pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mk Add support for the upcoming pkg_install-20070714 w...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/07a8af014b09
branches:  trunk
changeset: 530923:07a8af014b09
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sat Jul 14 17:17:45 2007 +0000

description:
Add support for the upcoming pkg_install-20070714 which now includes
audit-packages.

diffstat:

 mk/bsd.pkg.readme.mk   |  33 ++++++++++++++----
 mk/bulk/pre-build      |  25 +++++++++++--
 mk/bulk/sort-packages  |  21 +++++++---
 mk/bulk/upload         |  21 ++++++++++-
 mk/defaults/mk.conf    |  22 +++++++++++-
 mk/flavor/pkg/check.mk |  88 ++++++++++++++++++++++++++++++-------------------
 6 files changed, 152 insertions(+), 58 deletions(-)

diffs (truncated from 361 to 300 lines):

diff -r ea3b804a7fea -r 07a8af014b09 mk/bsd.pkg.readme.mk
--- a/mk/bsd.pkg.readme.mk      Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/bsd.pkg.readme.mk      Sat Jul 14 17:17:45 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkg.readme.mk,v 1.6 2006/10/17 06:28:33 rillig Exp $
+# $NetBSD: bsd.pkg.readme.mk,v 1.7 2007/07/14 17:17:45 adrianp Exp $
 #
 # This Makefile fragment is included by bsd.pkg.mk and encapsulates the
 # code to produce README.html files in each package directory.
@@ -232,16 +232,33 @@
 SED_HOMEPAGE_EXPR=     -e 's|%%HOMEPAGE%%||'
 .endif
 
+# XXX: The code for the pkg_install<20070714 vulnerability checks are
+# XXX: broken.  It will not find vulnerabilities in any packages that
+# XXX: have complex names in the pkg-vulnerabilties file. 
+# XXX: e.g. php{4,5}-perl and sun-{jdk,jre}15
+# XXX: Post pkg_install-20070714 only currently known vulnerabilities are
+# XXX: shown in the generated files for packages.
+#
 .PHONY: show-vulnerabilities-html
 show-vulnerabilities-html:
        ${_PKG_SILENT}${_PKG_DEBUG}                                     \
-       if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then               \
-               ${AWK} '/^${PKGBASE}[-<>=]+[0-9]/ { gsub("\<", "\\&lt;", $$1);  \
-                        gsub("\>", "\\&gt;", $$1);                     \
-                        printf("<LI><STRONG>%s has a %s exploit (see <a href=\"%s\">%s</a> for more details)</STRONG></LI>\n", $$1, $$2, $$3, $$3) }' \
-                       ${PKGVULNDIR}/pkg-vulnerabilities;              \
-       fi
-
+       _INFO_VER=`${PKG_INFO} -V`;                                     \
+       if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-$$_INFO_VER; then \
+               if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then       \
+                       ${AWK} '/^${PKGBASE}[-<>=]+[0-9]/ { gsub("\<", "\\&lt;", $$1);  \
+                                gsub("\>", "\\&gt;", $$1);             \
+                               printf("<LI><STRONG>%s has a %s exploit (see <a href=\"%s\">%s</a> for more details)</STRONG></LI>\n", $$1, $$2, $$3, $$3) }' \
+                               ${PKGVULNDIR}/pkg-vulnerabilities;      \
+               fi;                                                     \
+       else                                                            \
+               _PKGVULNDIR=`audit-packages ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \
+               if [ -f $$_PKGVULNDIR/pkg-vulnerabilities ]; then       \
+                       audit-packages ${AUDIT_PACKAGES_FLAGS} -n ${PKGNAME} |${AWK} \
+                               '{ gsub("\<", "\\&lt;", $$2);           \
+                               gsub("\>", "\\&gt;", $$2);              \
+                               printf("<LI><STRONG>%s has a %s exploit (see <a href=\"%s\">%s</a> for more details)</STRONG></LI>\n", $$2, $$5, $$8, $$8) }'; \
+               fi;                                                     \
+       fi      
 
