pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/pkgtools/pkg_install/files/audit-packages Add 'audit-p...
details: https://anonhg.NetBSD.org/pkgsrc/rev/4039ca9e5dab
branches: trunk
changeset: 537390:4039ca9e5dab
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Mon Jan 07 22:27:59 2008 +0000
description:
Add 'audit-packages -F <file>' to process a list of packages/patterns
from a file.
Update and sort options in the man page
diffstat:
pkgtools/pkg_install/files/audit-packages/audit-packages.1.in | 75 +-
pkgtools/pkg_install/files/audit-packages/audit-packages.c | 401 +++++----
2 files changed, 276 insertions(+), 200 deletions(-)
diffs (truncated from 861 to 300 lines):
diff -r 1a42bda2b11c -r 4039ca9e5dab pkgtools/pkg_install/files/audit-packages/audit-packages.1.in
--- a/pkgtools/pkg_install/files/audit-packages/audit-packages.1.in Mon Jan 07 21:09:05 2008 +0000
+++ b/pkgtools/pkg_install/files/audit-packages/audit-packages.1.in Mon Jan 07 22:27:59 2008 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: audit-packages.1.in,v 1.5 2007/08/10 22:50:46 adrianp Exp $
+.\" $NetBSD: audit-packages.1.in,v 1.6 2008/01/07 22:27:59 adrianp Exp $
.\"
.\" Copyright (c) 2003 Jeremy C. Reed. All rights reserved.
.\"
@@ -30,7 +30,7 @@
.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd August 10, 2007
+.Dd January 7, 2008
.Os
.Dt AUDIT-PACKAGES 1
.Sh NAME
@@ -41,6 +41,7 @@
.Nm
.Op Fl deqsVv
.Op Fl c Ar config_file
+.Op Fl F Ar file
.Op Fl g Ar file
.Op Fl h Ar file
.Op Fl K Ar pkg_dbdir
@@ -63,16 +64,49 @@
.Pp
The following flags are supported:
.Bl -tag -width XcXconfigXfileXX
-.It Fl c Ar config_file
-Specify a custom
-.Ar config_file
-configuration file to use.
.It Fl d
Attempt to download the vulnerabilities file using the
.Nm download-vulnerability-list
script before scanning the installed packages for vulnerabilities.
.It Fl e
Check for end-of-life (eol) packages.
+.It Fl q
+Be ``quiet'' in emitting report headers and such, just dump the
+raw info (basically, assume a non-human reading).
+.It Fl s
+Verify the signature of the current
+.Pa pkg-vulnerabilities
+file.
+The key used to sign the file is available from:
+.Pa ftp://ftp.netbsd.org/pub/NetBSD/security/PGP/pkgsrc-security%NetBSD.org.asc@localhost
+.Pp
+In order for this to function correctly the above key must be
+added to the gpg keyring of the user who runs
+.Ic audit-packages -s
+and/or
+.Ic download-vulnerability-list -s .
+In addition to this the gpg binary must be installed on your system.
+The path to the gpg binary can be set in
+.Xr audit-packages.conf 5 .
+.Pp
+The requirement for GnuPG may go away in the future when a suitable
+replacement is implemented.
+.It Fl V
+Display the version number and exit.
+.It Fl v
+Be more verbose.
+Specify multiple
+.Fl v
+flags to increase verbosity.
+Currently a maximum level of three is supported.
+.It Fl c Ar config_file
+Specify a custom
+.Ar config_file
+configuration file to use.
+.It Fl F Ar file
+Load a
+.Ar file
+containing a list of package names and or package patterns to check.
.It Fl g Ar file
Compute the SHA512 hash on
.Ar file .
@@ -102,39 +136,10 @@
.Dv PKGVULNDIR ,
and
.Dv IGNORE_URLS .
-.It Fl q
-Be ``quiet'' in emitting report headers and such, just dump the
-raw info (basically, assume a non-human reading).
-.It Fl s
-Verify the signature of the current
-.Pa pkg-vulnerabilities
-file.
-The key used to sign the file is available from:
-.Pa ftp://ftp.netbsd.org/pub/NetBSD/security/PGP/pkgsrc-security%NetBSD.org.asc@localhost
-.Pp
-In order for this to function correctly the above key must be
-added to the gpg keyring of the user who runs
-.Ic audit-packages -s
-and/or
-.Ic download-vulnerability-list -s .
-In addition to this the gpg binary must be installed on your system.
-The path to the gpg binary can be set in
-.Xr audit-packages.conf 5 .
-.Pp
-The requirement for GnuPG may go away in the future when a suitable
-replacement is implemented.
.It Fl t Ar type
Only check for the specified
.Ar type
of vulnerability.
-.It Fl V
-Display the version number and exit.
-.It Fl v
-Be more verbose.
-Specify multiple
-.Fl v
-flags to increase verbosity.
-Currently a maximum level of three is supported.
.El
.Pp
The
diff -r 1a42bda2b11c -r 4039ca9e5dab pkgtools/pkg_install/files/audit-packages/audit-packages.c
--- a/pkgtools/pkg_install/files/audit-packages/audit-packages.c Mon Jan 07 21:09:05 2008 +0000
+++ b/pkgtools/pkg_install/files/audit-packages/audit-packages.c Mon Jan 07 22:27:59 2008 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: audit-packages.c,v 1.11 2007/08/22 23:23:22 adrianp Exp $ */
+/* $NetBSD: audit-packages.c,v 1.12 2008/01/07 22:27:59 adrianp Exp $ */
/*
* Copyright (c) 2007 Adrian Portelli <adrianp%NetBSD.org@localhost>.
