Sat Apr 25 21:31:14 2009 UTC ()

pkg_install-20090425:
Add logic to evaluate license conditions. As frontend for pkgsrc,
pkg_admin gets two new commands (check-license and
check-single-license), which can be used to evaluate a given condition.
pkg_add will be changed to honour licenses at a later point.


(joerg)

--- pkgsrc/pkgtools/pkg_install/files/admin/main.c 2009/04/24 14:00:25 1.51
+++ pkgsrc/pkgtools/pkg_install/files/admin/main.c 2009/04/25 21:31:13 1.52

 @@ -1,23 +1,23 @@
-/*	$NetBSD: main.c,v 1.51 2009/04/24 14:00:25 joerg Exp $	*/
+/*	$NetBSD: main.c,v 1.52 2009/04/25 21:31:13 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: main.c,v 1.51 2009/04/24 14:00:25 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.52 2009/04/25 21:31:13 joerg Exp $");
 /*-
  * Copyright (c) 1999-2008 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Hubert Feyrer <hubert@feyrer.de> and
  * by Joerg Sonnenberger <joerg@NetBSD.org>.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
 @@ -100,26 +100,28 @@ usage(void)
 	    " delete pkg ...              - delete file entries for pkg in database\n"
 	    " set variable=value pkg ...  - set installation variable for package\n"
 	    " unset variable pkg ...      - unset installation variable for package\n"
 	    " lsall /path/to/pkgpattern   - list all pkgs matching the pattern\n"
 	    " lsbest /path/to/pkgpattern  - list pkgs matching the pattern best\n"
 	    " dump                        - dump database\n"
 	    " pmatch pattern pkg          - returns true if pkg matches pattern, otherwise false\n"
 	    " fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n"
 	    " check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n"
 	    " audit [-es] [-t type] ...       - check installed packages for vulnerabilities\n"
 	    " audit-pkg [-es] [-t type] ...   - check listed packages for vulnerabilities\n"
 	    " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n"
 	    " audit-history [-t type] ...     - print all advisories for package names\n"
 	    " check-license <condition>       - check if condition is acceptable\n"
 	    " check-single-license <license>  - check if license is acceptable\n"
 	    " config-var name                 - print current value of the configuration variable\n"
 	    " check-signature ...             - verify the signature of packages\n"
 	    " x509-sign-package pkg spkg key cert  - create X509 signature\n"
 	    " gpg-sign-package pkg spkg       - create GPG signature\n",
 	    getprogname());
 	exit(EXIT_FAILURE);
+}
 /*
  * add1pkg(<pkg>)
  *	adds the files listed in the +CONTENTS of <pkg> into the
  *	pkgdb.byfile.db database file in the current package dbdir.  It
  *	returns the number of files added to the database file.
 @@ -514,26 +516,57 @@ main(int argc, char *argv[])
 			argv++;
+		}
 	} else if (strcasecmp(argv[0], "set") == 0) {
 		argv++;		/* "set" */
 		set_unset_variable(argv, FALSE);
 	} else if (strcasecmp(argv[0], "unset") == 0) {
 		argv++;		/* "unset" */
 		set_unset_variable(argv, TRUE);
 	} else if (strcasecmp(argv[0], "config-var") == 0) {
 		argv++;
 		if (argv == NULL || argv[1] != NULL)
 			errx(EXIT_FAILURE, "config-var takes exactly one argument");
 		pkg_install_show_variable(argv[0]);
 	} else if (strcasecmp(argv[0], "check-license") == 0) {
 		if (argv[1] == NULL)
 			errx(EXIT_FAILURE, "check-license takes exactly one argument");
 		load_license_lists();
 		switch (acceptable_pkg_license(argv[1])) {
 		case 0:
 			puts("no");
 			return 0;
 		case 1:
 			puts("yes");
 			return 0;
 		case -1:
 			errx(EXIT_FAILURE, "invalid license condition");
+		}
 	} else if (strcasecmp(argv[0], "check-single-license") == 0) {
 		if (argv[1] == NULL)
 			errx(EXIT_FAILURE, "check-license takes exactly one argument");
 		load_license_lists();
 		switch (acceptable_license(argv[1])) {
 		case 0:
 			puts("no");
 			return 0;
 		case 1:
 			puts("yes");
 			return 0;
 		case -1:
 			errx(EXIT_FAILURE, "invalid license");
+		}
+	}
 #ifndef BOOTSTRAP
 	else if (strcasecmp(argv[0], "fetch-pkg-vulnerabilities") == 0) {
 		fetch_pkg_vulnerabilities(--argc, ++argv);
 	} else if (strcasecmp(argv[0], "check-pkg-vulnerabilities") == 0) {
 		check_pkg_vulnerabilities(--argc, ++argv);
 	} else if (strcasecmp(argv[0], "audit") == 0) {
 		audit_pkgdb(--argc, ++argv);
 	} else if (strcasecmp(argv[0], "audit-pkg") == 0) {
 		audit_pkg(--argc, ++argv);
 	} else if (strcasecmp(argv[0], "audit-batch") == 0) {
 		audit_batch(--argc, ++argv);
 	} else if (strcasecmp(argv[0], "audit-history") == 0) {

--- pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1 2009/04/22 19:13:54 1.22
+++ pkgsrc/pkgtools/pkg_install/files/admin/pkg_admin.1 2009/04/25 21:31:13 1.23

 @@ -1,16 +1,16 @@
-.\"	$NetBSD: pkg_admin.1,v 1.22 2009/04/22 19:13:54 joerg Exp $
+.\"	$NetBSD: pkg_admin.1,v 1.23 2009/04/25 21:31:13 joerg Exp $
 .\"
-.\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc.
+.\" Copyright (c) 1999-2009 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This code is derived from software contributed to The NetBSD Foundation
 .\" by Hubert Feyrer <hubert@feyrer.de>.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 @@ -24,27 +24,27 @@
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 .\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd May 30, 2008
+.Dd April 25, 2009
 .Dt PKG_ADMIN 1
 .Os
 .Sh NAME
 .Nm pkg_admin
 .Nd perform various administrative tasks to the pkg system
 .Sh SYNOPSIS
 .Nm
 .Op Fl bqSvV
 .Op Fl C Ar config
 .Op Fl d Ar lsdir
 .Op Fl K Ar pkg_dbdir
 .Op Fl s Ar sfx_pattern
 .Ar command Op args ...
 @@ -150,36 +150,48 @@ value at package installation time.
 If no additional argument is given, the files of all installed packages
 are checked, else only the named packages will be checked (wildcards can
 be used here, see
 .Xr pkg_info 1 ) .
 .Pp
 The packages'
 .Pa +CONTENTS
 files will be parsed and the
 checksum will be checked for every file found.
 A warning message is printed if the expected checksum differs from the
 checksum of the file on disk.
 Symbolic links are also checked, ensuring that the targets on disk are
 the same as the contents recorded at package installation time.
 .It Cm check-license Ar condition
 Check if
 .Ar condition
 can be fulfilled with the currently set of accepted licenses.
 Prints either yes or no to stdout if the condition can be parsed,
 otherwise it exits with error.
 .It Cm check-pkg-vulnerabilities Oo Fl s Oc Ar file
 Check format and hashes in the pkg-vulnerabilities file
 .Ar file .
 If
 .Fl s
 is given, also check the embedded signature.
 .It Cm check-signature Ar file ...
 Reports if
 .Ar file
 is a correctly signed package.
 .It Cm check-single-license Ar liccense
 Check if
 .Ar license
 is a valid license name and if it is in the set of acceptable licenses.
 Prints either yes or no to stdout if the condition can be parsed,
 otherwise it exits with error.
 .It Cm config-var Ar variable
 Print the current value of
 .Ar variable
 as used after parsing the configuration file.
 .It Cm delete Ar pkg ...
 For each listed package, remove all file entries in the package database that
 belong to the package.
 This should be used only by
 .Xr pkg_view 1 .
 .It Cm dump
 Dump the contents of the package database, similar to
 .Cm pkg_info -F .
 Columns are printed for the key field used in the pkgdb - the filename -,

--- pkgsrc/pkgtools/pkg_install/files/lib/Makefile.in 2009/02/28 16:03:56 1.26
+++ pkgsrc/pkgtools/pkg_install/files/lib/Makefile.in 2009/04/25 21:31:13 1.27

