Module Name: src
Committed By: wiz
Date: Tue Jun 11 09:26:58 UTC 2024
Modified Files:
src/external/bsd/pkg_install/dist/add: add.h main.c perform.c
src/external/bsd/pkg_install/dist/admin: main.c
src/external/bsd/pkg_install/dist/create: util.c
src/external/bsd/pkg_install/dist/lib: dewey.c fexec.c license.c
pkg_install.conf.5.in pkg_io.c version.h
src/external/bsd/pkg_install/dist/x509: pkgsrc.cnf
Log Message:
Merge pkg_install-20240307
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/pkg_install/dist/add/add.h
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/pkg_install/dist/add/main.c
cvs rdiff -u -r1.10 -r1.11 src/external/bsd/pkg_install/dist/add/perform.c
cvs rdiff -u -r1.6 -r1.7 src/external/bsd/pkg_install/dist/admin/main.c
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/pkg_install/dist/create/util.c
cvs rdiff -u -r1.5 -r1.6 src/external/bsd/pkg_install/dist/lib/dewey.c \
src/external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/pkg_install/dist/lib/fexec.c
cvs rdiff -u -r1.11 -r1.12 src/external/bsd/pkg_install/dist/lib/license.c
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/pkg_install/dist/lib/pkg_io.c
cvs rdiff -u -r1.20 -r1.21 src/external/bsd/pkg_install/dist/lib/version.h
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/pkg_install/dist/x509/pkgsrc.cnf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/pkg_install/dist/add/add.h
diff -u src/external/bsd/pkg_install/dist/add/add.h:1.3 src/external/bsd/pkg_install/dist/add/add.h:1.4
--- src/external/bsd/pkg_install/dist/add/add.h:1.3 Sat Apr 10 19:49:59 2021
+++ src/external/bsd/pkg_install/dist/add/add.h Tue Jun 11 09:26:57 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: add.h,v 1.3 2021/04/10 19:49:59 nia Exp $ */
+/* $NetBSD: add.h,v 1.4 2024/06/11 09:26:57 wiz Exp $ */
/* from FreeBSD Id: add.h,v 1.8 1997/02/22 16:09:15 peter Exp */
@@ -27,6 +27,8 @@
extern char *Destdir;
extern char *OverrideMachine;
+extern char *OverrideOpsys;
+extern char *OverrideOSVersion;
extern char *Prefix;
extern char *View;
extern char *Viewbase;
@@ -42,6 +44,8 @@ extern int ReplaceSame;
extern Boolean ForceDepends;
extern Boolean ForceDepending;
+void parse_cross(const char *, char **, char **, char **);
+
int make_hierarchy(char *);
void apply_perms(char *, char **, int);
Index: src/external/bsd/pkg_install/dist/add/main.c
diff -u src/external/bsd/pkg_install/dist/add/main.c:1.4 src/external/bsd/pkg_install/dist/add/main.c:1.5
--- src/external/bsd/pkg_install/dist/add/main.c:1.4 Sat Apr 10 22:59:46 2021
+++ src/external/bsd/pkg_install/dist/add/main.c Tue Jun 11 09:26:57 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.4 2021/04/10 22:59:46 wiz Exp $ */
+/* $NetBSD: main.c,v 1.5 2024/06/11 09:26:57 wiz Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: main.c,v 1.4 2021/04/10 22:59:46 wiz Exp $");
+__RCSID("$NetBSD: main.c,v 1.5 2024/06/11 09:26:57 wiz Exp $");
/*
*
@@ -40,6 +40,8 @@ static char Options[] = "AC:DIK:P:RVfhm:
char *Destdir = NULL;
char *OverrideMachine = NULL;
+char *OverrideOpsys = NULL;
+char *OverrideOSVersion = NULL;
char *Prefix = NULL;
Boolean NoInstall = FALSE;
Boolean NoRecord = FALSE;
@@ -110,7 +112,8 @@ main(int argc, char **argv)
break;
case 'm':
- OverrideMachine = optarg;
+ parse_cross(optarg, &OverrideMachine, &OverrideOpsys,
+ &OverrideOSVersion);
break;
case 'n':
Index: src/external/bsd/pkg_install/dist/add/perform.c
diff -u src/external/bsd/pkg_install/dist/add/perform.c:1.10 src/external/bsd/pkg_install/dist/add/perform.c:1.11
--- src/external/bsd/pkg_install/dist/add/perform.c:1.10 Sat Apr 10 20:07:57 2021
+++ src/external/bsd/pkg_install/dist/add/perform.c Tue Jun 11 09:26:57 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: perform.c,v 1.10 2021/04/10 20:07:57 nia Exp $ */
+/* $NetBSD: perform.c,v 1.11 2024/06/11 09:26:57 wiz Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
@@ -6,7 +6,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: perform.c,v 1.10 2021/04/10 20:07:57 nia Exp $");
