NetBSD Problem Report #48194
From khorben@defora.org Sun Sep 8 23:27:01 2013
Return-Path: <khorben@defora.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 1B08F7135B
for <gnats-bugs@gnats.NetBSD.org>; Sun, 8 Sep 2013 23:27:01 +0000 (UTC)
Message-Id: <20130908232544.EC43B2B4@kwarx.defora.lan>
Date: Mon, 9 Sep 2013 01:25:44 +0200 (CEST)
From: Pierre Pronchery <khorben@NetBSD.org>
To: gnats-bugs@gnats.NetBSD.org
Subject: Fixing signed packages in pkg_install and pkgsrc
X-Send-Pr-Version: 3.95
>Number: 48194
>Category: pkg
>Synopsis: Signed packages easily generated and installed
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: agc
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Sep 08 23:30:00 +0000 2013
>Closed-Date: Sun Apr 06 16:23:07 +0000 2014
>Last-Modified: Sun Apr 06 16:23:07 +0000 2014
>Originator: Pierre Pronchery
>Release: NetBSD 6.1_STABLE
>Organization:
The NetBSD Foundation
>Environment:
System: NetBSD kwarx.defora.lan 6.1_STABLE NetBSD 6.1_STABLE (SPLASH) #3: Mon Aug 12 00:52:39 CEST 2013 khorben@kwarx.defora.lan:/home/amd64/obj.6/sys/arch/amd64/compile/SPLASH amd64
Architecture: x86_64
Machine: amd64
>Description:
pkgsrc has been supporting signed packages since 2001, with mechanisms
based on either GPG keys or X509 certificates. pkg_add(1) may however
fail at installing such packages in some conditions, due to
uninitialized variables in the code used to extract the package signed
from its container.
>How-To-Repeat:
This example uses a GPG key, which has to be generated beforehand.
Configure pkg_install:
$ cat /etc/pkg_install.conf
GPG=/home/khorben/bin/gpg
GPG_SIGN_AS=root@edgebsd.org
VERIFIED_INSTALLATION=always
Sign a package:
$ mkdir signed
$ pkg_admin gpg-sign-package digest-20121220.tgz signed/digest-20121220.tgz
Try to install the resulting package:
$ pkg_add -v signed/digest-20121220.tgz
gpg: Signature made Sun Sep 8 03:32:11 2013 UTC using RSA key ID 6F3AF5E2
gpg: Good signature from "EdgeBSD packages <root@edgebsd.org>"
pkg_add: 1 package addition failed
>Fix:
X-Git-Url: http://git.edgebsd.org/gitweb/?p=edgebsd-pkgsrc.git;a=commitdiff_plain;h=1a4a18342a5d49ce9a93ab0689b4aa04dfc40847
Fixed installation of signed packages (uninitialized variables)
---
diff --git a/pkgtools/pkg_install/files/lib/pkg_signature.c b/pkgtools/pkg_install/files/lib/pkg_signature.c
index 089234e..5e837be 100644
--- a/pkgtools/pkg_install/files/lib/pkg_signature.c
+++ b/pkgtools/pkg_install/files/lib/pkg_signature.c
@@ -326,6 +326,9 @@ pkg_verify_signature(const char *archive_name, struct archive **archive,
*pkgname = NULL;
state = xmalloc(sizeof(*state));
+ state->sign_block_len = 0;
+ state->sign_block_number = 0;
+ state->sign_cur_block = 0;
state->sign_blocks = NULL;
state->sign_buf = NULL;
state->archive = NULL;
See also the following discussion on how to generate signed packages
directly from pkgsrc:
http://mail-index.netbsd.org/pkgsrc-users/2013/08/30/msg018511.html
Patches are also available for pkgsrc, see:
http://git.edgebsd.org/gitweb/?p=edgebsd-pkgsrc.git;a=commitdiff_plain;h=b2ad0ec7e434d221d92218c52b18558a825f5ec9
HTH,
--
khorben
>Release-Note:
>Audit-Trail:
From: Alistair Crooks <agc@pkgsrc.org>
To: gnats-bugs@NetBSD.org
Cc: pkg-manager@NetBSD.org, gnats-admin@NetBSD.org, pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/48194: Fixing signed packages in pkg_install and pkgsrc
Date: Mon, 9 Sep 2013 05:43:17 +0200
On Sun, Sep 08, 2013 at 11:30:00PM +0000, Pierre Pronchery wrote:
> >Description:
> pkgsrc has been supporting signed packages since 2001, with mechanisms
> based on either GPG keys or X509 certificates. pkg_add(1) may however
> fail at installing such packages in some conditions, due to
> uninitialized variables in the code used to extract the package signed
> from its container.