 @@ -1,14 +1,14 @@
-# $NetBSD: Makefile.in,v 1.26 2009/02/28 16:03:56 joerg Exp $
+# $NetBSD: Makefile.in,v 1.27 2009/04/25 21:31:13 joerg Exp $
 srcdir=		@srcdir@
 pkgdbdir=	@pkgdbdir@
 mandir=		@mandir@
 datarootdir=	@datarootdir@
 sysconfdir=	@sysconfdir@
 cat5dir=	$(mandir)/cat5
 cat7dir=	$(mandir)/cat7
 man5dir=	$(mandir)/man5
 man7dir=	$(mandir)/man7
 @@ -17,27 +17,27 @@ SSL_SUPPORT=	@ssl_support@
 RANLIB=		@RANLIB@
 AR=		@AR@
 CC=		@CC@
 CPPFLAGS=	@CPPFLAGS@ -I. -I$(srcdir)
 DEFS=		@DEFS@ -DDEF_LOG_DIR=\"$(pkgdbdir)\"
 CFLAGS=		@CFLAGS@
 INSTALL=	@INSTALL@
 LIB=	libinstall.a
 OBJS=	automatic.o conflicts.o decompress.o dewey.o fexec.o file.o \
-	gpgsig.o global.o iterate.o lpkg.o opattern.o \
+	gpgsig.o global.o iterate.o license.o lpkg.o opattern.o \
 	parse-config.o pkgdb.o plist.o remove.o \
 	str.o var.o version.o vulnerabilities-file.o xwrapper.o
 CPPFLAGS+=	-DSYSCONFDIR=\"$(sysconfdir)\"
 .if !empty(BOOTSTRAP)
 CPPFLAGS+=	-DBOOTSTRAP
 .else
 OBJS+=	pkg_io.o pkg_signature.o
 .endif
 .if !empty(SSL_SUPPORT)
 CPPFLAGS+=	-DHAVE_SSL

--- pkgsrc/pkgtools/pkg_install/files/lib/lib.h 2009/04/24 14:00:26 1.54
+++ pkgsrc/pkgtools/pkg_install/files/lib/lib.h 2009/04/25 21:31:13 1.55

 @@ -1,14 +1,14 @@
-/* $NetBSD: lib.h,v 1.54 2009/04/24 14:00:26 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.55 2009/04/25 21:31:13 joerg Exp $ */
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 /*
  * FreeBSD install - a package for the installation and maintainance
  * of non-core utilities.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
 @@ -389,26 +389,33 @@ void pkg_sign_gpg(const char *, const ch
 /* PKCS7 signing/verification */
 int easy_pkcs7_verify(const char *, size_t, const char *, size_t,
     const char *, int);
 int easy_pkcs7_sign(const char *, size_t, char **, size_t *, const char *,
     const char *);
 #endif
 int inline_gpg_verify(const char *, size_t, const char *);
 int detached_gpg_verify(const char *, size_t, const char *, size_t,
     const char *);
 int detached_gpg_sign(const char *, size_t, char **, size_t *, const char *,
     const char *);
 /* License handling */
 int add_licenses(const char *);
 int acceptable_license(const char *);
 int acceptable_pkg_license(const char *);
 void load_license_lists(void);
 /* Helper functions for memory allocation */
 char *xstrdup(const char *);
 void *xrealloc(void *, size_t);
 void *xcalloc(size_t, size_t);
 void *xmalloc(size_t);
 char *xasprintf(const char *, ...);
 /* Externs */
 extern Boolean Verbose;
 extern Boolean Fake;
 extern Boolean Force;
 extern const char *cert_chain_file;
 extern const char *certs_packages;
 extern const char *certs_pkg_vulnerabilities;
 @@ -419,14 +426,17 @@ extern const char *verified_installation
 extern const char *gpg_cmd;
 extern const char *gpg_keyring_pkgvuln;
 extern const char *gpg_keyring_sign;
 extern const char *gpg_keyring_verify;
 extern const char *gpg_sign_as;
 extern char fetch_flags[];
 extern const char *pkg_vulnerabilities_dir;
 extern const char *pkg_vulnerabilities_file;
 extern const char *pkg_vulnerabilities_url;
 extern const char *ignore_advisories;
 extern const char tnf_vulnerability_base[];
 extern const char *acceptable_licenses;
 extern const char *default_acceptable_licenses;
 #endif				/* _INST_LIB_LIB_H_ */

