pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mk Change the code generation README.html to use the new



details:   https://anonhg.NetBSD.org/pkgsrc/rev/7e29dbe32f71
branches:  trunk
changeset: 541291:7e29dbe32f71
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Fri Apr 18 14:26:36 2008 +0000

description:
Change the code generation README.html to use the new
"pkg_admin audit-history" command to print the full list of
vulnerabilities and use further pkg_admin pmatch logic to mark them as
fixed or still open. For pkg_install versions before 20080415, skip the
vulnerability processing.

Discussed with: dmcmahill

diffstat:

 mk/bsd.pkg.readme.mk     |  32 +++++++-----------
 mk/scripts/genreadme.awk |  82 +++++++++++------------------------------------
 mk/scripts/mkreadme      |  36 ++++++++------------
 3 files changed, 47 insertions(+), 103 deletions(-)

diffs (271 lines):

diff -r f3caf78a0172 -r 7e29dbe32f71 mk/bsd.pkg.readme.mk
--- a/mk/bsd.pkg.readme.mk      Fri Apr 18 14:03:54 2008 +0000
+++ b/mk/bsd.pkg.readme.mk      Fri Apr 18 14:26:36 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkg.readme.mk,v 1.19 2008/03/15 16:27:42 joerg Exp $
+# $NetBSD: bsd.pkg.readme.mk,v 1.20 2008/04/18 14:26:36 joerg Exp $
 #
 # This Makefile fragment is included by bsd.pkg.mk and encapsulates the
 # code to produce README.html files in each package directory.
@@ -230,21 +230,6 @@
 SED_HOMEPAGE_EXPR=     -e 's|%%HOMEPAGE%%||'
 .endif
 
-.PHONY: show-vulnerabilities-html
-show-vulnerabilities-html:
-       ${RUN}                                  \
-       _PKGVULNDIR=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \
-       if [ -f $$_PKGVULNDIR/pkg-vulnerabilities ]; then       \
-               ${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -n ${PKGNAME} 2>&1| ${AWK} \
-                       '{ printurl = $$8;                      \
-                               gsub("\<", "\\&lt;", $$2);              \
-                       gsub("\>", "\\&gt;", $$2);              \
-                       gsub("\<", "\\&lt;", printurl);         \
-                       gsub("\>", "\\&gt;", printurl);         \
-                       gsub("\&", "\\&amp;", printurl);        \
-                       printf("<LI><STRONG>%s has a %s exploit (see <a href=\"%s\">%s</a> for more details)</STRONG></LI>\n", $$2, $$5, $$8, printurl) }'; \
-       fi
-
 # If PACKAGES is set to the default (../../packages), the current
 # ${MACHINE_ARCH} and "release" (uname -r) will be used. Otherwise a directory
 # structure of ...pkgsrc/packages/`uname -r`/${MACHINE_ARCH} is assumed.
@@ -265,22 +250,31 @@
                esac;                                                   \
                cd ${.CURDIR} ;                                         \
        fi;                                                             \
-       _PVDIR=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \
+       if [ `${PKG_ADMIN} -V` -lt 20080415 ]; then                     \
+               SCAN_VULNERABILITIES=0;                                 \
+       else                                                            \
+       _PVDIR=`${PKG_ADMIN} config-var PKGVULNDIR`;                    \
+       if [ -e "$${_PVDIR}"/pkg-vulnerabilities ]; then                \
+               SCAN_VULNERABILITIES=2;                                 \
+       else                                                            \
+               SCAN_VULNERABILITIES=1;                                 \
+       fi;                                                             \
+       fi;                                                             \
        ${AWK} -f ../../mk/scripts/genreadme.awk \
                builddependsfile=/dev/null \
                dependsfile=/dev/null \
-               AUDIT_PACKAGES=${AUDIT_PACKAGES:Q} \
                AWK=${AWK:Q} \
                CMP=${CMP:Q} \
                DISTDIR=${DISTDIR:Q} \
                GREP=${GREP:Q} \
                PACKAGES=${PACKAGES:Q} \
+               PKG_ADMIN=${PKG_ADMIN:Q} \
                PKG_INFO=${PKG_INFO:Q} \
                PKG_SUFX=${PKG_SUFX:Q} \
                PKG_URL=${PKG_URL:Q} \
                PKGSRCDIR=${.CURDIR:C|/[^/]*/[^/]*$||:Q} \
-               PVDIR=$$_PVDIR \
                PKGTOOLS_VERSION=${PKGTOOLS_VERSION} \
+               SCAN_VULNERABILITIES=$${SCAN_VULNERABILITIES} \
                SED=${SED:Q} \
                SETENV=${SETENV:Q} \
                SORT=${SORT:Q} \
diff -r f3caf78a0172 -r 7e29dbe32f71 mk/scripts/genreadme.awk
--- a/mk/scripts/genreadme.awk  Fri Apr 18 14:03:54 2008 +0000
+++ b/mk/scripts/genreadme.awk  Fri Apr 18 14:26:36 2008 +0000
@@ -1,5 +1,5 @@
 #!/usr/bin/awk -f
-# $NetBSD: genreadme.awk,v 1.31 2008/03/15 16:27:43 joerg Exp $
+# $NetBSD: genreadme.awk,v 1.32 2008/04/18 14:26:37 joerg Exp $
 #
 # Copyright (c) 2002, 2003, 2005, 2006 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -255,55 +255,11 @@
        }
        close(builddependsfile);
 
