pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/pkgtools/pkg_install/files/audit-packages * Use stdout...
details: https://anonhg.NetBSD.org/pkgsrc/rev/5674c7765fc8
branches: trunk
changeset: 532074:5674c7765fc8
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Fri Aug 10 22:50:46 2007 +0000
description:
* Use stdout for printing results of vulnerable/eol packages found.
Reported by Greg Troxel on tech-pkg@
* Add -q which operates the same as 'pkg_info -q' and only displays
the package name of any vulnerable/eol packages found.
Suggestion by joerg@
* man page updates for -q
* Document the required permissions for audit-packages and
download-vulnerability-list in the man page.
diffstat:
pkgtools/pkg_install/files/audit-packages/audit-packages.1.in | 17 +++++-
pkgtools/pkg_install/files/audit-packages/audit-packages.c | 26 +++++++--
pkgtools/pkg_install/files/audit-packages/audit-packages.cat1.in | 13 ++++-
3 files changed, 46 insertions(+), 10 deletions(-)
diffs (170 lines):
diff -r 807d845b3cee -r 5674c7765fc8 pkgtools/pkg_install/files/audit-packages/audit-packages.1.in
--- a/pkgtools/pkg_install/files/audit-packages/audit-packages.1.in Fri Aug 10 22:47:29 2007 +0000
+++ b/pkgtools/pkg_install/files/audit-packages/audit-packages.1.in Fri Aug 10 22:50:46 2007 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: audit-packages.1.in,v 1.4 2007/08/10 01:11:05 wiz Exp $
+.\" $NetBSD: audit-packages.1.in,v 1.5 2007/08/10 22:50:46 adrianp Exp $
.\"
.\" Copyright (c) 2003 Jeremy C. Reed. All rights reserved.
.\"
@@ -39,7 +39,7 @@
.Nd show vulnerabilities in installed packages
.Sh SYNOPSIS
.Nm
-.Op Fl desVv
+.Op Fl deqsVv
.Op Fl c Ar config_file
.Op Fl g Ar file
.Op Fl h Ar file
@@ -102,6 +102,9 @@
.Dv PKGVULNDIR ,
and
.Dv IGNORE_URLS .
+.It Fl q
+Be ``quiet'' in emitting report headers and such, just dump the
+raw info (basically, assume a non-human reading).
.It Fl s
Verify the signature of the current
.Pa pkg-vulnerabilities
@@ -184,6 +187,16 @@
.Xr bzcat 1
are supported.
.Pp
+.Nm audit-packages
+and/or
+.Nm download-vulnerability-list
+need not be run by the root user. They will function as an unpriveleged
+user just so long as the user chosen has permmission to write the
+downloded
+.Pa pkg-vulnerabilites
+file to the location specified in
+.Xr audit-packages.conf 5 .
+.Pp
Each line lists the package and vulnerable versions, the type of exploit,
and an Internet address for further information:
.Bl -item
diff -r 807d845b3cee -r 5674c7765fc8 pkgtools/pkg_install/files/audit-packages/audit-packages.c
--- a/pkgtools/pkg_install/files/audit-packages/audit-packages.c Fri Aug 10 22:47:29 2007 +0000
+++ b/pkgtools/pkg_install/files/audit-packages/audit-packages.c Fri Aug 10 22:50:46 2007 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: audit-packages.c,v 1.8 2007/08/08 22:33:39 joerg Exp $ */
+/* $NetBSD: audit-packages.c,v 1.9 2007/08/10 22:50:46 adrianp Exp $ */
/*
* Copyright (c) 2007 Adrian Portelli <adrianp%NetBSD.org@localhost>.
