- Restrict audit related commands to the documented set and/or fix the
documention.
- Add support for conditional fetch-pkg-vulnerabilities via -u option.
- DB support is always included from libnbcompat if needed
- pkg_view and linkfarm are not installed any more; they are not moved
into the attic yet, so they can easily be installed as separte package
- common configuration file to customise the behavior of various
components; this supersedes the old audit-packages.conf
- support for PKSC7 signatures (using X509 certs) and GPG signatures for
packages in a secure way. See pkg_admin(8) for how to create them and
pkg_install.conf(5) for the options to use them
- audit-packages and download-vulnerability-list are wrapper scripts
around pkg_admin. They try to mimic the classic options if used sanely.
"pkg_admin audit" is now an order of magnitude faster than before
- pkg_add uses libarchive and libfetch instead of external ftp and tar:
- progress bar is currently missing for downloads
- "pkg_add -" is no longer supported
- no adhoc check for conficts between dependencies and already
installed packages
- "pkg_add -s" has been replaced with an option in pkg_install.conf,
verification of plain detached GPG signatures is no longer supported
- optional check for vulnerabilities before adding a package
- if /var and /usr/pkg are on different fileystems it is twice as fast
now
- conflicts due to overlapping plists are checked before installation
- pkg_add no longer plays with the process limits
- pkg_add and pkg_delete have a new destdir option; scripts have to
either be modified to use PKG_DESTDIR or should be disabled
- pkg_add -u for now can't be used to update to the exact same version
- internal "rm -rf" and "mkdir_p" code
- all memory allocation failures are not explicitly fatal
- if a file is not removed due to a failed checksum, still remove the
entry from pkgdb
Merge from changes for read_plist from pkg_install-renovation to always
initialize the plist and add append_plist for the one case where this is
not desired. Fixes PR 39276.
Merge a number of bugfixes from the pkg_install-renovation branch:
- explicit include of nbcompat/md5.h
- use errx when dealing with libfetch as it doesn't set errno
- avoid optind = 0 as GNUish getopt will reset itself otherwise
doing an old-style bulk build on 4.0 or older systems:
- in mk/bulk/build, do "make update" instead of "make install + clean"
when installing a new pkg_install
- in pkgtools/pkg_install/Makefile, don't try to use our own
executables (${WORKDIR}/pkg_add/pkg_add etc.) if they don't exist
Discussed with joerg, and even though he's not entirely happy
with the latter change, he didn't appear to have a better suggestion.
This, and putting /usr/pkg/sbin earlier than /usr/sbin in the $PATH
appears to be required to get an old-style bulk build going.
Known regressions:
- "pkg_add -" (aka reading from stdin) is currently not supported
- "pkg_add -s" is not supported either
- no progress reports for the downloads
- binary packages with hardlinks created by pkg_create before
pkg_install-20080422 will not extract correctly (libarchive issue)
- no adhoc check for potential conflicts between dependencies and
already installed packages
Features:
- Twice as fast for the typical case of /var/tmp and /usr/pkg on
different filesystems
- Standalone
- implicit conflict detection before actual installation.
Make use of the linkresolver from libarchive and thereby fix the
permissions of hardlinks in archives. This wasn't a problem so far
as nbpax is (incorrectly) ignoring the permissions of the other entries.
Add audit-history subcommand for pkg_admin, that lists all known
vulnerabilities for a given base package name. E.g. if you run a web
server, don't run "pkg_admin audit-history php" before going to bed.
- When loading meta data for a package and a file is needed for the
current operation and is a required file, complain.
- Include the name of the package the meta data could not be loaded
from.
This addresses PR 38166.
Redo the check for incomplete packages by annotating which meta data
field are required and count which were found during reading the binary
package. The original approach didn't work as loads from pkgdb are
reduced to the minimal set.
Free libarchive's side of the package before closing the file descriptor.
This stops leaking up to 1MB / package when using bzip2 and addresses
PR 38082. Check that at least +COMMENTS, +CONTENTS and +DESC can be
extracted, otherwise skip the entry. This stops pkg_info -X from dumping
core on non-package files.
