pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mk Per request, back out all the SKIP_AUDIT_PACKAGES c...
details: https://anonhg.NetBSD.org/pkgsrc/rev/3e1486558226
branches: trunk
changeset: 503574:3e1486558226
user: erh <erh%pkgsrc.org@localhost>
date: Wed Nov 23 18:27:13 2005 +0000
description:
Per request, back out all the SKIP_AUDIT_PACKAGES changes.
bsd.pkg.mk:1.1758-1.1752
bsd.prefs.mk:1.210
bulk/build:1.79
defaults/mk.conf:1.93-1.92
diffstat:
mk/bsd.pkg.mk | 52 +++++++++++++++++++---------------------------------
mk/bsd.prefs.mk | 4 +---
mk/bulk/build | 4 ++--
mk/defaults/mk.conf | 18 +++++-------------
4 files changed, 27 insertions(+), 51 deletions(-)
diffs (163 lines):
diff -r 2f4d5ffdd83e -r 3e1486558226 mk/bsd.pkg.mk
--- a/mk/bsd.pkg.mk Wed Nov 23 14:59:44 2005 +0000
+++ b/mk/bsd.pkg.mk Wed Nov 23 18:27:13 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkg.mk,v 1.1767 2005/11/22 03:41:20 jlam Exp $
+# $NetBSD: bsd.pkg.mk,v 1.1768 2005/11/23 18:27:13 erh Exp $
#
# This file is in the public domain.
#
@@ -1315,48 +1315,36 @@
esac
# check for any vulnerabilities in the package
-
-_AUDIT_PACKAGES_MIN_VERSION=1.40
-_AUDIT_PACKAGES_OK!= ${PKG_INFO} -qe 'audit-packages>=${_AUDIT_PACKAGES_MIN_VERSION}' ; echo $$?
-
-# Note: _any_ output from check-vulnerable is considered an error by do-fetch.
+# Please do not modify the leading "@" here
.PHONY: check-vulnerable
check-vulnerable:
-.if empty(_AUDIT_PACKAGES_OK:M0)
- @${ECHO_MSG} "${_PKGSRC_IN}> *** The audit-packages package must be at least version ${_AUDIT_PACKAGES_MIN_VERSION}"
- @${ECHO_MSG} "${_PKGSRC_IN}> *** Please install the security/audit-packages package and run";
- @${ECHO_MSG} "${_PKGSRC_IN}> *** '${LOCALBASE}/sbin/download-vulnerability-list'.";
- @false
-.else
- @${AUDIT_PACKAGES} -i ""${ALLOW_VULNERABILITIES.${PKGBASE}:Q} -p ${PKGNAME:Q}
-.endif
-
-
-.if defined(ALLOW_VULNERABILITIES.${PKGBASE})
-_ALLOW_VULNERABILITIES=${ALLOW_VULNERABILITIES.${PKGBASE}}
-.else
-_ALLOW_VULNERABILITIES=#none
-.endif
+ @if [ ! -z "${PKG_SYSCONFDIR.audit-packages}" -a -f ${PKG_SYSCONFDIR.audit-packages}/audit-packages.conf ]; then \
+ . ${PKG_SYSCONFDIR.audit-packages}/audit-packages.conf; \
+ elif [ ! -z "${PKG_SYSCONFDIR}" -a -f ${PKG_SYSCONFDIR}/audit-packages.conf ]; then \
+ . ${PKG_SYSCONFDIR}/audit-packages.conf; \
+ fi; \
+ if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then \
+ ${SETENV} PKGNAME=${PKGNAME:Q} \
+ PKGBASE=${PKGBASE:Q} \
+ ${AWK} '/^$$/ { next } \
+ /^#.*/ { next } \
+ $$1 !~ ENVIRON["PKGBASE"] && $$1 !~ /\{/ { next } \
+ { s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ECHO} \"*** WARNING - %s vulnerability in %s - see %s for more information ***\"", $$1, ENVIRON["PKGNAME"], $$2,
ENVIRON["PKGNAME"], $$3); system(s); }' < ${PKGVULNDIR}/pkg-vulnerabilities || ${FALSE}; \
+ fi
.PHONY: do-fetch
.if !target(do-fetch)
do-fetch:
-. if empty(SKIP_AUDIT_PACKAGES:M[Yy][Ee][Ss]) && empty(_ALLOW_VULNERABILITIES:M[Yy][Ee][Ss])
+. if !defined(ALLOW_VULNERABLE_PACKAGES)
${_PKG_SILENT}${_PKG_DEBUG} \
if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then \
${ECHO_MSG} "${_PKGSRC_IN}> Checking for vulnerabilities in ${PKGNAME}"; \
- vul=`${MAKE} ${MAKEFLAGS} check-vulnerable || ${TRUE}`; \
+ vul=`${MAKE} ${MAKEFLAGS} check-vulnerable`; \
case "$$vul" in \
"") ;; \
- *vulnid:*) vulnids=`echo "$$vul" | ${GREP} vulnid: | ${SED} -e's/.*vulnid:\\([[:digit:]]*\\).*/\\1/'`; \
- ${ECHO} "$$vul"; \
- ${ECHO} "or if this package is absolutely essential, add this to mk.conf:"; \
- for vulnid in $$vulnids ; do \
- ${ECHO} " ALLOW_VULNERABILITIES.${PKGBASE}+=$$vulnid"; \
- done ; \
+ *) ${ECHO} "$$vul"; \
+ ${ECHO} "or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential"; \