+__RCSID("$NetBSD: perform.c,v 1.11 2024/06/11 09:26:57 wiz Exp $");
/*-
* Copyright (c) 2003 Grant Beattie <gr...@netbsd.org>
@@ -893,19 +893,28 @@ check_platform(struct pkg_task *pkg)
{
struct utsname host_uname;
const char *effective_arch;
+ const char *effective_opsys;
+ const char *effective_os_version;
int fatal;
- if (uname(&host_uname) < 0) {
- if (Force) {
- warnx("uname() failed, continuing.");
- return 0;
- } else {
- warnx("uname() failed, aborting.");
- return -1;
+ if (OverrideOpsys != NULL && OverrideOSVersion != NULL) {
+ effective_opsys = OverrideOpsys;
+ effective_os_version = OverrideOSVersion;
+ } else {
+ if (uname(&host_uname) < 0) {
+ if (Force) {
+ warnx("uname() failed, continuing.");
+ return 0;
+ } else {
+ warnx("uname() failed, aborting.");
+ return -1;
+ }
}
- }
- normalise_platform(&host_uname);
+ normalise_platform(&host_uname);
+ effective_opsys = OPSYS_NAME;
+ effective_os_version = host_uname.release;
+ }
if (OverrideMachine != NULL)
effective_arch = OverrideMachine;
@@ -913,14 +922,14 @@ check_platform(struct pkg_task *pkg)
effective_arch = PKGSRC_MACHINE_ARCH;
/* If either the OS or arch are different, bomb */
- if (strcmp(OPSYS_NAME, pkg->buildinfo[BI_OPSYS]) ||
+ if (strcmp(effective_opsys, pkg->buildinfo[BI_OPSYS]) ||
strcmp(effective_arch, pkg->buildinfo[BI_MACHINE_ARCH]) != 0)
fatal = 1;
else
fatal = 0;
if (fatal ||
- compatible_platform(OPSYS_NAME, host_uname.release,
+ compatible_platform(effective_opsys, effective_os_version,
pkg->buildinfo[BI_OS_VERSION]) != 1) {
warnx("Warning: package `%s' was built for a platform:",
pkg->pkgname);
@@ -928,9 +937,9 @@ check_platform(struct pkg_task *pkg)
pkg->buildinfo[BI_OPSYS],
pkg->buildinfo[BI_MACHINE_ARCH],
pkg->buildinfo[BI_OS_VERSION],
- OPSYS_NAME,
+ effective_opsys,
effective_arch,
- host_uname.release);
+ effective_os_version);
if (!Force && fatal)
return -1;
}
@@ -1545,7 +1554,7 @@ pkg_do(const char *pkgpath, int mark_aut
goto nuke_pkg;
if (run_install_script(pkg, "POST-INSTALL"))
- goto nuke_pkgdb;
+ goto nuke_pkg;
/* XXX keep +INSTALL_INFO for updates? */
/* XXX keep +PRESERVE for updates? */
Index: src/external/bsd/pkg_install/dist/admin/main.c
diff -u src/external/bsd/pkg_install/dist/admin/main.c:1.6 src/external/bsd/pkg_install/dist/admin/main.c:1.7
--- src/external/bsd/pkg_install/dist/admin/main.c:1.6 Wed Dec 2 13:53:50 2020
+++ src/external/bsd/pkg_install/dist/admin/main.c Tue Jun 11 09:26:57 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.6 2020/12/02 13:53:50 wiz Exp $ */
+/* $NetBSD: main.c,v 1.7 2024/06/11 09:26:57 wiz Exp $ */
#ifdef HAVE_NBTOOL_CONFIG_H
#include "nbtool_config.h"
@@ -11,7 +11,7 @@
#include <sys/cdefs.h>
#endif
#endif
-__RCSID("$NetBSD: main.c,v 1.6 2020/12/02 13:53:50 wiz Exp $");
+__RCSID("$NetBSD: main.c,v 1.7 2024/06/11 09:26:57 wiz Exp $");
/*-
* Copyright (c) 1999-2019 The NetBSD Foundation, Inc.
@@ -95,6 +95,17 @@ struct pkgdb_count {
};
/*
+ * A simple list of pkgname/pkgbase entries in the pkgdb to verify there are
+ * no duplicate entries.
+ */
+struct pkgbase_entry {
+ char *pkgbase;
+ char *pkgname;
+ SLIST_ENTRY(pkgbase_entry) entries;
+};
+SLIST_HEAD(pkgbase_entry_head, pkgbase_entry);
+
+/*
* A hashed list of +REQUIRED_BY entries.
*/
struct reqd_by_entry {
@@ -121,7 +132,7 @@ static void set_unset_variable(char **,
static void digest_input(char **);
/* print usage message and exit */
-void
+void
usage(void)
{
(void) fprintf(stderr, "usage: %s [-bqSVv] [-C config] [-d lsdir] [-K pkg_dbdir] [-s sfx] command [args ...]\n"
@@ -245,7 +256,7 @@ add_pkg(const char *pkgdir, void *vp)
return 0;
}
-static void
+static void
rebuild(void)
{
char *cachename;
@@ -393,12 +404,55 @@ add_depends_of(const char *pkgname, void
add_required_by(p->name, pkgname, h);
}
- free_plist(&plist);
+ free_plist(&plist);
+
+ return 0;
+}
+
+/*
+ * It is a fatal error if the pkgdb contains multiple entries with the same
+ * PKGBASE, usually caused by inserting directories manually into the pkgdb.
