diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 9e65095c6..5cd0e82f8 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.315 2023/11/19 15:51:49 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.316 2023/11/25 12:05:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1516,18 +1516,6 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) } LSSL_ALIAS(SSL_CTX_callback_ctrl); -int -ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) -{ - long l; - - l = a->id - b->id; - if (l == 0L) - return (0); - else - return ((l > 0) ? 1:-1); -} - STACK_OF(SSL_CIPHER) * SSL_get_ciphers(const SSL *s) { @@ -3651,6 +3639,18 @@ SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) } LSSL_ALIAS(SSL_set_quic_use_legacy_codepoint); +static int +ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) +{ + long l; + + l = a->id - b->id; + if (l == 0L) + return (0); + else + return ((l > 0) ? 1:-1); +} + static int ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) { diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h index dd8895f01..a3007eae2 100644 --- a/lib/libssl/ssl_local.h +++ b/lib/libssl/ssl_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_local.h,v 1.8 2023/11/19 15:51:49 tb Exp $ */ +/* $OpenBSD: ssl_local.h,v 1.9 2023/11/25 12:05:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1304,7 +1304,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int include_ticket); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert); -int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num); int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb); diff --git a/sbin/dhcpleased/dhcpleased.conf.5 b/sbin/dhcpleased/dhcpleased.conf.5 index 4d3eb86fb..27798d74d 100644 --- a/sbin/dhcpleased/dhcpleased.conf.5 +++ b/sbin/dhcpleased/dhcpleased.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: dhcpleased.conf.5,v 1.12 2023/03/02 17:09:52 jmc Exp $ +.\" $OpenBSD: dhcpleased.conf.5,v 1.13 2023/11/25 12:00:39 florian Exp $ .\" .\" Copyright (c) 2018, 2021 Florian Obser .\" Copyright (c) 2005 Esben Norby @@ -18,7 +18,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 2 2023 $ +.Dd $Mdocdate: November 25 2023 $ .Dt DHCPLEASED.CONF 5 .Os .Sh NAME @@ -68,6 +68,9 @@ Ignore leases from .Ar server-ip . This option can be listed multiple times. The default is to not ignore servers. +.It Ic prefer ipv6 +Send the IPv6-Only preferred option to the server. +If the server responds with the option, no lease is configured. .It Ic send client id Ar client-id Send the DHCP client identifier option with a value of .Ar client-id . diff --git a/sbin/dhcpleased/dhcpleased.h b/sbin/dhcpleased/dhcpleased.h index c5d7e2046..80fe9dcf5 100644 --- a/sbin/dhcpleased/dhcpleased.h +++ b/sbin/dhcpleased/dhcpleased.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dhcpleased.h,v 1.14 2022/03/21 04:35:41 dlg Exp $ */ +/* $OpenBSD: dhcpleased.h,v 1.15 2023/11/25 12:00:39 florian Exp $ */ /* * Copyright (c) 2017, 2021 Florian Obser @@ -132,6 +132,7 @@ #define DHO_NDS_SERVERS 85 #define DHO_NDS_TREE_NAME 86 #define DHO_NDS_CONTEXT 87 +#define DHO_IPV6_ONLY_PREFERRED 108 #define DHO_DOMAIN_SEARCH 119 #define DHO_CLASSLESS_STATIC_ROUTES 121 #define DHO_TFTP_CONFIG_FILE 144 @@ -258,6 +259,7 @@ struct iface_conf { int ignore; struct in_addr