Since 8d5c48b, xbps has used a sha1 ASN1 prefix with a sha256 hash, and
as of openssl v3, openssl cares about this. This works around that in a
compatible way by moving to a second sig file, binpkg.sig2.
For xbps-remove -O and xbps-rindex -r, also clean up obselete .sig files.
This reverts commit be7d8cfaf1.
This commit missed some previous copyrights mentioned,
in general I think its better to have this per-file to
follow who wrote what and when.
xbps-rindex(1) has a -r option that sets the remove mode,
due to the changes added to sign repodata we need to access
to the correct directory where repository public keys are
stored. This makes the code use `$PWD/keys` before falling
back to `metadir`.
Fixes the test suite to run with unprivileged users (non root).
Those are a wrapper around xbps_{array,dictionary}_internalize_from_zfile()
that prints a debugging msg when the plist file cannot be internalized.
Update xbps to use these wrappers.
Rather than using a random buffer from stack or heap, and decide
what size to use, create a private memory mapped object...
This simplifies the code in lib/verifysig.c and xbps-create.
