pkg_install-20090425: Add logic to evaluate license conditions. As frontend for pkgsrc, pkg_admin gets two new commands (check-license and check-single-license), which can be used to evaluate a given condition. pkg_add will be changed to honour licenses at a later point.diff -r1.51 -r1.52 pkgsrc/pkgtools/pkg_install/files/admin/main.c
(joerg)
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: main.c,v 1.51 2009/04/24 14:00:25 joerg Exp $ */ | 1 | /* $NetBSD: main.c,v 1.52 2009/04/25 21:31:13 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: main.c,v 1.51 2009/04/24 14:00:25 joerg Exp $"); | 10 | __RCSID("$NetBSD: main.c,v 1.52 2009/04/25 21:31:13 joerg Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 1999-2008 The NetBSD Foundation, Inc. | 13 | * Copyright (c) 1999-2008 The NetBSD Foundation, Inc. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * This code is derived from software contributed to The NetBSD Foundation | 16 | * This code is derived from software contributed to The NetBSD Foundation | |
17 | * by Hubert Feyrer <hubert@feyrer.de> and | 17 | * by Hubert Feyrer <hubert@feyrer.de> and | |
18 | * by Joerg Sonnenberger <joerg@NetBSD.org>. | 18 | * by Joerg Sonnenberger <joerg@NetBSD.org>. | |
19 | * | 19 | * | |
20 | * Redistribution and use in source and binary forms, with or without | 20 | * Redistribution and use in source and binary forms, with or without | |
21 | * modification, are permitted provided that the following conditions | 21 | * modification, are permitted provided that the following conditions | |
22 | * are met: | 22 | * are met: | |
23 | * 1. Redistributions of source code must retain the above copyright | 23 | * 1. Redistributions of source code must retain the above copyright | |
@@ -100,26 +100,28 @@ usage(void) | @@ -100,26 +100,28 @@ usage(void) | |||
100 | " delete pkg ... - delete file entries for pkg in database\n" | 100 | " delete pkg ... - delete file entries for pkg in database\n" | |
101 | " set variable=value pkg ... - set installation variable for package\n" | 101 | " set variable=value pkg ... - set installation variable for package\n" | |
102 | " unset variable pkg ... - unset installation variable for package\n" | 102 | " unset variable pkg ... - unset installation variable for package\n" | |
103 | " lsall /path/to/pkgpattern - list all pkgs matching the pattern\n" | 103 | " lsall /path/to/pkgpattern - list all pkgs matching the pattern\n" | |
104 | " lsbest /path/to/pkgpattern - list pkgs matching the pattern best\n" | 104 | " lsbest /path/to/pkgpattern - list pkgs matching the pattern best\n" | |
105 | " dump - dump database\n" | 105 | " dump - dump database\n" | |
106 | " pmatch pattern pkg - returns true if pkg matches pattern, otherwise false\n" | 106 | " pmatch pattern pkg - returns true if pkg matches pattern, otherwise false\n" | |
107 | " fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n" | 107 | " fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n" | |
108 | " check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n" | 108 | " check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n" | |
109 | " audit [-es] [-t type] ... - check installed packages for vulnerabilities\n" | 109 | " audit [-es] [-t type] ... - check installed packages for vulnerabilities\n" | |
110 | " audit-pkg [-es] [-t type] ... - check listed packages for vulnerabilities\n" | 110 | " audit-pkg [-es] [-t type] ... - check listed packages for vulnerabilities\n" | |
111 | " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n" | 111 | " audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n" | |
112 | " audit-history [-t type] ... - print all advisories for package names\n" | 112 | " audit-history [-t type] ... - print all advisories for package names\n" | |
113 | " check-license <condition> - check if condition is acceptable\n" | |||
114 | " check-single-license <license> - check if license is acceptable\n" | |||
113 | " config-var name - print current value of the configuration variable\n" | 115 | " config-var name - print current value of the configuration variable\n" | |
114 | " check-signature ... - verify the signature of packages\n" | 116 | " check-signature ... - verify the signature of packages\n" | |
115 | " x509-sign-package pkg spkg key cert - create X509 signature\n" | 117 | " x509-sign-package pkg spkg key cert - create X509 signature\n" | |
116 | " gpg-sign-package pkg spkg - create GPG signature\n", | 118 | " gpg-sign-package pkg spkg - create GPG signature\n", | |
117 | getprogname()); | 119 | getprogname()); | |
118 | exit(EXIT_FAILURE); | 120 | exit(EXIT_FAILURE); | |
119 | } | 121 | } | |
120 | 122 | |||
121 | /* | 123 | /* | |
122 | * add1pkg(<pkg>) | 124 | * add1pkg(<pkg>) | |
123 | * adds the files listed in the +CONTENTS of <pkg> into the | 125 | * adds the files listed in the +CONTENTS of <pkg> into the | |
124 | * pkgdb.byfile.db database file in the current package dbdir. It | 126 | * pkgdb.byfile.db database file in the current package dbdir. It | |
