Known regressions:
- "pkg_add -" (aka reading from stdin) is currently not supported
- "pkg_add -s" is not supported either
- no progress reports for the downloads
- binary packages with hardlinks created by pkg_create before
pkg_install-20080422 will not extract correctly (libarchive issue)
- no adhoc check for potential conflicts between dependencies and
already installed packages
Features:
- Twice as fast for the typical case of /var/tmp and /usr/pkg on
different filesystems
- Standalone
- implicit conflict detection before actual installation.
Make use of the linkresolver from libarchive and thereby fix the
permissions of hardlinks in archives. This wasn't a problem so far
as nbpax is (incorrectly) ignoring the permissions of the other entries.
Add audit-history subcommand for pkg_admin, that lists all known
vulnerabilities for a given base package name. E.g. if you run a web
server, don't run "pkg_admin audit-history php" before going to bed.
- When loading meta data for a package and a file is needed for the
current operation and is a required file, complain.
- Include the name of the package the meta data could not be loaded
from.
This addresses PR 38166.
Redo the check for incomplete packages by annotating which meta data
field are required and count which were found during reading the binary
package. The original approach didn't work as loads from pkgdb are
reduced to the minimal set.
Free libarchive's side of the package before closing the file descriptor.
This stops leaking up to 1MB / package when using bzip2 and addresses
PR 38082. Check that at least +COMMENTS, +CONTENTS and +DESC can be
extracted, otherwise skip the entry. This stops pkg_info -X from dumping
core on non-package files.
Add new parser for pkg_vulnerabilities, that handles decompress
transparently and internally. Preliminary tests with a modified
audit-packages show a speed increase by 2 for common operations
like listening all vulnerable installed packages.
Explicitly check in show_var that the buffer is non-NULL.
This can stops pkg_info -Q foo from segfaulting for explicitly
installed packages. Reported by Stoned Elipot.
libnbcompat.h already. So don't include sys/param.h and sys/mount.h in
it and remove the configure test for sys/mount.h.
While here, remove some #if 0'd code from pen.c.
Convert pkg_info to use libarchive instead of tar for binary package
handling. As a side effect pkg_info on remote packages will use
one FTP instance per argument, but will try to fetch only the meta data.
This reduces time for pkg_info -X on a full binary repository from 36.9s
to 18.1s for the cache hot case (PKG_TMPDIR on tmpfs for the old
pkg_info). Thanks to tnn@ for testing.
as 20071224. Changes include:
- better diagnostic for conflicting packages
- explicitly check already installed packages for conflicts with
to-be-installed package
- document pkg_admin rebuild-tree in usage
- man page fixes
- forcefully remove pkgdb entries (needed for user-usage in some cases)
This allows such settings as the following in audit-packages.conf:
FETCH_PRE_ARGS="env ftp_proxy://ftp.myproxy.com"
Which will be set before FETCH_CMD is run.
This was made a lot more critical with the changes to use the iteration
API, as that is running a lot more Dewey comparisions.
Thanks to adrianp and wiz for the reports.
Bump to 20070916.
buffer, but the size of a pointer to a buffer. This makes pkg_add -u
work again. It failed before, trying to rename the +REQUIRED_BY file to
"/us" or "/va", depending on the value of PKGDBDIR.
meaningful warning if the file is a symlink whose target doesn't exist.
The message has now been changed from:
pkg_admin: netbsd32_compat30-extras: File `/usr/pkg/emul/netbsd32/usr/lib/libm387.so' is in +CONTENTS but not on filesystem!
to:
pkg_admin: Symlink `/usr/pkg/emul/netbsd32/usr/lib/libm387.so' exists and is in +CONTENTS but target does not exist!
* Pass values for --sysconfdir (and --prefix) to the configure script
instead of passing them through CPPFLAGS. Both SYSCONFDIR and PREFIX
are only used by audit-packages, and the audit-packages Makefile
already handles passing these values inherited from the configure
script. This avoids compiler warnings that, e.g. SYSCONFDIR has been
redefined on the command line.