@@ -104,7 +104,6 @@
/* globals */
char *conf_file = SYSCONFDIR"/audit-packages.conf"; /* config file location */
char *program_name; /* the program name */
-char *pkgname; /* package name in msg */
/* program defaults */
int verbose = 0; /* be quiet */
@@ -112,58 +111,54 @@
Boolean quiet = FALSE; /* display full data */
int main(int, char **);
-void *safe_calloc(size_t, size_t);
-char *ap_fixpkgname(char *);
-static int checkforpkg(const char *);
-void usage(void);
-int dvl(void);
-void old_pvfile(void);
-void pv_format(FILE *);
-char *gen_hash(char *);
-char *get_hash(char *);
-int check_hash(char *);
-int check_sig(char *);
-int pv_message(char *[]);
-int ap_ignore(char *[]);
-void show_info(char *);
-void set_pvfile(const char *);
-char *clean_conf(char *);
-int get_confvalues(void);
-char *safe_strdup(const char *);
+static void *safe_calloc(size_t, size_t);
+static char *checkforpkg(const char *);
+static void usage(void);
+static int dvl(void);
+static void old_pvfile(void);
+static void pv_format(FILE *);
+static char *gen_hash(char *);
+static char *get_hash(char *);
+static int check_hash(char *);
+static int check_sig(char *);
+static int pv_message(char *[], char *);
+static int ap_ignore(char *[]);
+static void show_info(char *);
+static void set_pvfile(const char *);
+static char *clean_conf(char *);
+static int get_confvalues(void);
+static char *safe_strdup(const char *);
+static int checkforvuln(FILE *, char *, Boolean, char *, Boolean);
+static char *trim_r(char *);
/*
* TODO:
*
+ * built in gz/bzip2 support
* merge download-vulnerability-list(1)
*
*/
/*
- * get the options for what were doing and do the actual processing of
+ * get the options for what we are doing, and do the actual processing of
* the pkg-vulnerabilities file
*/
int
main(int argc, char **argv)
{
- char *line_ptr;
- char *one_pkg = NULL;
- char *one_package = NULL;
+ char *bpkg = NULL;
+ char *bpkg_ptr = NULL;
char *pkg_type = NULL;
- char *pv_token = NULL;
- char *line_tmp = NULL;
- char *pv_entry[] = {NULL, NULL, NULL};
- char *line = NULL;
char *check_hash_file = NULL;
char *gen_hash_file = NULL;
char *hash_generated = NULL;
char *query_var = NULL;
+ char *pkgname = NULL;
+ char *bulk_file = NULL;
- int ch, i;
- int line_count = 0;
+ int ch = 0;
int retval = -1;
- int vuln_count = 0;
- Boolean ignore_found = FALSE;
Boolean download = FALSE;
Boolean pkg_installed = FALSE;
Boolean verify_sig = FALSE;
@@ -171,10 +166,11 @@
Boolean type = FALSE;
Boolean cli_check_hash = FALSE;
Boolean cli_gen_hash = FALSE;
+ Boolean info = FALSE;
+ Boolean bulk = FALSE;
Boolean vuln_found = FALSE;
- Boolean info = FALSE;
- FILE *pv;
+ FILE *pv, *bf;
program_name = argv[0];
@@ -184,7 +180,7 @@
opterr = 0;
- while ((ch = getopt(argc, argv, ":dveqK:n:h:g:c:p:st:Q:V")) != -1) {
+ while ((ch = getopt(argc, argv, ":dveqK:n:h:g:c:p:st:F:Q:V")) != -1) {
switch (ch) {
@@ -211,7 +207,7 @@
break;
case 'n':
- one_package = optarg;
+ pkgname = optarg;
check_one = TRUE;
pkg_installed = FALSE;
break;
@@ -221,15 +217,20 @@
break;
case 'p':
- one_package = optarg;
+ pkgname = optarg;
check_one = TRUE;
pkg_installed = TRUE;
break;
-
+
case 'q':
quiet = TRUE;
break;
+ case 'F':
+ bulk_file = optarg;
+ bulk = TRUE;
+ break;
+
case 's':
verify_sig = TRUE;
break;
@@ -279,7 +280,7 @@
* check the hash and/or sig for a specified file
*
* if -h <file> is given then just the hash is checked
- * but if -s -f <file> are given then both the hash and the
+ * but if -s -h <file> are given then both the hash and the
* sig are checked. this is purely for
* download-vulnerability-list, users should not be directly
* calling audit-packages with -h <file> or -s -h <file>.
@@ -309,9 +310,6 @@
retval = get_confvalues();
/* if we found some IGNORE_URLS lines */
- if (ignore != NULL)
- ignore_found = TRUE;
-
if (verbose >= 2) {
fprintf(stderr, "debug2: Using PKGDB_DIR: %s\n", _pkgdb_getPKGDB_DIR());
fprintf(stderr, "debug2: Using pkg-vulnerabilities file: %s\n", pvfile);
@@ -373,41 +371,104 @@
/*
* this is for -p:
Home |
Main Index |
Thread Index |
Old Index