Thanks for the PR.
These aren't GPG signatures, they're PGP signatures. gnupg is just one
implementation of PGP.
> >How-To-Repeat:
> This example uses a GPG key, which has to be generated beforehand.
>
> Configure pkg_install:
> $ cat /etc/pkg_install.conf
> GPG=/home/khorben/bin/gpg
> GPG_SIGN_AS=root@edgebsd.org
> VERIFIED_INSTALLATION=always
>
> Sign a package:
> $ mkdir signed
> $ pkg_admin gpg-sign-package digest-20121220.tgz signed/digest-20121220.tgz
>
> Try to install the resulting package:
> $ pkg_add -v signed/digest-20121220.tgz
> gpg: Signature made Sun Sep 8 03:32:11 2013 UTC using RSA key ID 6F3AF5E2
> gpg: Good signature from "EdgeBSD packages <root@edgebsd.org>"
> pkg_add: 1 package addition failed
>
> >Fix:
>
> X-Git-Url: http://git.edgebsd.org/gitweb/?p=edgebsd-pkgsrc.git;a=commitdiff_plain;h=1a4a18342a5d49ce9a93ab0689b4aa04dfc40847
>
> Fixed installation of signed packages (uninitialized variables)
> ---
>
> diff --git a/pkgtools/pkg_install/files/lib/pkg_signature.c b/pkgtools/pkg_install/files/lib/pkg_signature.c
> index 089234e..5e837be 100644
> --- a/pkgtools/pkg_install/files/lib/pkg_signature.c
> +++ b/pkgtools/pkg_install/files/lib/pkg_signature.c
> @@ -326,6 +326,9 @@ pkg_verify_signature(const char *archive_name, struct archive **archive,
> *pkgname = NULL;
>
> state = xmalloc(sizeof(*state));
> + state->sign_block_len = 0;
> + state->sign_block_number = 0;
> + state->sign_cur_block = 0;
> state->sign_blocks = NULL;
> state->sign_buf = NULL;
> state->archive = NULL;
I'd be mode inclined to initialise with:
state = xcalloc(1, sizeof(*state));
and avoid all the explicit initialisations. Scales better.
Regards,
Al
Responsible-Changed-From-To: pkg-manager->agc
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Mon, 09 Sep 2013 09:04:00 +0000
Responsible-Changed-Why:
Over to master of signatures.
From: Pierre Pronchery <khorben@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: Alistair Crooks <agc@pkgsrc.org>, pkg-manager@netbsd.org,
pkgsrc-bugs@netbsd.org
Subject: Re: pkg/48194: Fixing signed packages in pkg_install and pkgsrc
Date: Tue, 10 Sep 2013 18:25:52 +0200
This is a multi-part message in MIME format.
--------------080302090605020106030807
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hi there,
On 09/09/2013 05:45, Alistair Crooks wrote:
>
> On Sun, Sep 08, 2013 at 11:30:00PM +0000, Pierre Pronchery wrote:
> > >Description:
> > pkgsrc has been supporting signed packages since 2001, with mechanisms
> > based on either GPG keys or X509 certificates. pkg_add(1) may however
> > fail at installing such packages in some conditions, due to
> > uninitialized variables in the code used to extract the package signed
> > from its container.
