Merge branch 'master' into core119

author Arne Fitzenreiter <arne_f@ipfire.org>

Mon, 2 Apr 2018 14:56:02 +0000 (16:56 +0200)

committer Arne Fitzenreiter <arne_f@ipfire.org>

Mon, 2 Apr 2018 14:56:02 +0000 (16:56 +0200)
author Arne Fitzenreiter <arne_f@ipfire.org>
Mon, 2 Apr 2018 14:56:02 +0000 (16:56 +0200)
committer Arne Fitzenreiter <arne_f@ipfire.org>
Mon, 2 Apr 2018 14:56:02 +0000 (16:56 +0200)
diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl

index b2be733842950569090e2b327f92c3b0d279a8c5..aea07a6c7a375f7080fbd1315a3ff1ef8567b045 100644 (file)
--- a/config/rootfiles/common/curl
+++ b/config/rootfiles/common/curl
@@ -11,9 +11,8 @@ usr/bin/curl
  #usr/include/curl/typecheck-gcc.h
  #usr/lib/libcurl.la
  #usr/lib/libcurl.so
-usr/lib/libcurl.so.3
  usr/lib/libcurl.so.4
-#usr/lib/libcurl.so.4.5.0
+usr/lib/libcurl.so.4.5.0
  #usr/lib/pkgconfig/libcurl.pc
  #usr/share/aclocal/libcurl.m4
  #usr/share/man/man1/curl-config.1
diff --git a/config/rootfiles/common/pakfire b/config/rootfiles/common/pakfire

index 6cd531d1588b94ff041c01e599fea2af59afc882..0487c58f96fbf2fbb5af06f95e2ac7324dec9bfb 100644 (file)
--- a/config/rootfiles/common/pakfire
+++ b/config/rootfiles/common/pakfire
@@ -6,7 +6,8 @@ opt/pakfire/db/rootfiles
  #opt/pakfire/etc
  #opt/pakfire/pakfire.conf
  opt/pakfire/etc/pakfire.conf
-opt/pakfire/pakfire.key
+opt/pakfire/pakfire-2007.key
+opt/pakfire/pakfire-2018.key
  #opt/pakfire/lib
  opt/pakfire/lib/functions.pl
  opt/pakfire/lib/functions.sh
diff --git a/config/rootfiles/core/120/filelists/files b/config/rootfiles/core/120/filelists/files

index 8648cfccb10a2c0fa1cdc0f32bffab109edef5dc..c029cd4308ba186776c984173c0f3a386f0390fe 100644 (file)
--- a/config/rootfiles/core/120/filelists/files
+++ b/config/rootfiles/core/120/filelists/files
@@ -8,7 +8,8 @@ etc/rc.d/init.d/unbound
  etc/rc.d/rcsysinit.d/S81pakfire
  opt/pakfire/lib/functions.pl
  opt/pakfire/pakfire
-opt/pakfire/pakfire.key
+opt/pakfire/pakfire-2007.key
+opt/pakfire/pakfire-2018.key
  srv/web/ipfire/cgi-bin/ovpnmain.cgi
  srv/web/ipfire/cgi-bin/proxy.cgi
  srv/web/ipfire/cgi-bin/qos.cgi
diff --git a/config/rootfiles/core/120/update.sh b/config/rootfiles/core/120/update.sh

index 22d9d48d4de3f39c20a6dfe10f6ce24d6ecf33c1..459262c86e0edf25c60ae5a5f4db7ad5604ec6f0 100644 (file)
--- a/config/rootfiles/core/120/update.sh
+++ b/config/rootfiles/core/120/update.sh
@@ -75,7 +75,7 @@ fi
  sed -e "/UsePrivilegeSeparation/d" -i /etc/ssh/sshd_config
  