Add new parser for pkg_vulnerabilities, that handles decompress
transparently and internally. Preliminary tests with a modified
audit-packages show a speed increase by 2 for common operations
like listening all vulnerable installed packages.
Explicitly check in show_var that the buffer is non-NULL.
This can stops pkg_info -Q foo from segfaulting for explicitly
installed packages. Reported by Stoned Elipot.
libnbcompat.h already. So don't include sys/param.h and sys/mount.h in
it and remove the configure test for sys/mount.h.
While here, remove some #if 0'd code from pen.c.
Convert pkg_info to use libarchive instead of tar for binary package
handling. As a side effect pkg_info on remote packages will use
one FTP instance per argument, but will try to fetch only the meta data.
This reduces time for pkg_info -X on a full binary repository from 36.9s
to 18.1s for the cache hot case (PKG_TMPDIR on tmpfs for the old
pkg_info). Thanks to tnn@ for testing.
as 20071224. Changes include:
- better diagnostic for conflicting packages
- explicitly check already installed packages for conflicts with
to-be-installed package
- document pkg_admin rebuild-tree in usage
- man page fixes
- forcefully remove pkgdb entries (needed for user-usage in some cases)
This allows such settings as the following in audit-packages.conf:
FETCH_PRE_ARGS="env ftp_proxy://ftp.myproxy.com"
Which will be set before FETCH_CMD is run.
This was made a lot more critical with the changes to use the iteration
API, as that is running a lot more Dewey comparisions.
Thanks to adrianp and wiz for the reports.
Bump to 20070916.
buffer, but the size of a pointer to a buffer. This makes pkg_add -u
work again. It failed before, trying to rename the +REQUIRED_BY file to
"/us" or "/va", depending on the value of PKGDBDIR.
meaningful warning if the file is a symlink whose target doesn't exist.
The message has now been changed from:
pkg_admin: netbsd32_compat30-extras: File `/usr/pkg/emul/netbsd32/usr/lib/libm387.so' is in +CONTENTS but not on filesystem!
to:
pkg_admin: Symlink `/usr/pkg/emul/netbsd32/usr/lib/libm387.so' exists and is in +CONTENTS but target does not exist!
* Pass values for --sysconfdir (and --prefix) to the configure script
instead of passing them through CPPFLAGS. Both SYSCONFDIR and PREFIX
are only used by audit-packages, and the audit-packages Makefile
already handles passing these values inherited from the configure
script. This avoids compiler warnings that, e.g. SYSCONFDIR has been
redefined on the command line.
* Fix quoting for arguments to the configure script -- :Q instead of
\"\".
Bump version to 20070828. Reviewed by <joerg>.
PR# 36773 opened by David A. Holland.
While we're here look for settings with no values in audit-packages.conf
and ignore them.
Tighten up processing of audit-packages.conf for the situation where
settings are specified multiple times. (report from joerg@).
a subfunction.
Bail out if the package name doesn't have a version name.
Bail out if the internal rename failed (it was an assert before).
Invert some of the branches to cut off three levels of indirection.
the functionality offered by findmatchingname and findbestmatching
name. They optionally strip the suffix from the filename before
matching it, instead of modifying the pattern directly.
Drop the old functions.
- Fix a bug in pkg_order where the version strings where inverted
- Make pkg_admin lsbest and lsall use the new functions.
- Make ftpio use pkg_order directly.
Bump version to 20070812.
Reported by Greg Troxel on tech-pkg@
* Add -q which operates the same as 'pkg_info -q' and only displays
the package name of any vulnerable/eol packages found.
Suggestion by joerg@
* man page updates for -q
* Document the required permissions for audit-packages and
download-vulnerability-list in the man page.
possible cause of inconsistencies. Remove comment about make replace,
since it does not, absent pkgsrc/mk bugs, result in incorrect
dependency records.
packages (see pkg_info -e). Restore this behaviour. Still print a
warning when the pkgdb can't be processed.
Reported by Daniel Horecki and pointed to the option by tnn@.
