#usr/include/curl/typecheck-gcc.h
#usr/lib/libcurl.la
#usr/lib/libcurl.so
-usr/lib/libcurl.so.3
usr/lib/libcurl.so.4
-#usr/lib/libcurl.so.4.5.0
+usr/lib/libcurl.so.4.5.0
#usr/lib/pkgconfig/libcurl.pc
#usr/share/aclocal/libcurl.m4
#usr/share/man/man1/curl-config.1
#opt/pakfire/etc
#opt/pakfire/pakfire.conf
opt/pakfire/etc/pakfire.conf
-opt/pakfire/pakfire.key
+opt/pakfire/pakfire-2007.key
+opt/pakfire/pakfire-2018.key
#opt/pakfire/lib
opt/pakfire/lib/functions.pl
opt/pakfire/lib/functions.sh
etc/rc.d/rcsysinit.d/S81pakfire
opt/pakfire/lib/functions.pl
opt/pakfire/pakfire
-opt/pakfire/pakfire.key
+opt/pakfire/pakfire-2007.key
+opt/pakfire/pakfire-2018.key
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/qos.cgi
sed -e "/UsePrivilegeSeparation/d" -i /etc/ssh/sshd_config
# Import new Pakfire key
-gpg --import /opt/pakfire/pakfire.key
+/etc/init.d/pakfire start
# This update needs a reboot...
touch /var/run/need_reboot
--with-ca-bundle=/etc/ssl/certs/ca-bundle.crt
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
- # Create symlink to new curl lib for old binaries
- ln -sf libcurl.so.4 /usr/lib/libcurl.so.3
@rm -rf $(DIR_APP)
@$(POSTBUILD)
case "${1}" in
start)
boot_mesg "Setting up Pakfire Package Manager..."
- gpg --import /opt/pakfire/pakfire.key &>/dev/null
+ gpg --import /opt/pakfire/pakfire-2018.key &>/dev/null
evaluate_retval
+
+ # Try to import the old key, too
+ gpg --import /opt/pakfire/pakfire-2007.key &>/dev/null
;;
*)
package Pakfire;
+my @VALID_KEY_FINGERPRINTS = (
+ # 2018
+ "3ECA8AA4478208B924BB96206FEF7A8ED713594B",
+ # 2007
+ "179740DC4D8C47DC63C099C74BDE364C64D96617",
+);
+
# A small color-hash :D
my %color;
$color{'normal'} = "\033[0m";
print FILE $final_data;
close(FILE);
logger("DOWNLOAD INFO: File received. Start checking signature...");
- if (system("gpg --verify \"$Conf::tmpdir/$bfile\" &>/dev/null") eq 0) {
+ if (&valid_signature("$Conf::tmpdir/$bfile")) {
logger("DOWNLOAD INFO: Signature of $bfile is fine.");
move("$Conf::tmpdir/$bfile","$Conf::cachedir/$bfile");
} else {
}
}
+sub valid_signature($) {
+ my $filename = shift;
+
+ open(my $cmd, "gpg --verify --status-fd 1 \"$filename\" 2>/dev/null |");
+ while (<$cmd>) {
+ # Process valid signature lines
+ if (/VALIDSIG ([A-Z0-9]+)/) {
+ # Check if we know the key
+ foreach my $key (@VALID_KEY_FINGERPRINTS) {
+ # Signature is valid
+ return 1 if ($key eq $1);
+ }
+ }
+ }
+ close($cmd);
+
+ # Signature is invalid
+ return 0;