>
> These aren't GPG signatures, they're PGP signatures. gnupg is just one
> implementation of PGP.
Is it really so bad to call them GPG signatures and keys? Shouldn't we
even say "OpenPGP" then instead? In the context of the GPG
implementation, there are keys and signatures too - hopefully in
compliance with the standard.
Anyway, I used "GPG" in the patch to be consistent with the existing
options from pkg_admin(1) and pkg_install.conf(5), which expect an
implementation of PGP/GPG to be command-line compatible with gnupg.
> > >How-To-Repeat:
> > This example uses a GPG key, which has to be generated beforehand.
> >
> > Configure pkg_install:
> > $ cat /etc/pkg_install.conf
> > GPG=/home/khorben/bin/gpg
> > GPG_SIGN_AS=root@edgebsd.org
> > VERIFIED_INSTALLATION=always
> >
> > Sign a package:
> > $ mkdir signed
> > $ pkg_admin gpg-sign-package digest-20121220.tgz signed/digest-20121220.tgz
> >
> > Try to install the resulting package:
> > $ pkg_add -v signed/digest-20121220.tgz
> > gpg: Signature made Sun Sep 8 03:32:11 2013 UTC using RSA key ID 6F3AF5E2
> > gpg: Good signature from "EdgeBSD packages <root@edgebsd.org>"
> > pkg_add: 1 package addition failed
> >
> > >Fix:
> >
> > X-Git-Url: http://git.edgebsd.org/gitweb/?p=edgebsd-pkgsrc.git;a=commitdiff_plain;h=1a4a18342a5d49ce9a93ab0689b4aa04dfc40847
> >
> > Fixed installation of signed packages (uninitialized variables)
> > ---
> >
> > diff --git a/pkgtools/pkg_install/files/lib/pkg_signature.c b/pkgtools/pkg_install/files/lib/pkg_signature.c
> > index 089234e..5e837be 100644
> > --- a/pkgtools/pkg_install/files/lib/pkg_signature.c
> > +++ b/pkgtools/pkg_install/files/lib/pkg_signature.c
> > @@ -326,6 +326,9 @@ pkg_verify_signature(const char *archive_name, struct archive **archive,
> > *pkgname = NULL;
> >
> > state = xmalloc(sizeof(*state));
> > + state->sign_block_len = 0;
> > + state->sign_block_number = 0;
> > + state->sign_cur_block = 0;
> > state->sign_blocks = NULL;
> > state->sign_buf = NULL;
> > state->archive = NULL;
>
> I'd be mode inclined to initialise with:
>
> state = xcalloc(1, sizeof(*state));
>
> and avoid all the explicit initialisations. Scales better.
Done; the new fix is attached here (for pkg_install in pkgsrc only first).
Cheers,
--
khorben
--------------080302090605020106030807
Content-Type: text/plain; charset=ISO-8859-15;
name="patch-pkg_install_signing.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="patch-pkg_install_signing.diff"
diff --git a/pkgtools/pkg_install/files/lib/pkg_signature.c b/pkgtools/pkg_install/files/lib/pkg_signature.c
index 089234e..79a8092 100644
--- a/pkgtools/pkg_install/files/lib/pkg_signature.c
+++ b/pkgtools/pkg_install/files/lib/pkg_signature.c
@@ -325,10 +325,7 @@ pkg_verify_signature(const char *archive_name, struct archive **archive,
*pkgname = NULL;
- state = xmalloc(sizeof(*state));
- state->sign_blocks = NULL;
- state->sign_buf = NULL;
- state->archive = NULL;
+ state = xcalloc(sizeof(*state), 1);
r = read_file_from_archive(archive_name, *archive, entry, HASH_FNAME,
&hash_file, &hash_len);
--------------080302090605020106030807--
From: Alistair Crooks <agc@pkgsrc.org>
To: Pierre Pronchery <khorben@netbsd.org>
Cc: gnats-bugs@netbsd.org, pkg-manager@netbsd.org, pkgsrc-bugs@netbsd.org
Subject: Re: pkg/48194: Fixing signed packages in pkg_install and pkgsrc
Date: Wed, 11 Sep 2013 05:37:41 +0200
On Tue, Sep 10, 2013 at 06:25:52PM +0200, Pierre Pronchery wrote:
> Hi there,
>
> On 09/09/2013 05:45, Alistair Crooks wrote:
> >
> > On Sun, Sep 08, 2013 at 11:30:00PM +0000, Pierre Pronchery wrote:
> > > >Description:
> > > pkgsrc has been supporting signed packages since 2001, with mechanisms
> > > based on either GPG keys or X509 certificates. pkg_add(1) may however
> > > fail at installing such packages in some conditions, due to
> > > uninitialized variables in the code used to extract the package signed
> > > from its container.