${FALSE} ;; \
- *) ${ECHO} "$$vul"; \
- ${FALSE} ;; \
esac; \
else \
${ECHO_MSG} "${_PKGSRC_IN}> *** No ${PKGVULNDIR}/pkg-vulnerabilities file found,"; \
@@ -1364,8 +1352,6 @@
${ECHO_MSG} "${_PKGSRC_IN}> *** the pkgsrc/security/audit-packages package and run"; \
${ECHO_MSG} "${_PKGSRC_IN}> *** '${LOCALBASE}/sbin/download-vulnerability-list'."; \
fi
-. else
- @${ECHO_MSG} "${_PKGSRC_IN}> *** Skipping vulnerability checks for ${PKGNAME}"
. endif
. if !empty(_ALLFILES)
${_PKG_SILENT}${_PKG_DEBUG} \
diff -r 2f4d5ffdd83e -r 3e1486558226 mk/bsd.prefs.mk
--- a/mk/bsd.prefs.mk Wed Nov 23 14:59:44 2005 +0000
+++ b/mk/bsd.prefs.mk Wed Nov 23 18:27:13 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.prefs.mk,v 1.210 2005/11/16 20:59:23 erh Exp $
+# $NetBSD: bsd.prefs.mk,v 1.211 2005/11/23 18:27:13 erh Exp $
#
# Make file, included to get the site preferences, if any. Should
# only be included by package Makefiles before any .if defined()
@@ -497,7 +497,6 @@
PKG_INFO_CMD?= ${PKG_TOOLS_BIN}/pkg_info
PKG_VIEW_CMD?= ${PKG_TOOLS_BIN}/pkg_view
LINKFARM_CMD?= ${PKG_TOOLS_BIN}/linkfarm
-AUDIT_PACKAGES_CMD?= ${LOCALBASE}/sbin/audit-packages
.if !defined(PKGTOOLS_VERSION)
PKGTOOLS_VERSION!= ${PKG_INFO_CMD} -V 2>/dev/null || echo 20010302
@@ -528,7 +527,6 @@
PKG_INFO?= ${PKGTOOLS_ENV} ${PKG_INFO_CMD} ${PKGTOOLS_ARGS}
PKG_VIEW?= ${PKGTOOLS_ENV} ${PKG_VIEW_CMD} ${PKG_VIEW_ARGS}
LINKFARM?= ${LINKFARM_CMD}
-AUDIT_PACKAGES?= ${PKGTOOLS_ENV} ${AUDIT_PACKAGES_CMD} ${PKGTOOLS_ARGS}
# "${PKG_BEST_EXISTS} pkgpattern" prints out the name of the installed
# package that best matches pkgpattern. Use this instead of
diff -r 2f4d5ffdd83e -r 3e1486558226 mk/bulk/build
--- a/mk/bulk/build Wed Nov 23 14:59:44 2005 +0000
+++ b/mk/bulk/build Wed Nov 23 18:27:13 2005 +0000
@@ -1,5 +1,5 @@
#!/bin/sh
-# $NetBSD: build,v 1.82 2005/11/20 11:18:45 rillig Exp $
+# $NetBSD: build,v 1.83 2005/11/23 18:27:13 erh Exp $
#
# Copyright (c) 1999, 2000 Hubert Feyrer <hubertf%NetBSD.org@localhost>
@@ -216,7 +216,7 @@
# Check that the package tools are up to date.
#
( cd "${pkglint_dir}" \
- && ${BMAKE} fetch SKIP_AUDIT_PACKAGES=yes >/dev/null 2>&1
+ && ${BMAKE} fetch >/dev/null 2>&1
) || {
echo "Updating pkgtools"
( cd "${pkgsrc_dir}/pkgtools/pkg_install" \
diff -r 2f4d5ffdd83e -r 3e1486558226 mk/defaults/mk.conf
--- a/mk/defaults/mk.conf Wed Nov 23 14:59:44 2005 +0000
+++ b/mk/defaults/mk.conf Wed Nov 23 18:27:13 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mk.conf,v 1.94 2005/11/17 00:28:48 rillig Exp $
+# $NetBSD: mk.conf,v 1.95 2005/11/23 18:27:13 erh Exp $
#
# This file provides default values for variables that may be overridden
@@ -15,20 +15,12 @@
# NOTE TO PEOPLE EDITING THIS FILE - USE LEADING SPACES, NOT LEADING TABS.
# ************************************************************************
-#ALLOW_VULNERABILITIES.<pkgname>=
-# List of vulnerability ids to ignore when performing audit-packages
-# check when building a package.
-# Possible: one or more vulnerabilities ids,
-# or the word "yes" to allow all. (not recommended)
+#ALLOW_VULNERABLE_PACKAGES=
+# allow the user to build packages which are known to be vulnerable to
+# security exploits
+# Possible: defined, not defined
# Default: not defined
-SKIP_AUDIT_PACKAGES?=no
-# Completely skip running audit-packages to check for vulnerable packages.
-# Specifying individual vulnerabilities with
-# ALLOW_VULNERABILITIES.<pkgname>=<vulnid> is preferred to using this.
-# Possible: yes, no
-# Default: no
-
MANINSTALL?= maninstall catinstall
# Specify manpage installation types.
# Possible: maninstall, catinstall, both types or empty
Home |
Main Index |
Thread Index |
Old Index