wallenstein/void-packages
1
0
Fork 0
mirror of https://github.com/void-linux/void-packages.git synced 2025-04-22 17:17:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

xbps: update to 0.59.2.

Browse source
This commit is contained in:
Duncaen 2023-09-18 15:21:55 +02:00
parent bd90b40a82
commit 3702de1d4b
No known key found for this signature in database
GPG key ID: 335C1D17EC3D6E35
5 changed files with 3 additions and 367 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
srcpkgs/xbps/patches/b5954c80db5d7fba2b0635e758126c4d949edbb3.patch
View file

@ -1,55 +0,0 @@
From b5954c80db5d7fba2b0635e758126c4d949edbb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Piotr=20W=C3=B3jcik?= <chocimier@tlen.pl>
Date: Sat, 2 Jul 2022 22:37:08 +0200
Subject: [PATCH] lib/fetch: reuse http connection
With HTTP 1.1 persistent connection is default and Connection
header is not sent.
Before patch, for every file, including 512b signature, there was
done dns query, tls handshake etc.
---
lib/fetch/http.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/lib/fetch/http.c b/lib/fetch/http.c
index 395e7d8f..02b97a51 100644
--- a/lib/fetch/http.c
+++ b/lib/fetch/http.c
@@ -424,7 +424,7 @@ http_cmd(conn_t *conn, const char *fmt, ...)
* Get and parse status line
*/
static int
-http_get_reply(conn_t *conn)
+http_get_reply(conn_t *conn, int *keep_alive)
{
char *p;
@@ -445,6 +445,10 @@ http_get_reply(conn_t *conn)
if (*p == '/') {
if (p[1] != '1' || p[2] != '.' || (p[3] != '0' && p[3] != '1'))
return (HTTP_PROTOCOL_ERROR);
+ /* HTTP/1.1 defaults to the use of "persistent connections" */
+ if (keep_alive && p[3] == '1') {
+ *keep_alive = 1;
+ }
p += 4;
}
if (*p != ' ' ||
@@ -760,7 +764,7 @@ http_connect(struct url *URL, struct url *purl, const char *flags, int *cached)
http_cmd(conn, "\r\n");
- if (http_get_reply(conn) != HTTP_OK) {
+ if (http_get_reply(conn, NULL) != HTTP_OK) {
http_seterr(conn->err);
fetch_close(conn);
return (NULL);
@@ -1011,7 +1015,7 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
sizeof(val));
/* get reply */
- switch (http_get_reply(conn)) {
+ switch (http_get_reply(conn, &keep_alive)) {
case HTTP_OK:
case HTTP_PARTIAL:
case HTTP_NOT_MODIFIED:

17
srcpkgs/xbps/patches/cflags.patch
View file

@ -1,17 +0,0 @@
Both CFLAGS and LDFLAGS need to be passed during linkage as CFLAGS may contain
things that influence linkage (e.g. ssp_nonshared may be necessary to link
when using strong stack protector)
diff --git lib/Makefile lib/Makefile
index 65342ef..847bfdd 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -78,7 +78,7 @@ $(OBJS): %.o: %.c
libxbps.so: $(LIBFETCH_OBJS) $(LIBPROP_OBJS) $(OBJS)
@printf " [CCLD]\t\t$@\n"
- ${SILENT}$(CC) $^ $(LDFLAGS) -o $(LIBXBPS_SHLIB)
+ ${SILENT}$(CC) $^ $(CFLAGS) $(LDFLAGS) -o $(LIBXBPS_SHLIB)
@-ln -sf $(LIBXBPS_SHLIB) libxbps.so.$(LIBXBPS_MAJOR)
@-ln -sf $(LIBXBPS_SHLIB) libxbps.so