> >
> > These aren't GPG signatures, they're PGP signatures. gnupg is just one
> > implementation of PGP.
>
> Is it really so bad to call them GPG signatures and keys? Shouldn't we
> even say "OpenPGP" then instead? In the context of the GPG
> implementation, there are keys and signatures too - hopefully in
> compliance with the standard.
Not sure what you mean about keys and signatures being in compliance
with the standard - if they aren't compliant, they won't work.
As for the names, we don't "gcc" something, we "compile" it, and maybe
not even with gcc. We don't write a gawk script, we write an awk one.
I'm also (violently) against basing anything on gpg's command line
interface. Purely because I don't want to lose my lunch any time
soon.
> Anyway, I used "GPG" in the patch to be consistent with the existing
> options from pkg_admin(1) and pkg_install.conf(5), which expect an
> implementation of PGP/GPG to be command-line compatible with gnupg.
I think it should be changed from GPG to OpenPGP, as you suggest.
> > > >How-To-Repeat:
> > > This example uses a GPG key, which has to be generated beforehand.
> > >
> > > Configure pkg_install:
> > > $ cat /etc/pkg_install.conf
> > > GPG=/home/khorben/bin/gpg
> > > GPG_SIGN_AS=root@edgebsd.org
> > > VERIFIED_INSTALLATION=always
> > >
> > > Sign a package:
> > > $ mkdir signed
> > > $ pkg_admin gpg-sign-package digest-20121220.tgz signed/digest-20121220.tgz
> > >
> > > Try to install the resulting package:
> > > $ pkg_add -v signed/digest-20121220.tgz
> > > gpg: Signature made Sun Sep 8 03:32:11 2013 UTC using RSA key ID 6F3AF5E2
> > > gpg: Good signature from "EdgeBSD packages <root@edgebsd.org>"
> > > pkg_add: 1 package addition failed
> > >
> > > >Fix:
> > >
> > > X-Git-Url: http://git.edgebsd.org/gitweb/?p=edgebsd-pkgsrc.git;a=commitdiff_plain;h=1a4a18342a5d49ce9a93ab0689b4aa04dfc40847
> > >
> > > Fixed installation of signed packages (uninitialized variables)
> > > ---
> > >
> > > diff --git a/pkgtools/pkg_install/files/lib/pkg_signature.c b/pkgtools/pkg_install/files/lib/pkg_signature.c
> > > index 089234e..5e837be 100644
> > > --- a/pkgtools/pkg_install/files/lib/pkg_signature.c
> > > +++ b/pkgtools/pkg_install/files/lib/pkg_signature.c
> > > @@ -326,6 +326,9 @@ pkg_verify_signature(const char *archive_name, struct archive **archive,
> > > *pkgname = NULL;
> > >
> > > state = xmalloc(sizeof(*state));
> > > + state->sign_block_len = 0;
> > > + state->sign_block_number = 0;
> > > + state->sign_cur_block = 0;
> > > state->sign_blocks = NULL;
> > > state->sign_buf = NULL;
> > > state->archive = NULL;
> >
> > I'd be mode inclined to initialise with:
> >
> > state = xcalloc(1, sizeof(*state));
> >
> > and avoid all the explicit initialisations. Scales better.