+ */
+static int
+check_duplicate_pkgbase(const char *pkgname, void *cookie)
+{
+ struct pkgbase_entry_head *head = cookie;
+ struct pkgbase_entry *pkg, *pkgiter;
+ char *p;
+
+ if ((p = strrchr(pkgname, '-')) == NULL) {
+ errx(EXIT_FAILURE, "entry '%s' in pkgdb is not a valid package name.",
+ pkgname);
+ }
+
+ pkg = xmalloc(sizeof(*pkg));
+ pkg->pkgname = xstrdup(pkgname);
+ *p = '\0';
+ pkg->pkgbase = xstrdup(pkgname);
+
+ SLIST_FOREACH(pkgiter, head, entries) {
+ if (strcmp(pkg->pkgbase, pkgiter->pkgbase) == 0) {
+ errx(EXIT_FAILURE, "corrupt pkgdb, duplicate PKGBASE entries:\n"
+ "\t%s\n\t%s", pkg->pkgname, pkgiter->pkgname);
+ }
+ }
+
+ SLIST_INSERT_HEAD(head, pkg, entries);
return 0;
}
static void
+check_pkgdb(void)
+{
+ struct pkgbase_entry_head pbhead;
+
+ SLIST_INIT(&pbhead);
+ if (iterate_pkg_db(check_duplicate_pkgbase, &pbhead) == -1)
+ errx(EXIT_FAILURE, "cannot iterate pkgdb");
+}
+
+static void
rebuild_tree(void)
{
FILE *fp;
@@ -450,7 +504,7 @@ rebuild_tree(void)
}
}
-int
+int
main(int argc, char *argv[])
{
Boolean use_default_sfx = TRUE;
@@ -531,7 +585,7 @@ main(int argc, char *argv[])
if (strcasecmp(argv[0], "pmatch") == 0) {
char *pattern, *pkg;
-
+
argv++; /* "pmatch" */
if (argv[0] == NULL || argv[1] == NULL) {
@@ -546,21 +600,27 @@ main(int argc, char *argv[])
} else {
return 1;
}
-
+
} else if (strcasecmp(argv[0], "rebuild") == 0) {
+ check_pkgdb();
rebuild();
- printf("Done.\n");
+ if (!quiet) {
+ printf("Done.\n");
+ }
-
} else if (strcasecmp(argv[0], "rebuild-tree") == 0) {
+ check_pkgdb();
rebuild_tree();
- printf("Done.\n");
+ if (!quiet) {
+ printf("Done.\n");
+ }
} else if (strcasecmp(argv[0], "check") == 0) {
argv++; /* "check" */
+ check_pkgdb();
check(argv);
if (!quiet) {
@@ -609,7 +669,7 @@ main(int argc, char *argv[])
printf("%s/%s\n", dir, p);
free(p);
}
-
+
argv++;
}
} else if (strcasecmp(argv[0], "list") == 0 ||
@@ -691,7 +751,7 @@ main(int argc, char *argv[])
puts(output);
fetchFreeURL(url);
free(output);
- }
+ }
return rc;
} else if (strcasecmp(argv[0], "fetch-pkg-vulnerabilities") == 0) {
@@ -784,23 +844,23 @@ set_unset_variable(char **argv, Boolean
if (argv[0] == NULL || argv[1] == NULL)
usage();
-
+
variable = NULL;
if (unset) {
arg.variable = argv[0];
arg.value = NULL;
- } else {
+ } else {
eq = NULL;
if ((eq=strchr(argv[0], '=')) == NULL)
usage();
-
+
variable = xmalloc(eq-argv[0]+1);
strlcpy(variable, argv[0], eq-argv[0]+1);
-
+
arg.variable = variable;
arg.value = eq+1;
-
+
if (strcmp(variable, AUTOMATIC_VARNAME) == 0 &&
strcasecmp(arg.value, "yes") != 0 &&
strcasecmp(arg.value, "no") != 0) {
Index: src/external/bsd/pkg_install/dist/create/util.c
diff -u src/external/bsd/pkg_install/dist/create/util.c:1.2 src/external/bsd/pkg_install/dist/create/util.c:1.3
--- src/external/bsd/pkg_install/dist/create/util.c:1.2 Sat Apr 6 08:29:01 2019
+++ src/external/bsd/pkg_install/dist/create/util.c Tue Jun 11 09:26:57 2024
@@ -58,6 +58,8 @@
static void
update_ids(struct memory_file *file)
{
+ const char *s;
+
if (file->owner != NULL) {
uid_t uid;
@@ -65,7 +67,10 @@ update_ids(struct memory_file *file)
errx(2, "user %s unknown", file->owner);
file->st.st_uid = uid;
} else {
- file->owner = xstrdup(user_from_uid(file->st.st_uid, 1));
+ if ((s = user_from_uid(file->st.st_uid, 1)) == NULL)
+ errx(2, "unknown user name for uid %u",
+ (unsigned) file->st.st_uid);
+ file->owner = xstrdup(s);
}
if (file->group != NULL) {
@@ -75,7 +80,10 @@ update_ids(struct memory_file *file)
errx(2, "group %s unknown", file->group);
file->st.st_gid = gid;
} else {
- file->group = xstrdup(group_from_gid(file->st.st_gid, 1));
+ if ((s = group_from_gid(file->st.st_gid, 1)) == NULL)
+ errx(2, "unknown group name for gid %u",
+ (unsigned) file->st.st_gid);
+ file->group = xstrdup(s);
}
}
Index: src/external/bsd/pkg_install/dist/lib/dewey.c
diff -u src/external/bsd/pkg_install/dist/lib/dewey.c:1.5 src/external/bsd/pkg_install/dist/lib/dewey.c:1.6
--- src/external/bsd/pkg_install/dist/lib/dewey.c:1.5 Sat Apr 10 19:49:59 2021
+++ src/external/bsd/pkg_install/dist/lib/dewey.c Tue Jun 11 09:26:57 2024
@@ -1,7 +1,7 @@
-/* $NetBSD: dewey.c,v 1.5 2021/04/10 19:49:59 nia Exp $ */
+/* $NetBSD: dewey.c,v 1.6 2024/06/11 09:26:57 wiz Exp $ */
/*
- * Copyright © 2002 Alistair G. Crooks. All rights reserved.
