pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/audit-packages Make pkglint really happy.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ce396a55b5e6
branches:  trunk
changeset: 522440:ce396a55b5e6
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sat Dec 09 12:30:46 2006 +0000

description:
Make pkglint really happy.
Add IGNORE_URLS code from agc@:
"If a URL is specified in IGNORE_URLS then all entries listed in
 pkg-vulnerabilities that match that URL will not be reported when
 audit-packages is run.  Running audit-packages -v will display the
 details of all entries skipped if IGNORE_URLS is set."
Add a sample audit-packages.conf detailing all the options we now support.
Update to 1.46

diffstat:

 security/audit-packages/Makefile                  |  63 ++++++++++++++--------
 security/audit-packages/PLIST                     |   4 +-
 security/audit-packages/files/audit-packages      |  21 +++++++-
 security/audit-packages/files/audit-packages.0    |  13 ++++-
 security/audit-packages/files/audit-packages.8    |  14 ++++-
 security/audit-packages/files/audit-packages.conf |  26 +++++++++
 6 files changed, 114 insertions(+), 27 deletions(-)

diffs (252 lines):

diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/Makefile
--- a/security/audit-packages/Makefile  Sat Dec 09 12:11:28 2006 +0000
+++ b/security/audit-packages/Makefile  Sat Dec 09 12:30:46 2006 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.73 2006/11/25 13:43:42 agc Exp $
+# $NetBSD: Makefile,v 1.74 2006/12/09 12:30:46 adrianp Exp $
 
-DISTNAME=      audit-packages-1.45
+DISTNAME=      audit-packages-1.46
 CATEGORIES=    security pkgtools
 MASTER_SITES=  # empty
 DISTFILES=     # empty
@@ -16,7 +16,7 @@
 BUILD_DEFS+=   PKGVULNDIR
 
 WRKSRC=                ${WRKDIR}
-NO_CHECKSUM=    yes
+NO_CHECKSUM=   yes
 
 OWN_DIRS=      ${PKGVULNDIR}
 MAN8DIR=       ${PREFIX}/${PKGMANDIR}/man8
@@ -31,38 +31,57 @@
 MESSAGE_SRC=   ${PKGDIR}/MESSAGE
 .endif
 
+CONF_FILES=    ${PREFIX}/share/examples/audit-packages/audit-packages.conf \
+               ${PKG_SYSCONFDIR}/audit-packages.conf
+
+SUBST_CLASSES=         paths
+SUBST_STAGE.paths=     post-build
+SUBST_FILES.paths=     audit-packages audit-packages.0 audit-packages.8
+SUBST_FILES.paths+=    download-vulnerability-list
+SUBST_SED.paths=       -e 's|@PKGVULNDIR@|${PKGVULNDIR}|g'
+SUBST_SED.paths+=      -e 's|@AWK@|${AWK}|g'
+SUBST_SED.paths+=      -e 's|@FETCH_CMD@|${FETCH_CMD:Q}|g'
+SUBST_SED.paths+=      -e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T:Q}|g'
+SUBST_SED.paths+=      -e 's|@PKGSRCDIR@|${PKGSRCDIR}|g'
+SUBST_SED.paths+=      -e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g'
+SUBST_SED.paths+=      -e 's|@PREFIX@|${PREFIX}|g'
+SUBST_SED.paths+=      -e 's|@SH@|${SH}|g'
+SUBST_SED.paths+=      -e 's|@DIGEST@|${DIGEST}|g'
+SUBST_SED.paths+=      -e 's|@CHMOD@|${CHMOD}|g'
+SUBST_SED.paths+=      -e 's|@MV@|${MV}|g'
+SUBST_SED.paths+=      -e 's|@RM@|${RM}|g'
+SUBST_SED.paths+=      -e 's|@MKDIR@|${MKDIR}|g'
+SUBST_SED.paths+=      -e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g'
+SUBST_SED.paths+=      -e 's|@FIND@|${FIND}|g'
+SUBST_MESSAGE.paths=   Fixing paths.
+
 do-build:
-       @for f in audit-packages audit-packages.0 audit-packages.8      \
+       for f in audit-packages audit-packages.0 audit-packages.8       \
                download-vulnerability-list; do                         \
-               ${SED} -e 's|@PKGVULNDIR@|${PKGVULNDIR}|g'              \
-                       -e 's|@AWK@|${AWK}|g'                           \
-                       -e 's|@FETCH_CMD@|${FETCH_CMD}|g'               \
-                       -e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T}|g'       \
-                       -e 's|@PKGSRCDIR@|${PKGSRCDIR}|g'               \
-                       -e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g'       \
-                       -e 's|@PREFIX@|${PREFIX}|g'                     \
-                       -e 's|@SH@|${SH}|g'                             \
-                       -e 's|@DIGEST@|${DIGEST}|g'                     \
-                       -e 's|@CHMOD@|${CHMOD}|g'                       \
-                       -e 's|@MV@|${MV}|g'                             \
-                       -e 's|@RM@|${RM}|g'                             \
-                       -e 's|@MKDIR@|${MKDIR}|g'                       \
-                       -e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g'     \
-                       -e 's|@FIND@|${FIND}|g'                         \
-                       ${FILESDIR}/$$f > ${WRKSRC}/$$f;                \
+               ${CP} ${FILESDIR}/$$f ${WRKSRC} ;                       \
        done
+
 .if ${OPSYS} == "SunOS" || ${OPSYS} == "AIX"
+USE_TOOLS+=    nroff
+
        # pre-created man-pages are "mandoc" pages, these OS need "man",
        # so regen the .0 page
-       nroff -man ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0
+       ${NROFF} -man ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0
 .endif
 
 do-install:
-       @for f in audit-packages download-vulnerability-list; do        \
+       ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/audit-packages
+
+       ${INSTALL_DATA} ${FILESDIR}/audit-packages.conf \
+               ${PREFIX}/share/examples/audit-packages
+
+       for f in audit-packages download-vulnerability-list; do \
                ${INSTALL_SCRIPT} ${WRKSRC}/$$f ${DESTDIR}${PREFIX}/sbin; \
        done
+
        ${INSTALL_MAN} ${WRKSRC}/audit-packages.0 ${DESTDIR}${CAT8DIR}/
        ${INSTALL_MAN} ${WRKSRC}/audit-packages.8 ${DESTDIR}${MAN8DIR}/
+
        ${RM} -f ${DESTDIR}${CAT8DIR}/download-vulnerability-list.0
        ${LN} -s audit-packages.0 ${DESTDIR}${CAT8DIR}/download-vulnerability-list.0
        ${RM} -f ${DESTDIR}${MAN8DIR}/download-vulnerability-list.8
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/PLIST
--- a/security/audit-packages/PLIST     Sat Dec 09 12:11:28 2006 +0000
+++ b/security/audit-packages/PLIST     Sat Dec 09 12:30:46 2006 +0000
@@ -1,7 +1,9 @@
-@comment $NetBSD: PLIST,v 1.2 2003/06/12 06:59:30 wiz Exp $
+@comment $NetBSD: PLIST,v 1.3 2006/12/09 12:30:47 adrianp Exp $
 man/cat8/audit-packages.0
 man/cat8/download-vulnerability-list.0
 man/man8/audit-packages.8
 man/man8/download-vulnerability-list.8
 sbin/audit-packages
 sbin/download-vulnerability-list
+share/examples/audit-packages/audit-packages.conf
+@dirrm share/examples/audit-packages
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/files/audit-packages
--- a/security/audit-packages/files/audit-packages      Sat Dec 09 12:11:28 2006 +0000
+++ b/security/audit-packages/files/audit-packages      Sat Dec 09 12:30:46 2006 +0000
@@ -1,6 +1,6 @@
 #! @SH@
 #
-# $NetBSD: audit-packages,v 1.29 2006/11/25 13:43:42 agc Exp $
+# $NetBSD: audit-packages,v 1.30 2006/12/09 12:30:47 adrianp Exp $
 #
 # Copyright (c) 2000-2003 Alistair Crooks.  All rights reserved.
 #
@@ -193,6 +193,25 @@
        \#*|'') continue;;
        esac
 
+       case "$IGNORE_URLS" in
+       "")     ;;
+       *)      ignore=false;
+               for u in $IGNORE_URLS; do
+                       if [ "x$u" = "x$url" ]; then
+                               ignore=true
+                               break
+                       fi
+               done
+               if $ignore; then
+                       case "$verbose" in
+                       yes)    echo "Ignoring vulnerability for $url with pattern $pat"
+                               ;;
+                       esac
+                       continue
+               fi
+               ;;
+       esac
+
        if [ -z "$one_package" ] ; then
                vulnpkgs=`@PKG_TOOLS_BIN@/pkg_info -e "$pat"`
        else
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/files/audit-packages.0
--- a/security/audit-packages/files/audit-packages.0    Sat Dec 09 12:11:28 2006 +0000
+++ b/security/audit-packages/files/audit-packages.0    Sat Dec 09 12:30:46 2006 +0000
@@ -1,4 +1,4 @@
-AUDIT-PACKAGES(8)       NetBSD System Manager's Manual       AUDIT-PACKAGES(8)
+AUDIT-PACKAGES(8)         BSD System Manager's Manual        AUDIT-PACKAGES(8)
 
 NNAAMMEE
      aauuddiitt--ppaacckkaaggeess, ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt -- show vulnerabilities in
@@ -80,6 +80,11 @@
      tory.  This can be changed by defining the environment variable
      PKGVULNDIR to the directory containing the vulnerabilities file.
 