>
> Done; the new fix is attached here (for pkg_install in pkgsrc only first).
Yeah, that's great, please commit.
Thanks!
Alistair
From: "Pierre Pronchery" <khorben@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48194 CVS commit: src/external/bsd/pkg_install/dist/lib
Date: Wed, 11 Sep 2013 12:59:19 +0000
Module Name: src
Committed By: khorben
Date: Wed Sep 11 12:59:19 UTC 2013
Modified Files:
src/external/bsd/pkg_install/dist/lib: pkg_signature.c
Log Message:
Fixed installation of signed packages. Some variables part of struct
signature_archive were not initialized properly, therefore randomly failing
in the verify_signature_read_cb() callback.
Partly closes PR pkg/48194; pkgsrc needs to be updated as well.
"please commit" agc@
XXX pull-up to netbsd-6
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.2 \
src/external/bsd/pkg_install/dist/lib/pkg_signature.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Pierre Pronchery" <khorben@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48194 CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
Date: Wed, 11 Sep 2013 14:10:05 +0000
Module Name: pkgsrc
Committed By: khorben
Date: Wed Sep 11 14:10:05 UTC 2013
Modified Files:
pkgsrc/pkgtools/pkg_install/files/lib: pkg_signature.c
Log Message:
Fixed installation of signed packages. Some variables part of struct
signature_archive were not initialized properly, therefore randomly failing
in the verify_signature_read_cb() callback.
Partly closes PR pkg/48194; pkgsrc needs to be updated as well.
"please commit" agc@
XXX pull-up to netbsd-6
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 \
pkgsrc/pkgtools/pkg_install/files/lib/pkg_signature.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Pierre Pronchery <khorben@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: agc@NetBSD.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org
Subject: Re: PR/48194 CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
Date: Wed, 11 Sep 2013 16:24:44 +0200
Hi all,
now that I have pushed the change to both pkgsrc and src, I would like
to ask about version handling and the PKGTOOLS_REQD variable. I believe
the "latest version required for correct pkgsrc operation" includes this
patch, since it was impossible so far to even simply extract signed
packages reliably.
Is this ok, and what is the correct procedure for doing so?
Cheers,
-- Pierre Pronchery
On 11/09/2013 16:15, Pierre Pronchery wrote:
> The following reply was made to PR pkg/48194; it has been noted by GNATS.
>
> From: "Pierre Pronchery" <khorben@netbsd.org>
> To: gnats-bugs@gnats.NetBSD.org
> Cc:
> Subject: PR/48194 CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
> Date: Wed, 11 Sep 2013 14:10:05 +0000
>
> Module Name: pkgsrc
> Committed By: khorben
> Date: Wed Sep 11 14:10:05 UTC 2013
>
> Modified Files:
> pkgsrc/pkgtools/pkg_install/files/lib: pkg_signature.c
>
> Log Message:
> Fixed installation of signed packages. Some variables part of struct
> signature_archive were not initialized properly, therefore randomly failing
> in the verify_signature_read_cb() callback.
>
> Partly closes PR pkg/48194; pkgsrc needs to be updated as well.
>
> "please commit" agc@
>
> XXX pull-up to netbsd-6
>
>
> To generate a diff of this commit:
> cvs rdiff -u -r1.10 -r1.11 \
> pkgsrc/pkgtools/pkg_install/files/lib/pkg_signature.c
>
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
--
khorben
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc: agc@NetBSD.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org,
Pierre Pronchery <khorben@NetBSD.org>
Subject: Re: PR/48194 CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
Date: Wed, 11 Sep 2013 18:41:17 +0200
On Wed, Sep 11, 2013 at 02:30:01PM +0000, Pierre Pronchery wrote:
> now that I have pushed the change to both pkgsrc and src, I would like
> to ask about version handling and the PKGTOOLS_REQD variable. I believe
> the "latest version required for correct pkgsrc operation" includes this
> patch, since it was impossible so far to even simply extract signed
> packages reliably.