/*	$NetBSD: license.c,v 1.1 2009/04/25 21:31:14 joerg Exp $	*/

/*-
 * Copyright (c) 2009 Joerg Sonnenberger <joerg@NetBSD.org>.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#if HAVE_CONFIG_H
#include "config.h"
#endif

#include <nbcompat.h>

#if HAVE_ERR_H
#include <err.h>
#endif
#include <stdlib.h>
#include <string.h>

#include "lib.h"

#define	HASH_SIZE	521

const char *default_acceptable_licenses =
    "public-domain "
    "gnu-gpl-v2 "
    "gnu-lgpl-v2 gnu-lgpl-v2.1 "
    "gnu-gpl-v3 gnu-lgpl-v3 "
    "original-bsd modified-bsd x11 "
    "apache-2.0 "
    "artistic artistic-2.0 "
    "cddl-1.0 "
    "open-font-license ";

#ifdef DEBUG
static size_t hash_collisions;
#endif

static char **license_hash[HASH_SIZE];
static const char license_spaces[] = " \t\n";
static const char license_chars[] = "abcdefghijklmnopqrstuvwxyz0123456789_-.";

static size_t
hash_license(const char *license, size_t len)
{
	size_t hash;

	for (hash = 0; *license && len; ++license, --len)
		hash = *license + hash * 32;
	return hash % HASH_SIZE;
}

static void
add_license_internal(const char *license, size_t len)
{
	char *new_license;
	size_t slot, i;

	slot = hash_license(license, len);

	new_license = malloc(len + 1);
	memcpy(new_license, license, len);
	new_license[len] = '\0';

	if (license_hash[slot] == NULL) {
		license_hash[slot] = calloc(sizeof(char *), 2);
		license_hash[slot][0] = new_license;
	} else {
		for (i = 0; license_hash[slot][i]; ++i) {
			if (!memcmp(license_hash[slot][i], license, len) &&
			    license_hash[slot][i][len] == '\0') {
				free(new_license);
				return;
			}
		}

#ifdef DEBUG
		++hash_collisions;
#endif

		license_hash[slot] = realloc(license_hash[slot],
		    sizeof(char *) * (i + 2));
		license_hash[slot][i] = new_license;
		license_hash[slot][i + 1] = NULL;
	}
}

int
add_licenses(const char *line)
{
	const char *next;

	if (line == NULL)
		return 0;

	for (line += strspn(line, license_spaces); line; ) {
		next = line + strspn(line, license_chars);
		if (next == line)
			return *line ? -1 : 0;
		add_license_internal(line, next - line);
		line = next + strspn(next, license_spaces);
		if (next == line)
			return *line ? -1 : 0;
	}
	return 0;
}

static int
acceptable_license_internal(const char *license, size_t len)
{
	size_t slot, i;

	slot = hash_license(license, len);

	if (license_hash[slot] == NULL)
		return 0;

	for (i = 0; license_hash[slot][i]; ++i) {
		if (strncmp(license_hash[slot][i], license, len) == 0 &&
		    license_hash[slot][i][len] == '\0')
			return 1;
	}

	return 0;
}

int
acceptable_license(const char *license)
{
	size_t len;

	len = strlen(license);
	if (strspn(license, license_chars) != len)
		return -1;

	return acceptable_license_internal(license, len);
}

static int
acceptable_pkg_license_internal(const char **licensep, int toplevel)
{
	const char *license = *licensep;
	int need_parenthesis, is_true = 0;
	int expr_type = 0; /* 0: unset, 1: or, 2: and */
	size_t len;

	license += strspn(license, license_spaces);

	if (*license == '(' && !toplevel) {
		need_parenthesis = 1;
		++license;
		license += strspn(license, license_spaces);
	} else {
		need_parenthesis = 0;
	}

	for (;;) {
		if (*license == '(') {
			switch (acceptable_pkg_license_internal(&license, 0)) {
			case -1:
				return -1;
			case 0:
				if (expr_type == 2)
					is_true = 0;
				break;
			case 1:
				is_true = 1;
				break;
			}
			license += strspn(license, license_spaces);
		} else {
			len = strspn(license, license_chars);
			if (len == 0)
				return -1;

			if (acceptable_license_internal(license, len)) {
				if (expr_type != 2)
					is_true = 1;
			} else if (expr_type == 2) {
				is_true = 0;
			}

