Consider EOF during signature scan a fatal error. At the very least, the
package is missing the +CONTENTS file at that point. Correctly reset the
entry pointer in that case and make the meta data extraction stricter,
avoiding NULL dereferences for invalid archives.
Fixes pkg_info -X crash on empty files as reported by Daniel Horecki.
Simplify archive handling by depending on archive_read_finish and the
close callback where needed. Fixes a file descriptor leak as side
effect as reported by wiz.
Integrate the PKG_PATH logic for tightly with the find_archive logic:
- remember initial current working directory from the time PKG_PATH is
processed, it will be used as reference for all relative entries
- remove now redundant fchdir dance in pkg_add
- pass down to find_archive if this is a top-level package (e.g.
requested on the command line) or not; the location of top-level
packages is searched for packages first and for URLs or path names the
PKG_PATH itself is not processed (e.g. pkg_add foo/bar not look into
PKG_PATH for bar). This addresses PR 33884 in a different way.
- document the rules for finding packages more explicitly
- allow specifying PKG_PATH in pkg_install.conf as well; environment
takes precendence.
- remove PKG_PATH related logic in pkg_info(1), it doesn't deal with
PKG_PATH anyway
- remove PKG_PATH, PKG_TMPDIR and TMPDIR description in pkg_info(1),
they are no longer used
Always try to preserve the +PRESERVE file from the old package, even
when the new one has one as well. This fixes the update case for the
special case of pkg_install itself as reported by tron@.
Rewrite pkg_delete to expand the list of packages to delete first and
reorder it if necessary. It will bail out if it knows in advance that it
can't remove a package. It will also fail for errors while removing one
package, unless forced. Add an option to remove automatically installed
packages that are no longer used.
The pkgviews support is kept, but untested. The error handling for
pkgviews most of all is as weak as before.
Basic review from hubertf@, man page changes by bad@.
Fix pkg_delete -d:
- ignore @dirrm commands, directories are removed already on demand
- use local copy of dir before changing it, the caller expects it
unmodified for the call to pkgdb_remove
Print the error about missing build information even when the
+BUILD_INFO file is missing instead of segfaulting. The problem is from
PR 30276, a solution in the form of just installing it will not be
implemented.
- Restrict audit related commands to the documented set and/or fix the
documention.
- Add support for conditional fetch-pkg-vulnerabilities via -u option.
- DB support is always included from libnbcompat if needed
- pkg_view and linkfarm are not installed any more; they are not moved
into the attic yet, so they can easily be installed as separte package
- common configuration file to customise the behavior of various
components; this supersedes the old audit-packages.conf
- support for PKSC7 signatures (using X509 certs) and GPG signatures for
packages in a secure way. See pkg_admin(8) for how to create them and
pkg_install.conf(5) for the options to use them
- audit-packages and download-vulnerability-list are wrapper scripts
around pkg_admin. They try to mimic the classic options if used sanely.
"pkg_admin audit" is now an order of magnitude faster than before
- pkg_add uses libarchive and libfetch instead of external ftp and tar:
- progress bar is currently missing for downloads
- "pkg_add -" is no longer supported
- no adhoc check for conficts between dependencies and already
installed packages
- "pkg_add -s" has been replaced with an option in pkg_install.conf,
verification of plain detached GPG signatures is no longer supported
- optional check for vulnerabilities before adding a package
- if /var and /usr/pkg are on different fileystems it is twice as fast
now
- conflicts due to overlapping plists are checked before installation
- pkg_add no longer plays with the process limits
- pkg_add and pkg_delete have a new destdir option; scripts have to
either be modified to use PKG_DESTDIR or should be disabled
- pkg_add -u for now can't be used to update to the exact same version
- internal "rm -rf" and "mkdir_p" code
- all memory allocation failures are not explicitly fatal
- if a file is not removed due to a failed checksum, still remove the
entry from pkgdb
Merge from changes for read_plist from pkg_install-renovation to always
initialize the plist and add append_plist for the one case where this is
not desired. Fixes PR 39276.
Merge a number of bugfixes from the pkg_install-renovation branch:
- explicit include of nbcompat/md5.h
- use errx when dealing with libfetch as it doesn't set errno
- avoid optind = 0 as GNUish getopt will reset itself otherwise
doing an old-style bulk build on 4.0 or older systems:
- in mk/bulk/build, do "make update" instead of "make install + clean"
when installing a new pkg_install
- in pkgtools/pkg_install/Makefile, don't try to use our own
executables (${WORKDIR}/pkg_add/pkg_add etc.) if they don't exist
Discussed with joerg, and even though he's not entirely happy
with the latter change, he didn't appear to have a better suggestion.