+ * Copyright (c) 2002 Alistair G. Crooks. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -47,41 +47,41 @@
/* do not modify these values, or things will NOT work */
enum {
- Alpha = -3,
- Beta = -2,
- RC = -1,
- Dot = 0,
- Patch = 1
+ Alpha = -3,
+ Beta = -2,
+ RC = -1,
+ Dot = 0,
+ Patch = 1
};
/* this struct defines a version number */
typedef struct arr_t {
- unsigned c; /* # of version numbers */
- unsigned size; /* size of array */
- int *v; /* array of decimal numbers */
- int netbsd; /* any "nb" suffix */
+ unsigned c; /* # of version numbers */
+ unsigned size; /* size of array */
+ int *v; /* array of decimal numbers */
+ int netbsd; /* any "nb" suffix */
} arr_t;
/* this struct describes a test */
typedef struct test_t {
- const char *s; /* string representation */
- unsigned len; /* length of string */
- int t; /* enumerated type of test */
+ const char *s; /* string representation */
+ unsigned len; /* length of string */
+ int t; /* enumerated type of test */
} test_t;
/* the tests that are recognised. */
- const test_t tests[] = {
- { "<=", 2, DEWEY_LE },
- { "<", 1, DEWEY_LT },
- { ">=", 2, DEWEY_GE },
- { ">", 1, DEWEY_GT },
- { "==", 2, DEWEY_EQ },
- { "!=", 2, DEWEY_NE },
- { NULL, 0, 0 }
+const test_t tests[] = {
+ { "<=", 2, DEWEY_LE },
+ { "<", 1, DEWEY_LT },
+ { ">=", 2, DEWEY_GE },
+ { ">", 1, DEWEY_GT },
+ { "==", 2, DEWEY_EQ },
+ { "!=", 2, DEWEY_NE },
+ { NULL, 0, 0 }
};
- const test_t modifiers[] = {
+const test_t modifiers[] = {
{ "alpha", 5, Alpha },
{ "beta", 4, Beta },
{ "pre", 3, RC },
@@ -122,10 +122,10 @@ dewey_mktest(int *op, const char *test)
static int
mkcomponent(arr_t *ap, const char *num)
{
- static const char alphas[] = "abcdefghijklmnopqrstuvwxyz";
- const test_t *modp;
- int n;
- const char *cp;
+ static const char alphas[] = "abcdefghijklmnopqrstuvwxyz";
+ const test_t *modp;
+ int n;
+ const char *cp;
if (ap->c == ap->size) {
if (ap->size == 0) {
@@ -252,7 +252,7 @@ dewey_cmp(const char *lhs, int op, const
freeversion(&left);
return 0;
}
- retval = vtest(&left, op, &right);
+ retval = vtest(&left, op, &right);
freeversion(&left);
freeversion(&right);
return retval;
@@ -281,11 +281,11 @@ dewey_match(const char *pattern, const c
strncmp(pkg, pattern, (size_t)(version-pkg)) != 0)
return 0;
version++;
-
+
/* extract comparison operator */
- if ((n = dewey_mktest(&op, sep)) < 0) {
+ if ((n = dewey_mktest(&op, sep)) < 0) {
return 0;
- }
+ }
/* skip operator */
sep += n;
@@ -317,4 +317,3 @@ dewey_match(const char *pattern, const c
return 0;
}
-
Index: src/external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in
diff -u src/external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in:1.5 src/external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in:1.6
--- src/external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in:1.5 Sat Apr 10 19:49:59 2021
+++ src/external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in Tue Jun 11 09:26:57 2024
@@ -1,4 +1,4 @@
-.\" $NetBSD: pkg_install.conf.5.in,v 1.5 2021/04/10 19:49:59 nia Exp $
+.\" $NetBSD: pkg_install.conf.5.in,v 1.6 2024/06/11 09:26:57 wiz Exp $
.\"
.\" Copyright (c) 2008, 2009, 2012 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -50,140 +50,297 @@ Some variables are overriden by environm
Those are marked by (*).
.Pp
The following variables are supported:
-.Bl -tag -width indent
-.It Dv ACCEPTABLE_LICENSES
-Space-separated list of licenses packages are allowed to carry.
+.Bl -tag -width 6n
+.It Dv ACCEPTABLE_LICENSES No (list of license names)
+Default: empty
+.Pp
+Space-separated list of licenses considered acceptable when
+.Dv CHECK_LICENSE
+is
+.Ql yes
+or
+.Ql always ,
+in addition to those listed in
+.Dv DEFAULT_ACCEPTABLE_LICENSES .
License names are case-sensitive.
-.It Dv ACTIVE_FTP
-Force the use of active FTP.
-.It Dv CACHE_INDEX
-Cache directory listings in memory.
-This avoids retransfers of the large directory index for HTTP and is
-enabled by default.
-.It Dv CERTIFICATE_ANCHOR_PKGS
-Path to the file containing the certificates used for validating
-binary packages.
+.It Dv ACTIVE_FTP No (empty or non-empty)
+Default: empty
+.Pp
+If non-empty, force the use of active FTP.
+Otherwise, try passive FTP first, and fall back to active FTP if the
+server reports a syntax error.
+.It Dv CACHE_INDEX No ( So Li yes Sc or So Li no Sc )
+Default:
+.Li yes
+.Pp
+If
+.Ql yes ,
+cache directory listings in memory.
+This avoids retransfers of the large directory index for HTTP.
+.It Dv CERTIFICATE_ANCHOR_PKGS No (empty or path)
+Default: empty
+.Pp
+Path to the file containing the certificates used for validating binary
+packages.
A package is trusted when a certificate chain ends in one of the
certificates contained in this file.
The certificates must be PEM-encoded.
-.It Dv CERTIFICATE_ANCHOR_PKGVULN
-Analogous to
-.Dv CERTIFICATE_ANCHOR_PKGS .
+.Pp
+Required when
+.Dv VERIFIED_INSTALLATION
+is anything other than
+.Ql never .
+.It Dv CERTIFICATE_ANCHOR_PKGVULN No (empty or path)
+Default: empty
+.Pp
+If non-empty, path to the file containing the certificates used for
+validating
+.Pa pkg-vulnerabilities .