46
srcpkgs/xbps/patches/openssl3.patch
View file

@ -1,46 +0,0 @@
From db1766986c4389eb7e17c0e0076971b711617ef9 Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@gmail.com>
Date: Thu, 16 Apr 2020 14:57:18 +0200
Subject: [PATCH] configure: accept any openssl version.
---
configure | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index da8ae75fa..383bc927b 100755
--- a/configure
+++ b/configure
@@ -704,7 +704,7 @@ fi
# libssl with pkg-config support is required.
#
printf "Checking for libssl via pkg-config ... "
-if pkg-config --exists 'libssl < 1.2' && ! pkg-config --exists libtls ; then
+if pkg-config --exists 'libssl' && ! pkg-config --exists libtls ; then
echo "found OpenSSL version $(pkg-config --modversion libssl)."
elif pkg-config --exists libssl libtls; then
echo "found LibreSSL version $(pkg-config --modversion libssl)."
---
From a65013e7370479243de62d56b44eb08d6bae943d Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Tue, 8 Aug 2023 01:32:17 -0400
Subject: [PATCH] configure: workaround for openssl3 compat
---
configure | 2 ++
1 file changed, 2 insertions(+)
diff --git a/configure b/configure
index 303c90a1..c7d78bf1 100755
--- a/configure
+++ b/configure
@@ -368,6 +368,8 @@ fi
if [ "$CC" = "tcc" ]; then
echo "CFLAGS += -Wno-error" >>$CONFIG_MK
fi
+# openssl 3 compatibility
+echo "CFLAGS += -Wno-error=deprecated-declarations">>$CONFIG_MK
# libfetch
echo "CPPFLAGS += -I\$(TOPDIR)/lib/fetch" >>$CONFIG_MK