125 | * returns the number of files added to the database file. | 127 | * returns the number of files added to the database file. | |
@@ -514,26 +516,57 @@ main(int argc, char *argv[]) | @@ -514,26 +516,57 @@ main(int argc, char *argv[]) | |||
514 | argv++; | 516 | argv++; | |
515 | } | 517 | } | |
516 | } else if (strcasecmp(argv[0], "set") == 0) { | 518 | } else if (strcasecmp(argv[0], "set") == 0) { | |
517 | argv++; /* "set" */ | 519 | argv++; /* "set" */ | |
518 | set_unset_variable(argv, FALSE); | 520 | set_unset_variable(argv, FALSE); | |
519 | } else if (strcasecmp(argv[0], "unset") == 0) { | 521 | } else if (strcasecmp(argv[0], "unset") == 0) { | |
520 | argv++; /* "unset" */ | 522 | argv++; /* "unset" */ | |
521 | set_unset_variable(argv, TRUE); | 523 | set_unset_variable(argv, TRUE); | |
522 | } else if (strcasecmp(argv[0], "config-var") == 0) { | 524 | } else if (strcasecmp(argv[0], "config-var") == 0) { | |
523 | argv++; | 525 | argv++; | |
524 | if (argv == NULL || argv[1] != NULL) | 526 | if (argv == NULL || argv[1] != NULL) | |
525 | errx(EXIT_FAILURE, "config-var takes exactly one argument"); | 527 | errx(EXIT_FAILURE, "config-var takes exactly one argument"); | |
526 | pkg_install_show_variable(argv[0]); | 528 | pkg_install_show_variable(argv[0]); | |
529 | } else if (strcasecmp(argv[0], "check-license") == 0) { | |||
530 | if (argv[1] == NULL) | |||
531 | errx(EXIT_FAILURE, "check-license takes exactly one argument"); | |||
532 | ||||
533 | load_license_lists(); | |||
534 | ||||
535 | switch (acceptable_pkg_license(argv[1])) { | |||
536 | case 0: | |||
537 | puts("no"); | |||
538 | return 0; | |||
539 | case 1: | |||
540 | puts("yes"); | |||
541 | return 0; | |||
542 | case -1: | |||
543 | errx(EXIT_FAILURE, "invalid license condition"); | |||
544 | } | |||
545 | } else if (strcasecmp(argv[0], "check-single-license") == 0) { | |||
546 | if (argv[1] == NULL) | |||
547 | errx(EXIT_FAILURE, "check-license takes exactly one argument"); | |||
548 | load_license_lists(); | |||
549 | ||||
550 | switch (acceptable_license(argv[1])) { | |||
551 | case 0: | |||
552 | puts("no"); | |||
553 | return 0; | |||
554 | case 1: | |||
555 | puts("yes"); | |||
556 | return 0; | |||
557 | case -1: | |||
558 | errx(EXIT_FAILURE, "invalid license"); | |||
559 | } | |||
527 | } | 560 | } | |
528 | #ifndef BOOTSTRAP | 561 | #ifndef BOOTSTRAP | |
529 | else if (strcasecmp(argv[0], "fetch-pkg-vulnerabilities") == 0) { | 562 | else if (strcasecmp(argv[0], "fetch-pkg-vulnerabilities") == 0) { | |
530 | fetch_pkg_vulnerabilities(--argc, ++argv); | 563 | fetch_pkg_vulnerabilities(--argc, ++argv); | |
531 | } else if (strcasecmp(argv[0], "check-pkg-vulnerabilities") == 0) { | 564 | } else if (strcasecmp(argv[0], "check-pkg-vulnerabilities") == 0) { | |
532 | check_pkg_vulnerabilities(--argc, ++argv); | 565 | check_pkg_vulnerabilities(--argc, ++argv); | |
533 | } else if (strcasecmp(argv[0], "audit") == 0) { | 566 | } else if (strcasecmp(argv[0], "audit") == 0) { | |
534 | audit_pkgdb(--argc, ++argv); | 567 | audit_pkgdb(--argc, ++argv); | |
535 | } else if (strcasecmp(argv[0], "audit-pkg") == 0) { | 568 | } else if (strcasecmp(argv[0], "audit-pkg") == 0) { | |
536 | audit_pkg(--argc, ++argv); | 569 | audit_pkg(--argc, ++argv); | |
537 | } else if (strcasecmp(argv[0], "audit-batch") == 0) { | 570 | } else if (strcasecmp(argv[0], "audit-batch") == 0) { | |
538 | audit_batch(--argc, ++argv); | 571 | audit_batch(--argc, ++argv); | |
539 | } else if (strcasecmp(argv[0], "audit-history") == 0) { | 572 | } else if (strcasecmp(argv[0], "audit-history") == 0) { |
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | .\" $NetBSD: pkg_admin.1,v 1.22 2009/04/22 19:13:54 joerg Exp $ | 1 | .\" $NetBSD: pkg_admin.1,v 1.23 2009/04/25 21:31:13 joerg Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc. | 3 | .\" Copyright (c) 1999-2009 The NetBSD Foundation, Inc. | |
4 | .\" All rights reserved. | 4 | .\" All rights reserved. | |
5 | .\" | 5 | .\" | |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | 6 | .\" This code is derived from software contributed to The NetBSD Foundation | |
7 | .\" by Hubert Feyrer <hubert@feyrer.de>. | 7 | .\" by Hubert Feyrer <hubert@feyrer.de>. | |
8 | .\" | 8 | .\" | |
9 | .\" Redistribution and use in source and binary forms, with or without | 9 | .\" Redistribution and use in source and binary forms, with or without | |
10 | .\" modification, are permitted provided that the following conditions | 10 | .\" modification, are permitted provided that the following conditions | |
11 | .\" are met: | 11 | .\" are met: | |
12 | .\" 1. Redistributions of source code must retain the above copyright | 12 | .\" 1. Redistributions of source code must retain the above copyright | |
13 | .\" notice, this list of conditions and the following disclaimer. | 13 | .\" notice, this list of conditions and the following disclaimer. | |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
15 | .\" notice, this list of conditions and the following disclaimer in the | 15 | .\" notice, this list of conditions and the following disclaimer in the | |
