* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. cdc1a0e901c285e84f8cbb6a01248ce6a141b361
@ 2018-03-16 18:25 git
0 siblings, 0 replies; only message in thread
From: git @ 2018-03-16 18:25 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 9577 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via cdc1a0e901c285e84f8cbb6a01248ce6a141b361 (commit)
via 35b892b0dd69c482fb3024f8e1dfbd13679b07d8 (commit)
via 7d995c9f56055f39e559bd6e355a9a1689585c6d (commit)
via ceed3534e154944651be9659e7f299d077edc439 (commit)
via 5e5c2e541395bc5a2ab4d3304f6358861c594d3d (commit)
from f0e9ed78a2ae1b828493c523e5137735c780d833 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cdc1a0e901c285e84f8cbb6a01248ce6a141b361
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Mon Mar 12 13:47:34 2018 +0100
OpenVPN: Update to version 2.4.5
This is primarily a maintenance release, with further improved OpenSSL 1.1 integration, several minor bug fixes and other minor improvements.
Further information can be found in here https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245 and
here https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 35b892b0dd69c482fb3024f8e1dfbd13679b07d8
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 16 14:36:05 2018 +0000
pakfire: Drop old key import mechanism
This was error-prone and allowed to potentially inject another
key.
Fixes: #11539
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7d995c9f56055f39e559bd6e355a9a1689585c6d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 16 14:33:42 2018 +0000
installer: Import the Pakfire key at install time
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ceed3534e154944651be9659e7f299d077edc439
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 16 14:28:17 2018 +0000
core120: Import new pakfire PGP key
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5e5c2e541395bc5a2ab4d3304f6358861c594d3d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 16 14:23:56 2018 +0000
Import new Pakfire Signing Key
We will swap the key that we use to sign Pakfire packages
since the current one is considered outdated cryptography.
Fixes: #11539
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/pakfire | 1 +
config/rootfiles/core/120/filelists/files | 2 ++
config/rootfiles/core/120/update.sh | 3 +++
lfs/openvpn | 4 ++--
src/installer/main.c | 7 +++++++
src/pakfire/lib/functions.pl | 16 ----------------
src/pakfire/pakfire | 1 -
src/pakfire/pakfire.key | 29 +++++++++++++++++++++++++++++
8 files changed, 44 insertions(+), 19 deletions(-)
create mode 100644 src/pakfire/pakfire.key
Difference in files:
diff --git a/config/rootfiles/common/pakfire b/config/rootfiles/common/pakfire
index ab439c5bd..6cd531d15 100644
--- a/config/rootfiles/common/pakfire
+++ b/config/rootfiles/common/pakfire
@@ -6,6 +6,7 @@ opt/pakfire/db/rootfiles
#opt/pakfire/etc
#opt/pakfire/pakfire.conf
opt/pakfire/etc/pakfire.conf
+opt/pakfire/pakfire.key
#opt/pakfire/lib
opt/pakfire/lib/functions.pl
opt/pakfire/lib/functions.sh
diff --git a/config/rootfiles/core/120/filelists/files b/config/rootfiles/core/120/filelists/files
index aac6528e8..c8877f528 100644
--- a/config/rootfiles/core/120/filelists/files
+++ b/config/rootfiles/core/120/filelists/files
@@ -4,6 +4,8 @@ etc/sysctl.conf
etc/fcron.daily/openvpn-crl-updater
etc/rc.d/init.d/dhcp
etc/rc.d/init.d/unbound
+opt/pakfire/lib/functions.pl
+opt/pakfire/pakfire.key
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/qos.cgi
diff --git a/config/rootfiles/core/120/update.sh b/config/rootfiles/core/120/update.sh
