From owner-svn-src-all@FreeBSD.ORG  Tue Apr 15 23:40:49 2014
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id EB2B034B;
 Tue, 15 Apr 2014 23:40:49 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CB36C1B2C;
 Tue, 15 Apr 2014 23:40:49 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3FNentW097801;
 Tue, 15 Apr 2014 23:40:49 GMT
 (envelope-from bdrewery@svn.freebsd.org)
Received: (from bdrewery@localhost)
 by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3FNemle097788;
 Tue, 15 Apr 2014 23:40:48 GMT
 (envelope-from bdrewery@svn.freebsd.org)
Message-Id: <201404152340.s3FNemle097788@svn.freebsd.org>
From: Bryan Drewery <bdrewery@FreeBSD.org>
Date: Tue, 15 Apr 2014 23:40:48 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject: svn commit: r264519 - in stable/8: etc etc/mtree etc/pkg share
 share/keys/pkg/trusted share/man/man7 usr.sbin/pkg
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 23:40:50 -0000

Author: bdrewery
Date: Tue Apr 15 23:40:47 2014
New Revision: 264519
URL: http://svnweb.freebsd.org/changeset/base/264519

Log:
  MFC Pkg configuration, known public key, and pkg(7) changes to align with pkg(8)
  
  This partially merges:
      r229068,r237795,r252048,r257145,r257147,r257150,r257150,r257159,r257164,
      r257168,r257344,r257344,r257667,r257668,r258227,r258550,r263937,r264420
  
  - etc/
    - Bring in current pkg configuration from head
    - Add /etc/pkg/ and /usr/share/keys to mtree
  - share/keys
    - Bring in trusted key fingerprint from head
  - share/man/man7
    - Document /usr/share/keys/pkg
  - usr.sbin/pkg
    - No longer create pkg.conf as it is deprecated in pkg(8).
    - Show security warning when bootstrapping.
      * This is a direct commit as the signature verification is not being
        MFC'd due to being too large.
  
  Discussed with:	bapt, gjb

Added:
  stable/8/etc/pkg/
     - copied from r257145, head/etc/pkg/
     - copied from r257344, head/share/keys/
Directory Properties:
  stable/8/share/keys/   (props changed)
Modified:
  stable/8/etc/Makefile
  stable/8/etc/mtree/BSD.root.dist
  stable/8/etc/mtree/BSD.usr.dist
  stable/8/etc/pkg/FreeBSD.conf
  stable/8/share/Makefile
  stable/8/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
  stable/8/share/man/man7/hier.7
  stable/8/usr.sbin/pkg/pkg.c
Directory Properties:
  stable/8/etc/   (props changed)
  stable/8/share/   (props changed)
  stable/8/share/man/   (props changed)
  stable/8/share/man/man7/   (props changed)
  stable/8/usr.sbin/pkg/   (props changed)

Modified: stable/8/etc/Makefile
==============================================================================
--- stable/8/etc/Makefile	Tue Apr 15 23:27:14 2014	(r264518)
+++ stable/8/etc/Makefile	Tue Apr 15 23:40:47 2014	(r264519)
@@ -172,6 +172,7 @@ distribution:
 	${_+_}cd ${.CURDIR}/devd; ${MAKE} install
 	${_+_}cd ${.CURDIR}/gss; ${MAKE} install
 	${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
+	${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
 	${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install
 	${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall
 	${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap

Modified: stable/8/etc/mtree/BSD.root.dist
==============================================================================
--- stable/8/etc/mtree/BSD.root.dist	Tue Apr 15 23:27:14 2014	(r264518)
+++ stable/8/etc/mtree/BSD.root.dist	Tue Apr 15 23:40:47 2014	(r264519)
@@ -52,6 +52,8 @@
             weekly
             ..
         ..
+        pkg
+        ..
         ppp
         ..
         rc.d

Modified: stable/8/etc/mtree/BSD.usr.dist
==============================================================================
--- stable/8/etc/mtree/BSD.usr.dist	Tue Apr 15 23:27:14 2014	(r264518)
+++ stable/8/etc/mtree/BSD.usr.dist	Tue Apr 15 23:40:47 2014	(r264519)
@@ -340,6 +340,14 @@
         ..
         info
         ..
+        keys
+            pkg
+                revoked
+                ..
+                trusted
+                ..
+            ..
+        ..
         locale
             UTF-8
             ..