16 | .\" documentation and/or other materials provided with the distribution. | 16 | .\" documentation and/or other materials provided with the distribution. | |
@@ -24,27 +24,27 @@ | @@ -24,27 +24,27 @@ | |||
24 | .\" | 24 | .\" | |
25 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | 25 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | |
26 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | 26 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
27 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 27 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
28 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | 28 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | |
29 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | 29 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
30 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 30 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
31 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 31 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
32 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 32 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
33 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 33 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
34 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 34 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
35 | .\" POSSIBILITY OF SUCH DAMAGE. | 35 | .\" POSSIBILITY OF SUCH DAMAGE. | |
36 | .\" | 36 | .\" | |
37 | .Dd May 30, 2008 | 37 | .Dd April 25, 2009 | |
38 | .Dt PKG_ADMIN 1 | 38 | .Dt PKG_ADMIN 1 | |
39 | .Os | 39 | .Os | |
40 | .Sh NAME | 40 | .Sh NAME | |
41 | .Nm pkg_admin | 41 | .Nm pkg_admin | |
42 | .Nd perform various administrative tasks to the pkg system | 42 | .Nd perform various administrative tasks to the pkg system | |
43 | .Sh SYNOPSIS | 43 | .Sh SYNOPSIS | |
44 | .Nm | 44 | .Nm | |
45 | .Op Fl bqSvV | 45 | .Op Fl bqSvV | |
46 | .Op Fl C Ar config | 46 | .Op Fl C Ar config | |
47 | .Op Fl d Ar lsdir | 47 | .Op Fl d Ar lsdir | |
48 | .Op Fl K Ar pkg_dbdir | 48 | .Op Fl K Ar pkg_dbdir | |
49 | .Op Fl s Ar sfx_pattern | 49 | .Op Fl s Ar sfx_pattern | |
50 | .Ar command Op args ... | 50 | .Ar command Op args ... | |
@@ -150,36 +150,48 @@ value at package installation time. | @@ -150,36 +150,48 @@ value at package installation time. | |||
150 | If no additional argument is given, the files of all installed packages | 150 | If no additional argument is given, the files of all installed packages | |
151 | are checked, else only the named packages will be checked (wildcards can | 151 | are checked, else only the named packages will be checked (wildcards can | |
152 | be used here, see | 152 | be used here, see | |
153 | .Xr pkg_info 1 ) . | 153 | .Xr pkg_info 1 ) . | |
154 | .Pp | 154 | .Pp | |
155 | The packages' | 155 | The packages' | |
156 | .Pa +CONTENTS | 156 | .Pa +CONTENTS | |
157 | files will be parsed and the | 157 | files will be parsed and the | |
158 | checksum will be checked for every file found. | 158 | checksum will be checked for every file found. | |
159 | A warning message is printed if the expected checksum differs from the | 159 | A warning message is printed if the expected checksum differs from the | |
160 | checksum of the file on disk. | 160 | checksum of the file on disk. | |
161 | Symbolic links are also checked, ensuring that the targets on disk are | 161 | Symbolic links are also checked, ensuring that the targets on disk are | |
162 | the same as the contents recorded at package installation time. | 162 | the same as the contents recorded at package installation time. | |
163 | .It Cm check-license Ar condition | |||
164 | Check if | |||
165 | .Ar condition | |||
166 | can be fulfilled with the currently set of accepted licenses. | |||
167 | Prints either yes or no to stdout if the condition can be parsed, | |||
168 | otherwise it exits with error. | |||
163 | .It Cm check-pkg-vulnerabilities Oo Fl s Oc Ar file | 169 | .It Cm check-pkg-vulnerabilities Oo Fl s Oc Ar file | |
164 | Check format and hashes in the pkg-vulnerabilities file | 170 | Check format and hashes in the pkg-vulnerabilities file | |
165 | .Ar file . | 171 | .Ar file . | |
166 | If | 172 | If | |
167 | .Fl s | 173 | .Fl s | |
168 | is given, also check the embedded signature. | 174 | is given, also check the embedded signature. | |
169 | .It Cm check-signature Ar file ... | 175 | .It Cm check-signature Ar file ... | |
170 | Reports if | 176 | Reports if | |
171 | .Ar file | 177 | .Ar file | |
172 | is a correctly signed package. | 178 | is a correctly signed package. | |
179 | .It Cm check-single-license Ar liccense | |||
180 | Check if | |||
181 | .Ar license | |||
182 | is a valid license name and if it is in the set of acceptable licenses. | |||
183 | Prints either yes or no to stdout if the condition can be parsed, | |||
184 | otherwise it exits with error. | |||
173 | .It Cm config-var Ar variable | 185 | .It Cm config-var Ar variable | |
