svn commit: r264519 - in stable/8: etc etc/mtree etc/pkg share share/keys/pkg/trusted share/man/man7 usr.sbin/pkg
Bryan Drewery
bdrewery at FreeBSD.org
Tue Apr 15 23:40:50 UTC 2014
Author: bdrewery
Date: Tue Apr 15 23:40:47 2014
New Revision: 264519
URL: http://svnweb.freebsd.org/changeset/base/264519
Log:
MFC Pkg configuration, known public key, and pkg(7) changes to align with pkg(8)
This partially merges:
r229068,r237795,r252048,r257145,r257147,r257150,r257150,r257159,r257164,
r257168,r257344,r257344,r257667,r257668,r258227,r258550,r263937,r264420
- etc/
- Bring in current pkg configuration from head
- Add /etc/pkg/ and /usr/share/keys to mtree
- share/keys
- Bring in trusted key fingerprint from head
- share/man/man7
- Document /usr/share/keys/pkg
- usr.sbin/pkg
- No longer create pkg.conf as it is deprecated in pkg(8).
- Show security warning when bootstrapping.
* This is a direct commit as the signature verification is not being
MFC'd due to being too large.
Discussed with: bapt, gjb
Added:
stable/8/etc/pkg/
- copied from r257145, head/etc/pkg/
- copied from r257344, head/share/keys/
Directory Properties:
stable/8/share/keys/ (props changed)
Modified:
stable/8/etc/Makefile
stable/8/etc/mtree/BSD.root.dist
stable/8/etc/mtree/BSD.usr.dist
stable/8/etc/pkg/FreeBSD.conf
stable/8/share/Makefile
stable/8/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
stable/8/share/man/man7/hier.7
stable/8/usr.sbin/pkg/pkg.c
Directory Properties:
stable/8/etc/ (props changed)
stable/8/share/ (props changed)
stable/8/share/man/ (props changed)
stable/8/share/man/man7/ (props changed)
stable/8/usr.sbin/pkg/ (props changed)
Modified: stable/8/etc/Makefile
==============================================================================
--- stable/8/etc/Makefile Tue Apr 15 23:27:14 2014 (r264518)
+++ stable/8/etc/Makefile Tue Apr 15 23:40:47 2014 (r264519)
@@ -172,6 +172,7 @@ distribution:
${_+_}cd ${.CURDIR}/devd; ${MAKE} install
${_+_}cd ${.CURDIR}/gss; ${MAKE} install
${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
+ ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install
${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall
${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap
Modified: stable/8/etc/mtree/BSD.root.dist
==============================================================================
--- stable/8/etc/mtree/BSD.root.dist Tue Apr 15 23:27:14 2014 (r264518)
+++ stable/8/etc/mtree/BSD.root.dist Tue Apr 15 23:40:47 2014 (r264519)
@@ -52,6 +52,8 @@
weekly
..
..
+ pkg
+ ..
ppp
..
rc.d
Modified: stable/8/etc/mtree/BSD.usr.dist
==============================================================================
--- stable/8/etc/mtree/BSD.usr.dist Tue Apr 15 23:27:14 2014 (r264518)
+++ stable/8/etc/mtree/BSD.usr.dist Tue Apr 15 23:40:47 2014 (r264519)
@@ -340,6 +340,14 @@
..
info
..
+ keys
+ pkg
+ revoked
+ ..
+ trusted
+ ..
+ ..
+ ..
locale
UTF-8
..