ignore_servers[MAX_SERVERS]; int ignore_servers_len; + int prefer_ipv6; }; struct dhcpleased_conf { diff --git a/sbin/dhcpleased/engine.c b/sbin/dhcpleased/engine.c index b2e34ef6d..d435850af 100644 --- a/sbin/dhcpleased/engine.c +++ b/sbin/dhcpleased/engine.c @@ -1,4 +1,4 @@ -/* $OpenBSD: engine.c,v 1.39 2023/11/03 15:02:06 tb Exp $ */ +/* $OpenBSD: engine.c,v 1.40 2023/11/25 12:00:39 florian Exp $ */ /* * Copyright (c) 2017, 2021 Florian Obser @@ -70,6 +70,7 @@ enum if_state { IF_REBINDING, /* IF_INIT_REBOOT, */ IF_REBOOTING, + IF_IPV6_ONLY, }; const char* if_state_name[] = { @@ -82,6 +83,7 @@ const char* if_state_name[] = { "Rebinding", /* "Init-Reboot", */ "Rebooting", + "IPv6 only", }; struct dhcpleased_iface { @@ -113,6 +115,7 @@ struct dhcpleased_iface { uint32_t lease_time; uint32_t renewal_time; uint32_t rebinding_time; + uint32_t ipv6_only_time; }; LIST_HEAD(, dhcpleased_iface) dhcpleased_interfaces; @@ -339,6 +342,7 @@ engine_dispatch_frontend(int fd, short event, void *bula) case IF_REBINDING: case IF_REBOOTING: case IF_BOUND: + case IF_IPV6_ONLY: state_transition(iface, IF_REBOOTING); break; } @@ -727,6 +731,7 @@ parse_dhcp(struct dhcpleased_iface *iface, struct imsg_dhcp *dhcp) size_t rem, i; uint32_t sum, usum, lease_time = 0, renewal_time = 0; uint32_t rebinding_time = 0; + uint32_t ipv6_only_time = 0; uint8_t *p, dho = DHO_PAD, dho_len, slen; uint8_t dhcp_message_type = 0; int routes_len = 0, routers = 0, csr = 0; @@ -1173,6 +1178,18 @@ parse_dhcp(struct dhcpleased_iface *iface, struct imsg_dhcp *dhcp) } break; } + case DHO_IPV6_ONLY_PREFERRED: + if (dho_len != sizeof(ipv6_only_time)) + goto wrong_length; + memcpy(&ipv6_only_time, p, sizeof(ipv6_only_time)); + ipv6_only_time = ntohl(ipv6_only_time); + if (log_getverbose() > 1) { + log_debug("DHO_IPV6_ONLY_PREFERRED %us", + ipv6_only_time); + } + p += dho_len; + rem -= dho_len; + break; default: if (log_getverbose() > 1) log_debug("DHO_%u, len: %u", dho, dho_len); @@ -1207,6 +1224,14 @@ parse_dhcp(struct dhcpleased_iface *iface, struct imsg_dhcp *dhcp) "offered IP address", __func__); return; } +#ifndef SMALL + if (iface_conf != NULL && iface_conf->prefer_ipv6 && + ipv6_only_time > 0) { + iface->ipv6_only_time = ipv6_only_time; + state_transition(iface, IF_IPV6_ONLY); + break; + } +#endif iface->server_identifier = server_identifier; iface->dhcp_server = server_identifier; iface->requested_ip = dhcp_hdr->yiaddr; @@ -1307,6 +1332,14 @@ parse_dhcp(struct dhcpleased_iface *iface, struct imsg_dhcp *dhcp) strlcpy(iface->domainname, domainname, sizeof(iface->domainname)); strlcpy(iface->hostname, hostname, sizeof(iface->hostname)); +#ifndef SMALL + if (iface_conf != NULL && iface_conf->prefer_ipv6 && + ipv6_only_time > 0) { + iface->ipv6_only_time = ipv6_only_time; + state_transition(iface, IF_IPV6_ONLY); + break; + } +#endif state_transition(iface, IF_BOUND); break; case DHCPNAK: @@ -1386,6 +1419,7 @@ state_transition(struct dhcpleased_iface *iface, enum if_state new_state) send_deconfigure_interface(iface); /* fall through */ case IF_DOWN: + case IF_IPV6_ONLY: iface->timo.tv_sec = START_EXP_BACKOFF; break; case IF_BOUND: @@ -1434,6 +1468,25 @@ state_transition(struct dhcpleased_iface *iface, enum if_state new_state) iface->timo.tv_sec /= 2; request_dhcp_request(iface); break; + case