This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via cdc1a0e901c285e84f8cbb6a01248ce6a141b361 (commit) via 35b892b0dd69c482fb3024f8e1dfbd13679b07d8 (commit) via 7d995c9f56055f39e559bd6e355a9a1689585c6d (commit) via ceed3534e154944651be9659e7f299d077edc439 (commit) via 5e5c2e541395bc5a2ab4d3304f6358861c594d3d (commit) from f0e9ed78a2ae1b828493c523e5137735c780d833 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit cdc1a0e901c285e84f8cbb6a01248ce6a141b361 Author: Erik Kapfer erik.kapfer@ipfire.org Date: Mon Mar 12 13:47:34 2018 +0100
OpenVPN: Update to version 2.4.5
This is primarily a maintenance release, with further improved OpenSSL 1.1 integration, several minor bug fixes and other minor improvements. Further information can be found in here https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245 and here https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 35b892b0dd69c482fb3024f8e1dfbd13679b07d8 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 16 14:36:05 2018 +0000
pakfire: Drop old key import mechanism
This was error-prone and allowed to potentially inject another key.
Fixes: #11539 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7d995c9f56055f39e559bd6e355a9a1689585c6d Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 16 14:33:42 2018 +0000
installer: Import the Pakfire key at install time
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ceed3534e154944651be9659e7f299d077edc439 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 16 14:28:17 2018 +0000
core120: Import new pakfire PGP key
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5e5c2e541395bc5a2ab4d3304f6358861c594d3d Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 16 14:23:56 2018 +0000
Import new Pakfire Signing Key
We will swap the key that we use to sign Pakfire packages since the current one is considered outdated cryptography.
Fixes: #11539
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/pakfire | 1 + config/rootfiles/core/120/filelists/files | 2 ++ config/rootfiles/core/120/update.sh | 3 +++ lfs/openvpn | 4 ++-- src/installer/main.c | 7 +++++++ src/pakfire/lib/functions.pl | 16 ---------------- src/pakfire/pakfire | 1 - src/pakfire/pakfire.key | 29 +++++++++++++++++++++++++++++ 8 files changed, 44 insertions(+), 19 deletions(-) create mode 100644 src/pakfire/pakfire.key
Difference in files: diff --git a/config/rootfiles/common/pakfire b/config/rootfiles/common/pakfire index ab439c5bd..6cd531d15 100644 --- a/config/rootfiles/common/pakfire +++ b/config/rootfiles/common/pakfire @@ -6,6 +6,7 @@ opt/pakfire/db/rootfiles #opt/pakfire/etc #opt/pakfire/pakfire.conf opt/pakfire/etc/pakfire.conf +opt/pakfire/pakfire.key #opt/pakfire/lib opt/pakfire/lib/functions.pl opt/pakfire/lib/functions.sh diff --git a/config/rootfiles/core/120/filelists/files b/config/rootfiles/core/120/filelists/files index aac6528e8..c8877f528 100644 --- a/config/rootfiles/core/120/filelists/files +++ b/config/rootfiles/core/120/filelists/files @@ -4,6 +4,8 @@ etc/sysctl.conf etc/fcron.daily/openvpn-crl-updater etc/rc.d/init.d/dhcp etc/rc.d/init.d/unbound +opt/pakfire/lib/functions.pl +opt/pakfire/pakfire.key srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/qos.cgi diff --git a/config/rootfiles/core/120/update.sh b/config/rootfiles/core/120/update.sh index d2fb326a6..2f1bca02c 100644 --- a/config/rootfiles/core/120/update.sh +++ b/config/rootfiles/core/120/update.sh @@ -68,6 +68,9 @@ fi # Remove deprecated SSH configuration option sed -e "/UsePrivilegeSeparation/d" -i /etc/ssh/sshd_config
+# Import new Pakfire key +gpg --import /opt/pakfire/pakfire.key + # This update needs a reboot... touch /var/run/need_reboot
diff --git a/lfs/openvpn b/lfs/openvpn index ef25c2567..5bd9da7a2 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -24,7 +24,7 @@
include Config
-VER = 2.4.4 +VER = 2.4.5
THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7a2002aad1671b24457bc9432a0c5c52 +$(DL_FILE)_MD5 = c510ad3c8fce738c678dbcc54367c945
install : $(TARGET)