246
srcpkgs/xbps/patches/sig2.patch
View file

@ -1,246 +0,0 @@
https://github.com/void-linux/xbps/pull/565 but rebased on 0.59.1
From d7a0fc190b00fbb083688993971f466df834ceaa Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Tue, 8 Aug 2023 00:36:10 -0400
Subject: [PATCH] lib/, bin/: fix signature type, now called *.sig2
Since 8d5c48b, xbps has used a sha1 ASN1 prefix with a sha256 hash, and
as of openssl v3, openssl cares about this. This works around that in a
compatible way by moving to a second sig file, binpkg.sig2.
For xbps-remove -O and xbps-rindex -r, also clean up obselete .sig files.
---
bin/xbps-remove/clean-cache.c | 10 +++++++++-
bin/xbps-rindex/remove-obsoletes.c | 13 +++++++++++--
bin/xbps-rindex/sign.c | 9 ++-------
include/xbps.h.in | 4 ++--
lib/transaction_fetch.c | 10 +++++-----
lib/util.c | 6 +++---
lib/verifysig.c | 4 ++--
7 files changed, 34 insertions(+), 22 deletions(-)
diff --git a/bin/xbps-remove/clean-cache.c b/bin/xbps-remove/clean-cache.c
index 43ff6057..680a4d1e 100644
--- a/bin/xbps-remove/clean-cache.c
+++ b/bin/xbps-remove/clean-cache.c
@@ -43,7 +43,7 @@ cleaner_cb(struct xbps_handle *xhp, xbps_object_t obj,
{
xbps_dictionary_t repo_pkgd;
const char *binpkg, *rsha256;
- char *binpkgsig, *pkgver, *arch;
+ char *binpkgsig, *binpkgsig2, *pkgver, *arch;
bool drun = false;
/* Extract drun (dry-run) flag from arg*/
@@ -78,6 +78,7 @@ cleaner_cb(struct xbps_handle *xhp, xbps_object_t obj,
}
}
binpkgsig = xbps_xasprintf("%s.sig", binpkg);
+ binpkgsig2 = xbps_xasprintf("%s.sig2", binpkg);
if (!drun && unlink(binpkg) == -1) {
fprintf(stderr, "Failed to remove `%s': %s\n",
binpkg, strerror(errno));
@@ -91,6 +92,13 @@ cleaner_cb(struct xbps_handle *xhp, xbps_object_t obj,
}
}
free(binpkgsig);
+ if (!drun && unlink(binpkgsig2) == -1) {
+ if (errno != ENOENT) {
+ fprintf(stderr, "Failed to remove `%s': %s\n",
+ binpkgsig2, strerror(errno));
+ }
+ }
+ free(binpkgsig2);
return 0;
}
diff --git a/bin/xbps-rindex/remove-obsoletes.c b/bin/xbps-rindex/remove-obsoletes.c
index 80cf2fff..de776145 100644
--- a/bin/xbps-rindex/remove-obsoletes.c
+++ b/bin/xbps-rindex/remove-obsoletes.c
@@ -39,11 +39,12 @@
static int
remove_pkg(const char *repodir, const char *file)
{
- char *filepath, *sigpath;
+ char *filepath, *sigpath, *sig2path;
int rv = 0;
filepath = xbps_xasprintf("%s/%s", repodir, file);
sigpath = xbps_xasprintf("%s.sig", filepath);
+ sig2path = xbps_xasprintf("%s.sig2", filepath);
if (remove(filepath) == -1) {
if (errno != ENOENT) {
rv = errno;
@@ -55,10 +56,18 @@ remove_pkg(const char *repodir, const char *file)
if (errno != ENOENT) {
rv = errno;
fprintf(stderr, "xbps-rindex: failed to remove "
- "package signature `%s': %s\n", sigpath, strerror(rv));
+ "legacy package signature `%s': %s\n", sigpath, strerror(rv));
+ }
+ }
+ if (remove(sig2path) == -1) {
+ if (errno != ENOENT) {
+ rv = errno;
+ xbps_error_printf("xbps-rindex: failed to remove "
+ "package signature `%s': %s\n", sig2path, strerror(rv));
}
}
free(sigpath);
+ free(sig2path);
free(filepath);
return rv;
diff --git a/bin/xbps-rindex/sign.c b/bin/xbps-rindex/sign.c
index 666f7e24..94886f80 100644
--- a/bin/xbps-rindex/sign.c
+++ b/bin/xbps-rindex/sign.c
@@ -106,12 +106,7 @@ rsa_sign_file(RSA *rsa, const char *file,
return false;
}
- /*
- * XXX: NID_sha1 is wrong, doesn't make it any weaker
- * but the ASN1 is wrong, OpenSSL/LibreSSL doesn't care.
- * Other implementations like golang fail because of this.
- */
- if (!RSA_sign(NID_sha1, digest, XBPS_SHA256_DIGEST_SIZE,
+ if (!RSA_sign(NID_sha256, digest, XBPS_SHA256_DIGEST_SIZE,
*sigret, siglen, rsa)) {
free(*sigret);
return false;
@@ -262,7 +257,7 @@ sign_pkg(struct xbps_handle *xhp, const char *binpkg, const char *privkey, bool
char *sigfile = NULL;
int rv = 0, sigfile_fd = -1;
- sigfile = xbps_xasprintf("%s.sig", binpkg);
+ sigfile = xbps_xasprintf("%s.sig2", binpkg);
/*
* Skip pkg if file signature exists
*/
diff --git a/include/xbps.h.in b/include/xbps.h.in
index a8024a2b..07af916b 100644
--- a/include/xbps.h.in
+++ b/include/xbps.h.in
@@ -1958,8 +1958,8 @@ bool xbps_verify_signature(struct xbps_repo *repo, const char *sigfile,
* in \a repo.
*
* @param[in] repo Repository to use with the RSA public key associated.
- * @param[in] fname The filename to verify, the signature file must have a .sig
- * extension, i.e `<fname>.sig`.
+ * @param[in] fname The filename to verify, the signature file must have a .sig2
+ * extension, i.e `<fname>.sig2`.
*
* @return True if the signature is valid, false otherwise.
*/