IF_IPV6_ONLY: + switch (old_state) { + case IF_REQUESTING: + case IF_RENEWING: + case IF_REBINDING: + case IF_REBOOTING: + /* going IPv6 only: delete legacy IP */ + send_rdns_withdraw(iface); + send_deconfigure_interface(iface); + /* fall through */ + case IF_INIT: + case IF_DOWN: + case IF_IPV6_ONLY: + iface->timo.tv_sec = iface->ipv6_only_time; + break; + case IF_BOUND: + fatal("invalid transition Bound -> IPv6 only"); + break; + } } if_name = if_indextoname(iface->if_index, ifnamebuf); @@ -1499,6 +1552,9 @@ iface_timeout(int fd, short events, void *arg) else state_transition(iface, IF_REBINDING); break; + case IF_IPV6_ONLY: + state_transition(iface, IF_REQUESTING); + break; } } @@ -1584,6 +1640,9 @@ request_dhcp_request(struct dhcpleased_iface *iface) imsg.requested_ip.s_addr = INADDR_ANY; /* MUST NOT */ imsg.ciaddr = iface->requested_ip; /* IP address */ break; + case IF_IPV6_ONLY: + fatalx("invalid state IF_IPV6_ONLY in %s", __func__); + break; } engine_imsg_compose_frontend(IMSG_SEND_REQUEST, 0, &imsg, sizeof(imsg)); diff --git a/sbin/dhcpleased/frontend.c b/sbin/dhcpleased/frontend.c index e94a3591c..3640f3bdb 100644 --- a/sbin/dhcpleased/frontend.c +++ b/sbin/dhcpleased/frontend.c @@ -1,4 +1,4 @@ -/* $OpenBSD: frontend.c,v 1.30 2022/07/14 15:23:09 florian Exp $ */ +/* $OpenBSD: frontend.c,v 1.31 2023/11/25 12:00:39 florian Exp $ */ /* * Copyright (c) 2017, 2021 Florian Obser @@ -924,6 +924,11 @@ build_packet(uint8_t message_type, char *if_name, uint32_t xid, 8, DHO_SUBNET_MASK, DHO_ROUTERS, DHO_DOMAIN_NAME_SERVERS, DHO_HOST_NAME, DHO_DOMAIN_NAME, DHO_BROADCAST_ADDRESS, DHO_DOMAIN_SEARCH, DHO_CLASSLESS_STATIC_ROUTES}; + static uint8_t dhcp_req_list_v6[] = {DHO_DHCP_PARAMETER_REQUEST_LIST, + 9, DHO_SUBNET_MASK, DHO_ROUTERS, DHO_DOMAIN_NAME_SERVERS, + DHO_HOST_NAME, DHO_DOMAIN_NAME, DHO_BROADCAST_ADDRESS, + DHO_DOMAIN_SEARCH, DHO_CLASSLESS_STATIC_ROUTES, + DHO_IPV6_ONLY_PREFERRED}; static uint8_t dhcp_requested_address[] = {DHO_DHCP_REQUESTED_ADDRESS, 4, 0, 0, 0, 0}; static uint8_t dhcp_server_identifier[] = {DHO_DHCP_SERVER_IDENTIFIER, @@ -997,15 +1002,23 @@ build_packet(uint8_t message_type, char *if_name, uint32_t xid, memcpy(p, iface_conf->vc_id, iface_conf->vc_id_len); p += iface_conf->vc_id_len; } + if (iface_conf->prefer_ipv6) { + memcpy(p, dhcp_req_list_v6, sizeof(dhcp_req_list_v6)); + p += sizeof(dhcp_req_list_v6); + + } else { + memcpy(p, dhcp_req_list, sizeof(dhcp_req_list)); + p += sizeof(dhcp_req_list); + } } else #endif /* SMALL */ { memcpy(dhcp_client_id + 3, hw_address, sizeof(*hw_address)); memcpy(p, dhcp_client_id, sizeof(dhcp_client_id)); p += sizeof(dhcp_client_id); + memcpy(p, dhcp_req_list, sizeof(dhcp_req_list)); + p += sizeof(dhcp_req_list); } - memcpy(p, dhcp_req_list, sizeof(dhcp_req_list)); - p += sizeof(dhcp_req_list); if (requested_ip->s_addr != INADDR_ANY) { memcpy(dhcp_requested_address + 2, requested_ip, diff --git a/sbin/dhcpleased/parse.y b/sbin/dhcpleased/parse.y index e3a68953a..eeae4289e 100644 --- a/sbin/dhcpleased/parse.y +++ b/sbin/dhcpleased/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.7 2022/03/21 04:35:41 dlg Exp $ */ +/* $OpenBSD: parse.y,v 1.8 2023/11/25 12:00:39 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser @@ -109,7 +109,7 @@ typedef struct { %} %token