 # If PACKAGES is set to the default (../../packages), the current
 # ${MACHINE_ARCH} and "release" (uname -r) will be used. Otherwise a directory
diff -r ea3b804a7fea -r 07a8af014b09 mk/bulk/pre-build
--- a/mk/bulk/pre-build Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/bulk/pre-build Sat Jul 14 17:17:45 2007 +0000
@@ -1,5 +1,5 @@
 #!/bin/sh
-# $NetBSD: pre-build,v 1.68 2007/07/02 14:54:09 joerg Exp $
+# $NetBSD: pre-build,v 1.69 2007/07/14 17:17:45 adrianp Exp $
 #
 # Clean up system to be ready for bulk pkg build
 #
@@ -18,6 +18,7 @@
 PRUNEDISTFILES=${PRUNEDISTFILES:-"no"}
 PRUNEPACKAGES=${PRUNEPACKAGES:-"yes"}
 PRUNELINKS=${PRUNEPACKAGES:-"yes"}
+PKG_ADMIN="pkg_admin"
 
 PKGLINT_PKG_DIR=${USR_PKGSRC}/pkgtools/pkglint
 
@@ -69,11 +70,20 @@
 mkdir -p "${BULKFILESDIR}"
 
 # Make sure the pkg-vulnerabilities file is up to date
+_INFO_VER=`${PKG_INFO} -V`;
 echo "pre-build> Making sure vulnerability-list is upto date:"
 if [ -z "$UPDATE_VULNERABILITY_LIST" -o "$UPDATE_VULNERABILITY_LIST" = yes ]; then
+       if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}; then
        ( cd "${USR_PKGSRC}/security/audit-packages" \
          && ${BMAKE} bulk-install \
          && env PKGVULNDIR="${DISTDIR}" download-vulnerability-list )
+       else
+               _PKGVULNDIR=`audit-packages ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`
+               download-vulnerability-list ${DOWNLOAD_VULNERABILITY_LIST_FLAGS}
+               if [ "x${_PKGVULNDIR}" != "x${DISTDIR}" ]; then
+                       cp ${_PKGVULNDIR}/pkg-vulnerabilities ${DISTDIR}
+               fi
+       fi
        echo 'pre-build> done.'
 else
        echo 'pre-build> (skipped)'
@@ -82,7 +92,8 @@
 # On non-NetBSD platforms we need to keep the bootstrap-files!
 if [ x"$BMAKE" = x"bmake" ]; then
        ( cd "$LOCALBASE" && tar cf /tmp/$$.tar \
-               sbin/pkg_add sbin/pkg_admin sbin/pkg_create       \
+               sbin/audit-packages sbin/download-vulnerability-list         \
+               sbin/pkg_add sbin/pkg_admin sbin/pkg_create                  \
                sbin/pkg_delete sbin/pkg_info sbin/pkg_view sbin/linkfarm    \
                share/mk/sys.mk share/mk/bsd.dep.mk share/mk/bsd.depall.mk   \
                share/mk/bsd.files.mk share/mk/bsd.hostprog.mk               \
@@ -95,17 +106,23 @@
                share/mk/bsd.sys.mk share/mk/bsd.own.mk                      \
                bin/bmake bin/ftp bin/digest bin/nawk bin/nbsed              \
                bin/install-sh bin/pax bin/tar bin/cpio                      \
+               man/cat1/audit-packages.0                                    \
+               man/cat1/download-vulnerability-list.0                       \
                man/cat1/ftp.1 man/cat1/pax.0                                \
                man/cat1/tar.0 man/cat1/cpio.0 man/cat1/pkg_add.0            \
                man/cat1/pkg_admin.0 man/cat1/pkg_create.0                   \
                man/cat1/pkg_delete.0 man/cat1/pkg_info.0                    \
                man/cat1/pkg_view.0 man/cat1/linkfarm.0                      \
+               man/cat5/audit-packages.conf.0                               \
+               man/man1/audit-packages.1                                    \
+               man/man1/download-vulnerability-list.1                       \
                man/man1/digest.1 man/man1/pax.1 man/man1/cpio.1             \
                man/man1/tar.1 man/man1/nbsed.1 man/man1/pkg_add.1           \
                man/man1/pkg_admin.1 man/man1/pkg_create.1                   \
                man/man1/pkg_delete.1 man/man1/pkg_info.1                    \
-               man/man1/pkg_view.1 man/man1/linkfarm.1 man/cat7/packages.0  \
-               etc/mk.conf )
+               man/man1/pkg_view.1 man/man1/linkfarm.1                      \
+               man/man5/audit-packages.conf.5 man/cat7/packages.0           \
+               etc/mk.conf share/examples/pkg_install/audit-packages.conf )
 fi
 