Modified: stable/8/etc/pkg/FreeBSD.conf
==============================================================================
--- head/etc/pkg/FreeBSD.conf	Sat Oct 26 03:31:05 2013	(r257145)
+++ stable/8/etc/pkg/FreeBSD.conf	Tue Apr 15 23:40:47 2014	(r264519)
@@ -1,6 +1,16 @@
 # $FreeBSD$
+#
+# To disable this repository, instead of modifying or removing this file,
+# create a /usr/local/etc/pkg/repos/FreeBSD.conf file:
+#
+#   mkdir -p /usr/local/etc/pkg/repos
+#   echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
+#
+
 FreeBSD: {
-  url: "pkg+http://pkg.freebsd.org/${ABI}/latest",
+  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
   mirror_type: "srv",
-  enabled: "yes"
+  signature_type: "fingerprints",
+  fingerprints: "/usr/share/keys/pkg",
+  enabled: yes
 }

Modified: stable/8/share/Makefile
==============================================================================
--- stable/8/share/Makefile	Tue Apr 15 23:27:14 2014	(r264518)
+++ stable/8/share/Makefile	Tue Apr 15 23:40:47 2014	(r264519)
@@ -9,6 +9,7 @@ SUBDIR=	${_colldef} \
 	${_dict} \
 	${_doc} \
 	${_examples} \
+	keys \
 	${_man} \
 	${_me} \
 	misc \

Modified: stable/8/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
==============================================================================
--- head/share/keys/pkg/trusted/pkg.freebsd.org.2013102301	Tue Oct 29 15:07:54 2013	(r257344)
+++ stable/8/share/keys/pkg/trusted/pkg.freebsd.org.2013102301	Tue Apr 15 23:40:47 2014	(r264519)
@@ -1,5 +1,4 @@
 # $FreeBSD$
-# This key is for testing purposes only and will be revoked before 10.0-RELEASE
 
 function: "sha256"
 fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438"

Modified: stable/8/share/man/man7/hier.7
==============================================================================
--- stable/8/share/man/man7/hier.7	Tue Apr 15 23:27:14 2014	(r264518)
+++ stable/8/share/man/man7/hier.7	Tue Apr 15 23:40:47 2014	(r264519)
@@ -32,7 +32,7 @@
 .\"	@(#)hier.7	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd October 23, 2013
+.Dd October 29, 2013
 .Dt HIER 7
 .Os
 .Sh NAME
@@ -546,6 +546,16 @@ ASCII text files used by various games
 device description file for device name
 .It Pa info/
 GNU Info hypertext system
+.It Pa keys/
+known trusted and revoked keys.
+.Bl -tag -width ".Pa keys/pkg/" -compact
+.It Pa keys/pkg/
+fingerprints for
+.Xr pkg 7
+and
+.Xr pkg 8
+.El
+.Pp
 .It Pa locale/
 localization files;
 see

Modified: stable/8/usr.sbin/pkg/pkg.c
==============================================================================
--- stable/8/usr.sbin/pkg/pkg.c	Tue Apr 15 23:27:14 2014	(r264518)
+++ stable/8/usr.sbin/pkg/pkg.c	Tue Apr 15 23:40:47 2014	(r264519)
@@ -284,13 +284,10 @@ bootstrap_pkg(void)
 {
 	struct url *u;
 	FILE *remote;
-	FILE *config;
-	char *site;
 	struct dns_srvinfo *mirrors, *current;
 	/* To store _https._tcp. + hostname + \0 */
 	char zone[MAXHOSTNAMELEN + 13];
 	char url[MAXPATHLEN];
-	char conf[MAXPATHLEN];
 	char abi[BUFSIZ];
 	char tmppkg[MAXPATHLEN];
 	char buf[10240];
@@ -306,7 +303,6 @@ bootstrap_pkg(void)
 	max_retry = 3;
 	ret = -1;
 	remote = NULL;
-	config = NULL;
 	current = mirrors = NULL;
 
 	printf("Bootstrapping pkg please wait\n");
@@ -387,26 +383,6 @@ bootstrap_pkg(void)
 	if ((ret = extract_pkg_static(fd, pkgstatic, MAXPATHLEN)) == 0)
 		ret = install_pkg_static(pkgstatic, tmppkg);
 
-	snprintf(conf, MAXPATHLEN, "%s/etc/pkg.conf",
-	    getenv("LOCALBASE") ? getenv("LOCALBASE") : _LOCALBASE);
-
-	if (access(conf, R_OK) == -1) {
-		site = strrchr(url, '/');
-		if (site == NULL)
-			goto cleanup;
-		site[0] = '\0';
-		site = strrchr(url, '/');
-		if (site == NULL)
-			goto cleanup;
-		site[0] = '\0';
-
-		config = fopen(conf, "w+");
-		if (config == NULL)
-			goto cleanup;
-		fprintf(config, "packagesite: %s\n", url);
-		fclose(config);
-	}
-
 	goto cleanup;
 
 fetchfail:
@@ -423,7 +399,11 @@ cleanup:
 
 static const char confirmation_message[] =
 "The package management tool is not yet installed on your system.\n"
-"Do you want to fetch and install it now? [y/N]: ";
+"The mechanism for doing this is not secure on FreeBSD 8. To securely install\n"
+"pkg(8), use ports from a portsnap checkout:\n"
+"  # portsnap fetch extract\n"
+"  # make -C /usr/ports/ports-mgmt/pkg install clean\n"
+"Do you still want to fetch and install it now? [y/N]: ";
 
 static int
 pkg_query_yes_no(void)