Modified: stable/8/etc/pkg/FreeBSD.conf
==============================================================================
--- head/etc/pkg/FreeBSD.conf Sat Oct 26 03:31:05 2013 (r257145)
+++ stable/8/etc/pkg/FreeBSD.conf Tue Apr 15 23:40:47 2014 (r264519)
@@ -1,6 +1,16 @@
# $FreeBSD$
+#
+# To disable this repository, instead of modifying or removing this file,
+# create a /usr/local/etc/pkg/repos/FreeBSD.conf file:
+#
+# mkdir -p /usr/local/etc/pkg/repos
+# echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
+#
+
FreeBSD: {
- url: "pkg+http://pkg.freebsd.org/${ABI}/latest",
+ url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
mirror_type: "srv",
- enabled: "yes"
+ signature_type: "fingerprints",
+ fingerprints: "/usr/share/keys/pkg",
+ enabled: yes
}
Modified: stable/8/share/Makefile
==============================================================================
--- stable/8/share/Makefile Tue Apr 15 23:27:14 2014 (r264518)
+++ stable/8/share/Makefile Tue Apr 15 23:40:47 2014 (r264519)
@@ -9,6 +9,7 @@ SUBDIR= ${_colldef} \
${_dict} \
${_doc} \
${_examples} \
+ keys \
${_man} \
${_me} \
misc \
Modified: stable/8/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
==============================================================================
--- head/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 Tue Oct 29 15:07:54 2013 (r257344)
+++ stable/8/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 Tue Apr 15 23:40:47 2014 (r264519)
@@ -1,5 +1,4 @@
# $FreeBSD$
-# This key is for testing purposes only and will be revoked before 10.0-RELEASE
function: "sha256"
fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438"
Modified: stable/8/share/man/man7/hier.7
==============================================================================
--- stable/8/share/man/man7/hier.7 Tue Apr 15 23:27:14 2014 (r264518)
+++ stable/8/share/man/man7/hier.7 Tue Apr 15 23:40:47 2014 (r264519)
@@ -32,7 +32,7 @@
.\" @(#)hier.7 8.1 (Berkeley) 6/5/93
.\" $FreeBSD$
.\"
-.Dd October 23, 2013
+.Dd October 29, 2013
.Dt HIER 7
.Os
.Sh NAME
@@ -546,6 +546,16 @@ ASCII text files used by various games
device description file for device name
.It Pa info/
GNU Info hypertext system
+.It Pa keys/
+known trusted and revoked keys.
+.Bl -tag -width ".Pa keys/pkg/" -compact
+.It Pa keys/pkg/
+fingerprints for
+.Xr pkg 7
+and
+.Xr pkg 8
+.El
+.Pp
.It Pa locale/
localization files;
see
Modified: stable/8/usr.sbin/pkg/pkg.c
==============================================================================
--- stable/8/usr.sbin/pkg/pkg.c Tue Apr 15 23:27:14 2014 (r264518)
+++ stable/8/usr.sbin/pkg/pkg.c Tue Apr 15 23:40:47 2014 (r264519)
@@ -284,13 +284,10 @@ bootstrap_pkg(void)
{
struct url *u;
FILE *remote;
- FILE *config;
- char *site;
struct dns_srvinfo *mirrors, *current;
/* To store _https._tcp. + hostname + \0 */
char zone[MAXHOSTNAMELEN + 13];
char url[MAXPATHLEN];
- char conf[MAXPATHLEN];
char abi[BUFSIZ];
char tmppkg[MAXPATHLEN];
char buf[10240];
@@ -306,7 +303,6 @@ bootstrap_pkg(void)
max_retry = 3;
ret = -1;
remote = NULL;
- config = NULL;
current = mirrors = NULL;
printf("Bootstrapping pkg please wait\n");
@@ -387,26 +383,6 @@ bootstrap_pkg(void)
if ((ret = extract_pkg_static(fd, pkgstatic, MAXPATHLEN)) == 0)
ret = install_pkg_static(pkgstatic, tmppkg);
- snprintf(conf, MAXPATHLEN, "%s/etc/pkg.conf",
- getenv("LOCALBASE") ? getenv("LOCALBASE") : _LOCALBASE);
-
- if (access(conf, R_OK) == -1) {
- site = strrchr(url, '/');
- if (site == NULL)
- goto cleanup;
- site[0] = '\0';
- site = strrchr(url, '/');
- if (site == NULL)
- goto cleanup;
- site[0] = '\0';
-
- config = fopen(conf, "w+");
- if (config == NULL)
- goto cleanup;
- fprintf(config, "packagesite: %s\n", url);
- fclose(config);
- }
-
goto cleanup;
fetchfail:
@@ -423,7 +399,11 @@ cleanup:
static const char confirmation_message[] =
"The package management tool is not yet installed on your system.\n"
-"Do you want to fetch and install it now? [y/N]: ";
+"The mechanism for doing this is not secure on FreeBSD 8. To securely install\n"
+"pkg(8), use ports from a portsnap checkout:\n"
+" # portsnap fetch extract\n"
+" # make -C /usr/ports/ports-mgmt/pkg install clean\n"
+"Do you still want to fetch and install it now? [y/N]: ";
static int
pkg_query_yes_no(void)
More information about the svn-src-all
mailing list