 #
diff -r ea3b804a7fea -r 07a8af014b09 mk/bulk/sort-packages
--- a/mk/bulk/sort-packages     Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/bulk/sort-packages     Sat Jul 14 17:17:45 2007 +0000
@@ -1,5 +1,5 @@
 #! /bin/sh
-# $NetBSD: sort-packages,v 1.7 2007/03/22 11:43:18 rillig Exp $
+# $NetBSD: sort-packages,v 1.8 2007/07/14 17:17:45 adrianp Exp $
 
 # This program scans all binary packages in the current directory and
 # creates three lists of files in OUTDIR:
@@ -20,6 +20,7 @@
 : ${OUTDIR="/tmp"}
 : ${PKG_SUFX=".tgz"}
 : ${AUDIT_PACKAGES="audit-packages"}
+: ${PKG_ADMIN="pkg_admin"}
 : ${PKG_INFO="pkg_info"}
 
 regular_packages="${OUTDIR}/regular_packages"
@@ -67,13 +68,19 @@
                # Check whether the package is vulnerable or not.
                pkg_prefix="${pkg%%-*}"
                category="regular"
-               # XXX: The egrep command is only needed here because
-               # audit-packages is so awfully slow.
-               if egrep "^({.*${pkg_prefix}.*}|${pkg_prefix}|{.*}${pkg_prefix})" ${PKGVULNDIR}/pkg-vulnerabilities >/dev/null 4>&1; then
-                       vuln=`${AUDIT_PACKAGES} -p "${pkg}"`
-                       if [ -n "${vuln}" ]; then
-                               category="vulnerable"
+               _INFO_VER=`${PKG_INFO} -V`;
+               if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}; then
+                       # XXX: The egrep command is only needed here because
+                       # audit-packages before pkg_install-20070714 is so 
+                       # awfully slow.
+                       if egrep "^({.*${pkg_prefix}.*}|${pkg_prefix}|{.*}${pkg_prefix})" ${PKGVULNDIR}/pkg-vulnerabilities >/dev/null 4>&1; then
+                               vuln=`${AUDIT_PACKAGES} -p "${pkg}"`
                        fi
+               else
+                       vuln=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -p "${pkg}"`
+               fi
+               if [ -n "${vuln}" ]; then
+                       category="vulnerable"
                fi
        elif [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then
                category="restricted"
diff -r ea3b804a7fea -r 07a8af014b09 mk/bulk/upload
--- a/mk/bulk/upload    Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/bulk/upload    Sat Jul 14 17:17:45 2007 +0000
@@ -1,11 +1,12 @@
 #!/bin/sh
-# $NetBSD: upload,v 1.37 2006/12/15 13:15:06 martti Exp $
+# $NetBSD: upload,v 1.38 2007/07/14 17:17:45 adrianp Exp $
 
 #
 # Upload non-restricted binary pkgs to ftp server
 #
 
 AWK=${AWK:-/usr/bin/awk}
+PKG_ADMIN="pkg_admin"
 
 set -eu
 
@@ -129,7 +130,12 @@
 MD5="digest md5";
 SHA1="digest sha1";
 
-REQUIRED_PACKAGES="pkgtools/pkglint net/rsync security/audit-packages"
+_INFO_VER=`${PKG_INFO} -V`;
+if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}; then
+       REQUIRED_PACKAGES="pkgtools/pkglint net/rsync security/audit-packages"
+else
+       REQUIRED_PACKAGES="pkgtools/pkglint net/rsync"
+fi
 