diff --git a/lib/transaction_fetch.c b/lib/transaction_fetch.c
index c3cc7ed0..456d500d 100644
--- a/lib/transaction_fetch.c
+++ b/lib/transaction_fetch.c
@@ -69,7 +69,7 @@ verify_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkgd)
xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
"%s: removed pkg archive and its signature.", pkgver);
(void)remove(binfile);
- sigfile = xbps_xasprintf("%s.sig", binfile);
+ sigfile = xbps_xasprintf("%s.sig2", binfile);
(void)remove(sigfile);
free(sigfile);
goto out;
@@ -108,8 +108,8 @@ download_binpkg(struct xbps_handle *xhp, xbps_dictionary_t repo_pkgd)
xbps_dictionary_get_cstring_nocopy(repo_pkgd, "pkgver", &pkgver);
xbps_dictionary_get_cstring_nocopy(repo_pkgd, "architecture", &arch);
- snprintf(buf, sizeof buf, "%s/%s.%s.xbps.sig", repoloc, pkgver, arch);
- sigsuffix = buf+(strlen(buf)-sizeof (".sig")+1);
+ snprintf(buf, sizeof buf, "%s/%s.%s.xbps.sig2", repoloc, pkgver, arch);
+ sigsuffix = buf+(strlen(buf)-sizeof (".sig2")+1);
xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD, 0, pkgver,
"Downloading `%s' signature (from `%s')...", pkgver, repoloc);
@@ -143,8 +143,8 @@ download_binpkg(struct xbps_handle *xhp, xbps_dictionary_t repo_pkgd)
xbps_set_cb_state(xhp, XBPS_STATE_VERIFY, 0, pkgver,
"%s: verifying RSA signature...", pkgver);
- snprintf(buf, sizeof buf, "%s/%s.%s.xbps.sig", xhp->cachedir, pkgver, arch);
- sigsuffix = buf+(strlen(buf)-sizeof (".sig")+1);
+ snprintf(buf, sizeof buf, "%s/%s.%s.xbps.sig2", xhp->cachedir, pkgver, arch);
+ sigsuffix = buf+(strlen(buf)-sizeof (".sig2")+1);
if ((repo = xbps_rpool_get_repo(repoloc)) == NULL) {
rv = errno;
diff --git a/lib/util.c b/lib/util.c
index 71afd43b..296c399d 100644
--- a/lib/util.c
+++ b/lib/util.c
@@ -403,15 +403,15 @@ xbps_remote_binpkg_exists(struct xbps_handle *xhp, xbps_dictionary_t pkgd)
"architecture", &arch))
return NULL;
- snprintf(path, sizeof(path), "%s/%s.%s.xbps.sig", xhp->cachedir,
+ snprintf(path, sizeof(path), "%s/%s.%s.xbps.sig2", xhp->cachedir,
pkgver, arch);
/* check if the signature file exists */
if (access(path, R_OK) != 0)
return false;
- /* strip the .sig suffix and check if binpkg file exists */
- path[strlen(path)-sizeof (".sig")+1] = '\0';
+ /* strip the .sig2 suffix and check if binpkg file exists */
+ path[strlen(path)-sizeof (".sig2")+1] = '\0';
return access(path, R_OK) == 0;
}
diff --git a/lib/verifysig.c b/lib/verifysig.c
index 56537989..9aa574c2 100644
--- a/lib/verifysig.c
+++ b/lib/verifysig.c
@@ -63,7 +63,7 @@ rsa_verify_hash(struct xbps_repo *repo, xbps_data_t pubkey,
return false;
}
- rv = RSA_verify(NID_sha1, sha256, SHA256_DIGEST_LENGTH, sig, siglen, rsa);
+ rv = RSA_verify(NID_sha256, sha256, SHA256_DIGEST_LENGTH, sig, siglen, rsa);
RSA_free(rsa);
BIO_free(bio);
ERR_free_strings();
@@ -145,7 +145,7 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
return false;
}
- snprintf(sig, sizeof sig, "%s.sig", fname);
+ snprintf(sig, sizeof sig, "%s.sig2", fname);
val = xbps_verify_signature(repo, sig, digest);
return val;
--
2.41.0
---
From 51e886baec3fd0edf1ed74e7c29badc3936f3696 Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Tue, 15 Aug 2023 16:42:33 -0400
Subject: [PATCH] lib/transaction_fetch.c: don't rely on digest being NULL
caused issues when .xbps existed locally but .sig2 did not.
---
lib/transaction_fetch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/transaction_fetch.c b/lib/transaction_fetch.c
index 4af461db..4cbe288e 100644
--- a/lib/transaction_fetch.c
+++ b/lib/transaction_fetch.c
@@ -159,7 +159,7 @@ download_binpkg(struct xbps_handle *xhp, xbps_dictionary_t repo_pkgd)
* If digest is not set, binary package was not downloaded,
* i.e. 304 not modified, verify by file instead.
*/
- if (*digest) {
+ if (fetchLastErrCode == FETCH_UNCHANGED) {
*sigsuffix = '\0';
if (!xbps_verify_file_signature(repo, buf)) {
rv = EPERM;
--
2.41.0

6
srcpkgs/xbps/template
View file

@ -1,7 +1,7 @@
# Template file for 'xbps'
pkgname=xbps
version=0.59.1
revision=10
version=0.59.2
revision=1
bootstrap=yes
build_style=configure
short_desc="XBPS package system utilities"
@ -10,7 +10,7 @@ license="BSD-2-Clause, BSD-3-Clause, ISC"
homepage="https://github.com/void-linux/xbps"
changelog="https://github.com/void-linux/xbps/blob/master/NEWS"
distfiles="https://github.com/void-linux/xbps/archive/${version}.tar.gz"
checksum=0cbd8d5f23a62047c75974bca21da9f004a94efffd7f37c68562a8dbc869fb2a
checksum=a6607e83fcd654a0ae846d729e43fefd8da9a61323e91430f884caf895b4f59b
hostmakedepends="pkgconf"
checkdepends="kyua"