The
.Pa pkg-vulnerabilities
is trusted when a certificate chain ends in one of the certificates
contained in this file.
-.It Dv CERTIFICATE_CHAIN
-Path to a file containing additional certificates that can be used
-for completing certificate chains when validating binary packages or
-pkg-vulnerabilities files.
-.It Dv CHECK_LICENSE
-Check the license conditions of packages before installing them.
+The certificates must be PEM-encoded.
+.It Dv CERTIFICATE_CHAIN No (empty or path)
+Default: empty
+.Pp
+If non-empty, path to a file containing additional certificates that
+can be used for completing certificate chains when validating binary
+packages or pkg-vulnerabilities files.
+.It Dv CHECK_LICENSE No ( So Li yes Sc , So Li no Sc , or So Li always Sc )
+Default:
+.Li no
+.Pp
+When installing a package, check whether its license, as specified in
+the
+.Dv LICENSE
+build info tag, is acceptable,
+i.e., listed in
+.Dv ACCEPTABLE_LICENSES
+or
+.Dv DEFAULT_ACCEPTABLE_LICENSES .
+.Pp
Supported values are:
-.Bl -tag -width interactiveXX
+.Bl -tag -width ".Dv always"
.It Dv no
-The check is not performed.
+Install package no matter what license it has.
.It Dv yes
-The check is performed if the package has license conditions set.
+If package has
+.Dv LICENSE
+set, require the license to be acceptable before installing.
+If package is missing
+.Dv LICENSE ,
+install it anyway.
.It Dv always
-Passing the license check is required.
-Missing license conditions are considered an error.
+Require
+.Dv LICENSE
+to be set, and require the license to be acceptable, before
+installing.
.El
-.It Dv CHECK_END_OF_LIFE
+.It Dv CHECK_END_OF_LIFE No ( So Li yes Sc or So Li no Sc )
+Default:
+.Ql yes
+.Pp
During vulnerability checks, consider packages that have reached end-of-life
as vulnerable.
-This option is enabled by default.
-.It Dv CHECK_OS_VERSION
-If "no", pkg_add will not warn if the host OS version does not exactly match
-the OS version the package was built on.
-The default is "yes".
-.It Dv CHECK_OSABI
-If "no", osabi package does not check OS version.
-The default is "yes".
-.It Dv CHECK_VULNERABILITIES
-Check for vulnerabilities when installing packages.
+.It Dv CHECK_OS_VERSION No ( So Li yes Sc or So Li no Sc )
+Default:
+.Ql yes
+.Pp
+If
+.Ql yes ,
+pkg_add will warn if the host OS version mismatches the OS version the
+package was built on.
+.Pp
+For example, you can set this to
+.Ql no
+in order to install packages built for
+.Nx 9.0
+on
+.Nx 10.0 ,
+where they will still generally work.
+Packages for which this may not work have a more stringent version
+check through the
+.Li osabi
+package; see
+.Dv CHECK_OSABI .
+.It Dv CHECK_OSABI No ( So Li yes Sc or So Li no Sc )
+Default:
+.Ql yes
+.Pp
+If
+.Ql yes ,
+the
+.Li osabi
+package checks that it matches the OS version.
+.Pp
+Packages that are tightly bound to a specific version of an operating
+system, such as kernel modules or
+.Dv sysutils/lsof ,
+depend on the
+.Li osabi
+package to reflect this, so that even if
+.Dv CHECK_OS_VERSION
+is
+.Ql no ,
+such packages will refuse to install unless
+.Dv CHECK_OSABI
+is also
+.Ql no .
+.It Dv CHECK_VULNERABILITIES No ( So Li never Sc , So Li always Sc , or So Li interactive Sc )
+Default:
+.Ql never
+.Pp
+Check for vulnerabilities when installing a package.
Supported values are:
-.Bl -tag -width interactiveXX
+.Bl -tag -width ".Dv interactive"
.It Dv never
-No check is performed.
+Install package even if it is known to be vulnerable.
.It Dv always
-Passing the vulnerability check is required.
-A missing pkg-vulnerabilities file is considered an error.
+Install package only if it is not known to be vulnerable.
+.Pp
+If the
+.Pa pkg-vulnerabilities
+file is missing, assume package is vulnerable and refuse to install
+it.
.It Dv interactive
-The user is always asked to confirm installation of vulnerable packages.
+Install package without user interaction if it is not known to be
+vulnerable.
+Otherwise, prompt user to confirm installation.
+.Pp
+If the
+.Pa pkg-vulnerabilities
+file is missing, ignore it and install package anyway.
.El
-.It Dv CONFIG_CACHE_CONNECTIONS
-Limit the global connection cache to this value.
-For FTP, this is the number of sessions without active command.
-For HTTP, this is the number of connections open with keep-alive.
-.It Dv CONFIG_CACHE_CONNECTIONS_HOST
-Like
-.Dv CONFIG_CACHE_CONNECTIONS ,
-but limit the number of connections to the host as well.
-See
-.Xr fetch 3
-for further details
+.\" These appear to have been added by mistake in pkg_install-20100122;
+.\" nothing uses them that I can find. --riastradh, 2024-02-03
+.\" .It Dv CONFIG_CACHE_CONNECTIONS
+.\" Limit the global connection cache to this value.
+.\" For FTP, this is the number of sessions without active command.
+.\" For HTTP, this is the number of connections open with keep-alive.
+.\" .It Dv CONFIG_CACHE_CONNECTIONS_HOST
+.\" Like
+.\" .Dv CONFIG_CACHE_CONNECTIONS ,
+.\" but limit the number of connections to the host as well.