-       vfile = PVDIR "/pkg-vulnerabilities";
-
 # extract date for vulnerabilities file
-       cmd = "ls -l " vfile;
-       if ((cmd | getline) > 0) {
-               vuldate = sprintf("at %s %s %s\n",$6,$7,$8);
-# read the vulnerabilities file
-               printf("Reading vulnerability file \"%s\"\n which was updated %s\n",
-                      vfile, vuldate);
-               i = 1;
-               vul_major = 0;
-               vul_minor = 0;
-               vul_teeny = 0;
-               while((getline < vfile) > 0) {
-                       if( $0 ~ /#FORMAT/ ) {
-                         split($2, vul_format, ".");
-                         vul_major = vul_format[1];
-                         vul_minor = vul_format[2];
-                         vul_teeny = vul_format[3];
-                       }
-                       if ( $0 ~ /^-----BEGIN PGP SIGNATURE-----.*/ ) {
-                               break;
-                       }
-                       if ( ( $0 !~ /^\#/ ) &&
-                            ( $0 !~ /^Hash:.*/ ) &&
-                            ( $0 !~ /^-----BEGIN PGP SIGNED.*/ ) &&
-                            ( $0 != "" ) ) {
-                               vulpkg[i] = $1;
-                               vultype[i] = $2;
-                               vulref[i] = $3;
-                               i = i + 1;
-                       }
-               }
-               if( (vul_major > 1) ||
-                   (vul_minor > 1) ||
-                   (vul_teeny > 0) ) {
-                       printf("Version %d.%d.%d of the vulnerability file is out of sync with",
-                               vul_major, vul_minor, vul_teeny);
-                       printf("the genreadme.awk script\n");
-               }
-               printf("   Loaded %d vulnerabilities\n", i - 1);
-               close(vfile);
-               have_vfile = 1;
-       } else {
+       if (SCAN_VULNERABILITIES == 0)
+               vuldate="<TR><TD><I>(no vulnerabilities list, update pkg_install)</I>";
+       else if (SCAN_VULNERABILITIES == 1)
                vuldate="<TR><TD><I>(no vulnerabilities list available)</I>";
-               printf("No vulnerability file found (%s).\n", vfile);
-               have_vfile = 0;
-       }
-       close(cmd);
 
        if (SINGLEPKG != "" ) {
                printf("Only creating README for %s\n",SINGLEPKG);
@@ -372,28 +328,28 @@
                        if (debug) printf("wrote = %d entries to \"%s\"\n",
                                          i-1, htmldeps_file);
 
-# XXX: Post pkg_install-20070714 only currently known vulnerabilities are
-# XXX: shown in the generated README.html files for packages.
-
                        vul = "";
 
-                       if (have_vfile) {
-                               pkg = pkgdir2name[toppkg];
-
-                               if (debug) {
-                                 printf("Checking for %s (%s) vulnerabilities\n",
-                                        toppkg, pkg);
-                               }
-
-                               cmd = sprintf("%s -n %s", AUDIT_PACKAGES, pkg);
+                       if (SCAN_VULNERABILITIES == 2) {
+                               pkgbase = pkgdir2name[toppkg];
+                               sub("-[^-]*$", "", pkgbase);
+                               cmd = sprintf("%s audit-history %s", PKG_ADMIN, pkgbase);
                                while (cmd | getline vuln_entry) {
                                        split(vuln_entry, entry, " ");
-                                       vul =  sprintf("%s<LI><STRONG>%s has a <a href=\"%s\">%s</a> vulnerability</STRONG></LI>\n",
-                                                 vul, pkg, entry[8], entry[5]);
+                                       status_cmd = sprintf("if %s pmatch '%s' %s; then echo open; else echo fixed; fi",
+                                           PKG_ADMIN, entry[1], pkgdir2name[toppkg]);
+                                       status_cmd | getline status
+                                       close(status_cmd)
+                                       if (status == "open")
+                                               status = "an <STRONG>OPEN</STRONG>";
+                                       else
+                                               status = "a " status;
+                                       vul =  sprintf("%s<LI>%s <a href=\"%s\">%s</a> vulnerability</LI>\n",
+                                         vul, status, entry[3], entry[2]);
                                }
                                close(cmd);
 