This, and putting /usr/pkg/sbin earlier than /usr/sbin in the $PATH
appears to be required to get an old-style bulk build going.
Known regressions:
- "pkg_add -" (aka reading from stdin) is currently not supported
- "pkg_add -s" is not supported either
- no progress reports for the downloads
- binary packages with hardlinks created by pkg_create before
pkg_install-20080422 will not extract correctly (libarchive issue)
- no adhoc check for potential conflicts between dependencies and
already installed packages
Features:
- Twice as fast for the typical case of /var/tmp and /usr/pkg on
different filesystems
- Standalone
- implicit conflict detection before actual installation.
Make use of the linkresolver from libarchive and thereby fix the
permissions of hardlinks in archives. This wasn't a problem so far
as nbpax is (incorrectly) ignoring the permissions of the other entries.
Add audit-history subcommand for pkg_admin, that lists all known
vulnerabilities for a given base package name. E.g. if you run a web
server, don't run "pkg_admin audit-history php" before going to bed.
- When loading meta data for a package and a file is needed for the
current operation and is a required file, complain.
- Include the name of the package the meta data could not be loaded
from.
This addresses PR 38166.
Redo the check for incomplete packages by annotating which meta data
field are required and count which were found during reading the binary
package. The original approach didn't work as loads from pkgdb are
reduced to the minimal set.
Free libarchive's side of the package before closing the file descriptor.
This stops leaking up to 1MB / package when using bzip2 and addresses
PR 38082. Check that at least +COMMENTS, +CONTENTS and +DESC can be
extracted, otherwise skip the entry. This stops pkg_info -X from dumping
core on non-package files.
Add new parser for pkg_vulnerabilities, that handles decompress
transparently and internally. Preliminary tests with a modified
audit-packages show a speed increase by 2 for common operations
like listening all vulnerable installed packages.
Explicitly check in show_var that the buffer is non-NULL.
This can stops pkg_info -Q foo from segfaulting for explicitly
installed packages. Reported by Stoned Elipot.
libnbcompat.h already. So don't include sys/param.h and sys/mount.h in
it and remove the configure test for sys/mount.h.
While here, remove some #if 0'd code from pen.c.
Convert pkg_info to use libarchive instead of tar for binary package
handling. As a side effect pkg_info on remote packages will use
one FTP instance per argument, but will try to fetch only the meta data.
This reduces time for pkg_info -X on a full binary repository from 36.9s
to 18.1s for the cache hot case (PKG_TMPDIR on tmpfs for the old
pkg_info). Thanks to tnn@ for testing.
as 20071224. Changes include:
- better diagnostic for conflicting packages
- explicitly check already installed packages for conflicts with
to-be-installed package
- document pkg_admin rebuild-tree in usage
- man page fixes
- forcefully remove pkgdb entries (needed for user-usage in some cases)
This allows such settings as the following in audit-packages.conf:
FETCH_PRE_ARGS="env ftp_proxy://ftp.myproxy.com"
Which will be set before FETCH_CMD is run.
This was made a lot more critical with the changes to use the iteration
API, as that is running a lot more Dewey comparisions.
Thanks to adrianp and wiz for the reports.
Bump to 20070916.
buffer, but the size of a pointer to a buffer. This makes pkg_add -u
work again. It failed before, trying to rename the +REQUIRED_BY file to
"/us" or "/va", depending on the value of PKGDBDIR.
meaningful warning if the file is a symlink whose target doesn't exist.
The message has now been changed from:
pkg_admin: netbsd32_compat30-extras: File `/usr/pkg/emul/netbsd32/usr/lib/libm387.so' is in +CONTENTS but not on filesystem!
to:
pkg_admin: Symlink `/usr/pkg/emul/netbsd32/usr/lib/libm387.so' exists and is in +CONTENTS but target does not exist!
* Pass values for --sysconfdir (and --prefix) to the configure script
instead of passing them through CPPFLAGS. Both SYSCONFDIR and PREFIX
are only used by audit-packages, and the audit-packages Makefile
already handles passing these values inherited from the configure
script. This avoids compiler warnings that, e.g. SYSCONFDIR has been
redefined on the command line.
* Fix quoting for arguments to the configure script -- :Q instead of
\"\".
Bump version to 20070828. Reviewed by <joerg>.
PR# 36773 opened by David A. Holland.
While we're here look for settings with no values in audit-packages.conf
and ignore them.