@@ -109,6 +109,7 @@
/* program defaults */
int verbose = 0; /* be quiet */
Boolean eol = FALSE; /* don't check eol */
+Boolean quiet = FALSE; /* display full data */
int main(int, char **);
void *safe_calloc(size_t, size_t);
@@ -183,7 +184,7 @@
opterr = 0;
- while ((ch = getopt(argc, argv, ":dveK:n:h:g:c:p:st:Q:V")) != -1) {
+ while ((ch = getopt(argc, argv, ":dveqK:n:h:g:c:p:st:Q:V")) != -1) {
switch (ch) {
@@ -224,6 +225,10 @@
check_one = TRUE;
pkg_installed = TRUE;
break;
+
+ case 'q':
+ quiet = TRUE;
+ break;
case 's':
verify_sig = TRUE;
@@ -675,9 +680,10 @@
void
usage(void)
{
- fprintf(stderr, "Usage: %s [-desVv] [-c config_file] [-g file] [-h file] [-K pkg_dbdir] [-n package] [-p package] [-Q varname ] [-t type]\n", program_name);
+ fprintf(stderr, "Usage: %s [-deqsVv] [-c config_file] [-g file] [-h file] [-K pkg_dbdir] [-n package] [-p package] [-Q varname ] [-t type]\n", program_name);
fprintf(stderr, "\t-d : Run the download-vulnerability-list script before anything else.\n");
fprintf(stderr, "\t-e : Check for end-of-life (eol) packages.\n");
+ fprintf(stderr, "\t-q : Be quiet and just dump the detected vulnerable package names.\n");
fprintf(stderr, "\t-s : Verify the signature of the pkg-vulnerabilities file.\n");
fprintf(stderr, "\t-V : Display version and exit.\n");
fprintf(stderr, "\t-v : Be more verbose. Specify multiple -v flags to increase verbosity.\n");
@@ -768,7 +774,7 @@
format_found = 1;
if (verbose >= 3)
- fprintf(stdout, "debug3: File format detected: %s\n", line);
+ fprintf(stderr, "debug3: File format detected: %s\n", line);
break;
}
@@ -945,7 +951,11 @@
/* deal with eol'ed packages */
if (strcmp(pv_entry[1], "eol") == 0) {
if (eol == TRUE) {
- fprintf(stderr, "Package %s has reached end-of-life (eol), see %s/eol-packages\n", pv_entry[0], EOL_URL);
+ if (quiet == FALSE) {
+ fprintf(stdout, "Package %s has reached end-of-life (eol), see %s/eol-packages\n", pv_entry[0], EOL_URL);
+ } else {
+ fprintf(stdout, "%s\n", pv_entry[0]);
+ }
}
} else {
/* return that we found a vulnerable package */
@@ -955,7 +965,11 @@
if (pkgname == NULL)
pkgname = pv_entry[0];
- fprintf(stderr, "Package %s has a %s vulnerability, see %s\n", pkgname, pv_entry[1], pv_entry[2]);
+ if (quiet == FALSE) {
+ fprintf(stdout, "Package %s has a %s vulnerability, see %s\n", pkgname, pv_entry[1], pv_entry[2]);
+ } else {
+ fprintf(stdout, "%s\n", pkgname);
+ }
}
return retval;
diff -r 807d845b3cee -r 5674c7765fc8 pkgtools/pkg_install/files/audit-packages/audit-packages.cat1.in
--- a/pkgtools/pkg_install/files/audit-packages/audit-packages.cat1.in Fri Aug 10 22:47:29 2007 +0000
+++ b/pkgtools/pkg_install/files/audit-packages/audit-packages.cat1.in Fri Aug 10 22:50:46 2007 +0000
@@ -5,7 +5,7 @@
installed packages
S�SY�YN�NO�OP�PS�SI�IS�S
- a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s [-�-d�de�es�sV�Vv�v] [-�-c�c _�c_�o_�n_�f_�i_�g_�__�f_�i_�l_�e] [-�-g�g _�f_�i_�l_�e] [-�-h�h _�f_�i_�l_�e]
+ a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s [-�-d�de�eq�qs�sV�Vv�v] [-�-c�c _�c_�o_�n_�f_�i_�g_�__�f_�i_�l_�e] [-�-g�g _�f_�i_�l_�e] [-�-h�h _�f_�i_�l_�e]
[-�-K�K _�p_�k_�g_�__�d_�b_�d_�i_�r] [-�-n�n _�p_�a_�c_�k_�a_�g_�e] [-�-p�p _�p_�a_�c_�k_�a_�g_�e] [-�-Q�Q _�v_�a_�r_�n_�a_�m_�e]
[-�-t�t _�t_�y_�p_�e]
d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t [-�-h�hs�s] [-�-c�c _�c_�o_�n_�f_�i_�g_�__�f_�i_�l_�e]
@@ -43,6 +43,10 @@
rently supported _�v_�a_�r_�n_�a_�m_�e are GPG, PKGVULNDIR, and
IGNORE_URLS.
+ -�-q�q Be ``quiet'' in emitting report headers and such, just
+ dump the raw info (basically, assume a non-human read-
+ ing).
+
-�-s�s Verify the signature of the current _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
file. The key used to sign the file is available from:
_�f_�t_�p_�:_�/_�/_�f_�t_�p_�._�n_�e_�t_�b_�s_�d_�._�o_�r_�g_�/_�p_�u_�b_�/_�N_�e_�t_�B_�S_�D_�/_�s_�e_�c_�u_�r_�i_�t_�y_�/_�P_�G_�P_�/_�p_�k_�g_�s_�r_�c_�-_�s_�e_�c_�u_�r_�i_�t_�y_�@_�N_�e_�t_�B_�S_�D_�._�o_�r_�g_�._�a_�s_�c
@@ -91,6 +95,11 @@
audit-packages.conf(5). Currently only gzcat(1) and bzcat(1) are sup-
ported.
+ a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s and/or d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t need not be run by the
+ root user. They will function as an unpriveleged user just so long as
+ the user chosen has permmission to write the downloded _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�e_�s
+ file to the location specified in audit-packages.conf(5).
+
Each line lists the package and vulnerable versions, the type of exploit,
and an Internet address for further information:
@@ -187,4 +196,4 @@
signatures on downloaded files. The original idea came from Roland
Dowdeswell and Bill Sommerfeld.
-NetBSD 4.0 August 10, 2007 NetBSD 4.0
+NetBSD 3.1 August 10, 2007 NetBSD 3.1
Home |
Main Index |
Thread Index |
Old Index