* Fix quoting for arguments to the configure script -- :Q instead of
\"\".
Bump version to 20070828. Reviewed by <joerg>.
PR# 36773 opened by David A. Holland.
While we're here look for settings with no values in audit-packages.conf
and ignore them.
Tighten up processing of audit-packages.conf for the situation where
settings are specified multiple times. (report from joerg@).
a subfunction.
Bail out if the package name doesn't have a version name.
Bail out if the internal rename failed (it was an assert before).
Invert some of the branches to cut off three levels of indirection.
the functionality offered by findmatchingname and findbestmatching
name. They optionally strip the suffix from the filename before
matching it, instead of modifying the pattern directly.
Drop the old functions.
- Fix a bug in pkg_order where the version strings where inverted
- Make pkg_admin lsbest and lsall use the new functions.
- Make ftpio use pkg_order directly.
Bump version to 20070812.
Reported by Greg Troxel on tech-pkg@
* Add -q which operates the same as 'pkg_info -q' and only displays
the package name of any vulnerable/eol packages found.
Suggestion by joerg@
* man page updates for -q
* Document the required permissions for audit-packages and
download-vulnerability-list in the man page.
possible cause of inconsistencies. Remove comment about make replace,
since it does not, absent pkgsrc/mk bugs, result in incorrect
dependency records.
packages (see pkg_info -e). Restore this behaviour. Still print a
warning when the pkgdb can't be processed.
Reported by Daniel Horecki and pointed to the option by tnn@.
mark_as_automatic_installed to take a package name and not a full path.
Add assertions to test for this.
Drop a few islinktodir checks.
Change pkg_info to use iterate_pkg_db instead of scanning the directory
by hand. As a side effect don't try to check for the pkgdb dir first,
let pkgdb_dump and iterate_pkg_db handle that.
Make pkgdb_dump return failure if it can't open the package db.
users of findbestmatchingname and findmatching name with more
descriptive and easier to use iterator functions. This functions
are a first step to abstract away pkgdb layout from most parts of
the code. It also helps to reduce side effects and point out potential
bugs in this code.
Fix a potential, but practically irrelevant buffer overflow.
No longer allow symbolic links directly in pkgdb to store the meta
data of individual packages outside. E.g. /var/db/pkg/atk-1.18.0
must be a directory and not point to it. This is not yet enforced in
all parts of the code, more changes will follow.
Bump version to 20070808.
- for pkg_create, split-off the package creation from the plist
processing. package creation is disabled for --enable-bootstrap
- change package creation to use libarchive
- add two options (-u and -g) to override file system ownership
- pkg_create now creates files in the tarball with correct owner/group
based on -u/-g or @owner/@group
- add a function to compute the +CONTENTS file in memory
Bump version to 20070802.
Review of a slightly older version by jlam@
instead of environment. This allows mk/flavor/pkg/resolve-dependencies
to execute '${PKG_ADMIN}': you can encounter this problem
on platforms in need of pkgtools/pkg_install because their native
pkg_* tools are older than PKGTOOLS_REQD, id est NetBSD 2.x and earlier.
Ok'ed joerg@.
- pkg_create bails out with -m
- pkg_add ignores mtree specs in packages and prints a warning.
It does not remove the file like before.
- remove now obsolete documentation.
pkg_info still prints the information and pkg_admin ignores the files.
Make the dependency on the tools a runtime dependency.
Take maintainership of pkg_install and bump version to 20070725.
Update to autoconf 2.61
Add checks for AC_TYPE_UINT{8,16,32,64}_T
Add checks for stdint.h
Change how config file notification works
If no IGNORE_URLS directive is found then just say that
Check that pkg-vulnerabilities exists before we try any operations on it
Use st_ctime as opposed to st_ctimespec.tv_sec as the former is SUSv3
This update should fix PR #36655 and go part way to fixing PR #36662
Thanks to tnn@ and joerg@ for suggested fixes and Yakovetsky Vladimir and
Stuart Shelton for testing and patches.
