pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mk Add support for the upcoming pkg_install-20070714 w...
details: https://anonhg.NetBSD.org/pkgsrc/rev/07a8af014b09
branches: trunk
changeset: 530923:07a8af014b09
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Sat Jul 14 17:17:45 2007 +0000
description:
Add support for the upcoming pkg_install-20070714 which now includes
audit-packages.
diffstat:
mk/bsd.pkg.readme.mk | 33 ++++++++++++++----
mk/bulk/pre-build | 25 +++++++++++--
mk/bulk/sort-packages | 21 +++++++---
mk/bulk/upload | 21 ++++++++++-
mk/defaults/mk.conf | 22 +++++++++++-
mk/flavor/pkg/check.mk | 88 ++++++++++++++++++++++++++++++-------------------
6 files changed, 152 insertions(+), 58 deletions(-)
diffs (truncated from 361 to 300 lines):
diff -r ea3b804a7fea -r 07a8af014b09 mk/bsd.pkg.readme.mk
--- a/mk/bsd.pkg.readme.mk Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/bsd.pkg.readme.mk Sat Jul 14 17:17:45 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkg.readme.mk,v 1.6 2006/10/17 06:28:33 rillig Exp $
+# $NetBSD: bsd.pkg.readme.mk,v 1.7 2007/07/14 17:17:45 adrianp Exp $
#
# This Makefile fragment is included by bsd.pkg.mk and encapsulates the
# code to produce README.html files in each package directory.
@@ -232,16 +232,33 @@
SED_HOMEPAGE_EXPR= -e 's|%%HOMEPAGE%%||'
.endif
+# XXX: The code for the pkg_install<20070714 vulnerability checks are
+# XXX: broken. It will not find vulnerabilities in any packages that
+# XXX: have complex names in the pkg-vulnerabilties file.
+# XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15
+# XXX: Post pkg_install-20070714 only currently known vulnerabilities are
+# XXX: shown in the generated files for packages.
+#
.PHONY: show-vulnerabilities-html
show-vulnerabilities-html:
${_PKG_SILENT}${_PKG_DEBUG} \
- if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then \
- ${AWK} '/^${PKGBASE}[-<>=]+[0-9]/ { gsub("\<", "\\<", $$1); \
- gsub("\>", "\\>", $$1); \
- printf("<LI><STRONG>%s has a %s exploit (see <a href=\"%s\">%s</a> for more details)</STRONG></LI>\n", $$1, $$2, $$3, $$3) }' \
- ${PKGVULNDIR}/pkg-vulnerabilities; \
- fi
-
+ _INFO_VER=`${PKG_INFO} -V`; \
+ if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-$$_INFO_VER; then \
+ if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then \
+ ${AWK} '/^${PKGBASE}[-<>=]+[0-9]/ { gsub("\<", "\\<", $$1); \
+ gsub("\>", "\\>", $$1); \
+ printf("<LI><STRONG>%s has a %s exploit (see <a href=\"%s\">%s</a> for more details)</STRONG></LI>\n", $$1, $$2, $$3, $$3) }' \
+ ${PKGVULNDIR}/pkg-vulnerabilities; \
+ fi; \
+ else \
+ _PKGVULNDIR=`audit-packages ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \
+ if [ -f $$_PKGVULNDIR/pkg-vulnerabilities ]; then \
+ audit-packages ${AUDIT_PACKAGES_FLAGS} -n ${PKGNAME} |${AWK} \
+ '{ gsub("\<", "\\<", $$2); \
+ gsub("\>", "\\>", $$2); \
+ printf("<LI><STRONG>%s has a %s exploit (see <a href=\"%s\">%s</a> for more details)</STRONG></LI>\n", $$2, $$5, $$8, $$8) }'; \
+ fi; \
+ fi