+     If a URL is specified in IGNORE_URLS then all entries listed in
+     _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s that match that URL will not be reported when
+     _a_u_d_i_t_-_p_a_c_k_a_g_e_s is run.  Running _a_u_d_i_t_-_p_a_c_k_a_g_e_s -v will display the
+     details of all entries skipped if IGNORE_URLS is set.
+
 EEXXIITT SSTTAATTUUSS
      The aauuddiitt--ppaacckkaaggeess utility exits 0 on success, and >0 if an error occurs.
 
@@ -97,6 +102,10 @@
                  _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. Currently supports only http and
                  ftp. The default is ftp.
 
+     IGNORE_URLS
+                 A list of vulnerability URLs to be ignored.  This allows for
+                 ignoring certain URLs that are attached to a vulnerability.
+
 FFIILLEESS
      @PKGVULNDIR@/pkg-vulnerabilities
 
@@ -161,4 +170,4 @@
      September 19, 2000.  The original idea came from Roland Dowdeswell and
      Bill Sommerfeld.
 
-NetBSD 3.0                      April 15, 2006                      NetBSD 3.0
+BSD                             April 15, 2006                             BSD
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/files/audit-packages.8
--- a/security/audit-packages/files/audit-packages.8    Sat Dec 09 12:11:28 2006 +0000
+++ b/security/audit-packages/files/audit-packages.8    Sat Dec 09 12:30:46 2006 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: audit-packages.8,v 1.19 2006/05/21 13:31:27 adrianp Exp $
+.\" $NetBSD: audit-packages.8,v 1.20 2006/12/09 12:30:47 adrianp Exp $
 .\"
 .\" Copyright (c) 2003 Jeremy C. Reed.  All rights reserved.
 .\"
@@ -172,6 +172,15 @@
 This can be changed by defining the environment variable
 .Ev PKGVULNDIR
 to the directory containing the vulnerabilities file.
+.Pp
+If a URL is specified in IGNORE_URLS then all entries listed in
+.Pa pkg-vulnerabilities
+that match that URL will not be reported when
+.Pa audit-packages 
+is run.  Running
+.Pa audit-packages
+-v will display the details of all entries skipped if IGNORE_URLS
+is set.
 .Sh EXIT STATUS
 .Ex -std audit-packages
 .Sh ENVIRONMENT
@@ -190,6 +199,9 @@
 Specifies the protocol to use when fetching the 
 .Pa pkg-vulnerabilities
 file. Currently supports only http and ftp. The default is ftp.
+.It Ev IGNORE_URLS
+A list of vulnerability URLs to be ignored.  This allows for
+ignoring certain URLs that are attached to a vulnerability.
 .El
 .Sh FILES
 @PKGVULNDIR@/pkg-vulnerabilities
diff -r 409b24706fdd -r ce396a55b5e6 security/audit-packages/files/audit-packages.conf
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/audit-packages/files/audit-packages.conf Sat Dec 09 12:30:46 2006 +0000
@@ -0,0 +1,26 @@
+# $NetBSD: audit-packages.conf,v 1.1 2006/12/09 12:30:47 adrianp Exp $
+
+#
+# sample configuration file for audit-packages(8) and 
+# download-vulnerability-list(8)
+#
+
+# PKGVULNDIR
+#
+# Specifies the directory containing the pkg-vulnerabilities file.
+# Default: PKGVULNDIR="${DISTDIR}"
+
+# FETCH_ARGS
+#
+# Specifies optional arguments for the download-vulnerability-list client.
+# Default: FETCH_ARGS=
+
+# FETCH_PROTO
+#
+# Specifies the protocol to use when fetching the pkg-vulnerabilities file.
+# Default: FETCH_PROTO="ftp"
+
+# IGNORE_URLS
+#
+# A list of vulnerability URLs to be ignored.
+# Default: IGNORE_URLS=



Home | Main Index | Thread Index | Old Index