+}
sub selectmirror {
### Check if there is a current server list and read it.
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGiBEYssZ8RBACcbHcYW+gPbjPFxv4ImlK1FgXV3s65Nnu7V9kghB7AZXterMVM
+rZ87sNEw6J3JT32k0e9iBukA1QrshPg3c/mL+2/lMvvxsUW19rj/8ZBCCnP1Svgq
+9q0OSJfadbm9b6Ndj06D/3EM+VpY5aI7XgNenh7ZcDbY9m8YDPdu0OF9uwCgltJS
++Pzjr16bJ/VnI549LfIG2KkEAJZWQmLQSXbl4VVEOSyaaJN8ugGBnZtnaL6IBE9K
+0FHoZU3GaEOP6L3IUHUzyWsrpC/G44hGPC3xIbr5VG3sJ6hUc3J2rjx1clFdyN6A
+bte9EWk1HkRFdaMfDn86vhIjn7znHU4cbvQLIpgB12+y2P/ydqLwyuyf6rV1JEWk
+pSXpA/91LnlvICvqompSmrpLKpb+DSe59tr/r5GI36VNnqWt32InmF0N2ceLwG1F
+K62M4Tf5/OZOg5m3uoTTHWf355+7NJjyPzT+DYbsuK56TNd/cFPeVdisdteeuINj
+3DIC/8H9Y7mvYMAoSNtdA74JrdzGiqH2zSTB/oa/nwDXFekrq7Q2TWljaGFlbCBU
+cmVtZXIgKFBha2ZpcmUgU2lnbmluZyBLZXkpIDxwYWtzQGlwZmlyZS5vcmc+iFoE
+ExECABoFAkYssZ8CGwMCCwIDFQIDAxYCAQIeAQIXgAAKCRBL3jZMZNlmF0pBAJ95
+S5xzasjMQLpvOWA9E4JG3YJasQCfbNpdZXbZHr7Io7hLR9iJ+OhybfuIawQQEQIA
+KwUCRi3ByAWDAeKFAB4aaHR0cDovL3d3dy5jYWNlcnQub3JnL2Nwcy5waHAACgkQ
+0rsNAWXQ/VjJhQCfUQh+9wPAlyQVb9gYZ5zgHfqDY1MAn2T/VXH2+acwC4O3oV1W
+Ni36NNRpuQINBEYsuJoQCAC6wq4ZMtWRGF/GeTd9l7boo40ulBth8Wr+IBK38XYv
+5s+WLiTuuTCM8Thq4eY3MOfO+VXhjQen1S2e8WiZq+c55pDDAKXvBFmVNKcgkK7C
+1AW85kY86aspoAK3/vi2pghlXAysTKSoW+WfoCbASDheEJopOkIMehdroraI2zTM
+y8AEk+TnbRPzoFNBEYwr3J1GlkegtU3mIPpALDfpL4+HoCgS+7SfAvIlG//C+4W/
+oI/VOYHDdM5zR1av/pVZGpUK4Ao/JBxXMaqsbiP43KytbNuMRsZ+sFDs/ZtmHf1z
+6AQ8mnxU0klT4ppU8Nl3hSVcvRacm6wBTvvGEqjkApkPAAMFCACKWJVpzcVAdOMP
+aB08qJ+GPSSgxspaSoFPjVN307Pr1Di/ZriC/UVNrq/eUHEIvC1zIx+t3O109qVH
+RMWbfCj+4/OBHJ4Ik3Nc5/8v6zaGwixJrkjohF8QLwodqazrjc+W3VsQ5jwfPpLe
+DFpd3xHhj5zhXQKN0tCCk435Q/58aMQCK75St3/ymP6NGaE2s7dsXU/BwndgfxJu
+Yz8LEK6phJ2t0jBiJJgcjWkoBkq8MhI6wKW6uDU4B/KKGHHLuZHg1ZKum8ASMcti
+S980DlSJyfLJnUIio5F/u/csug8bHKq5pA1x+wmsUBhuH66aosNJuz35Bl4nW365
+PoahYtQBiEkEGBECAAkFAkYsuJsCGwwACgkQS942TGTZZheq7ACfTrW5OaZOhrwt
+Jr+xgdjSFRrT14cAnjkEj51RQsP7LS5UTm+yce2olHDp
+=hYb3
+-----END PGP PUBLIC KEY BLOCK-----