For each mirror server, a protocol can be specified in the
server-list.db database. However, it was not used for the
actual URL query to a mirror before.
This might be useful for deploy HTTPS pinning for Pakfire.
If a mirror is known to support HTTPS, all queries to it
will be made with this protocol.
This saves some overhead if HTTPS is enforced on a mirror
via 301 redirects. To enable this, the server-list.db
needs to be adjusted.
The second version of this patch only handles protocols
HTTP and HTTPS, since we do not expect anything else here
at the moment.
Partially fixes#11661.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We will swap the key that we use to sign Pakfire packages
since the current one is considered outdated cryptography.
Fixes: #11539
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Validate GPG keys by fingerprint and not by 8-bit key-ID.
This makes exploiting bug #11539 harder, but not impossible
and does not affect existing installations.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The old algorithm could potentially lock itself in an endless
recursion when there were packages with circular dependencies.
This version does not do this and is also faster.
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The if statement in line 89 and 99 are useless with the -e
conditional expression because it returns true if the path ist a
regular file or a directory.
So "/etc/init.d/ " returns true and "/etc/init.d/avahi" return also true,
but the statement should return only true if we have a regular file.
So -f if the right conditional expression, and we only try to execute
the init script if the path "/etc/init.d/${1}" points to a regular file.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
in the installed addon list pakfire has showed
the latest version of the addon not the installed.
Fixes: #10875
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
When updating more than one package, only new dependencies
for the first one are resolved. The rest was ignored.
This patch fixes that.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Add information about probable causes when pakfire cannot connect. This
includes port 11371 TCP and incorrect date/time settings.
Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