174 | Print the current value of | 186 | Print the current value of | |
175 | .Ar variable | 187 | .Ar variable | |
176 | as used after parsing the configuration file. | 188 | as used after parsing the configuration file. | |
177 | .It Cm delete Ar pkg ... | 189 | .It Cm delete Ar pkg ... | |
178 | For each listed package, remove all file entries in the package database that | 190 | For each listed package, remove all file entries in the package database that | |
179 | belong to the package. | 191 | belong to the package. | |
180 | This should be used only by | 192 | This should be used only by | |
181 | .Xr pkg_view 1 . | 193 | .Xr pkg_view 1 . | |
182 | .It Cm dump | 194 | .It Cm dump | |
183 | Dump the contents of the package database, similar to | 195 | Dump the contents of the package database, similar to | |
184 | .Cm pkg_info -F . | 196 | .Cm pkg_info -F . | |
185 | Columns are printed for the key field used in the pkgdb - the filename -, | 197 | Columns are printed for the key field used in the pkgdb - the filename -, |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: Makefile.in,v 1.26 2009/02/28 16:03:56 joerg Exp $ | 1 | # $NetBSD: Makefile.in,v 1.27 2009/04/25 21:31:13 joerg Exp $ | |
2 | 2 | |||
3 | srcdir= @srcdir@ | 3 | srcdir= @srcdir@ | |
4 | 4 | |||
5 | pkgdbdir= @pkgdbdir@ | 5 | pkgdbdir= @pkgdbdir@ | |
6 | mandir= @mandir@ | 6 | mandir= @mandir@ | |
7 | datarootdir= @datarootdir@ | 7 | datarootdir= @datarootdir@ | |
8 | sysconfdir= @sysconfdir@ | 8 | sysconfdir= @sysconfdir@ | |
9 | 9 | |||
10 | cat5dir= $(mandir)/cat5 | 10 | cat5dir= $(mandir)/cat5 | |
11 | cat7dir= $(mandir)/cat7 | 11 | cat7dir= $(mandir)/cat7 | |
12 | man5dir= $(mandir)/man5 | 12 | man5dir= $(mandir)/man5 | |
13 | man7dir= $(mandir)/man7 | 13 | man7dir= $(mandir)/man7 | |
14 | 14 | |||
@@ -17,27 +17,27 @@ SSL_SUPPORT= @ssl_support@ | @@ -17,27 +17,27 @@ SSL_SUPPORT= @ssl_support@ | |||
17 | 17 | |||
18 | RANLIB= @RANLIB@ | 18 | RANLIB= @RANLIB@ | |
19 | AR= @AR@ | 19 | AR= @AR@ | |
20 | CC= @CC@ | 20 | CC= @CC@ | |
21 | CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) | 21 | CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) | |
22 | DEFS= @DEFS@ -DDEF_LOG_DIR=\"$(pkgdbdir)\" | 22 | DEFS= @DEFS@ -DDEF_LOG_DIR=\"$(pkgdbdir)\" | |
23 | CFLAGS= @CFLAGS@ | 23 | CFLAGS= @CFLAGS@ | |
24 | 24 | |||
25 | INSTALL= @INSTALL@ | 25 | INSTALL= @INSTALL@ | |
26 | 26 | |||
27 | LIB= libinstall.a | 27 | LIB= libinstall.a | |
28 | 28 | |||
29 | OBJS= automatic.o conflicts.o decompress.o dewey.o fexec.o file.o \ | 29 | OBJS= automatic.o conflicts.o decompress.o dewey.o fexec.o file.o \ | |
30 | gpgsig.o global.o iterate.o lpkg.o opattern.o \ | 30 | gpgsig.o global.o iterate.o license.o lpkg.o opattern.o \ | |
31 | parse-config.o pkgdb.o plist.o remove.o \ | 31 | parse-config.o pkgdb.o plist.o remove.o \ | |
32 | str.o var.o version.o vulnerabilities-file.o xwrapper.o | 32 | str.o var.o version.o vulnerabilities-file.o xwrapper.o | |
33 | 33 | |||
34 | CPPFLAGS+= -DSYSCONFDIR=\"$(sysconfdir)\" | 34 | CPPFLAGS+= -DSYSCONFDIR=\"$(sysconfdir)\" | |
35 | 35 | |||
36 | .if !empty(BOOTSTRAP) | 36 | .if !empty(BOOTSTRAP) | |
37 | CPPFLAGS+= -DBOOTSTRAP | 37 | CPPFLAGS+= -DBOOTSTRAP | |
38 | .else | 38 | .else | |
39 | OBJS+= pkg_io.o pkg_signature.o | 39 | OBJS+= pkg_io.o pkg_signature.o | |
40 | .endif | 40 | .endif | |
41 | 41 | |||
42 | .if !empty(SSL_SUPPORT) | 42 | .if !empty(SSL_SUPPORT) | |
43 | CPPFLAGS+= -DHAVE_SSL | 43 | CPPFLAGS+= -DHAVE_SSL |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: lib.h,v 1.54 2009/04/24 14:00:26 joerg Exp $ */ | 1 | /* $NetBSD: lib.h,v 1.55 2009/04/25 21:31:13 joerg Exp $ */ | |
2 | 2 | |||
3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | 3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * FreeBSD install - a package for the installation and maintainance | 6 | * FreeBSD install - a package for the installation and maintainance | |
7 | * of non-core utilities. | 7 | * of non-core utilities. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -389,26 +389,33 @@ void pkg_sign_gpg(const char *, const ch | @@ -389,26 +389,33 @@ void pkg_sign_gpg(const char *, const ch | |||
389 | /* PKCS7 signing/verification */ | 389 | /* PKCS7 signing/verification */ | |
390 | int easy_pkcs7_verify(const char *, size_t, const char *, size_t, | 390 | int easy_pkcs7_verify(const char *, size_t, const char *, size_t, | |
391 | const char *, int); | 391 | const char *, int); | |
392 | int easy_pkcs7_sign(const char *, size_t, char **, size_t *, const char *, | 392 | int easy_pkcs7_sign(const char *, size_t, char **, size_t *, const char *, | |
393 | const char *); | 393 | const char *); | |
394 | #endif | 394 | #endif | |
395 | 395 | |||
396 | int inline_gpg_verify(const char *, size_t, const char *); | 396 | int inline_gpg_verify(const char *, size_t, const char *); | |
397 | int detached_gpg_verify(const char *, size_t, const char *, size_t, | 397 | int detached_gpg_verify(const char *, size_t, const char *, size_t, | |
398 | const char *); | 398 | const char *); | |