  # Import new Pakfire key
-gpg --import /opt/pakfire/pakfire.key
+/etc/init.d/pakfire start
  
  # This update needs a reboot...
  touch /var/run/need_reboot
diff --git a/lfs/curl b/lfs/curl

index ebb093f56b88e2bf07f519bf6bf97616ba610ed2..5a6fdc664068135ed5e3290f0d92d0aba1d2b314 100644 (file)
--- a/lfs/curl
+++ b/lfs/curl
@@ -78,7 +78,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                 --with-ca-bundle=/etc/ssl/certs/ca-bundle.crt
         cd $(DIR_APP) && make $(MAKETUNING)
         cd $(DIR_APP) && make install
-       # Create symlink to new curl lib for old binaries
-       ln -sf libcurl.so.4 /usr/lib/libcurl.so.3
         @rm -rf $(DIR_APP)
         @$(POSTBUILD)
diff --git a/src/initscripts/system/pakfire b/src/initscripts/system/pakfire

index 1238833d588df6d369a10f68629e72cb083d5a1a..43befc79697b44a40aff6fbe87ca24153c157127 100644 (file)
--- a/src/initscripts/system/pakfire
+++ b/src/initscripts/system/pakfire
@@ -12,8 +12,11 @@
  case "${1}" in
         start)
                 boot_mesg "Setting up Pakfire Package Manager..."
-               gpg --import /opt/pakfire/pakfire.key &>/dev/null
+               gpg --import /opt/pakfire/pakfire-2018.key &>/dev/null
                 evaluate_retval
+
+               # Try to import the old key, too
+               gpg --import /opt/pakfire/pakfire-2007.key &>/dev/null
                 ;;
  
         *)
diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl

index 78761aef62655a4b3d9502bd30c8050115a6765f..dd4007a449271ad674dc02015b484958353b36e9 100644 (file)
--- a/src/pakfire/lib/functions.pl
+++ b/src/pakfire/lib/functions.pl
@@ -35,6 +35,13 @@ use Switch;
  
  package Pakfire;
  
+my @VALID_KEY_FINGERPRINTS = (
+       # 2018
+       "3ECA8AA4478208B924BB96206FEF7A8ED713594B",
+       # 2007
+       "179740DC4D8C47DC63C099C74BDE364C64D96617",
+);
+
  # A small color-hash :D
  my %color;
         $color{'normal'}      = "\033[0m"; 
@@ -215,7 +222,7 @@ sub fetchfile {
                                         print FILE $final_data;
                                         close(FILE);
                                         logger("DOWNLOAD INFO: File received. Start checking signature...");
-                                       if (system("gpg --verify \"$Conf::tmpdir/$bfile\" &>/dev/null") eq 0) {
+                                       if (&valid_signature("$Conf::tmpdir/$bfile")) {
                                                 logger("DOWNLOAD INFO: Signature of $bfile is fine.");
                                                 move("$Conf::tmpdir/$bfile","$Conf::cachedir/$bfile");
                                         } else {
@@ -288,6 +295,25 @@ sub getcoredb {
         }
  }
  
+sub valid_signature($) {
+       my $filename = shift;
+
+       open(my $cmd, "gpg --verify --status-fd 1 \"$filename\" 2>/dev/null |");
+       while (<$cmd>) {
+               # Process valid signature lines
+               if (/VALIDSIG ([A-Z0-9]+)/) {
+                       # Check if we know the key
+                       foreach my $key (@VALID_KEY_FINGERPRINTS) {
+                               # Signature is valid
+                               return 1 if ($key eq $1);
+                       }
+               }
+       }
+       close($cmd);
+
+       # Signature is invalid
+       return 0;
+}
  
  sub selectmirror {
         ### Check if there is a current server list and read it.
diff --git a/src/pakfire/pakfire-2007.key b/src/pakfire/pakfire-2007.key

new file mode 100644 (file)

