[pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files/lib pkg_in...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files/lib pkg_in...
From: joerg <joerg%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 06:04:36 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/7aec311078e8
branches:  pkg_install-renovation
changeset: 541616:7aec311078e8
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Tue Jan 27 22:24:05 2009 +0000

description:
pkg_install-20090127:
Add options to specify user-id and keyrings for GPG operations.

diffstat:

 pkgtools/pkg_install/files/lib/gpgsig.c               |  10 +++++-----
 pkgtools/pkg_install/files/lib/lib.h                  |   8 ++++++--
 pkgtools/pkg_install/files/lib/parse-config.c         |  12 ++++++++++--
 pkgtools/pkg_install/files/lib/pkg_install.conf.5     |  13 +++++++++++--
 pkgtools/pkg_install/files/lib/pkg_install.conf.cat5  |  19 +++++++++++++++++--
 pkgtools/pkg_install/files/lib/pkg_signature.c        |   8 ++++----
 pkgtools/pkg_install/files/lib/version.h              |   4 ++--
 pkgtools/pkg_install/files/lib/vulnerabilities-file.c |   6 +++---
 8 files changed, 58 insertions(+), 22 deletions(-)

diffs (254 lines):

diff -r 47ec62e745bf -r 7aec311078e8 pkgtools/pkg_install/files/lib/gpgsig.c
--- a/pkgtools/pkg_install/files/lib/gpgsig.c   Tue Jan 27 21:44:23 2009 +0000
+++ b/pkgtools/pkg_install/files/lib/gpgsig.c   Tue Jan 27 22:24:05 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: gpgsig.c,v 1.1.2.1 2008/12/30 15:55:57 joerg Exp $     */
+/*     $NetBSD: gpgsig.c,v 1.1.2.2 2009/01/27 22:24:05 joerg Exp $     */
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -7,7 +7,7 @@
 #include <sys/cdefs.h>
 #endif
 
-__RCSID("$NetBSD: gpgsig.c,v 1.1.2.1 2008/12/30 15:55:57 joerg Exp $");
+__RCSID("$NetBSD: gpgsig.c,v 1.1.2.2 2009/01/27 22:24:05 joerg Exp $");
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -108,9 +108,9 @@
 }
 
 int
-inline_gpg_verify(const char *content, size_t len)
+inline_gpg_verify(const char *content, size_t len, const char *keyring)
 {
-       verify_signature(content, len, NULL, NULL);
+       verify_signature(content, len, keyring, NULL);
 
        return 0;
 }
@@ -212,7 +212,7 @@
                }
                if (keyring != NULL) {
                        *argvp++ = "--no-default-keyring";
-                       *argvp++ = "--keyring";
+                       *argvp++ = "--secret-keyring";
                        *argvp++ = keyring;
                }
 
diff -r 47ec62e745bf -r 7aec311078e8 pkgtools/pkg_install/files/lib/lib.h
--- a/pkgtools/pkg_install/files/lib/lib.h      Tue Jan 27 21:44:23 2009 +0000
+++ b/pkgtools/pkg_install/files/lib/lib.h      Tue Jan 27 22:24:05 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.42.2.17 2009/01/08 00:01:31 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.42.2.18 2009/01/27 22:24:05 joerg Exp $ */
 
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 
@@ -393,7 +393,7 @@
     const char *);
 #endif
 
-int inline_gpg_verify(const char *, size_t);
+int inline_gpg_verify(const char *, size_t, const char *);
 int detached_gpg_verify(const char *, size_t, const char *, size_t,
     const char *);
 int detached_gpg_sign(const char *, size_t, char **, size_t *, const char *,
@@ -416,6 +416,10 @@
 extern const char *config_file;
 extern const char *verified_installation;
 extern const char *gpg_cmd;
+extern const char *gpg_keyring_pkgvuln;
+extern const char *gpg_keyring_sign;
+extern const char *gpg_keyring_verify;
+extern const char *gpg_sign_as;
 extern char fetch_flags[];
 
 extern const char *pkg_vulnerabilities_dir;
diff -r 47ec62e745bf -r 7aec311078e8 pkgtools/pkg_install/files/lib/parse-config.c
--- a/pkgtools/pkg_install/files/lib/parse-config.c     Tue Jan 27 21:44:23 2009 +0000
+++ b/pkgtools/pkg_install/files/lib/parse-config.c     Tue Jan 27 22:24:05 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: parse-config.c,v 1.1.2.6 2009/01/08 00:01:31 joerg Exp $       */
+/*     $NetBSD: parse-config.c,v 1.1.2.7 2009/01/27 22:24:05 joerg Exp $       */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -8,7 +8,7 @@
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: parse-config.c,v 1.1.2.6 2009/01/08 00:01:31 joerg Exp $");
+__RCSID("$NetBSD: parse-config.c,v 1.1.2.7 2009/01/27 22:24:05 joerg Exp $");
 #endif
 