Given that noone has used signed binary as evident by the lack of bug
reports, I object to the bump at this point in time.
Joerg
From: Pierre Pronchery <khorben@netbsd.org>
To: Joerg Sonnenberger <joerg@britannica.bec.de>
Cc: gnats-bugs@NetBSD.org, agc@NetBSD.org, gnats-admin@netbsd.org,
pkgsrc-bugs@netbsd.org
Subject: Re: PR/48194 CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
Date: Wed, 11 Sep 2013 19:00:56 +0200
On 11/09/2013 18:41, Joerg Sonnenberger wrote:
> On Wed, Sep 11, 2013 at 02:30:01PM +0000, Pierre Pronchery wrote:
>> now that I have pushed the change to both pkgsrc and src, I would like
>> to ask about version handling and the PKGTOOLS_REQD variable. I believe
>> the "latest version required for correct pkgsrc operation" includes this
>> patch, since it was impossible so far to even simply extract signed
>> packages reliably.
>
> Given that noone has used signed binary as evident by the lack of bug
> reports, I object to the bump at this point in time.
...which in turn, means that it blocks people from even trying it. If we
keep going that pace, it will never be used ever.
--
khorben
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: PR/48194 CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
Date: Wed, 11 Sep 2013 19:15:49 +0200
On Wed, Sep 11, 2013 at 05:05:00PM +0000, Pierre Pronchery wrote:
> The following reply was made to PR pkg/48194; it has been noted by GNATS.
>
> From: Pierre Pronchery <khorben@netbsd.org>
> To: Joerg Sonnenberger <joerg@britannica.bec.de>
> Cc: gnats-bugs@NetBSD.org, agc@NetBSD.org, gnats-admin@netbsd.org,
> pkgsrc-bugs@netbsd.org
> Subject: Re: PR/48194 CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
> Date: Wed, 11 Sep 2013 19:00:56 +0200
>
> On 11/09/2013 18:41, Joerg Sonnenberger wrote:
> > On Wed, Sep 11, 2013 at 02:30:01PM +0000, Pierre Pronchery wrote:
> >> now that I have pushed the change to both pkgsrc and src, I would like
> >> to ask about version handling and the PKGTOOLS_REQD variable. I believe
> >> the "latest version required for correct pkgsrc operation" includes this
> >> patch, since it was impossible so far to even simply extract signed
> >> packages reliably.
> >
> > Given that noone has used signed binary as evident by the lack of bug
> > reports, I object to the bump at this point in time.
>
> ...which in turn, means that it blocks people from even trying it. If we
> keep going that pace, it will never be used ever.
You can always just install a newer pkg_install. The point is that
PKGTOOL_REQD *forces* you to update.
Joerg
From: Pierre Pronchery <khorben@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: Joerg Sonnenberger <joerg@britannica.bec.de>, agc@NetBSD.org,
gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org
Subject: Re: PR/48194 CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
Date: Mon, 16 Sep 2013 11:31:42 +0200
On 11/09/2013 19:20, Joerg Sonnenberger wrote:
> The following reply was made to PR pkg/48194; it has been noted by GNATS.
>
> From: Joerg Sonnenberger <joerg@britannica.bec.de>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: PR/48194 CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
> Date: Wed, 11 Sep 2013 19:15:49 +0200
>
> On Wed, Sep 11, 2013 at 05:05:00PM +0000, Pierre Pronchery wrote:
> > The following reply was made to PR pkg/48194; it has been noted by GNATS.