+.\" See
+.\" .Xr fetch 3
+.\" for further details
.It Dv DEFAULT_ACCEPTABLE_LICENSES
-Space-separated list of common Free and Open Source licenses packages are
-allowed to carry.
-The default value contains all OSI approved licenses in pkgsrc on the date
-pkg_install was released.
+Space separated list of licenses considered acceptable when
+.Dv CHECK_LICENSE
+is
+.Ql yes
+or
+.Ql always ,
+in addition to those listed in
+.Dv ACCEPTABLE_LICENSES .
License names are case-sensitive.
-.It Dv GPG
+.Pp
+The default value of
+.Dv DEFAULT_ACCEPTABLE_LICENSES No (list of license names)
+lists all licenses recorded in pkgsrc which have been either:
+.Bl -dash
+.It
+approved as open source by the
+.Lk "https://opensource.org/"; "Open Source Initiative" ,
+.It
+approved as free software by the
+.Lk "https://www.fsf.org/"; "Free Software Foundation" ,
+or
+.It
+considered free software under the Debian Free Software Guidelines by
+the
+.Lk "https://www.debian.org/"; "Debian Project" ,
+.El
+and are not
+.Sq network copyleft
+licenses such as the GNU Affero GPLv3.
+.It Dv GPG No (empty or path)
+Default: empty
+.Pp
Path to
.Xr gpg 1 ,
-which can be used to verify the signature in the
-.Pa pkg-vulnerabilities
-file when running
-.Dl Ic pkg_admin check-pkg-vulnerabilities -s
-or
-.Dl Ic pkg_admin fetch-pkg-vulnerabilities -s
-It can also be used to verify and sign binary packages.
-.It Dv GPG_KEYRING_PKGVULN
-Non-default keyring to use for verifying GPG signatures of
-.Pa pkg-vulnerabilities .
-.It Dv GPG_KEYRING_SIGN
-Non-default keyring to use for signing packages with GPG.
-.It Dv GPG_KEYRING_VERIFY
-Non-default keyring to use for verifying GPG signature of packages.
-.It Dv GPG_SIGN_AS
-User-id to use for signing packages.
-.It Dv IGNORE_PROXY
-Use direct connections and ignore
+required for
+.Ic pkg_admin gpg-sign-package .
+(All other GPG/OpenPGP operations are done internally with
+.Xr libnetpgpverify 3 . )
+.It Dv GPG_KEYRING_PKGVULN No (empty or path)
+Default: empty
+.Pp
+If non-empty, keyring to use for verifying OpenPGP signatures on
+.Pa pkg-vulnerabilities ,
+overriding the default keyring.
+.It Dv GPG_KEYRING_SIGN No (empty or path)
+Default: empty
+.Pp
+If non-empty, keyring to use for signing packages with
+.Ic pkg_admin gpg-sign-package ,
+overriding the default keyring.
+.It Dv GPG_KEYRING_VERIFY No (empty or path)
+Default: empty
+.Pp
+If non-empty, keyring to use for verifying package signatures on
+installation, overriding the default keyring.
+.It Dv GPG_SIGN_AS No (empty or OpenPGP user-id)
+Default: empty
+.Pp
+If non-empty, OpenPGP user-id to use for signing packages with
+.Ic pkg_admin gpg-sign-package ,
+passed as the argument of
+.Ql --local-user
+.Pq Fl u
+to
+.Xr gpg 1 .
+.It Dv IGNORE_PROXY No (empty or non-empty)
+Default: empty
+.Pp
+If non-empty, use direct connections and ignore
.Ev FTP_PROXY
and
.Ev HTTP_PROXY .
-.It Dv IGNORE_URL
-One line per advisory which should be ignored when running
-.Dl Ic pkg_admin audit
-The URL from the
+.It Dv IGNORE_URL No (URL, may be specified multiple times)
+Default: none
+.Pp
+URL of a security advisory from the
.Pa pkg-vulnerabilities
-file should be used as value.
-.It Dv PKG_DBDIR (*)
+that should be ignored when running:
+.Dl Ic pkg_admin audit
+May be specified multiple times to ignore multiple advisories.
+.It Dv PKG_DBDIR No (*) (path)
+Default:
+.Pa @PKG_DBDIR@
+.Pp
Location of the packages database.
-This option is always overriden by the argument of the
+This option is overriden by the argument of the
.Fl K
option.
-.It Dv PKG_PATH (*)
+.It Dv PKG_PATH No (*) (semicolon-separated list of paths or URLs)
+Default: empty
+.Pp
Search path for packages.
The entries are separated by semicolon.
Each entry specifies a directory or URL to search for packages.
-.It Dv PKG_REFCOUNT_DBDIR (*)
+.It Dv PKG_REFCOUNT_DBDIR No (*) (path)
+Default:
+.No "${" Ns Dv PKG_DBDIR Ns "}" Ns Pa .refcount
+.Pp
Location of the package reference counts database directory.
-The default value is
-.Pa ${PKG_DBDIR}.refcount .
-.It Dv PKGVULNDIR
+.It Dv PKGVULNDIR No (path)
+Default:
+.No "${" Ns Dv PKG_DBDIR Ns "}"
+.Pp
Directory name in which the
.Pa pkg-vulnerabilities
file resides.
-Default is
-.Pa ${PKG_DBDIR} .
-.It Dv PKGVULNURL
+.It Dv PKGVULNURL No (URL)
+Default:
+.Lk http://cdn.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerablities.gz
+.Pp
URL which is used for updating the local
.Pa pkg-vulnerabilities
-file when running
+file when running:
.Dl Ic pkg_admin fetch-pkg-vulnerabilities
-The default location is ftp.NetBSD.org using HTTP.