# If PACKAGES is set to the default (../../packages), the current
# ${MACHINE_ARCH} and "release" (uname -r) will be used. Otherwise a directory
diff -r ea3b804a7fea -r 07a8af014b09 mk/bulk/pre-build
--- a/mk/bulk/pre-build Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/bulk/pre-build Sat Jul 14 17:17:45 2007 +0000
@@ -1,5 +1,5 @@
#!/bin/sh
-# $NetBSD: pre-build,v 1.68 2007/07/02 14:54:09 joerg Exp $
+# $NetBSD: pre-build,v 1.69 2007/07/14 17:17:45 adrianp Exp $
#
# Clean up system to be ready for bulk pkg build
#
@@ -18,6 +18,7 @@
PRUNEDISTFILES=${PRUNEDISTFILES:-"no"}
PRUNEPACKAGES=${PRUNEPACKAGES:-"yes"}
PRUNELINKS=${PRUNEPACKAGES:-"yes"}
+PKG_ADMIN="pkg_admin"
PKGLINT_PKG_DIR=${USR_PKGSRC}/pkgtools/pkglint
@@ -69,11 +70,20 @@
mkdir -p "${BULKFILESDIR}"
# Make sure the pkg-vulnerabilities file is up to date
+_INFO_VER=`${PKG_INFO} -V`;
echo "pre-build> Making sure vulnerability-list is upto date:"
if [ -z "$UPDATE_VULNERABILITY_LIST" -o "$UPDATE_VULNERABILITY_LIST" = yes ]; then
+ if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}; then
( cd "${USR_PKGSRC}/security/audit-packages" \
&& ${BMAKE} bulk-install \
&& env PKGVULNDIR="${DISTDIR}" download-vulnerability-list )
+ else
+ _PKGVULNDIR=`audit-packages ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`
+ download-vulnerability-list ${DOWNLOAD_VULNERABILITY_LIST_FLAGS}
+ if [ "x${_PKGVULNDIR}" != "x${DISTDIR}" ]; then
+ cp ${_PKGVULNDIR}/pkg-vulnerabilities ${DISTDIR}
+ fi
+ fi
echo 'pre-build> done.'
else
echo 'pre-build> (skipped)'
@@ -82,7 +92,8 @@
# On non-NetBSD platforms we need to keep the bootstrap-files!
if [ x"$BMAKE" = x"bmake" ]; then
( cd "$LOCALBASE" && tar cf /tmp/$$.tar \
- sbin/pkg_add sbin/pkg_admin sbin/pkg_create \
+ sbin/audit-packages sbin/download-vulnerability-list \
+ sbin/pkg_add sbin/pkg_admin sbin/pkg_create \
sbin/pkg_delete sbin/pkg_info sbin/pkg_view sbin/linkfarm \
share/mk/sys.mk share/mk/bsd.dep.mk share/mk/bsd.depall.mk \
share/mk/bsd.files.mk share/mk/bsd.hostprog.mk \
@@ -95,17 +106,23 @@
share/mk/bsd.sys.mk share/mk/bsd.own.mk \
bin/bmake bin/ftp bin/digest bin/nawk bin/nbsed \
bin/install-sh bin/pax bin/tar bin/cpio \
+ man/cat1/audit-packages.0 \
+ man/cat1/download-vulnerability-list.0 \
man/cat1/ftp.1 man/cat1/pax.0 \
man/cat1/tar.0 man/cat1/cpio.0 man/cat1/pkg_add.0 \
man/cat1/pkg_admin.0 man/cat1/pkg_create.0 \
man/cat1/pkg_delete.0 man/cat1/pkg_info.0 \
man/cat1/pkg_view.0 man/cat1/linkfarm.0 \
+ man/cat5/audit-packages.conf.0 \
+ man/man1/audit-packages.1 \
+ man/man1/download-vulnerability-list.1 \
man/man1/digest.1 man/man1/pax.1 man/man1/cpio.1 \
man/man1/tar.1 man/man1/nbsed.1 man/man1/pkg_add.1 \
man/man1/pkg_admin.1 man/man1/pkg_create.1 \
man/man1/pkg_delete.1 man/man1/pkg_info.1 \
- man/man1/pkg_view.1 man/man1/linkfarm.1 man/cat7/packages.0 \
- etc/mk.conf )
+ man/man1/pkg_view.1 man/man1/linkfarm.1 \
+ man/man5/audit-packages.conf.5 man/cat7/packages.0 \
+ etc/mk.conf share/examples/pkg_install/audit-packages.conf )
fi
#
diff -r ea3b804a7fea -r 07a8af014b09 mk/bulk/sort-packages