 opsys=`uname -s`
 case "$opsys" in
@@ -208,7 +214,16 @@
 echo "upload> Making sure vulnerability-list is up-to-date:"
 if [ -z "$UPDATE_VULNERABILITY_LIST" -o "$UPDATE_VULNERABILITY_LIST" = "yes" ]
 then
-       env PKGVULNDIR=${distdir} download-vulnerability-list
+       if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}
+       then
+               env PKGVULNDIR=${distdir} download-vulnerability-list
+       else
+               _PKGVULNDIR=`audit-packages ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`
+               download-vulnerability-list ${DOWNLOAD_VULNERABILITY_LIST_FLAGS}
+               if [ "x${_PKGVULNDIR}" != "x${distdir}" ]; then
+                       cp ${_PKGVULNDIR}/pkg-vulnerabilities ${distdir}
+               fi
+       fi
        echo "        done."
 else
        echo "        (skipped)"
diff -r ea3b804a7fea -r 07a8af014b09 mk/defaults/mk.conf
--- a/mk/defaults/mk.conf       Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/defaults/mk.conf       Sat Jul 14 17:17:45 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mk.conf,v 1.155 2007/07/02 14:02:06 joerg Exp $
+# $NetBSD: mk.conf,v 1.156 2007/07/14 17:17:45 adrianp Exp $
 #
 
 # This file provides default values for variables that may be overridden
@@ -21,6 +21,22 @@
 # Possible: defined, not defined
 # Default: not defined
 
+#AUDIT_PACKAGES_FLAGS=
+# List of flags passed to audit-packages(1).
+#
+# NOTE: If you have pkg_install<20070714 then this variable is not referenced.
+#
+# Possible: -e, -s, etc. See audit-packages(1)
+# Default: (no option)
+
+#DOWNLOAD_VULNERABILITY_LIST_FLAGS=
+# List of flags passed to download-vulnerability-list(1).
+#
+# NOTE: If you have pkg_install<20070714 then this variable is not referenced.
+#
+# Possible: -s, -c, etc. See download-vulnerability-list(1)
+# Default: (no option)
+
 MANINSTALL?= maninstall catinstall
 # Specify manpage installation types.
 # Possible: maninstall, catinstall, both types or empty
@@ -371,6 +387,10 @@
 # Specifies where the `vulnerabilities' file is located.  This variable
 # is used by the audit-packages program and by pkgsrc itself to do security
 # checks before building/installing programs.
+#
+# NOTE: If you have pkg_install>=20070714 then this variable is not referenced.
+# See audit-packages.conf(5)
+#
 # Possible: any path you like
 # Default: /usr/pkgsrc/distfiles
 
diff -r ea3b804a7fea -r 07a8af014b09 mk/flavor/pkg/check.mk
--- a/mk/flavor/pkg/check.mk    Sat Jul 14 17:06:44 2007 +0000
+++ b/mk/flavor/pkg/check.mk    Sat Jul 14 17:17:45 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: check.mk,v 1.3 2007/03/09 00:39:54 rillig Exp $
+# $NetBSD: check.mk,v 1.4 2007/07/14 17:17:46 adrianp Exp $
 #
 
 # _flavor-check-vulnerable:
@@ -11,38 +11,56 @@
 #
 _flavor-check-vulnerable: .PHONY
        ${_PKG_SILENT}${_PKG_DEBUG}                                     \
-       vulnfile=${PKGVULNDIR:Q}/pkg-vulnerabilities;                   \
-       if ${TEST} ! -f "$$vulnfile"; then                              \
-               ${PHASE_MSG} "Skipping vulnerability checks.";          \
-               ${WARNING_MSG} "No $$vulnfile file found.";             \
-               ${WARNING_MSG} "To fix, install the pkgsrc/security/audit-packages"; \
-               ${WARNING_MSG} "package and run: \`\`${LOCALBASE}/sbin/download-vulnerability-list''."; \
-               exit 0;                                                 \
-       fi;                                                             \
-       ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}";      \
-       conffile=;                                                      \
-       for dir in                                                      \
-               __dummy                                                 \
-               ${PKG_SYSCONFDIR.audit-packages:Q}""                    \
-               ${PKG_SYSCONFDIR:Q}"";                                  \
-       do                                                              \
-               case $$dir in                                           \
-               /*)     conffile="$$dir/audit-packages.conf"; break ;;  \
-               *)      continue ;;                                     \
-               esac;                                                   \
-       done;                                                           \
-       if ${TEST} -z "$$conffile" -a -f "$$conffile"; then             \
-               . $$conffile;                                           \
-       fi;                                                             \
-       ${SETENV} PKGNAME=${PKGNAME}                                    \
-                 PKGBASE=${PKGBASE}                                    \
-       ${AWK} 'BEGIN { exitcode = 0 }                                  \



Home | Main Index | Thread Index | Old Index