+.Pp
.Em Note :
Usually, only the compression type should be changed.
Currently supported are uncompressed files and files compressed by
@@ -192,22 +349,31 @@ Currently supported are uncompressed fil
or
.Xr gzip 1
.Pq Pa .gz .
-.It Dv VERBOSE_NETIO
-Log details of network IO to stderr.
-.It Dv VERIFIED_INSTALLATION
-Set trust level used when installation.
+.It Dv VERBOSE_NETIO No (empty or non-empty)
+Default: empty
+.Pp
+If non-empty, log details of network IO to stderr.
+.It Dv VERIFIED_INSTALLATION No ( So Li never Sc , So Li always Sc , So Li trusted Sc , or So Li interactive Sc )
+Default:
+.Ql never
+.Pp
+Verification requirement for installing a package.
Supported values are:
-.Bl -tag -width interactiveXX
+.Bl -tag -width ".Dv interactive"
.It Dv never
-No signature checks are performed.
+Install package unconditionally.
.It Dv always
-A valid signature is required.
-If the binary package can not be verified, the installation is terminated
+Install package only if it has a valid X.509 or OpenPGP signature.
.It Dv trusted
-A valid signature is required.
-If the binary package can not be verified, the user is asked interactively.
+Install package without user interaction if it has a valid X.509 or
+OpenPGP signature.
+Otherwise, prompt user to confirm installation.
.It Dv interactive
-The user is always asked interactively when installing a package.
+Always prompt the user to confirm installation when installing a
+package.
+.Sy WARNING :
+This does not tell the user whether the package had a valid signature
+or not.
.El
.El
.Sh FILES
Index: src/external/bsd/pkg_install/dist/lib/fexec.c
diff -u src/external/bsd/pkg_install/dist/lib/fexec.c:1.3 src/external/bsd/pkg_install/dist/lib/fexec.c:1.4
--- src/external/bsd/pkg_install/dist/lib/fexec.c:1.3 Sat Apr 10 19:49:59 2021
+++ src/external/bsd/pkg_install/dist/lib/fexec.c Tue Jun 11 09:26:57 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: fexec.c,v 1.3 2021/04/10 19:49:59 nia Exp $ */
+/* $NetBSD: fexec.c,v 1.4 2024/06/11 09:26:57 wiz Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -37,6 +37,12 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
+#if HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
#if HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
@@ -47,6 +53,9 @@
#if HAVE_ERRNO_H
#include <errno.h>
#endif
+#if HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
#if HAVE_STDARG_H
#include <stdarg.h>
#endif
@@ -59,7 +68,33 @@
#include "lib.h"
-__RCSID("$NetBSD: fexec.c,v 1.3 2021/04/10 19:49:59 nia Exp $");
+/*
+ * Newer macOS releases are not able to correctly handle vfork() when the
+ * underlying file is changed or removed, as is the case when upgrading
+ * pkg_install itself. The manual pages suggest using posix_spawn()
+ * instead, which seems to work ok.
+ */
+#if defined(__APPLE__) && \
+ ((__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__-0) >= 1050)
+#define FEXEC_USE_POSIX_SPAWN 1
+#else
+#define FEXEC_USE_POSIX_SPAWN 0
+#endif
+
+#if FEXEC_USE_POSIX_SPAWN
+#include <spawn.h>
+extern char **environ;
+
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
+#ifndef O_DIRECTORY
+#define O_DIRECTORY 0
+#endif
+#endif
+
+__RCSID("$NetBSD: fexec.c,v 1.4 2024/06/11 09:26:57 wiz Exp $");
static int vfcexec(const char *, int, const char *, va_list);
@@ -67,6 +102,8 @@ static int vfcexec(const char *, int, co
* fork, then change current working directory to path and
* execute the command and arguments in the argv array.
* wait for the command to finish, then return the exit status.
+ *
+ * macOS uses posix_spawn() instead due to reasons explained above.
*/
int
pfcexec(const char *path, const char *file, const char **argv)
@@ -74,6 +111,31 @@ pfcexec(const char *path, const char *fi
pid_t child;
int status;
+#if FEXEC_USE_POSIX_SPAWN
+ int prevcwd;
+
+ if ((prevcwd = open(".", O_RDONLY|O_CLOEXEC|O_DIRECTORY)) < 0) {
+ warn("open prevcwd failed");
+ return -1;
+ }
+
+ if ((path != NULL) && (chdir(path) < 0)) {
+ warn("chdir %s failed", path);
+ return -1;
+ }
+
+ if (posix_spawn(&child, file, NULL, NULL, (char **)argv, environ) < 0) {
+ warn("posix_spawn failed");
+ return -1;
+ }
+
+ if (fchdir(prevcwd) < 0) {
+ warn("fchdir prevcwd failed");
+ return -1;
+ }
+
+ (void)close(prevcwd);
+#else
child = vfork();
switch (child) {
case 0:
@@ -86,6 +148,7 @@ pfcexec(const char *path, const char *fi
case -1:
return -1;
}
+#endif
while (waitpid(child, &status, 0) < 0) {
if (errno != EINTR)
Index: src/external/bsd/pkg_install/dist/lib/license.c
diff -u src/external/bsd/pkg_install/dist/lib/license.c:1.11 src/external/bsd/pkg_install/dist/lib/license.c:1.12
--- src/external/bsd/pkg_install/dist/lib/license.c:1.11 Sat Apr 10 19:49:59 2021
+++ src/external/bsd/pkg_install/dist/lib/license.c Tue Jun 11 09:26:57 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: license.c,v 1.11 2021/04/10 19:49:59 nia Exp $ */
+/* $NetBSD: license.c,v 1.12 2024/06/11 09:26:57 wiz Exp $ */
/*-
* Copyright (c) 2009 Joerg Sonnenberger <jo...@netbsd.org>.