DHCP_IFACE ERROR SEND VENDOR CLASS ID CLIENT IGNORE DNS ROUTES HOST NAME -%token NO +%token NO PREFER IPV6 %token STRING %token NUMBER @@ -324,6 +324,9 @@ ifaceoptsl : SEND VENDOR CLASS ID STRING { } free($2); } + | PREFER IPV6 { + iface_conf->prefer_ipv6 = 1; + } ; %% @@ -366,8 +369,10 @@ lookup(char *s) {"id", ID}, {"ignore", IGNORE}, {"interface", DHCP_IFACE}, + {"ipv6", IPV6}, {"name", NAME}, {"no", NO}, + {"prefer", PREFER}, {"routes", ROUTES}, {"send", SEND}, {"vendor", VENDOR}, diff --git a/sbin/dhcpleased/printconf.c b/sbin/dhcpleased/printconf.c index 076fe2ec0..50b9dc7fa 100644 --- a/sbin/dhcpleased/printconf.c +++ b/sbin/dhcpleased/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.4 2022/01/04 06:20:37 florian Exp $ */ +/* $OpenBSD: printconf.c,v 1.6 2023/11/25 13:00:05 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser @@ -126,6 +126,8 @@ print_config(struct dhcpleased_conf *conf) printf("\tignore %s\n", hbuf); } + if (iface->prefer_ipv6) + printf("\tprefer ipv6\n"); printf("}\n"); } } diff --git a/share/man/man5/hosts.5 b/share/man/man5/hosts.5 index 8b3b7b699..c15d19b7b 100644 --- a/share/man/man5/hosts.5 +++ b/share/man/man5/hosts.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: hosts.5,v 1.26 2022/03/31 17:27:23 naddy Exp $ +.\" $OpenBSD: hosts.5,v 1.27 2023/11/25 08:14:43 florian Exp $ .\" $NetBSD: hosts.5,v 1.4 1994/11/30 19:31:20 jtc Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)hosts.5 8.2 (Berkeley) 12/11/93 .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: November 25 2023 $ .Dt HOSTS 5 .Os .Sh NAME @@ -76,6 +76,9 @@ dot notation (IPv4) or colon separated notation (IPv6) as described in .Xr inet_pton 3 . Host names may contain any printable character other than a field delimiter, newline, or comment character. +.Pp +The host "localhost" and all names underneath the localhost domain will +always resolve to the loopback addresses 127.0.0.1 or ::1. .Sh FILES .Bl -tag -width /etc/hosts -compact .It Pa /etc/hosts diff --git a/share/man/man5/resolv.conf.5 b/share/man/man5/resolv.conf.5 index ed3b8f660..907fd8969 100644 --- a/share/man/man5/resolv.conf.5 +++ b/share/man/man5/resolv.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: resolv.conf.5,v 1.64 2021/11/23 06:58:36 jmc Exp $ +.\" $OpenBSD: resolv.conf.5,v 1.65 2023/11/25 08:14:43 florian Exp $ .\" $NetBSD: resolv.conf.5,v 1.7 1996/03/06 18:22:16 scottr Exp $ .\" .\" Copyright (c) 1986, 1991 The Regents of the University of California. @@ -30,7 +30,7 @@ .\" .\" @(#)resolver.5 5.12 (Berkeley) 5/10/91 .\" -.Dd $Mdocdate: November 23 2021 $ +.Dd $Mdocdate: November 25 2023 $ .Dt RESOLV.CONF 5 .Os .Sh NAME @@ -50,6 +50,9 @@ file does not exist, only the local host file will be consulted, i.e. the Domain Name System will not be used to resolve hosts. .Pp +The host "localhost" and all names underneath the localhost domain will +always resolve to the loopback addresses 127.0.0.1 or ::1. +.Pp The file is designed to be human readable and contains a list of keywords with values that provide various types of resolver information. A resolv.conf file is not required for some setups, so this file is optional. diff --git a/sys/arch/amd64/amd64/vmm_machdep.c b/sys/arch/amd64/amd64/vmm_machdep.c index b3dc2919e..5bdb9fc80 100644 --- a/sys/arch/amd64/amd64/vmm_machdep.c +++ b/sys/arch/amd64/amd64/vmm_machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm_machdep.c,v 1.9 2023/11/13 19:15:01 jasper Exp $ */ +/* $OpenBSD: vmm_machdep.c,v 1.10 2023/11/24 21:48:25 dv Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -3949,14 +3949,14 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) { int ret = 0, exitinfo; struct region_descriptor gdt; - struct cpu_info *ci = curcpu(); + struct cpu_info *ci = NULL; uint64_t exit_reason, cr3, insn_error; struct schedstate_percpu *spc; struct vmx_invvpid_descriptor vid; uint64_t eii, procbased, int_st; uint16_t irq, ldt_sel; u_long s; - struct region_descriptor gdtr, idtr; + struct region_descriptor idtr; rw_assert_wrlock(&vcpu->vc_lock); @@ -4033,26 +4033,6 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) memset(&vcpu->vc_exit, 0, sizeof(vcpu->vc_exit)); } - setregion(&gdt, ci->ci_gdt, GDT_SIZE - 1); - if (gdt.rd_base == 0) { - printf("%s: setregion\n", __func__); - return (EINVAL); - } - - /* Host GDTR base */ - if (vmwrite(VMCS_HOST_IA32_GDTR_BASE, gdt.rd_base)) { - printf("%s: vmwrite(0x%04X, 0x%llx)\n", __func__, - VMCS_HOST_IA32_GDTR_BASE, gdt.rd_base); - return (EINVAL); - } - - /* Host TR base */ - if (vmwrite(VMCS_HOST_IA32_TR_BASE, (uint64_t)ci->ci_tss)) { - printf("%s: vmwrite(0x%04X, 0x%llx)\n", __func__, - VMCS_HOST_IA32_TR_BASE, (uint64_t)ci->ci_tss); - return (EINVAL); - } - /* Host CR3 */ cr3 = rcr3(); if (vmwrite(VMCS_HOST_IA32_CR3, cr3)) { @@ -4110,6 +4090,34 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) vmm_update_pvclock(vcpu); + if (ci != curcpu()) { + ci = curcpu(); + vcpu->vc_last_pcpu = ci; + + setregion(&gdt, ci->ci_gdt, GDT_SIZE - 1); + if (gdt.rd_base == 0) { + printf("%s: setregion\n", __func__); + return (EINVAL); + } + + /* Host GDTR base */ + if (vmwrite(VMCS_HOST_IA32_GDTR_BASE, gdt.rd_base)) { + printf("%s: vmwrite(0x%04X, 0x%llx)\n", + __func__, VMCS_HOST_IA32_GDTR_BASE, + gdt.rd_base); + return (EINVAL); + } + + /* Host TR base */ + if (vmwrite(VMCS_HOST_IA32_TR_BASE, + (uint64_t)ci->ci_tss)) { + printf("%s: vmwrite(0x%04X, 0x%llx)\n", + __func__, VMCS_HOST_IA32_TR_BASE, + (uint64_t)ci->ci_tss); + return (EINVAL); + } + } + /* Inject event if present */ if (vcpu->vc_event != 0) { eii = (vcpu->vc_event & 0xFF); @@ -4161,7 +4169,6 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) break; } - sgdt(&gdtr); sidt(&idtr); sldt(&ldt_sel); @@ -4182,7 +4189,6 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) wrpkru(PGK_VALUE); } - bare_lgdt(&gdtr); lidt(&idtr); lldt(ldt_sel); diff --git a/usr.sbin/pkg_add/OpenBSD/FwUpdate.pm b/usr.sbin/pkg_add/OpenBSD/FwUpdate.pm index 0396c6de3..714b5a2c3 100644 --- a/usr.sbin/pkg_add/OpenBSD/FwUpdate.pm +++ b/usr.sbin/pkg_add/OpenBSD/FwUpdate.pm @@ -1,7 +1,7 @@ #! /usr/bin/perl # ex:ts=8 sw=4: -# $OpenBSD: FwUpdate.pm,v 1.35 2023/06/13 09:07:17 espie Exp $ +# $OpenBSD: FwUpdate.pm,v 1.36 2023/11/25 10:17:59 espie Exp $ # # Copyright (c) 2014 Marc Espie # @@ -82,7 +82,6 @@ sub handle_options($state) sub finish_init($state) { - delete $state->{signer_list}; # XXX uncache value $state->{subst}->add('FW_UPDATE', 1); } diff --git a/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm b/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm index 7179333fb..e4dc8e0af 100644 --- a/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm +++ b/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm @@ -1,5 +1,5 @@ # ex:ts=8 sw=4: -# $OpenBSD: PackageRepository.pm,v 1.176 2023/06/13 09:07:17 espie Exp $ +# $OpenBSD: PackageRepository.pm,v 1.177 2023/11/25 10:29:23 espie Exp $ # # Copyright (c) 2003-2010 Marc Espie # @@ -420,12 +420,22 @@ sub uncompress($self, $object, @p) return $fh; } +sub keytype($self) +{ + if ($self->{state}->defines("FW_UPDATE")) { + return "fw"; + } else { + return "pkg"; + } +} + sub signify_pipe($self, $object, @p) { CORE::open STDERR, ">>", $object->{errors}; exec {OpenBSD::Paths->signify} ("signify", "-zV", + "-t", $self->keytype, @p) or $self->{state}->fatal("Can't run #1: #2", OpenBSD::Paths->signify, $!); diff --git a/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm b/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm index bfce68ed6..ece19eb44 100644 --- a/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm +++ b/usr.sbin/pkg_add/OpenBSD/PkgAdd.pm @@ -1,7 +1,7 @@ #! /usr/bin/perl # ex:ts=8 sw=4: -# $OpenBSD: PkgAdd.pm,v 1.146 2023/11/08 09:51:13 caspar Exp $ +# $OpenBSD: PkgAdd.pm,v 1.147 2023/11/25 10:58:45 espie Exp $ # # Copyright (c) 2003-2014 Marc Espie # @@ -307,7 +307,6 @@ sub check_security($set, $state, $plist, $h) my ($error, $bad); $state->run_quirks( sub($quirks) { - return unless $quirks->can("check_security"); $bad = $quirks->check_security($plist->fullpkgpath); if (defined $bad) { require OpenBSD::PkgSpec; diff --git a/usr.sbin/pkg_add/OpenBSD/PkgInfo.pm b/usr.sbin/pkg_add/OpenBSD/PkgInfo.pm index a26ca6037..87a5d96f7 100644 --- a/usr.sbin/pkg_add/OpenBSD/PkgInfo.pm +++ b/usr.sbin/pkg_add/OpenBSD/PkgInfo.pm @@ -1,6 +1,6 @@ #! /usr/bin/perl # ex:ts=8 sw=4: -# $OpenBSD: PkgInfo.pm,v 1.52 2023/06/14 09:59:09 espie Exp $ +# $OpenBSD: PkgInfo.pm,v 1.54 2023/11/25 11:02:23 espie Exp $ # # Copyright (c) 2003-2014 Marc Espie # @@ -538,7 +538,7 @@ sub parse_and_run($self, $cmd) } }; $state->{no_exports} = 1; - $state->handle_options('cCdfF:hIKLmPQ:qr:RsSUe:E:Ml:aAtz', + $state->handle_options('cCdfIKLmPQ:qr:RsSUe:E:Ml:aAtz', '[-AaCcdfIKLMmPqRSstUvz] [-D nolock][-E filename] [-e pkg-name] ', '[-l str] [-Q query] [-r pkgspec] [pkg-name ...]'); diff --git a/usr.sbin/pkg_add/OpenBSD/State.pm b/usr.sbin/pkg_add/OpenBSD/State.pm index a6414ac28..dc587b152 100644 --- a/usr.sbin/pkg_add/OpenBSD/State.pm +++ b/usr.sbin/pkg_add/OpenBSD/State.pm @@ -1,5 +1,5 @@ # ex:ts=8 sw=4: -# $OpenBSD: State.pm,v 1.75 2023/11/24 18:19:25 espie Exp $ +# $OpenBSD: State.pm,v 1.77 2023/11/25 10:18:40 espie Exp $ # # Copyright (c) 2007-2014 Marc Espie # @@ -251,6 +251,7 @@ sub handle_options($state, $opt_string, @usage) }); $state->{v} = $state->opt('v'); + # XXX don't try to move to AddCreateDelete, PkgInfo needs this too if ($state->defines('unsigned')) { $state->{signature_style} //= 'unsigned'; } elsif ($state->defines('oldsign')) { @@ -312,17 +313,4 @@ sub find_window_size($self) } } -OpenBSD::Auto::cache(signer_list, - sub($self) { - if ($self->defines('SIGNER')) { - return [split /,/, $self->{subst}->value('SIGNER')]; - } else { - if ($self->defines('FW_UPDATE')) { - return [qr{^.*fw$}]; - } else { - return [qr{^.*pkg$}]; - } - } - }); - 1;