index 0000000..ced120a
--- /dev/null
+++ b/src/pakfire/pakfire-2007.key
@@ -0,0 +1,31 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGiBEYssZ8RBACcbHcYW+gPbjPFxv4ImlK1FgXV3s65Nnu7V9kghB7AZXterMVM
+rZ87sNEw6J3JT32k0e9iBukA1QrshPg3c/mL+2/lMvvxsUW19rj/8ZBCCnP1Svgq
+9q0OSJfadbm9b6Ndj06D/3EM+VpY5aI7XgNenh7ZcDbY9m8YDPdu0OF9uwCgltJS
++Pzjr16bJ/VnI549LfIG2KkEAJZWQmLQSXbl4VVEOSyaaJN8ugGBnZtnaL6IBE9K
+0FHoZU3GaEOP6L3IUHUzyWsrpC/G44hGPC3xIbr5VG3sJ6hUc3J2rjx1clFdyN6A
+bte9EWk1HkRFdaMfDn86vhIjn7znHU4cbvQLIpgB12+y2P/ydqLwyuyf6rV1JEWk
+pSXpA/91LnlvICvqompSmrpLKpb+DSe59tr/r5GI36VNnqWt32InmF0N2ceLwG1F
+K62M4Tf5/OZOg5m3uoTTHWf355+7NJjyPzT+DYbsuK56TNd/cFPeVdisdteeuINj
+3DIC/8H9Y7mvYMAoSNtdA74JrdzGiqH2zSTB/oa/nwDXFekrq7Q2TWljaGFlbCBU
+cmVtZXIgKFBha2ZpcmUgU2lnbmluZyBLZXkpIDxwYWtzQGlwZmlyZS5vcmc+iFoE
+ExECABoFAkYssZ8CGwMCCwIDFQIDAxYCAQIeAQIXgAAKCRBL3jZMZNlmF0pBAJ95
+S5xzasjMQLpvOWA9E4JG3YJasQCfbNpdZXbZHr7Io7hLR9iJ+OhybfuIawQQEQIA
+KwUCRi3ByAWDAeKFAB4aaHR0cDovL3d3dy5jYWNlcnQub3JnL2Nwcy5waHAACgkQ
+0rsNAWXQ/VjJhQCfUQh+9wPAlyQVb9gYZ5zgHfqDY1MAn2T/VXH2+acwC4O3oV1W
+Ni36NNRpuQINBEYsuJoQCAC6wq4ZMtWRGF/GeTd9l7boo40ulBth8Wr+IBK38XYv
+5s+WLiTuuTCM8Thq4eY3MOfO+VXhjQen1S2e8WiZq+c55pDDAKXvBFmVNKcgkK7C
+1AW85kY86aspoAK3/vi2pghlXAysTKSoW+WfoCbASDheEJopOkIMehdroraI2zTM
+y8AEk+TnbRPzoFNBEYwr3J1GlkegtU3mIPpALDfpL4+HoCgS+7SfAvIlG//C+4W/
+oI/VOYHDdM5zR1av/pVZGpUK4Ao/JBxXMaqsbiP43KytbNuMRsZ+sFDs/ZtmHf1z
+6AQ8mnxU0klT4ppU8Nl3hSVcvRacm6wBTvvGEqjkApkPAAMFCACKWJVpzcVAdOMP
+aB08qJ+GPSSgxspaSoFPjVN307Pr1Di/ZriC/UVNrq/eUHEIvC1zIx+t3O109qVH
+RMWbfCj+4/OBHJ4Ik3Nc5/8v6zaGwixJrkjohF8QLwodqazrjc+W3VsQ5jwfPpLe
+DFpd3xHhj5zhXQKN0tCCk435Q/58aMQCK75St3/ymP6NGaE2s7dsXU/BwndgfxJu
+Yz8LEK6phJ2t0jBiJJgcjWkoBkq8MhI6wKW6uDU4B/KKGHHLuZHg1ZKum8ASMcti
+S980DlSJyfLJnUIio5F/u/csug8bHKq5pA1x+wmsUBhuH66aosNJuz35Bl4nW365
+PoahYtQBiEkEGBECAAkFAkYsuJsCGwwACgkQS942TGTZZheq7ACfTrW5OaZOhrwt
+Jr+xgdjSFRrT14cAnjkEj51RQsP7LS5UTm+yce2olHDp
+=hYb3
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/src/pakfire/pakfire.key b/src/pakfire/pakfire-2018.key

similarity index 100%

rename from src/pakfire/pakfire.key

rename to src/pakfire/pakfire-2018.key
author	Arne Fitzenreiter <arne_f@ipfire.org>
	Mon, 2 Apr 2018 14:56:02 +0000 (16:56 +0200)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Mon, 2 Apr 2018 14:56:02 +0000 (16:56 +0200)
config/rootfiles/common/curl		patch \| blob \| blame \| history
config/rootfiles/common/pakfire		patch \| blob \| blame \| history
config/rootfiles/core/120/filelists/files		patch \| blob \| blame \| history
config/rootfiles/core/120/update.sh		patch \| blob \| blame \| history
lfs/curl		patch \| blob \| blame \| history
src/initscripts/system/pakfire		patch \| blob \| blame \| history
src/pakfire/lib/functions.pl		patch \| blob \| blame \| history
src/pakfire/pakfire-2007.key	[new file with mode: 0644]	patch \| blob
src/pakfire/pakfire-2018.key	[moved from src/pakfire/pakfire.key with 100% similarity]	patch \| blob \| blame \| history