399 | int detached_gpg_sign(const char *, size_t, char **, size_t *, const char *, | 399 | int detached_gpg_sign(const char *, size_t, char **, size_t *, const char *, | |
400 | const char *); | 400 | const char *); | |
401 | 401 | |||
402 | /* License handling */ | |||
403 | int add_licenses(const char *); | |||
404 | int acceptable_license(const char *); | |||
405 | int acceptable_pkg_license(const char *); | |||
406 | void load_license_lists(void); | |||
407 | ||||
408 | /* Helper functions for memory allocation */ | |||
402 | char *xstrdup(const char *); | 409 | char *xstrdup(const char *); | |
403 | void *xrealloc(void *, size_t); | 410 | void *xrealloc(void *, size_t); | |
404 | void *xcalloc(size_t, size_t); | 411 | void *xcalloc(size_t, size_t); | |
405 | void *xmalloc(size_t); | 412 | void *xmalloc(size_t); | |
406 | char *xasprintf(const char *, ...); | 413 | char *xasprintf(const char *, ...); | |
407 | 414 | |||
408 | /* Externs */ | 415 | /* Externs */ | |
409 | extern Boolean Verbose; | 416 | extern Boolean Verbose; | |
410 | extern Boolean Fake; | 417 | extern Boolean Fake; | |
411 | extern Boolean Force; | 418 | extern Boolean Force; | |
412 | extern const char *cert_chain_file; | 419 | extern const char *cert_chain_file; | |
413 | extern const char *certs_packages; | 420 | extern const char *certs_packages; | |
414 | extern const char *certs_pkg_vulnerabilities; | 421 | extern const char *certs_pkg_vulnerabilities; | |
@@ -419,14 +426,17 @@ extern const char *verified_installation | @@ -419,14 +426,17 @@ extern const char *verified_installation | |||
419 | extern const char *gpg_cmd; | 426 | extern const char *gpg_cmd; | |
420 | extern const char *gpg_keyring_pkgvuln; | 427 | extern const char *gpg_keyring_pkgvuln; | |
421 | extern const char *gpg_keyring_sign; | 428 | extern const char *gpg_keyring_sign; | |
422 | extern const char *gpg_keyring_verify; | 429 | extern const char *gpg_keyring_verify; | |
423 | extern const char *gpg_sign_as; | 430 | extern const char *gpg_sign_as; | |
424 | extern char fetch_flags[]; | 431 | extern char fetch_flags[]; | |
425 | 432 | |||
426 | extern const char *pkg_vulnerabilities_dir; | 433 | extern const char *pkg_vulnerabilities_dir; | |
427 | extern const char *pkg_vulnerabilities_file; | 434 | extern const char *pkg_vulnerabilities_file; | |
428 | extern const char *pkg_vulnerabilities_url; | 435 | extern const char *pkg_vulnerabilities_url; | |
429 | extern const char *ignore_advisories; | 436 | extern const char *ignore_advisories; | |
430 | extern const char tnf_vulnerability_base[]; | 437 | extern const char tnf_vulnerability_base[]; | |
431 | 438 | |||
439 | extern const char *acceptable_licenses; | |||
440 | extern const char *default_acceptable_licenses; | |||
441 | ||||
432 | #endif /* _INST_LIB_LIB_H_ */ | 442 | #endif /* _INST_LIB_LIB_H_ */ |
/* $NetBSD: license.c,v 1.1 2009/04/25 21:31:14 joerg Exp $ */
/*-
* Copyright (c) 2009 Joerg Sonnenberger <joerg@NetBSD.org>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <nbcompat.h>
#if HAVE_ERR_H
#include <err.h>
#endif
#include <stdlib.h>
#include <string.h>
#include "lib.h"
#define HASH_SIZE 521
const char *default_acceptable_licenses =
"public-domain "
"gnu-gpl-v2 "
"gnu-lgpl-v2 gnu-lgpl-v2.1 "
"gnu-gpl-v3 gnu-lgpl-v3 "
"original-bsd modified-bsd x11 "
"apache-2.0 "
"artistic artistic-2.0 "
"cddl-1.0 "
"open-font-license ";
#ifdef DEBUG
static size_t hash_collisions;
#endif
static char **license_hash[HASH_SIZE];
static const char license_spaces[] = " \t\n";
static const char license_chars[] = "abcdefghijklmnopqrstuvwxyz0123456789_-.";
static size_t
hash_license(const char *license, size_t len)
{
size_t hash;
for (hash = 0; *license && len; ++license, --len)
hash = *license + hash * 32;
return hash % HASH_SIZE;
}
static void
add_license_internal(const char *license, size_t len)
{
char *new_license;
size_t slot, i;
slot = hash_license(license, len);
new_license = malloc(len + 1);
memcpy(new_license, license, len);
new_license[len] = '\0';
if (license_hash[slot] == NULL) {
license_hash[slot] = calloc(sizeof(char *), 2);
license_hash[slot][0] = new_license;
} else {
for (i = 0; license_hash[slot][i]; ++i) {
if (!memcmp(license_hash[slot][i], license, len) &&
license_hash[slot][i][len] == '\0') {
free(new_license);
return;
}
}
#ifdef DEBUG
++hash_collisions;
#endif
license_hash[slot] = realloc(license_hash[slot],
sizeof(char *) * (i + 2));
license_hash[slot][i] = new_license;
license_hash[slot][i + 1] = NULL;
}
}
int
add_licenses(const char *line)
{
const char *next;
if (line == NULL)
return 0;
for (line += strspn(line, license_spaces); line; ) {
next = line + strspn(line, license_chars);
if (next == line)
return *line ? -1 : 0;
add_license_internal(line, next - line);
line = next + strspn(next, license_spaces);
if (next == line)
return *line ? -1 : 0;
}
return 0;
}
static int
acceptable_license_internal(const char *license, size_t len)
{
size_t slot, i;
slot = hash_license(license, len);
if (license_hash[slot] == NULL)