Tighten up processing of audit-packages.conf for the situation where
settings are specified multiple times. (report from joerg@).
a subfunction.
Bail out if the package name doesn't have a version name.
Bail out if the internal rename failed (it was an assert before).
Invert some of the branches to cut off three levels of indirection.
the functionality offered by findmatchingname and findbestmatching
name. They optionally strip the suffix from the filename before
matching it, instead of modifying the pattern directly.
Drop the old functions.
- Fix a bug in pkg_order where the version strings where inverted
- Make pkg_admin lsbest and lsall use the new functions.
- Make ftpio use pkg_order directly.
Bump version to 20070812.
Reported by Greg Troxel on tech-pkg@
* Add -q which operates the same as 'pkg_info -q' and only displays
the package name of any vulnerable/eol packages found.
Suggestion by joerg@
* man page updates for -q
* Document the required permissions for audit-packages and
download-vulnerability-list in the man page.
possible cause of inconsistencies. Remove comment about make replace,
since it does not, absent pkgsrc/mk bugs, result in incorrect
dependency records.
packages (see pkg_info -e). Restore this behaviour. Still print a
warning when the pkgdb can't be processed.
Reported by Daniel Horecki and pointed to the option by tnn@.
mark_as_automatic_installed to take a package name and not a full path.
Add assertions to test for this.
Drop a few islinktodir checks.
Change pkg_info to use iterate_pkg_db instead of scanning the directory
by hand. As a side effect don't try to check for the pkgdb dir first,
let pkgdb_dump and iterate_pkg_db handle that.
Make pkgdb_dump return failure if it can't open the package db.
users of findbestmatchingname and findmatching name with more
descriptive and easier to use iterator functions. This functions
are a first step to abstract away pkgdb layout from most parts of
the code. It also helps to reduce side effects and point out potential
bugs in this code.
Fix a potential, but practically irrelevant buffer overflow.
No longer allow symbolic links directly in pkgdb to store the meta
data of individual packages outside. E.g. /var/db/pkg/atk-1.18.0
must be a directory and not point to it. This is not yet enforced in
all parts of the code, more changes will follow.
Bump version to 20070808.
- for pkg_create, split-off the package creation from the plist
processing. package creation is disabled for --enable-bootstrap
- change package creation to use libarchive
- add two options (-u and -g) to override file system ownership
- pkg_create now creates files in the tarball with correct owner/group
based on -u/-g or @owner/@group
- add a function to compute the +CONTENTS file in memory
Bump version to 20070802.
Review of a slightly older version by jlam@
instead of environment. This allows mk/flavor/pkg/resolve-dependencies
to execute '${PKG_ADMIN}': you can encounter this problem
on platforms in need of pkgtools/pkg_install because their native
pkg_* tools are older than PKGTOOLS_REQD, id est NetBSD 2.x and earlier.
Ok'ed joerg@.
- pkg_create bails out with -m
- pkg_add ignores mtree specs in packages and prints a warning.
It does not remove the file like before.
- remove now obsolete documentation.
pkg_info still prints the information and pkg_admin ignores the files.
Make the dependency on the tools a runtime dependency.
Take maintainership of pkg_install and bump version to 20070725.
Update to autoconf 2.61
Add checks for AC_TYPE_UINT{8,16,32,64}_T
Add checks for stdint.h
Change how config file notification works
If no IGNORE_URLS directive is found then just say that
Check that pkg-vulnerabilities exists before we try any operations on it
Use st_ctime as opposed to st_ctimespec.tv_sec as the former is SUSv3
This update should fix PR #36655 and go part way to fixing PR #36662
Thanks to tnn@ and joerg@ for suggested fixes and Yakovetsky Vladimir and
Stuart Shelton for testing and patches.
Rename pmatch to pkg_match and add new function pkg_order that
implements the order logic used by pkg_add internally.
Change the interface of findmatchingname's callback to take the pattern
used for the matching as first argument. The new pkg_order function
takes it and it doesn't hurt in other cases. Adjust callers and
corresponding callbacks accordingly.
Remove an unused matchfn typedef in dewey.c.
Bump to 20070720. OK jlam@
sense of pkg_tools_prefix and prefix in the sense of LOCALBASE.
This allows individual overriding for NetBSD.
Add the forgotten part to allow DESTDIR builds and the pkgsrc.7 man
page.
page. Fix build on !NetBSD. Rebuild man pages with nroff -mandoc on
NetBSD current for consistency. Make it DESTDIR safe. Remove the note
that src/usr.sbin/pkg_install is the authoritive version, it won't be
any longer.