Rename pmatch to pkg_match and add new function pkg_order that
implements the order logic used by pkg_add internally.
Change the interface of findmatchingname's callback to take the pattern
used for the matching as first argument. The new pkg_order function
takes it and it doesn't hurt in other cases. Adjust callers and
corresponding callbacks accordingly.
Remove an unused matchfn typedef in dewey.c.
Bump to 20070720. OK jlam@
sense of pkg_tools_prefix and prefix in the sense of LOCALBASE.
This allows individual overriding for NetBSD.
Add the forgotten part to allow DESTDIR builds and the pkgsrc.7 man
page.
page. Fix build on !NetBSD. Rebuild man pages with nroff -mandoc on
NetBSD current for consistency. Make it DESTDIR safe. Remove the note
that src/usr.sbin/pkg_install is the authoritive version, it won't be
any longer.
When fixing vsftpd, other FTP server were broken as they return
different error codes for unmatching glob patterns. Basically ignore the
error code and just try the other pattern. chdir errors are still
considered fatal.
Bump version to 20070715.
Merge of audit-packages with various improvements:
* Version 20070714
Initial release of re-write in C
Add support for notfication of eol packages (-e)
Multiple levels of verbosity (e.g. -v -v)
Specify a custom config file to use (-c)
Query running config values (-Q)
Default to download .gz compress pkg-vulnerabilities file
Support for .bz2 compress pkg-vulnerabilities file
Verify signature on downloaded files (-s)
Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback
and testing.
Some FTP server don't expand [] in NLIST, most noticable is vsftpd.
Avoid this by splitting the wildcard search pattern into two commands.
Sync some other minor changes.
Bump to 20070416.
- obsolete support for require scripts
- nuke support for the following options of pkg_create:
-X (excludefile)
-r (require script)
-h (Force follow symlink)
- add option for pkg_create to specify additional @blddep packages.
This brings us to version 20070308.
If a plist contains @owner or @group entries and first rename failed,
pushout was called with NULL argument. This has the semantic of using a
working directory of "/", even though already read plist entries are
relative to prefix. The calls to chown and chgrp therefore end up with
the wrong arguments for the current directory. To compensate for this,
don't pushout the first time. As plists are not supposed to have
multiple @cwd entries anymore, this could most likely be simplified, but
that is outside the scope of this commit.
Merge lib/plist.c, rev 1.51:
When processing symlinks in pkg_delete and the call to readlink failed,
it often helps to know why, so use warn instead of warnx.
Bump version to 20061103.
Fix uninitialized variable which was causing pkg_add -u to randomly
dump core. This may fix PR pkg/30292.
Also bump the pkgsrc PKGTOOLS_VERSION to 20060720.
its own set of commands. One of these invoked "deinstall" with
UPDATE_RUNNING set to "YES"; however, UPDATE_RUNNING was made into a
pkgsrc private variable a little while ago. Fix "update" by setting
_UPDATE_RUNNING instead. This fixes PR pkg/33716.
variable to show whether the package supports running the check-files
target.
Set CHECK_FILES_SUPPORTED to "no" in pkgtools/pkg_install in the case
where the PREFIX does not match ${LOCALBASE} it's likely the tools are
being installed in some place that's completely outside pkgsrc control,
and check-files fails horribly in that case.
Add support for creating summary file containing all information
about a package repository needed by package managing software.
This allows better use of remote binary package repositories.
Discussed on tech-pkg.
pkg_add also check for USE_ABI_DEPENDS.
Check if USE_ABI_DEPENDS or IGNORE_RECOMMENDED was set
when this package was built. IGNORE_RECOMMENDED is now historical.
For the cat man page, I manually made it say "pkgsrc" instead of
"NetBSD".
I committed to NetBSD's src/usr.sbin/pkg_install/ first :)