			license += len;

			len = strspn(license, license_spaces);
			if (len == 0 && *license && *license  != ')')
				return -1;
			license += len;
		}

		if (*license == ')') {
			if (!need_parenthesis)
				return -1;
			*licensep = license + 1;
			return is_true;
		}
		if (*license == '\0') {
			if (need_parenthesis)
				return -1;
			*licensep = license;
			return is_true;
		}

		if (strncmp(license, "AND", 3) == 0) {
			if (expr_type == 1)
				return -1;
			expr_type = 2;
			license += 3;
		} else if (strncmp(license, "OR", 2) == 0) {
			if (expr_type == 2)
				return -1;
			expr_type = 1;
			license += 2;
		} else {
			return -1;
		}
		len = strspn(license, license_spaces);
		if (len == 0 && *license != '(')
			return -1;
		license += len;
	}

	return is_true;
}

int
acceptable_pkg_license(const char *license)
{
	int ret;

	ret = acceptable_pkg_license_internal(&license, 1);
	if (ret == -1)
		return -1;
	license += strspn(license, license_spaces);
	if (*license)
		return -1;
	return ret;
}

void
load_license_lists(void)
{
	if (add_licenses(getenv("PKGSRC_ACCEPTABLE_LICENSES")))
		errx(EXIT_FAILURE, "syntax error in PKGSRC_ACCEPTABLE_LICENSES");
	if (add_licenses(acceptable_licenses))
		errx(EXIT_FAILURE, "syntax error in ACCEPTABLE_LICENSES");
	if (add_licenses(getenv("PKGSRC_DEFAULT_ACCEPTABLE_LICENSES")))
		errx(EXIT_FAILURE, "syntax error in PKGSRC_DEFAULT_ACCEPTABLE_LICENSES");
	if (add_licenses(default_acceptable_licenses))
		errx(EXIT_FAILURE, "syntax error in DEFAULT_ACCEPTABLE_LICENSES");
}

--- pkgsrc/pkgtools/pkg_install/files/lib/parse-config.c 2009/02/28 16:03:56 1.4
+++ pkgsrc/pkgtools/pkg_install/files/lib/parse-config.c 2009/04/25 21:31:14 1.5

 @@ -1,23 +1,23 @@
-/*	$NetBSD: parse-config.c,v 1.4 2009/02/28 16:03:56 joerg Exp $	*/
+/*	$NetBSD: parse-config.c,v 1.5 2009/04/25 21:31:14 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: parse-config.c,v 1.4 2009/02/28 16:03:56 joerg Exp $");
+__RCSID("$NetBSD: parse-config.c,v 1.5 2009/04/25 21:31:14 joerg Exp $");
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
 @@ -58,38 +58,40 @@ const char *certs_packages;
 const char *certs_pkg_vulnerabilities;
 const char *check_vulnerabilities;
 const char *config_pkg_path;
 const char *verified_installation;
 const char *gpg_cmd;
 const char *gpg_keyring_pkgvuln;
 const char *gpg_keyring_sign;
 const char *gpg_keyring_verify;
 const char *gpg_sign_as;
 const char *pkg_vulnerabilities_dir;
 const char *pkg_vulnerabilities_file;
 const char *pkg_vulnerabilities_url;
 const char *ignore_advisories = NULL;
 const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns";
 const char *acceptable_licenses = NULL;
 static struct config_variable {
 	const char *name;
 	const char **var;
 } config_variables[] = {
 	{ "ACCEPTABLE_LICENSES", &acceptable_licenses },
 	{ "ACTIVE_FTP", &active_ftp },
 	{ "CERTIFICATE_ANCHOR_PKGS", &certs_packages },
 	{ "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities },
 	{ "CERTIFICATE_CHAIN", &cert_chain_file },
 	{ "CHECK_VULNERABILITIES", &check_vulnerabilities },
 	{ "DEFAULT_ACCEPTABLE_LICENSES", &default_acceptable_licenses },
 	{ "GPG", &gpg_cmd },
 	{ "GPG_KEYRING_PKGVULN", &gpg_keyring_pkgvuln },
 	{ "GPG_KEYRING_SIGN", &gpg_keyring_sign },
 	{ "GPG_KEYRING_VERIFY", &gpg_keyring_verify },
 	{ "GPG_SIGN_AS", &gpg_sign_as },
 	{ "IGNORE_PROXY", &ignore_proxy },
 	{ "IGNORE_URL", &ignore_advisories },
 	{ "PKG_PATH", &config_pkg_path },
 	{ "PKGVULNDIR", &pkg_vulnerabilities_dir },
 	{ "PKGVULNURL", &pkg_vulnerabilities_url },
 	{ "VERBOSE_NETIO", &verbose_netio },
 	{ "VERIFIED_INSTALLATION", &verified_installation },
 	{ NULL, NULL }

--- pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in 2009/03/10 20:33:43 1.5
+++ pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in 2009/04/25 21:31:14 1.6

 @@ -1,14 +1,14 @@
-.\"	$NetBSD: pkg_install.conf.5.in,v 1.5 2009/03/10 20:33:43 joerg Exp $
+.\"	$NetBSD: pkg_install.conf.5.in,v 1.6 2009/04/25 21:31:14 joerg Exp $
 .\"
 .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This code is derived from software contributed to The NetBSD Foundation
 .\" by Thomas Klausner.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 @@ -17,47 +17,49 @@
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 .\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd February 27, 2009
+.Dd April 25, 2009
 .Dt PKG_INSTALL.CONF 5
 .Os
 .Sh NAME
 .Nm pkg_install.conf
 .Nd configuration file for package installation tools
 .Sh DESCRIPTION
 The file
 .Nm
 contains system defaults for the package installation tools
 as a list of variable-value pairs.
 Each line has the format
 .Ev VARIABLE=VALUE .
 If the value consists of more than one line, each line is prefixed with
 .Ev VARIABLE= .
 .Pp
 The current value of a variable can be checked by running
 .Dl Ic pkg_admin config-var VARIABLE
 .Pp
 The following variables are supported:
 .Bl -tag -width indent
 .It Dv ACCEPTABLE_LICENSES
 List of licenses packages are allowed to carry.
 .It Dv ACTIVE_FTP
 Force the use of active FTP.
 .It Dv CERTIFICATE_ANCHOR_PKGS
 Path to the file containing the certificates used for validating
 binary packages.
 A package is trusted when a certificate chain ends in one of the
 certificates contained in this file.
 The certificates must be PEM-encoded.
 .It Dv CERTIFICATE_ANCHOR_PKGVULN
 Analogous to
 .Dv CERTIFICATE_ANCHOR_PKGS .
 The
 .Pa pkg-vulnerabilities
 @@ -69,26 +71,28 @@ for completing certificate chains when v
 pkg-vulnerabilities files.
 .It Dv CHECK_VULNERABILITIES
 Check for vulnerabilities when installing packages.
 Supported values are:
 .Bl -tag -width interactiveXX
 .It Dv never
 No check is performed.
 .It Dv always
 Passing the vulnerability check is required.
 A missing pkg-vulnerabilities file is considered an error.
 .It Dv interactive
 The user is always asked to confirm installation of vulnerable packages.
 .El
 .It Dv DEFAULT_ACCEPTABLE_LICENSES
 List of common Free and Open Source licenses packages are allowed to carry.
 .It Dv GPG
 Path to
 .Xr gpg 1 ,
 which can be used to verify the signature in the
 .Pa pkg-vulnerabilities
 file when running
 .Dl Ic pkg_admin check-pkg-vulnerabilities -s
 or
 .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s
 It can also be used to verify and sign binary packages.
 .It Dv GPG_KEYRING_PKGVULN
 Non-default keyring to use for verifying GPG signatures of
 .Pa pkg-vulnerabilities .

--- pkgsrc/pkgtools/pkg_install/files/lib/version.h 2009/04/24 14:00:26 1.124
+++ pkgsrc/pkgtools/pkg_install/files/lib/version.h 2009/04/25 21:31:14 1.125

 @@ -1,14 +1,14 @@
-/*	$NetBSD: version.h,v 1.124 2009/04/24 14:00:26 joerg Exp $	*/
+/*	$NetBSD: version.h,v 1.125 2009/04/25 21:31:14 joerg Exp $	*/
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
 @@ -17,16 +17,16 @@
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
-#define PKGTOOLS_VERSION "20090424"
+#define PKGTOOLS_VERSION "20090425"
 #endif /* _INST_LIB_VERSION_H_ */