 /*-
@@ -61,6 +61,10 @@
 const char *check_vulnerabilities;
 const char *verified_installation;
 const char *gpg_cmd;
+const char *gpg_keyring_pkgvuln;
+const char *gpg_keyring_sign;
+const char *gpg_keyring_verify;
+const char *gpg_sign_as;
 const char *pkg_vulnerabilities_dir;
 const char *pkg_vulnerabilities_file;
 const char *pkg_vulnerabilities_url;
@@ -80,6 +84,10 @@
        { "GPG", &gpg_cmd },
        { "IGNORE_PROXY", &ignore_proxy },
        { "IGNORE_URL", &ignore_advisories },
+       { "GPG_KEYRING_PKGVULN", &gpg_keyring_pkgvuln },
+       { "GPG_KEYRING_SIGN", &gpg_keyring_sign },
+       { "GPG_KEYRING_VERIFY", &gpg_keyring_verify },
+       { "GPG_SIGN_AS", &gpg_sign_as },
        { "PKGVULNDIR", &pkg_vulnerabilities_dir },
        { "PKGVULNURL", &pkg_vulnerabilities_url },
        { "VERBOSE_NETIO", &verbose_netio },
diff -r 47ec62e745bf -r 7aec311078e8 pkgtools/pkg_install/files/lib/pkg_install.conf.5
--- a/pkgtools/pkg_install/files/lib/pkg_install.conf.5 Tue Jan 27 21:44:23 2009 +0000
+++ b/pkgtools/pkg_install/files/lib/pkg_install.conf.5 Tue Jan 27 22:24:05 2009 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: pkg_install.conf.5,v 1.1.2.5 2009/01/08 09:14:12 wiz Exp $
+.\"    $NetBSD: pkg_install.conf.5,v 1.1.2.6 2009/01/27 22:24:05 joerg Exp $
 .\"
 .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -80,7 +80,6 @@
 The user is always asked to confirm installation of vulnerable packages.
 .El
 .It Dv GPG
-Deprecated.
 Path to
 .Xr gpg 1 ,
 which can be used to verify the signature in the
@@ -89,6 +88,16 @@
 .Dl Ic pkg_admin check-pkg-vulnerabilities -s
 or
 .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s
+It can also be used to verify and sign binary packages.
+.It Dv GPG_KEYRING_PKGVULN
+Non-default keyring to use for verifying GPG signatures of
+.Pa pkg-vulnerabilities.
+.It Dv GPG_KEYRING_SIGN
+Non-default keyring to use for signing packages with GPG.
+.It Dv GPG_KEYRING_VERIFY
+Non-default keyring to use for verifying GPG signature of packages.
+.It Dv GPG_SIGN_AS
+User-id to use for signing packages.
 .It Dv IGNORE_PROXY
 Use direct connections and ignore
 .Ev FTP_PROXY
diff -r 47ec62e745bf -r 7aec311078e8 pkgtools/pkg_install/files/lib/pkg_install.conf.cat5
--- a/pkgtools/pkg_install/files/lib/pkg_install.conf.cat5      Tue Jan 27 21:44:23 2009 +0000
+++ b/pkgtools/pkg_install/files/lib/pkg_install.conf.cat5      Tue Jan 27 22:24:05 2009 +0000
@@ -44,11 +44,26 @@
              interactive    The user is always asked to confirm installation
                             of vulnerable packages.
 
-     GPG     Deprecated.  Path to gpg(1), which can be used to verify the sig-
-             nature in the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file when running
+     GPG     Path to gpg(1), which can be used to verify the signature in the
+             _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file when running
                    ppkkgg__aaddmmiinn cchheecckk--ppkkgg--vvuullnneerraabbiilliittiieess --ss
              or
                    ppkkgg__aaddmmiinn ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess --ss
+             It can also be used to verify and sign binary packages.
+
+     GPG_KEYRING_PKGVULN
+             Non-default keyring to use for verifying GPG signatures of
+             _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s_.
+
+     GPG_KEYRING_SIGN
+             Non-default keyring to use for signing packages with GPG.
+
+     GPG_KEYRING_VERIFY
+             Non-default keyring to use for verifying GPG signature of pack-
+             ages.
+
+     GPG_SIGN_AS
+             User-id to use for signing packages.
 