--- a/mk/bulk/sort-packages Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/bulk/sort-packages Sat Jul 14 17:17:45 2007 +0000
@@ -1,5 +1,5 @@
#! /bin/sh
-# $NetBSD: sort-packages,v 1.7 2007/03/22 11:43:18 rillig Exp $
+# $NetBSD: sort-packages,v 1.8 2007/07/14 17:17:45 adrianp Exp $
# This program scans all binary packages in the current directory and
# creates three lists of files in OUTDIR:
@@ -20,6 +20,7 @@
: ${OUTDIR="/tmp"}
: ${PKG_SUFX=".tgz"}
: ${AUDIT_PACKAGES="audit-packages"}
+: ${PKG_ADMIN="pkg_admin"}
: ${PKG_INFO="pkg_info"}
regular_packages="${OUTDIR}/regular_packages"
@@ -67,13 +68,19 @@
# Check whether the package is vulnerable or not.
pkg_prefix="${pkg%%-*}"
category="regular"
- # XXX: The egrep command is only needed here because
- # audit-packages is so awfully slow.
- if egrep "^({.*${pkg_prefix}.*}|${pkg_prefix}|{.*}${pkg_prefix})" ${PKGVULNDIR}/pkg-vulnerabilities >/dev/null 4>&1; then
- vuln=`${AUDIT_PACKAGES} -p "${pkg}"`
- if [ -n "${vuln}" ]; then
- category="vulnerable"
+ _INFO_VER=`${PKG_INFO} -V`;
+ if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}; then
+ # XXX: The egrep command is only needed here because
+ # audit-packages before pkg_install-20070714 is so
+ # awfully slow.
+ if egrep "^({.*${pkg_prefix}.*}|${pkg_prefix}|{.*}${pkg_prefix})" ${PKGVULNDIR}/pkg-vulnerabilities >/dev/null 4>&1; then
+ vuln=`${AUDIT_PACKAGES} -p "${pkg}"`
fi
+ else
+ vuln=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -p "${pkg}"`
+ fi
+ if [ -n "${vuln}" ]; then
+ category="vulnerable"
fi
elif [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then
category="restricted"
diff -r ea3b804a7fea -r 07a8af014b09 mk/bulk/upload
--- a/mk/bulk/upload Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/bulk/upload Sat Jul 14 17:17:45 2007 +0000
@@ -1,11 +1,12 @@
#!/bin/sh
-# $NetBSD: upload,v 1.37 2006/12/15 13:15:06 martti Exp $
+# $NetBSD: upload,v 1.38 2007/07/14 17:17:45 adrianp Exp $
#
# Upload non-restricted binary pkgs to ftp server
#
AWK=${AWK:-/usr/bin/awk}
+PKG_ADMIN="pkg_admin"
set -eu
@@ -129,7 +130,12 @@
MD5="digest md5";
SHA1="digest sha1";
-REQUIRED_PACKAGES="pkgtools/pkglint net/rsync security/audit-packages"
+_INFO_VER=`${PKG_INFO} -V`;
+if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}; then
+ REQUIRED_PACKAGES="pkgtools/pkglint net/rsync security/audit-packages"
+else
+ REQUIRED_PACKAGES="pkgtools/pkglint net/rsync"
+fi
opsys=`uname -s`
case "$opsys" in
@@ -208,7 +214,16 @@
echo "upload> Making sure vulnerability-list is up-to-date:"
if [ -z "$UPDATE_VULNERABILITY_LIST" -o "$UPDATE_VULNERABILITY_LIST" = "yes" ]
then
- env PKGVULNDIR=${distdir} download-vulnerability-list
+ if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}
+ then
+ env PKGVULNDIR=${distdir} download-vulnerability-list
+ else
+ _PKGVULNDIR=`audit-packages ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`
+ download-vulnerability-list ${DOWNLOAD_VULNERABILITY_LIST_FLAGS}
+ if [ "x${_PKGVULNDIR}" != "x${distdir}" ]; then
+ cp ${_PKGVULNDIR}/pkg-vulnerabilities ${distdir}
+ fi
+ fi
echo " done."