return 0;
for (i = 0; license_hash[slot][i]; ++i) {
if (strncmp(license_hash[slot][i], license, len) == 0 &&
license_hash[slot][i][len] == '\0')
return 1;
}
return 0;
}
int
acceptable_license(const char *license)
{
size_t len;
len = strlen(license);
if (strspn(license, license_chars) != len)
return -1;
return acceptable_license_internal(license, len);
}
static int
acceptable_pkg_license_internal(const char **licensep, int toplevel)
{
const char *license = *licensep;
int need_parenthesis, is_true = 0;
int expr_type = 0; /* 0: unset, 1: or, 2: and */
size_t len;
license += strspn(license, license_spaces);
if (*license == '(' && !toplevel) {
need_parenthesis = 1;
++license;
license += strspn(license, license_spaces);
} else {
need_parenthesis = 0;
}
for (;;) {
if (*license == '(') {
switch (acceptable_pkg_license_internal(&license, 0)) {
case -1:
return -1;
case 0:
if (expr_type == 2)
is_true = 0;
break;
case 1:
is_true = 1;
break;
}
license += strspn(license, license_spaces);
} else {
len = strspn(license, license_chars);
if (len == 0)
return -1;
if (acceptable_license_internal(license, len)) {
if (expr_type != 2)
is_true = 1;
} else if (expr_type == 2) {
is_true = 0;
}
license += len;
len = strspn(license, license_spaces);
if (len == 0 && *license && *license != ')')
return -1;
license += len;
}
if (*license == ')') {
if (!need_parenthesis)
return -1;
*licensep = license + 1;
return is_true;
}
if (*license == '\0') {
if (need_parenthesis)
return -1;
*licensep = license;
return is_true;
}
if (strncmp(license, "AND", 3) == 0) {
if (expr_type == 1)
return -1;
expr_type = 2;
license += 3;
} else if (strncmp(license, "OR", 2) == 0) {
if (expr_type == 2)
return -1;
expr_type = 1;
license += 2;
} else {
return -1;
}
len = strspn(license, license_spaces);
if (len == 0 && *license != '(')
return -1;
license += len;
}
return is_true;
}
int
acceptable_pkg_license(const char *license)
{
int ret;
ret = acceptable_pkg_license_internal(&license, 1);
if (ret == -1)
return -1;
license += strspn(license, license_spaces);
if (*license)
return -1;
return ret;
}
void
load_license_lists(void)
{
if (add_licenses(getenv("PKGSRC_ACCEPTABLE_LICENSES")))
errx(EXIT_FAILURE, "syntax error in PKGSRC_ACCEPTABLE_LICENSES");
if (add_licenses(acceptable_licenses))
errx(EXIT_FAILURE, "syntax error in ACCEPTABLE_LICENSES");
if (add_licenses(getenv("PKGSRC_DEFAULT_ACCEPTABLE_LICENSES")))
errx(EXIT_FAILURE, "syntax error in PKGSRC_DEFAULT_ACCEPTABLE_LICENSES");
if (add_licenses(default_acceptable_licenses))
errx(EXIT_FAILURE, "syntax error in DEFAULT_ACCEPTABLE_LICENSES");
}
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: parse-config.c,v 1.4 2009/02/28 16:03:56 joerg Exp $ */ | 1 | /* $NetBSD: parse-config.c,v 1.5 2009/04/25 21:31:14 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: parse-config.c,v 1.4 2009/02/28 16:03:56 joerg Exp $"); | 10 | __RCSID("$NetBSD: parse-config.c,v 1.5 2009/04/25 21:31:14 joerg Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | 13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * Redistribution and use in source and binary forms, with or without | 16 | * Redistribution and use in source and binary forms, with or without | |
17 | * modification, are permitted provided that the following conditions | 17 | * modification, are permitted provided that the following conditions | |
18 | * are met: | 18 | * are met: | |
19 | * | 19 | * | |
20 | * 1. Redistributions of source code must retain the above copyright | 20 | * 1. Redistributions of source code must retain the above copyright | |
21 | * notice, this list of conditions and the following disclaimer. | 21 | * notice, this list of conditions and the following disclaimer. | |
22 | * 2. Redistributions in binary form must reproduce the above copyright | 22 | * 2. Redistributions in binary form must reproduce the above copyright | |
23 | * notice, this list of conditions and the following disclaimer in | 23 | * notice, this list of conditions and the following disclaimer in | |
@@ -58,38 +58,40 @@ const char *certs_packages; | @@ -58,38 +58,40 @@ const char *certs_packages; | |||
58 | const char *certs_pkg_vulnerabilities; | 58 | const char *certs_pkg_vulnerabilities; | |
59 | const char *check_vulnerabilities; | 59 | const char *check_vulnerabilities; | |
60 | const char *config_pkg_path; | 60 | const char *config_pkg_path; | |
61 | const char *verified_installation; | 61 | const char *verified_installation; | |
62 | const char *gpg_cmd; | 62 | const char *gpg_cmd; | |
63 | const char *gpg_keyring_pkgvuln; | 63 | const char *gpg_keyring_pkgvuln; | |
64 | const char *gpg_keyring_sign; | 64 | const char *gpg_keyring_sign; | |
65 | const char *gpg_keyring_verify; | 65 | const char *gpg_keyring_verify; | |
66 | const char *gpg_sign_as; | 66 | const char *gpg_sign_as; | |
67 | const char *pkg_vulnerabilities_dir; | 67 | const char *pkg_vulnerabilities_dir; | |
68 | const char *pkg_vulnerabilities_file; | 68 | const char *pkg_vulnerabilities_file; | |
69 | const char *pkg_vulnerabilities_url; | 69 | const char *pkg_vulnerabilities_url; | |
