This is based on the decision The NetBSD Foundation made in 2008 to
do so, which was already applied to src.
This change has been applied to code which is likely not in other
repositories.
ok board@, reviewed by riastradh@
If PKG_DBDIR is /foo and a path like /foobar is given, it is not below
PKG_DBDIR, so don't translate it into a package name look up. The old
logic for giving a path to PKG_DBDIR remains for legacy compat.
Fix an issue in pkg_create where we may have been using corrupted owner and
group information. Noticed on macOS where libarchive would complain about
the owner entry being too long. Reviewed by joerg.
Also includes some manual page improvements committed recently.
OpenSSL 1.1.0 makes xkusage and ex_flags opaque.
Use X509_check_ca rather than a custom and nearly identical implementation.
This is available since OpenSSL 0.9.8 (even in RHEL5).
This is also done because we cannot implement it identically under
OpenSSL 1.1.0 due to missing getters.
Test EXFLAG_XKUSAGE rather than zero xkusage test no usage to avoid openssl
1.1.0 getter returning a different code on this case.
Use getter for xkusage in the non-zero test case.
Provide fallback definitions for getters.
PR pkg/52298, PR pkg/52648
- Convert to libarchive 3.x interfaces, avoiding the legacy glue.
- Rename local copy of netpgpverify to match installed headers.
- Shuffle bootstrap code to reduce special cases in pkg_add.
- Always read/write file names in tar archives as binary. While they are
supposed to be UTF-8, locale conversion creates more problems than it
solves here.
- Fix const correctness in gpg_verify.
- Add format string annotation for xasprintf for GCC-like compilers.
- Restrict supported archive formats for binary packages to ar (signed
packages) and tar (actual content) with uncompressed/gzip/bzip2/xz as
compression choices. This reduces the exposed libarchive surface.
- The pkg-vulnerability file correspondingly supports only the same
compression choices.
overrides our attempt to set it to "x86_64" and ensure consistency across
platforms. Work around this by setting it using PKGSRC_MACHINE_ARCH.
Confirmed to fix the issue and not break a variety of other platforms by
Sevan, and approved under duress by Joerg.
This resolves issues on platforms which MACHINE & MACHINE_ARCH is explicitly
defined, such as OpenBSD/amd64 & Bitrig/amd64 where we would like to build with
MACHINE_ARCH=x86_64 but can't as a platform check fails when installing
packages after bootstrap
pkg_add: Warning: package `digest-20121220' was built for a platform:
pkg_add: OpenBSD/x86_64 5.8 (pkg) vs. OpenBSD/amd64 5.8 (this host)
Tested on
Mac OS X Tiger/PowerPC
OpenBSD
Bitrig
Solaris 10/SPARC
FreeBSD 10.2-RELEASE & 11-CURRENT
DragonFlyBSD
Debian 8
OmniOS
Reviewed by joerg@
This replaces calling out to an external gpg command for verification
with inline verification using the security/netpgpverify library.
Bump version to 20150901.