@@ -50,6 +50,7 @@ const char *default_acceptable_licenses
"apache-1.1 apache-2.0 "
"arphic-public "
"artistic artistic-2.0 "
+ "beer-ware "
"boost-license "
"cc-by-sa-v3.0 "
"cc-by-sa-v4.0 "
@@ -58,9 +59,11 @@ const char *default_acceptable_licenses
"cddl-1.0 "
"cecill-2.1 "
"cecill-b-v1 "
+ "cecill-c-v1 "
"cpl-1.0 "
"epl-v1.0 "
"eupl-v1.1 "
+ "eupl-v1.2 "
"gfsl "
"gnu-fdl-v1.1 gnu-fdl-v1.2 gnu-fdl-v1.3 "
"gnu-gpl-v1 "
@@ -68,6 +71,8 @@ const char *default_acceptable_licenses
"gnu-gpl-v3 gnu-lgpl-v3 "
"happy "
"hpnd "
+ "icu "
+ "ijg "
"info-zip "
"ipafont "
"ipl-1.0 "
@@ -78,10 +83,11 @@ const char *default_acceptable_licenses
"mit "
"mpl-1.0 mpl-1.1 mpl-2.0 "
"mplusfont "
+ "ms-pl "
"odbl-v1 "
"ofl-v1.0 ofl-v1.1 "
"openssl "
- "original-bsd modified-bsd 2-clause-bsd "
+ "original-bsd modified-bsd 2-clause-bsd 0-clause-bsd "
"osl "
"paratype "
"php "
@@ -94,6 +100,7 @@ const char *default_acceptable_licenses
"sissl-1.1 "
"sleepycat-public "
"unicode "
+ "unicode-v3 "
"unlicense "
"vera-ttf-license "
"w3c "
Index: src/external/bsd/pkg_install/dist/lib/pkg_io.c
diff -u src/external/bsd/pkg_install/dist/lib/pkg_io.c:1.4 src/external/bsd/pkg_install/dist/lib/pkg_io.c:1.5
--- src/external/bsd/pkg_install/dist/lib/pkg_io.c:1.4 Sat Apr 10 19:49:59 2021
+++ src/external/bsd/pkg_install/dist/lib/pkg_io.c Tue Jun 11 09:26:57 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: pkg_io.c,v 1.4 2021/04/10 19:49:59 nia Exp $ */
+/* $NetBSD: pkg_io.c,v 1.5 2024/06/11 09:26:57 wiz Exp $ */
/*-
* Copyright (c) 2008, 2009 Joerg Sonnenberger <jo...@netbsd.org>.
* All rights reserved.
@@ -36,7 +36,7 @@
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: pkg_io.c,v 1.4 2021/04/10 19:49:59 nia Exp $");
+__RCSID("$NetBSD: pkg_io.c,v 1.5 2024/06/11 09:26:57 wiz Exp $");
#include <archive.h>
#include <archive_entry.h>
@@ -48,6 +48,8 @@ __RCSID("$NetBSD: pkg_io.c,v 1.4 2021/04
#endif
#include <stdlib.h>
+#include "lib.h"
+
#ifdef BOOTSTRAP
#undef IS_URL
#define IS_URL(x) 0
@@ -55,8 +57,6 @@ __RCSID("$NetBSD: pkg_io.c,v 1.4 2021/04
#include <fetch.h>
#endif
-#include "lib.h"
-
struct pkg_path {
TAILQ_ENTRY(pkg_path) pl_link;
char *pl_path;
Index: src/external/bsd/pkg_install/dist/lib/version.h
diff -u src/external/bsd/pkg_install/dist/lib/version.h:1.20 src/external/bsd/pkg_install/dist/lib/version.h:1.21
--- src/external/bsd/pkg_install/dist/lib/version.h:1.20 Sat Apr 10 19:49:59 2021
+++ src/external/bsd/pkg_install/dist/lib/version.h Tue Jun 11 09:26:57 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: version.h,v 1.20 2021/04/10 19:49:59 nia Exp $ */
+/* $NetBSD: version.h,v 1.21 2024/06/11 09:26:57 wiz Exp $ */
/*
* Copyright (c) 2001 Thomas Klausner. All rights reserved.
@@ -27,6 +27,6 @@
#ifndef _INST_LIB_VERSION_H_
#define _INST_LIB_VERSION_H_
-#define PKGTOOLS_VERSION 20210410
+#define PKGTOOLS_VERSION 20240307
#endif /* _INST_LIB_VERSION_H_ */
Index: src/external/bsd/pkg_install/dist/x509/pkgsrc.cnf
diff -u src/external/bsd/pkg_install/dist/x509/pkgsrc.cnf:1.3 src/external/bsd/pkg_install/dist/x509/pkgsrc.cnf:1.4
--- src/external/bsd/pkg_install/dist/x509/pkgsrc.cnf:1.3 Sat Apr 10 19:49:59 2021
+++ src/external/bsd/pkg_install/dist/x509/pkgsrc.cnf Tue Jun 11 09:26:58 2024
@@ -1,4 +1,4 @@
-# $NetBSD: pkgsrc.cnf,v 1.3 2021/04/10 19:49:59 nia Exp $
+# $NetBSD: pkgsrc.cnf,v 1.4 2024/06/11 09:26:58 wiz Exp $
#
# OpenSSL sample configuration file for use by pkgsrc.sh
#
@@ -77,9 +77,8 @@ emailAddress = optional
####################################################################
[ req ]
-default_bits = 2048
+default_bits = 4096
default_keyfile = privkey.pem
-default_md = sha1
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extentions to add to the self signed cert