-                               if ( vul == "" ){
+                               if ( vul == "" ) {
                                        vul="<I>(no vulnerabilities known)</I>";
                                }
                        }
diff -r f3caf78a0172 -r 7e29dbe32f71 mk/scripts/mkreadme
--- a/mk/scripts/mkreadme       Fri Apr 18 14:03:54 2008 +0000
+++ b/mk/scripts/mkreadme       Fri Apr 18 14:26:36 2008 +0000
@@ -1,5 +1,5 @@
 #!/bin/sh
-# $NetBSD: mkreadme,v 1.22 2008/03/15 16:27:43 joerg Exp $
+# $NetBSD: mkreadme,v 1.23 2008/04/18 14:26:37 joerg Exp $
 #
 # Script for README.html generation
 #
@@ -63,7 +63,6 @@
     echo "                  [-P|--packages directory] [-r|--restart] "
     echo "                  [-s|--summary]"
     echo "                  [-S|--save-database]"
-    echo "                  [-V|--pkg-vuln directory]"
     echo " "
     echo "            $prog -h|--help"
     echo " "
@@ -99,9 +98,6 @@
     echo "                      This is useful for debugging or re-running this script"
     echo "                      with the -r option."
     echo " "
-    echo "  -V|--pkg-vuln dir   Specify the pkg-vulnerability directory."
-    echo "                      Defaults to the value of the DISTDIR."
-    echo " "
     echo "  -v|--version        Displays the version of this script and exits."
     echo " "
     echo "Example:    $prog -p /pub/NetBSD/packages/pkgsrc -P /pub/NetBSD/packages -f"
@@ -210,13 +206,6 @@
        exit 0
         ;;
 
-    # Specify pkg-vulnerability directory
-    -V|--pkg-vuln)
-       PVDIR=$2
-       pv=custom
-       shift 2
-       ;;
-
     -*) echo "$prog:  ERROR:  $1 is not a valid option"
        usage
        clean_and_exit
@@ -303,14 +292,19 @@
     exit 1
 fi
 
-# this needs to happen here as the variables referenced have not been
-# populated until this stage (see above)
-#
-if [ "$pv" = "default" ]; then
-    PVDIR=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`
+if [ `${PKG_ADMIN} -V` -lt 20080415 ]; then
+       SCAN_VULNERABILITIES=0
+       echo "---->  NOT checking for vulnerabilities, pkg_install too old"
+else
+       _PVDIR=`${PKG_ADMIN} config-var PKGVULNDIR`;
+       if [ -e "${_PVDIR}"/pkg-vulnerabilities ]; then
+               SCAN_VULNERABILITIES=2
+               echo "---->  Checking for vulnerabilities"
+       else
+               SCAN_VULNERABILITIES=1
+               echo "---->  NOT checking for vulnerabilities"
+       fi
 fi
-echo "---->  PVDIR=\"${PVDIR}\""
-
 
 ######################################################################
 #
@@ -432,7 +426,6 @@
     debug=$debug \
     dependsfile=${TMPDIR}/pkgsrc.depends.debug \
     summary=${summary} \
-    AUDIT_PACKAGES=$AUDIT_PACKAGES \
     AWK=$AWK \
     CMP=$CMP \
     DISTDIR=$DISTDIR \
@@ -440,12 +433,13 @@
     GREP=$GREP \
     GZIP_CMD="$GZIP_CMD" \
     PACKAGES=$PACKAGES \
+    PKG_ADMIN="$PKG_ADMIN" \
     PKG_INFO="$PKG_INFO" \
     PKG_SUFX=$PKG_SUFX \
     PKG_URL=$PKG_URL \
     PKGSRCDIR=$PKGSRCDIR \
     PKGTOOLS_VERSION=$PKGTOOLS_VERSION \
-    PVDIR=$PVDIR \
+    SCAN_VULNERABILITIES=${SCAN_VULNERABILITIES} \
     SED=$SED \
     SETENV=$SETENV \
     SORT=$SORT \



Home | Main Index | Thread Index | Old Index