diff --git a/src/installer/main.c b/src/installer/main.c index a3642551d..e154fb935 100644 --- a/src/installer/main.c +++ b/src/installer/main.c @@ -879,6 +879,13 @@ int main(int argc, char *argv[]) { free(backup_file); }
+ /* Import Pakfire key */ + snprintf(commandstring, STRING_SIZE, "/usr/sbin/chroot /harddisk /usr/bin/gpg --import /opt/pakfire/pakfire.key"); + if (runcommandwithstatus(commandstring, title, _("Setting up package management system..."), logfile)) { + errorbox(_("Could not import the Pakfire key.")); + goto EXIT; + } + // Download and execute the postinstall script if (*config.postinstall) { snprintf(commandstring, sizeof(commandstring), diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl index 0bf702e5b..c97d4254d 100644 --- a/src/pakfire/lib/functions.pl +++ b/src/pakfire/lib/functions.pl @@ -33,9 +33,6 @@ use Net::Ping;
package Pakfire;
-# GPG Keys -my $myid = "179740DC4D8C47DC63C099C74BDE364C64D96617"; # Our own gpg-key paks@ipfire.org - # A small color-hash :D my %color; $color{'normal'} = "\033[0m"; @@ -899,19 +896,6 @@ sub senduuid { } }
-sub checkcryptodb { - logger("CRYPTO INFO: Checking GnuPG Database"); - system("gpg --fingerprint $myid >/dev/null"); - return if ($? == 0); - - message("CRYPTO WARN: The GnuPG isn't configured correctly. Trying now to fix this."); - message("CRYPTO WARN: It's normal to see this on first execution."); - message("CRYPTO WARN: If this message is being shown repeatedly, check if time and date are set correctly, and if IPFire can connect via port 11371 TCP."); - - my $command = "gpg --keyserver pgp.ipfire.org --always-trust --status-fd 2"; - system("$command --recv-key $myid >> $Conf::logdir/gnupg-database.log 2>&1"); -} - sub callback { my ($data, $response, $protocol) = @_; $final_data .= $data; diff --git a/src/pakfire/pakfire b/src/pakfire/pakfire index da68454dc..202c1e5a1 100644 --- a/src/pakfire/pakfire +++ b/src/pakfire/pakfire @@ -30,7 +30,6 @@ my $force = "noforce"; &Pakfire::logger("PAKFIRE INFO: IPFire Pakfire $Conf::version started!"); - &Pakfire::checkcryptodb;
### Check if we are running as root # diff --git a/src/pakfire/pakfire.key b/src/pakfire/pakfire.key new file mode 100644 index 000000000..ec6024e11 --- /dev/null +++ b/src/pakfire/pakfire.key @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFqr0AoBEACeW1ClMLQyZ/67c7u5FTDbOfe3212rdXzjojDOjQepAIKErS06 +2rOGwurGu8cy39RJOBCR2VT6ai6mVejJnLm0j/3FL4df8tEhhtBNE9BhJriS5mIt +qoiR2zjR/ldEyLSiCfUprkAAX75vl7nqua2esHs1XnXykGoj7U/qRbu0jyavUJJx +i0/XSRjbEo6GB9tk7taGFFBNxTpWTaJBR9fhjLN4tUL5rYB5CXwBvgkl1WHQSpYW +sCIdF8l1mMuNLhzaZsq+lt8hMPKBM7TsdQtfOwYzV6mROJYeHDVSsrLYoDoYdW/o +vGV7758alxiMVNv5VI5hENofxriwlhZZOHKie9b9m6rCJ39qSsG1f1HwVa5ab33l +ktVdWmsqsvuF+kZL5K19tFScR4e1tpT+2xM7NT4SLlgsG0YXRVCA3fjis3P2Qft8 +turBMOayyrJqnqQTHTk9eNpWDJ6Tg2ZhJ7uR79vrdsqcfnL71D/CeUgD0xekZIys +MG7sqF6ApZXf1jvubD8Jw00EwrvZFRhIkiP6NxZjP4yA5YeUA1KHohVegIuTZLmT +t74PMqpYh/j/ixa7m0Ja/vyqwXGqJVdAuded+zmCPw0NRvdoGkMPlgYlgKzVDTF6 +gXgsr+yT+hFSfHWwCFrEgrv1JQsac5P7iCRB8PS9FWs6+vnoOlzZrGoI/wARAQAB +tDdJUEZpcmUgUGFrZmlyZSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxwYWtmaXJlQGlw +ZmlyZS5vcmc+iQI5BBMBAgAjBQJaq9AKAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC +HgECF4AACgkQb+96jtcTWUsx8BAAmkZ2rg/PQkXgqENhoJuoT93bKmu2Ng4DLKGc +JyGAd+PPan70jX9xAs/QMuEXbPwNnZUZCpMfDvOrf6FRoc651whJvp3h1dluMNBD +gsSwX7CgpLPaPxqthPLaN239b02GLJs/J6IiyTqS3QsBcJqvdWmcGqHZEiCjDTri +e0kQIXyjCEXQnnsTKZL/sa8KQTOAHsF81iYB2DqOWFZsQ9iJKjTCPlo5eOsZTJGt +XKQlmAIeACN6YfSBMGK24t4cyvUOcklVFHri+EVCYPMdxT96Wsfa4rFOnMwD1Ggx +b42KTRMK3awN8b91/gg6Oay+WDEGPJSnUsu04WoMzhQ0jwmu1i0O1OdKPshNE/7n +Eu/YggBqRy/ClyPbX1+9nfOE4ldUnRPSWTwtVpbPoAWDM+WYdo7mFVi7un9y7F8J +YOZRGkhar3KlfrkiXx6pD/rARj5bi3LcWXwEDT/ZdDd+h9lZtfLcCQe9lqqUcxCM +xWUXnH87svNCZMS/AEkVHDmKNtx6hsYFqwXgExExqH3uMmwQwwcL8rv9M2c/LLZQ +RFTSj/vhEzJY4nqS/m5dgWfwPYBleM6UwCHVWxP0uI18et739pMzTxaL+Q/uGXNP +42f4CPSnb3EbtCelUMfO2JQkhNGBL7SqoOmtykSmCykAWaSnGYhI1frQDcBvNao+ +xPvh/8Y= +=y1gn +-----END PGP PUBLIC KEY BLOCK-----
hooks/post-receive -- IPFire 2.x development tree