> >
> > From: Pierre Pronchery <khorben@netbsd.org>
> > To: Joerg Sonnenberger <joerg@britannica.bec.de>
> > Cc: gnats-bugs@NetBSD.org, agc@NetBSD.org, gnats-admin@netbsd.org,
> > pkgsrc-bugs@netbsd.org
> > Subject: Re: PR/48194 CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
> > Date: Wed, 11 Sep 2013 19:00:56 +0200
> >
> > On 11/09/2013 18:41, Joerg Sonnenberger wrote:
> > > On Wed, Sep 11, 2013 at 02:30:01PM +0000, Pierre Pronchery wrote:
> > >> now that I have pushed the change to both pkgsrc and src, I would like
> > >> to ask about version handling and the PKGTOOLS_REQD variable. I believe
> > >> the "latest version required for correct pkgsrc operation" includes this
> > >> patch, since it was impossible so far to even simply extract signed
> > >> packages reliably.
> > >
> > > Given that noone has used signed binary as evident by the lack of bug
> > > reports, I object to the bump at this point in time.
> >
> > ...which in turn, means that it blocks people from even trying it. If we
> > keep going that pace, it will never be used ever.
>
> You can always just install a newer pkg_install. The point is that
> PKGTOOL_REQD *forces* you to update.
...which is necessary to be able to install signed packages in the first
place. So if we want the possibility to provide signed packages in
2013Q4, we need to force an update in 2013Q3 already.
--
khorben
From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48194 CVS commit: [netbsd-6] src/external/bsd/pkg_install/dist/lib
Date: Tue, 17 Sep 2013 19:38:00 +0000
Module Name: src
Committed By: msaitoh
Date: Tue Sep 17 19:38:00 UTC 2013
Modified Files:
src/external/bsd/pkg_install/dist/lib [netbsd-6]: pkg_signature.c
Log Message:
Pull up following revision(s) (requested by khorben in ticket #943):
external/bsd/pkg_install/dist/lib/pkg_signature.c: revision 1.2
Fixed installation of signed packages. Some variables part of struct
signature_archive were not initialized properly, therefore randomly
failing in the verify_signature_read_cb() callback.
Partly closes PR pkg/48194; pkgsrc needs to be updated as well.
"please commit" agc@
XXX pull-up to netbsd-6
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.8.1 \
src/external/bsd/pkg_install/dist/lib/pkg_signature.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48194 CVS commit: [netbsd-6-1] src/external/bsd/pkg_install/dist/lib
Date: Tue, 17 Sep 2013 19:54:00 +0000
Module Name: src
Committed By: msaitoh
Date: Tue Sep 17 19:53:59 UTC 2013
Modified Files:
src/external/bsd/pkg_install/dist/lib [netbsd-6-1]: pkg_signature.c
Log Message:
Pull up following revision(s) (requested by khorben in ticket #943):
external/bsd/pkg_install/dist/lib/pkg_signature.c: revision 1.2
Fixed installation of signed packages. Some variables part of struct
signature_archive were not initialized properly, therefore randomly
failing in the verify_signature_read_cb() callback.
Partly closes PR pkg/48194; pkgsrc needs to be updated as well.
"please commit" agc@
XXX pull-up to netbsd-6
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.20.1 \
src/external/bsd/pkg_install/dist/lib/pkg_signature.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48194 CVS commit: [netbsd-6-0] src/external/bsd/pkg_install/dist/lib
Date: Tue, 17 Sep 2013 19:56:50 +0000
Module Name: src
Committed By: msaitoh
Date: Tue Sep 17 19:56:50 UTC 2013
Modified Files:
src/external/bsd/pkg_install/dist/lib [netbsd-6-0]: pkg_signature.c
Log Message:
Pull up following revision(s) (requested by khorben in ticket #943):
external/bsd/pkg_install/dist/lib/pkg_signature.c: revision 1.2
Fixed installation of signed packages. Some variables part of struct
signature_archive were not initialized properly, therefore randomly
failing in the verify_signature_read_cb() callback.
Partly closes PR pkg/48194; pkgsrc needs to be updated as well.
"please commit" agc@
XXX pull-up to netbsd-6
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.14.1 \
src/external/bsd/pkg_install/dist/lib/pkg_signature.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: khorben@NetBSD.org
State-Changed-When: Sun, 06 Apr 2014 16:23:07 +0000
State-Changed-Why:
Fix committed and pull-ups were done.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home