else
echo " (skipped)"
diff -r ea3b804a7fea -r 07a8af014b09 mk/defaults/mk.conf
--- a/mk/defaults/mk.conf Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/defaults/mk.conf Sat Jul 14 17:17:45 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mk.conf,v 1.155 2007/07/02 14:02:06 joerg Exp $
+# $NetBSD: mk.conf,v 1.156 2007/07/14 17:17:45 adrianp Exp $
#
# This file provides default values for variables that may be overridden
@@ -21,6 +21,22 @@
# Possible: defined, not defined
# Default: not defined
+#AUDIT_PACKAGES_FLAGS=
+# List of flags passed to audit-packages(1).
+#
+# NOTE: If you have pkg_install<20070714 then this variable is not referenced.
+#
+# Possible: -e, -s, etc. See audit-packages(1)
+# Default: (no option)
+
+#DOWNLOAD_VULNERABILITY_LIST_FLAGS=
+# List of flags passed to download-vulnerability-list(1).
+#
+# NOTE: If you have pkg_install<20070714 then this variable is not referenced.
+#
+# Possible: -s, -c, etc. See download-vulnerability-list(1)
+# Default: (no option)
+
MANINSTALL?= maninstall catinstall
# Specify manpage installation types.
# Possible: maninstall, catinstall, both types or empty
@@ -371,6 +387,10 @@
# Specifies where the `vulnerabilities' file is located. This variable
# is used by the audit-packages program and by pkgsrc itself to do security
# checks before building/installing programs.
+#
+# NOTE: If you have pkg_install>=20070714 then this variable is not referenced.
+# See audit-packages.conf(5)
+#
# Possible: any path you like
# Default: /usr/pkgsrc/distfiles
diff -r ea3b804a7fea -r 07a8af014b09 mk/flavor/pkg/check.mk
--- a/mk/flavor/pkg/check.mk Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/flavor/pkg/check.mk Sat Jul 14 17:17:45 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: check.mk,v 1.3 2007/03/09 00:39:54 rillig Exp $
+# $NetBSD: check.mk,v 1.4 2007/07/14 17:17:46 adrianp Exp $
#
# _flavor-check-vulnerable:
@@ -11,38 +11,56 @@
#
_flavor-check-vulnerable: .PHONY
${_PKG_SILENT}${_PKG_DEBUG} \
- vulnfile=${PKGVULNDIR:Q}/pkg-vulnerabilities; \
- if ${TEST} ! -f "$$vulnfile"; then \
- ${PHASE_MSG} "Skipping vulnerability checks."; \
- ${WARNING_MSG} "No $$vulnfile file found."; \
- ${WARNING_MSG} "To fix, install the pkgsrc/security/audit-packages"; \
- ${WARNING_MSG} "package and run: \`\`${LOCALBASE}/sbin/download-vulnerability-list''."; \
- exit 0; \
- fi; \
- ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \
- conffile=; \
- for dir in \
- __dummy \
- ${PKG_SYSCONFDIR.audit-packages:Q}"" \
- ${PKG_SYSCONFDIR:Q}""; \
- do \
- case $$dir in \
- /*) conffile="$$dir/audit-packages.conf"; break ;; \
- *) continue ;; \
- esac; \
- done; \
- if ${TEST} -z "$$conffile" -a -f "$$conffile"; then \
- . $$conffile; \
- fi; \
- ${SETENV} PKGNAME=${PKGNAME} \
- PKGBASE=${PKGBASE} \
- ${AWK} 'BEGIN { exitcode = 0 } \
Home |
Main Index |
Thread Index |
Old Index