fprintf(config, "packagesite: %s\n", url);
-		fclose(config);
-	}
-
 	goto cleanup;
 
 fetchfail:
@@ -423,7 +399,11 @@ cleanup:
 
 static const char confirmation_message[] =
 "The package management tool is not yet installed on your system.\n"
-"Do you want to fetch and install it now? [y/N]: ";
+"The mechanism for doing this is not secure on FreeBSD 9.2. To securely install\n"
+"pkg(8), use ports from a portsnap checkout:\n"
+"  # portsnap fetch extract\n"
+"  # make -C /usr/ports/ports-mgmt/pkg install clean\n"
+"Do you still want to fetch and install it now? [y/N]: ";
 
 static int
 pkg_query_yes_no(void)