      IGNORE_PROXY
              Use direct connections and ignore FTP_PROXY and HTTP_PROXY.
diff -r 47ec62e745bf -r 7aec311078e8 pkgtools/pkg_install/files/lib/pkg_signature.c
--- a/pkgtools/pkg_install/files/lib/pkg_signature.c    Tue Jan 27 21:44:23 2009 +0000
+++ b/pkgtools/pkg_install/files/lib/pkg_signature.c    Tue Jan 27 22:24:05 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pkg_signature.c,v 1.1.2.7 2008/12/30 15:55:57 joerg Exp $      */
+/*     $NetBSD: pkg_signature.c,v 1.1.2.8 2009/01/27 22:24:05 joerg Exp $      */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: pkg_signature.c,v 1.1.2.7 2008/12/30 15:55:57 joerg Exp $");
+__RCSID("$NetBSD: pkg_signature.c,v 1.1.2.8 2009/01/27 22:24:05 joerg Exp $");
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -352,7 +352,7 @@
                        goto no_valid_signature;
                }
                has_sig = !detached_gpg_verify(hash_file, hash_len,
-                   signature_file, signature_len, NULL);
+                   signature_file, signature_len, gpg_keyring_verify);
 
                free(signature_file);
        } else {
@@ -636,7 +636,7 @@
        hash_file = tmp;
 
        if (detached_gpg_sign(hash_file, strlen(hash_file), &signature_file,
-           &signature_len, NULL, NULL))
+           &signature_len, gpg_keyring_sign, gpg_sign_as))
                err(EXIT_FAILURE, "Cannot sign hash file");
 
        lseek(fd, 0, SEEK_SET);
diff -r 47ec62e745bf -r 7aec311078e8 pkgtools/pkg_install/files/lib/version.h
--- a/pkgtools/pkg_install/files/lib/version.h  Tue Jan 27 21:44:23 2009 +0000
+++ b/pkgtools/pkg_install/files/lib/version.h  Tue Jan 27 22:24:05 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: version.h,v 1.102.2.20 2009/01/08 00:01:31 joerg Exp $ */
+/*     $NetBSD: version.h,v 1.102.2.21 2009/01/27 22:24:06 joerg Exp $ */
 
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
@@ -27,6 +27,6 @@
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
 
-#define PKGTOOLS_VERSION "20090108"
+#define PKGTOOLS_VERSION "20090127"
 
 #endif /* _INST_LIB_VERSION_H_ */
diff -r 47ec62e745bf -r 7aec311078e8 pkgtools/pkg_install/files/lib/vulnerabilities-file.c
--- a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c     Tue Jan 27 21:44:23 2009 +0000
+++ b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c     Tue Jan 27 22:24:05 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vulnerabilities-file.c,v 1.3.4.8 2008/12/30 15:55:57 joerg Exp $       */
+/*     $NetBSD: vulnerabilities-file.c,v 1.3.4.9 2009/01/27 22:24:06 joerg Exp $       */
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -38,7 +38,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: vulnerabilities-file.c,v 1.3.4.8 2008/12/30 15:55:57 joerg Exp $");
+__RCSID("$NetBSD: vulnerabilities-file.c,v 1.3.4.9 2009/01/27 22:24:06 joerg Exp $");
 
 #if HAVE_SYS_STAT_H
 #include <sys/stat.h>
@@ -109,7 +109,7 @@
                    "At least GPG or CERTIFICATE_ANCHOR_PKGVULN "
                    "must be configured");
        if (gpg_cmd != NULL)
-               inline_gpg_verify(input, input_len);
+               inline_gpg_verify(input, input_len, gpg_keyring_pkgvuln);
        if (certs_pkg_vulnerabilities != NULL)
                verify_signature_pkcs7(input);
 }
Prev by Date: [pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files/lib regen
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated databases/p5-DBD-mysql to 4.006
Previous by Thread: [pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install/files/lib regen
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated databases/p5-DBD-mysql to 4.006
Indexes:
Home | Main Index | Thread Index | Old Index