70 | const char *ignore_advisories = NULL; | 70 | const char *ignore_advisories = NULL; | |
71 | ||||
72 | const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns"; | 71 | const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns"; | |
72 | const char *acceptable_licenses = NULL; | |||
73 | 73 | |||
74 | static struct config_variable { | 74 | static struct config_variable { | |
75 | const char *name; | 75 | const char *name; | |
76 | const char **var; | 76 | const char **var; | |
77 | } config_variables[] = { | 77 | } config_variables[] = { | |
78 | { "ACCEPTABLE_LICENSES", &acceptable_licenses }, | |||
78 | { "ACTIVE_FTP", &active_ftp }, | 79 | { "ACTIVE_FTP", &active_ftp }, | |
79 | { "CERTIFICATE_ANCHOR_PKGS", &certs_packages }, | 80 | { "CERTIFICATE_ANCHOR_PKGS", &certs_packages }, | |
80 | { "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities }, | 81 | { "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities }, | |
81 | { "CERTIFICATE_CHAIN", &cert_chain_file }, | 82 | { "CERTIFICATE_CHAIN", &cert_chain_file }, | |
82 | { "CHECK_VULNERABILITIES", &check_vulnerabilities }, | 83 | { "CHECK_VULNERABILITIES", &check_vulnerabilities }, | |
84 | { "DEFAULT_ACCEPTABLE_LICENSES", &default_acceptable_licenses }, | |||
83 | { "GPG", &gpg_cmd }, | 85 | { "GPG", &gpg_cmd }, | |
84 | { "GPG_KEYRING_PKGVULN", &gpg_keyring_pkgvuln }, | 86 | { "GPG_KEYRING_PKGVULN", &gpg_keyring_pkgvuln }, | |
85 | { "GPG_KEYRING_SIGN", &gpg_keyring_sign }, | 87 | { "GPG_KEYRING_SIGN", &gpg_keyring_sign }, | |
86 | { "GPG_KEYRING_VERIFY", &gpg_keyring_verify }, | 88 | { "GPG_KEYRING_VERIFY", &gpg_keyring_verify }, | |
87 | { "GPG_SIGN_AS", &gpg_sign_as }, | 89 | { "GPG_SIGN_AS", &gpg_sign_as }, | |
88 | { "IGNORE_PROXY", &ignore_proxy }, | 90 | { "IGNORE_PROXY", &ignore_proxy }, | |
89 | { "IGNORE_URL", &ignore_advisories }, | 91 | { "IGNORE_URL", &ignore_advisories }, | |
90 | { "PKG_PATH", &config_pkg_path }, | 92 | { "PKG_PATH", &config_pkg_path }, | |
91 | { "PKGVULNDIR", &pkg_vulnerabilities_dir }, | 93 | { "PKGVULNDIR", &pkg_vulnerabilities_dir }, | |
92 | { "PKGVULNURL", &pkg_vulnerabilities_url }, | 94 | { "PKGVULNURL", &pkg_vulnerabilities_url }, | |
93 | { "VERBOSE_NETIO", &verbose_netio }, | 95 | { "VERBOSE_NETIO", &verbose_netio }, | |
94 | { "VERIFIED_INSTALLATION", &verified_installation }, | 96 | { "VERIFIED_INSTALLATION", &verified_installation }, | |
95 | { NULL, NULL } | 97 | { NULL, NULL } |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | .\" $NetBSD: pkg_install.conf.5.in,v 1.5 2009/03/10 20:33:43 joerg Exp $ | 1 | .\" $NetBSD: pkg_install.conf.5.in,v 1.6 2009/04/25 21:31:14 joerg Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. | 3 | .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. | |
4 | .\" All rights reserved. | 4 | .\" All rights reserved. | |
5 | .\" | 5 | .\" | |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | 6 | .\" This code is derived from software contributed to The NetBSD Foundation | |
7 | .\" by Thomas Klausner. | 7 | .\" by Thomas Klausner. | |
8 | .\" | 8 | .\" | |
9 | .\" Redistribution and use in source and binary forms, with or without | 9 | .\" Redistribution and use in source and binary forms, with or without | |
10 | .\" modification, are permitted provided that the following conditions | 10 | .\" modification, are permitted provided that the following conditions | |
11 | .\" are met: | 11 | .\" are met: | |
12 | .\" 1. Redistributions of source code must retain the above copyright | 12 | .\" 1. Redistributions of source code must retain the above copyright | |
13 | .\" notice, this list of conditions and the following disclaimer. | 13 | .\" notice, this list of conditions and the following disclaimer. | |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
@@ -17,47 +17,49 @@ | @@ -17,47 +17,49 @@ | |||
17 | .\" | 17 | .\" | |
18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | 18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | |
19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | 19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | 21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | |
22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | 22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
28 | .\" POSSIBILITY OF SUCH DAMAGE. | 28 | .\" POSSIBILITY OF SUCH DAMAGE. | |
29 | .\" | 29 | .\" | |
30 | .Dd February 27, 2009 | 30 | .Dd April 25, 2009 | |
31 | .Dt PKG_INSTALL.CONF 5 | 31 | .Dt PKG_INSTALL.CONF 5 | |
32 | .Os | 32 | .Os | |
33 | .Sh NAME | 33 | .Sh NAME | |
34 | .Nm pkg_install.conf | 34 | .Nm pkg_install.conf | |
35 | .Nd configuration file for package installation tools | 35 | .Nd configuration file for package installation tools | |
36 | .Sh DESCRIPTION | 36 | .Sh DESCRIPTION | |
37 | The file | 37 | The file | |
38 | .Nm | 38 | .Nm | |
39 | contains system defaults for the package installation tools | 39 | contains system defaults for the package installation tools | |
40 | as a list of variable-value pairs. | 40 | as a list of variable-value pairs. | |