index d2fb326a6..2f1bca02c 100644
--- a/config/rootfiles/core/120/update.sh
+++ b/config/rootfiles/core/120/update.sh
@@ -68,6 +68,9 @@ fi
# Remove deprecated SSH configuration option
sed -e "/UsePrivilegeSeparation/d" -i /etc/ssh/sshd_config
+# Import new Pakfire key
+gpg --import /opt/pakfire/pakfire.key
+
# This update needs a reboot...
touch /var/run/need_reboot
diff --git a/lfs/openvpn b/lfs/openvpn
index ef25c2567..5bd9da7a2 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -24,7 +24,7 @@
include Config
-VER = 2.4.4
+VER = 2.4.5
THISAPP = openvpn-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7a2002aad1671b24457bc9432a0c5c52
+$(DL_FILE)_MD5 = c510ad3c8fce738c678dbcc54367c945
install : $(TARGET)
diff --git a/src/installer/main.c b/src/installer/main.c
index a3642551d..e154fb935 100644
--- a/src/installer/main.c
+++ b/src/installer/main.c
@@ -879,6 +879,13 @@ int main(int argc, char *argv[]) {
free(backup_file);
}
+ /* Import Pakfire key */
+ snprintf(commandstring, STRING_SIZE, "/usr/sbin/chroot /harddisk /usr/bin/gpg --import /opt/pakfire/pakfire.key");
+ if (runcommandwithstatus(commandstring, title, _("Setting up package management system..."), logfile)) {
+ errorbox(_("Could not import the Pakfire key."));
+ goto EXIT;
+ }
+
// Download and execute the postinstall script
if (*config.postinstall) {
snprintf(commandstring, sizeof(commandstring),
diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl
index 0bf702e5b..c97d4254d 100644
--- a/src/pakfire/lib/functions.pl
+++ b/src/pakfire/lib/functions.pl
@@ -33,9 +33,6 @@ use Net::Ping;
package Pakfire;
-# GPG Keys
-my $myid = "179740DC4D8C47DC63C099C74BDE364C64D96617"; # Our own gpg-key paks(a)ipfire.org
-
# A small color-hash :D
my %color;
$color{'normal'} = "\033[0m";
@@ -899,19 +896,6 @@ sub senduuid {
}
}
-sub checkcryptodb {
- logger("CRYPTO INFO: Checking GnuPG Database");
- system("gpg --fingerprint $myid >/dev/null");
- return if ($? == 0);
-
- message("CRYPTO WARN: The GnuPG isn't configured correctly. Trying now to fix this.");
- message("CRYPTO WARN: It's normal to see this on first execution.");
- message("CRYPTO WARN: If this message is being shown repeatedly, check if time and date are set correctly, and if IPFire can connect via port 11371 TCP.");
-
- my $command = "gpg --keyserver pgp.ipfire.org --always-trust --status-fd 2";
- system("$command --recv-key $myid >> $Conf::logdir/gnupg-database.log 2>&1");
-}
-
sub callback {
my ($data, $response, $protocol) = @_;
$final_data .= $data;
diff --git a/src/pakfire/pakfire b/src/pakfire/pakfire
index da68454dc..202c1e5a1 100644
--- a/src/pakfire/pakfire
+++ b/src/pakfire/pakfire
@@ -30,7 +30,6 @@
my $force = "noforce";
&Pakfire::logger("PAKFIRE INFO: IPFire Pakfire $Conf::version started!");
- &Pakfire::checkcryptodb;
### Check if we are running as root
#
diff --git a/src/pakfire/pakfire.key b/src/pakfire/pakfire.key
new file mode 100644
index 000000000..ec6024e11
--- /dev/null
+++ b/src/pakfire/pakfire.key
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFqr0AoBEACeW1ClMLQyZ/67c7u5FTDbOfe3212rdXzjojDOjQepAIKErS06
+2rOGwurGu8cy39RJOBCR2VT6ai6mVejJnLm0j/3FL4df8tEhhtBNE9BhJriS5mIt
+qoiR2zjR/ldEyLSiCfUprkAAX75vl7nqua2esHs1XnXykGoj7U/qRbu0jyavUJJx
+i0/XSRjbEo6GB9tk7taGFFBNxTpWTaJBR9fhjLN4tUL5rYB5CXwBvgkl1WHQSpYW
+sCIdF8l1mMuNLhzaZsq+lt8hMPKBM7TsdQtfOwYzV6mROJYeHDVSsrLYoDoYdW/o
+vGV7758alxiMVNv5VI5hENofxriwlhZZOHKie9b9m6rCJ39qSsG1f1HwVa5ab33l
+ktVdWmsqsvuF+kZL5K19tFScR4e1tpT+2xM7NT4SLlgsG0YXRVCA3fjis3P2Qft8
+turBMOayyrJqnqQTHTk9eNpWDJ6Tg2ZhJ7uR79vrdsqcfnL71D/CeUgD0xekZIys
+MG7sqF6ApZXf1jvubD8Jw00EwrvZFRhIkiP6NxZjP4yA5YeUA1KHohVegIuTZLmT
+t74PMqpYh/j/ixa7m0Ja/vyqwXGqJVdAuded+zmCPw0NRvdoGkMPlgYlgKzVDTF6
+gXgsr+yT+hFSfHWwCFrEgrv1JQsac5P7iCRB8PS9FWs6+vnoOlzZrGoI/wARAQAB
+tDdJUEZpcmUgUGFrZmlyZSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxwYWtmaXJlQGlw
+ZmlyZS5vcmc+iQI5BBMBAgAjBQJaq9AKAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
+HgECF4AACgkQb+96jtcTWUsx8BAAmkZ2rg/PQkXgqENhoJuoT93bKmu2Ng4DLKGc
+JyGAd+PPan70jX9xAs/QMuEXbPwNnZUZCpMfDvOrf6FRoc651whJvp3h1dluMNBD
+gsSwX7CgpLPaPxqthPLaN239b02GLJs/J6IiyTqS3QsBcJqvdWmcGqHZEiCjDTri
+e0kQIXyjCEXQnnsTKZL/sa8KQTOAHsF81iYB2DqOWFZsQ9iJKjTCPlo5eOsZTJGt
+XKQlmAIeACN6YfSBMGK24t4cyvUOcklVFHri+EVCYPMdxT96Wsfa4rFOnMwD1Ggx
+b42KTRMK3awN8b91/gg6Oay+WDEGPJSnUsu04WoMzhQ0jwmu1i0O1OdKPshNE/7n
+Eu/YggBqRy/ClyPbX1+9nfOE4ldUnRPSWTwtVpbPoAWDM+WYdo7mFVi7un9y7F8J
+YOZRGkhar3KlfrkiXx6pD/rARj5bi3LcWXwEDT/ZdDd+h9lZtfLcCQe9lqqUcxCM
+xWUXnH87svNCZMS/AEkVHDmKNtx6hsYFqwXgExExqH3uMmwQwwcL8rv9M2c/LLZQ
+RFTSj/vhEzJY4nqS/m5dgWfwPYBleM6UwCHVWxP0uI18et739pMzTxaL+Q/uGXNP
+42f4CPSnb3EbtCelUMfO2JQkhNGBL7SqoOmtykSmCykAWaSnGYhI1frQDcBvNao+
+xPvh/8Y=
+=y1gn
+-----END PGP PUBLIC KEY BLOCK-----
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-03-16 18:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-16 18:25 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. cdc1a0e901c285e84f8cbb6a01248ce6a141b361 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox