pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/audit-packages Make pkglint really happy.
details: https://anonhg.NetBSD.org/pkgsrc/rev/ce396a55b5e6
branches: trunk
changeset: 522440:ce396a55b5e6
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Sat Dec 09 12:30:46 2006 +0000
description:
Make pkglint really happy.
Add IGNORE_URLS code from agc@:
"If a URL is specified in IGNORE_URLS then all entries listed in
pkg-vulnerabilities that match that URL will not be reported when
audit-packages is run. Running audit-packages -v will display the
details of all entries skipped if IGNORE_URLS is set."
Add a sample audit-packages.conf detailing all the options we now support.
Update to 1.46
diffstat:
security/audit-packages/Makefile | 63 ++++++++++++++--------
security/audit-packages/PLIST | 4 +-
security/audit-packages/files/audit-packages | 21 +++++++-
security/audit-packages/files/audit-packages.0 | 13 ++++-
security/audit-packages/files/audit-packages.8 | 14 ++++-
security/audit-packages/files/audit-packages.conf | 26 +++++++++
6 files changed, 114 insertions(+), 27 deletions(-)
diffs (252 lines):
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/Makefile
--- a/security/audit-packages/Makefile Sat Dec 09 12:11:28 2006 +0000
+++ b/security/audit-packages/Makefile Sat Dec 09 12:30:46 2006 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.73 2006/11/25 13:43:42 agc Exp $
+# $NetBSD: Makefile,v 1.74 2006/12/09 12:30:46 adrianp Exp $
-DISTNAME= audit-packages-1.45
+DISTNAME= audit-packages-1.46
CATEGORIES= security pkgtools
MASTER_SITES= # empty
DISTFILES= # empty
@@ -16,7 +16,7 @@
BUILD_DEFS+= PKGVULNDIR
WRKSRC= ${WRKDIR}
-NO_CHECKSUM= yes
+NO_CHECKSUM= yes
OWN_DIRS= ${PKGVULNDIR}
MAN8DIR= ${PREFIX}/${PKGMANDIR}/man8
@@ -31,38 +31,57 @@
MESSAGE_SRC= ${PKGDIR}/MESSAGE
.endif
+CONF_FILES= ${PREFIX}/share/examples/audit-packages/audit-packages.conf \
+ ${PKG_SYSCONFDIR}/audit-packages.conf
+
+SUBST_CLASSES= paths
+SUBST_STAGE.paths= post-build
+SUBST_FILES.paths= audit-packages audit-packages.0 audit-packages.8
+SUBST_FILES.paths+= download-vulnerability-list
+SUBST_SED.paths= -e 's|@PKGVULNDIR@|${PKGVULNDIR}|g'
+SUBST_SED.paths+= -e 's|@AWK@|${AWK}|g'
+SUBST_SED.paths+= -e 's|@FETCH_CMD@|${FETCH_CMD:Q}|g'
+SUBST_SED.paths+= -e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T:Q}|g'
+SUBST_SED.paths+= -e 's|@PKGSRCDIR@|${PKGSRCDIR}|g'
+SUBST_SED.paths+= -e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g'
+SUBST_SED.paths+= -e 's|@PREFIX@|${PREFIX}|g'
+SUBST_SED.paths+= -e 's|@SH@|${SH}|g'
+SUBST_SED.paths+= -e 's|@DIGEST@|${DIGEST}|g'
+SUBST_SED.paths+= -e 's|@CHMOD@|${CHMOD}|g'
+SUBST_SED.paths+= -e 's|@MV@|${MV}|g'
+SUBST_SED.paths+= -e 's|@RM@|${RM}|g'
+SUBST_SED.paths+= -e 's|@MKDIR@|${MKDIR}|g'
+SUBST_SED.paths+= -e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g'
+SUBST_SED.paths+= -e 's|@FIND@|${FIND}|g'
+SUBST_MESSAGE.paths= Fixing paths.
+
do-build:
- @for f in audit-packages audit-packages.0 audit-packages.8 \
+ for f in audit-packages audit-packages.0 audit-packages.8 \
download-vulnerability-list; do \
- ${SED} -e 's|@PKGVULNDIR@|${PKGVULNDIR}|g' \
- -e 's|@AWK@|${AWK}|g' \
- -e 's|@FETCH_CMD@|${FETCH_CMD}|g' \
- -e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T}|g' \
- -e 's|@PKGSRCDIR@|${PKGSRCDIR}|g' \
- -e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g' \
- -e 's|@PREFIX@|${PREFIX}|g' \
- -e 's|@SH@|${SH}|g' \
- -e 's|@DIGEST@|${DIGEST}|g' \
- -e 's|@CHMOD@|${CHMOD}|g' \
- -e 's|@MV@|${MV}|g' \
- -e 's|@RM@|${RM}|g' \
- -e 's|@MKDIR@|${MKDIR}|g' \
- -e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g' \
- -e 's|@FIND@|${FIND}|g' \
- ${FILESDIR}/$$f > ${WRKSRC}/$$f; \
+ ${CP} ${FILESDIR}/$$f ${WRKSRC} ; \
done
+
.if ${OPSYS} == "SunOS" || ${OPSYS} == "AIX"
+USE_TOOLS+= nroff
+
# pre-created man-pages are "mandoc" pages, these OS need "man",
# so regen the .0 page
- nroff -man ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0
+ ${NROFF} -man ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0
.endif
do-install:
- @for f in audit-packages download-vulnerability-list; do \
+ ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/audit-packages
+
+ ${INSTALL_DATA} ${FILESDIR}/audit-packages.conf \
+ ${PREFIX}/share/examples/audit-packages
+
+ for f in audit-packages download-vulnerability-list; do \
${INSTALL_SCRIPT} ${WRKSRC}/$$f ${DESTDIR}${PREFIX}/sbin; \
done
+
${INSTALL_MAN} ${WRKSRC}/audit-packages.0 ${DESTDIR}${CAT8DIR}/
${INSTALL_MAN} ${WRKSRC}/audit-packages.8 ${DESTDIR}${MAN8DIR}/
+
${RM} -f ${DESTDIR}${CAT8DIR}/download-vulnerability-list.0
${LN} -s audit-packages.0 ${DESTDIR}${CAT8DIR}/download-vulnerability-list.0
${RM} -f ${DESTDIR}${MAN8DIR}/download-vulnerability-list.8
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/PLIST
--- a/security/audit-packages/PLIST Sat Dec 09 12:11:28 2006 +0000
+++ b/security/audit-packages/PLIST Sat Dec 09 12:30:46 2006 +0000
@@ -1,7 +1,9 @@
-@comment $NetBSD: PLIST,v 1.2 2003/06/12 06:59:30 wiz Exp $
+@comment $NetBSD: PLIST,v 1.3 2006/12/09 12:30:47 adrianp Exp $
man/cat8/audit-packages.0
man/cat8/download-vulnerability-list.0
man/man8/audit-packages.8
man/man8/download-vulnerability-list.8
sbin/audit-packages
sbin/download-vulnerability-list
+share/examples/audit-packages/audit-packages.conf
+@dirrm share/examples/audit-packages
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/files/audit-packages
--- a/security/audit-packages/files/audit-packages Sat Dec 09 12:11:28 2006 +0000
+++ b/security/audit-packages/files/audit-packages Sat Dec 09 12:30:46 2006 +0000
@@ -1,6 +1,6 @@
#! @SH@
#
-# $NetBSD: audit-packages,v 1.29 2006/11/25 13:43:42 agc Exp $
+# $NetBSD: audit-packages,v 1.30 2006/12/09 12:30:47 adrianp Exp $
#
# Copyright (c) 2000-2003 Alistair Crooks. All rights reserved.
#
@@ -193,6 +193,25 @@
\#*|'') continue;;
esac
+ case "$IGNORE_URLS" in
+ "") ;;
+ *) ignore=false;
+ for u in $IGNORE_URLS; do
+ if [ "x$u" = "x$url" ]; then
+ ignore=true
+ break
+ fi
+ done
+ if $ignore; then
+ case "$verbose" in
+ yes) echo "Ignoring vulnerability for $url with pattern $pat"
+ ;;
+ esac
+ continue
+ fi
+ ;;
+ esac
+
if [ -z "$one_package" ] ; then
vulnpkgs=`@PKG_TOOLS_BIN@/pkg_info -e "$pat"`
else
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/files/audit-packages.0
--- a/security/audit-packages/files/audit-packages.0 Sat Dec 09 12:11:28 2006 +0000
+++ b/security/audit-packages/files/audit-packages.0 Sat Dec 09 12:30:46 2006 +0000
@@ -1,4 +1,4 @@
-AUDIT-PACKAGES(8) NetBSD System Manager's Manual AUDIT-PACKAGES(8)
+AUDIT-PACKAGES(8) BSD System Manager's Manual AUDIT-PACKAGES(8)
NNAAMMEE
aauuddiitt--ppaacckkaaggeess, ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt -- show vulnerabilities in
@@ -80,6 +80,11 @@
tory. This can be changed by defining the environment variable
PKGVULNDIR to the directory containing the vulnerabilities file.
+ If a URL is specified in IGNORE_URLS then all entries listed in
+ _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s that match that URL will not be reported when
+ _a_u_d_i_t_-_p_a_c_k_a_g_e_s is run. Running _a_u_d_i_t_-_p_a_c_k_a_g_e_s -v will display the
+ details of all entries skipped if IGNORE_URLS is set.
+
EEXXIITT SSTTAATTUUSS
The aauuddiitt--ppaacckkaaggeess utility exits 0 on success, and >0 if an error occurs.
@@ -97,6 +102,10 @@
_p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. Currently supports only http and
ftp. The default is ftp.
+ IGNORE_URLS
+ A list of vulnerability URLs to be ignored. This allows for
+ ignoring certain URLs that are attached to a vulnerability.
+
FFIILLEESS
@PKGVULNDIR@/pkg-vulnerabilities
@@ -161,4 +170,4 @@
September 19, 2000. The original idea came from Roland Dowdeswell and
Bill Sommerfeld.
-NetBSD 3.0 April 15, 2006 NetBSD 3.0
+BSD April 15, 2006 BSD
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/files/audit-packages.8
--- a/security/audit-packages/files/audit-packages.8 Sat Dec 09 12:11:28 2006 +0000
+++ b/security/audit-packages/files/audit-packages.8 Sat Dec 09 12:30:46 2006 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: audit-packages.8,v 1.19 2006/05/21 13:31:27 adrianp Exp $
+.\" $NetBSD: audit-packages.8,v 1.20 2006/12/09 12:30:47 adrianp Exp $
.\"
.\" Copyright (c) 2003 Jeremy C. Reed. All rights reserved.
.\"
@@ -172,6 +172,15 @@
This can be changed by defining the environment variable
.Ev PKGVULNDIR
to the directory containing the vulnerabilities file.
+.Pp
+If a URL is specified in IGNORE_URLS then all entries listed in
+.Pa pkg-vulnerabilities
+that match that URL will not be reported when
+.Pa audit-packages
+is run. Running
+.Pa audit-packages
+-v will display the details of all entries skipped if IGNORE_URLS
+is set.
.Sh EXIT STATUS
.Ex -std audit-packages
.Sh ENVIRONMENT
@@ -190,6 +199,9 @@
Specifies the protocol to use when fetching the
.Pa pkg-vulnerabilities
file. Currently supports only http and ftp. The default is ftp.
+.It Ev IGNORE_URLS
+A list of vulnerability URLs to be ignored. This allows for
+ignoring certain URLs that are attached to a vulnerability.
.El
.Sh FILES
@PKGVULNDIR@/pkg-vulnerabilities
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/files/audit-packages.conf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/audit-packages/files/audit-packages.conf Sat Dec 09 12:30:46 2006 +0000
@@ -0,0 +1,26 @@
+# $NetBSD: audit-packages.conf,v 1.1 2006/12/09 12:30:47 adrianp Exp $
+
+#
+# sample configuration file for audit-packages(8) and
+# download-vulnerability-list(8)
+#
+
+# PKGVULNDIR
+#
+# Specifies the directory containing the pkg-vulnerabilities file.
+# Default: PKGVULNDIR="${DISTDIR}"
+
+# FETCH_ARGS
+#
+# Specifies optional arguments for the download-vulnerability-list client.
+# Default: FETCH_ARGS=
+
+# FETCH_PROTO
+#
+# Specifies the protocol to use when fetching the pkg-vulnerabilities file.
+# Default: FETCH_PROTO="ftp"
+
+# IGNORE_URLS
+#
+# A list of vulnerability URLs to be ignored.
+# Default: IGNORE_URLS=
Home |
Main Index |
Thread Index |
Old Index