41 | Each line has the format | 41 | Each line has the format | |
42 | .Ev VARIABLE=VALUE . | 42 | .Ev VARIABLE=VALUE . | |
43 | If the value consists of more than one line, each line is prefixed with | 43 | If the value consists of more than one line, each line is prefixed with | |
44 | .Ev VARIABLE= . | 44 | .Ev VARIABLE= . | |
45 | .Pp | 45 | .Pp | |
46 | The current value of a variable can be checked by running | 46 | The current value of a variable can be checked by running | |
47 | .Dl Ic pkg_admin config-var VARIABLE | 47 | .Dl Ic pkg_admin config-var VARIABLE | |
48 | .Pp | 48 | .Pp | |
49 | The following variables are supported: | 49 | The following variables are supported: | |
50 | .Bl -tag -width indent | 50 | .Bl -tag -width indent | |
51 | .It Dv ACCEPTABLE_LICENSES | |||
52 | List of licenses packages are allowed to carry. | |||
51 | .It Dv ACTIVE_FTP | 53 | .It Dv ACTIVE_FTP | |
52 | Force the use of active FTP. | 54 | Force the use of active FTP. | |
53 | .It Dv CERTIFICATE_ANCHOR_PKGS | 55 | .It Dv CERTIFICATE_ANCHOR_PKGS | |
54 | Path to the file containing the certificates used for validating | 56 | Path to the file containing the certificates used for validating | |
55 | binary packages. | 57 | binary packages. | |
56 | A package is trusted when a certificate chain ends in one of the | 58 | A package is trusted when a certificate chain ends in one of the | |
57 | certificates contained in this file. | 59 | certificates contained in this file. | |
58 | The certificates must be PEM-encoded. | 60 | The certificates must be PEM-encoded. | |
59 | .It Dv CERTIFICATE_ANCHOR_PKGVULN | 61 | .It Dv CERTIFICATE_ANCHOR_PKGVULN | |
60 | Analogous to | 62 | Analogous to | |
61 | .Dv CERTIFICATE_ANCHOR_PKGS . | 63 | .Dv CERTIFICATE_ANCHOR_PKGS . | |
62 | The | 64 | The | |
63 | .Pa pkg-vulnerabilities | 65 | .Pa pkg-vulnerabilities | |
@@ -69,26 +71,28 @@ for completing certificate chains when v | @@ -69,26 +71,28 @@ for completing certificate chains when v | |||
69 | pkg-vulnerabilities files. | 71 | pkg-vulnerabilities files. | |
70 | .It Dv CHECK_VULNERABILITIES | 72 | .It Dv CHECK_VULNERABILITIES | |
71 | Check for vulnerabilities when installing packages. | 73 | Check for vulnerabilities when installing packages. | |
72 | Supported values are: | 74 | Supported values are: | |
73 | .Bl -tag -width interactiveXX | 75 | .Bl -tag -width interactiveXX | |
74 | .It Dv never | 76 | .It Dv never | |
75 | No check is performed. | 77 | No check is performed. | |
76 | .It Dv always | 78 | .It Dv always | |
77 | Passing the vulnerability check is required. | 79 | Passing the vulnerability check is required. | |
78 | A missing pkg-vulnerabilities file is considered an error. | 80 | A missing pkg-vulnerabilities file is considered an error. | |
79 | .It Dv interactive | 81 | .It Dv interactive | |
80 | The user is always asked to confirm installation of vulnerable packages. | 82 | The user is always asked to confirm installation of vulnerable packages. | |
81 | .El | 83 | .El | |
84 | .It Dv DEFAULT_ACCEPTABLE_LICENSES | |||
85 | List of common Free and Open Source licenses packages are allowed to carry. | |||
82 | .It Dv GPG | 86 | .It Dv GPG | |
83 | Path to | 87 | Path to | |
84 | .Xr gpg 1 , | 88 | .Xr gpg 1 , | |
85 | which can be used to verify the signature in the | 89 | which can be used to verify the signature in the | |
86 | .Pa pkg-vulnerabilities | 90 | .Pa pkg-vulnerabilities | |
87 | file when running | 91 | file when running | |
88 | .Dl Ic pkg_admin check-pkg-vulnerabilities -s | 92 | .Dl Ic pkg_admin check-pkg-vulnerabilities -s | |
89 | or | 93 | or | |
90 | .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s | 94 | .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s | |
91 | It can also be used to verify and sign binary packages. | 95 | It can also be used to verify and sign binary packages. | |
92 | .It Dv GPG_KEYRING_PKGVULN | 96 | .It Dv GPG_KEYRING_PKGVULN | |
93 | Non-default keyring to use for verifying GPG signatures of | 97 | Non-default keyring to use for verifying GPG signatures of | |
94 | .Pa pkg-vulnerabilities . | 98 | .Pa pkg-vulnerabilities . |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: version.h,v 1.124 2009/04/24 14:00:26 joerg Exp $ */ | 1 | /* $NetBSD: version.h,v 1.125 2009/04/25 21:31:14 joerg Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 2001 Thomas Klausner. All rights reserved. | 4 | * Copyright (c) 2001 Thomas Klausner. All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * | 14 | * | |
@@ -17,16 +17,16 @@ | @@ -17,16 +17,16 @@ | |||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
25 | */ | 25 | */ | |
26 | 26 | |||
27 | #ifndef _INST_LIB_VERSION_H_ | 27 | #ifndef _INST_LIB_VERSION_H_ | |
28 | #define _INST_LIB_VERSION_H_ | 28 | #define _INST_LIB_VERSION_H_ | |
29 | 29 | |||
30 | #define PKGTOOLS_VERSION "20090424" | 30 | #define PKGTOOLS_VERSION "20090425" | |
31 | 31 | |||
32 | #endif /* _INST_LIB_VERSION_H_ */ | 32 | #endif /* _INST_LIB_VERSION_H_ */ |