pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install pkg_install-2009...
details: https://anonhg.NetBSD.org/pkgsrc/rev/37de47f59f7c
branches: pkg_install-renovation
changeset: 541619:37de47f59f7c
user: joerg <joerg%pkgsrc.org@localhost>
date: Mon Feb 02 11:55:15 2009 +0000
description:
pkg_install-20090201:
- sync DESCR and MESSAGE with HEAD and the branch state
- sync Makefile
- regen configure
- cleanup __RCSID
- merge audit logic in pkg_add and pkg_admin into new audit_packages
function. As side effect, pkg_add will list all vulnerabilities before
asking the user whether it should continue
- sort config_variable array
diffstat:
pkgtools/pkg_install/DESCR | 5 +
pkgtools/pkg_install/MESSAGE | 29 +-
pkgtools/pkg_install/Makefile | 10 +-
pkgtools/pkg_install/files/add/main.c | 10 +-
pkgtools/pkg_install/files/add/perform.c | 59 +--
pkgtools/pkg_install/files/admin/audit.c | 66 +---
pkgtools/pkg_install/files/admin/check.c | 6 +-
pkgtools/pkg_install/files/admin/main.c | 6 +-
pkgtools/pkg_install/files/configure | 364 +++++++++--------
pkgtools/pkg_install/files/configure.ac | 2 +-
pkgtools/pkg_install/files/create/build.c | 10 +-
pkgtools/pkg_install/files/create/main.c | 10 +-
pkgtools/pkg_install/files/create/perform.c | 10 +-
pkgtools/pkg_install/files/create/pl.c | 10 +-
pkgtools/pkg_install/files/delete/main.c | 10 +-
pkgtools/pkg_install/files/delete/perform.c | 10 +-
pkgtools/pkg_install/files/info/main.c | 10 +-
pkgtools/pkg_install/files/info/perform.c | 10 +-
pkgtools/pkg_install/files/info/show.c | 10 +-
pkgtools/pkg_install/files/lib/automatic.c | 6 +-
pkgtools/pkg_install/files/lib/fexec.c | 6 +-
pkgtools/pkg_install/files/lib/file.c | 10 +-
pkgtools/pkg_install/files/lib/global.c | 10 +-
pkgtools/pkg_install/files/lib/lib.h | 4 +-
pkgtools/pkg_install/files/lib/opattern.c | 10 +-
pkgtools/pkg_install/files/lib/parse-config.c | 10 +-
pkgtools/pkg_install/files/lib/path.c | 6 +-
pkgtools/pkg_install/files/lib/pkgdb.c | 6 +-
pkgtools/pkg_install/files/lib/plist.c | 10 +-
pkgtools/pkg_install/files/lib/str.c | 10 +-
pkgtools/pkg_install/files/lib/var.c | 6 +-
pkgtools/pkg_install/files/lib/version.c | 6 +-
pkgtools/pkg_install/files/lib/version.h | 4 +-
pkgtools/pkg_install/files/lib/vulnerabilities-file.c | 74 +++-
34 files changed, 368 insertions(+), 457 deletions(-)
diffs (truncated from 1692 to 300 lines):
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/DESCR
--- a/pkgtools/pkg_install/DESCR Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/DESCR Mon Feb 02 11:55:15 2009 +0000
@@ -12,3 +12,8 @@
pkg_info display information about installed or binary packages
pkg_view manage package views
linkfarm manage symbolic links for package views
+
+For the following tools compatibility wrappers are included:
+
+audit-packages audit installed packages for security vulnerabilities
+download-vulnerability-list download the latest vulnerabilities list
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/MESSAGE
--- a/pkgtools/pkg_install/MESSAGE Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/MESSAGE Mon Feb 02 11:55:15 2009 +0000
@@ -1,12 +1,12 @@
===========================================================================
-$NetBSD: MESSAGE,v 1.4 2008/01/13 22:31:25 rillig Exp $
+$NetBSD: MESSAGE,v 1.4.4.1 2009/02/02 11:55:15 joerg Exp $
You may wish to have the vulnerabilities file downloaded daily so that
it remains current. This may be done by adding an appropriate entry
to a user's crontab(5) entry. For example the entry
# download vulnerabilities file
-0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1
+0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
will update the vulnerability list every day at 3AM. You may wish to do
this more often than once a day.
@@ -15,28 +15,23 @@
security script. This may be accomplished by adding the following
lines to /etc/security.local
-if [ -x ${PREFIX}/sbin/audit-packages ]; then
- ${PREFIX}/sbin/audit-packages
+if [ -x ${PREFIX}/sbin/pkg_admin ]; then
+ ${PREFIX}/sbin/pkg_admin audit
fi
Alternatively this can also be acomplished by adding an entry to a user's
crontab(5) file. e.g.:
# run audit-packages
-0 3 * * * ${PREFIX}/sbin/audit-packages
+0 3 * * * ${PREFIX}/sbin/pkg_admin audit
-audit-packages and/or download-vulnerability-list need not be run by
-the root user. They will function as an unprivileged user, as long
-as the user chosen has permission to write the pkg-vulnerabilites
-to ${PKGVULNDIR}.
-
-A sample audit-packages.conf has been installed to:
+Both pkg_admin subcommands can be run as as an unprivileged user,
+as long as the user chosen has permission to read the pkgdb and to write
+the pkg-vulnerabilites to ${PKGVULNDIR}.
- ${EGDIR}/audit-packages.conf
+The behavior of pkg_admin and pkg_add can be customised with
+pkg_install.conf. Please see pkg_install.conf(5) for details.
-You may want to customise this file and copy it to
-${PKG_SYSCONFDIR}/audit-packages.conf.
-If you want to use signature verification you will need to install GnuPG and
-set the path for GPG appropriately in your audit-packages.conf. See
-audit-packages.conf(5) and audit-packages(8) for further information.
+If you want to use GPG signature verification you will need to install
+GnuPG and set the path for GPG appropriately in your pkg_install.conf.
===========================================================================
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/Makefile
--- a/pkgtools/pkg_install/Makefile Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/Makefile Mon Feb 02 11:55:15 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.152.2.4 2008/10/29 10:38:53 joerg Exp $
+# $NetBSD: Makefile,v 1.152.2.5 2009/02/02 11:55:15 joerg Exp $
# Notes to package maintainers:
#
@@ -17,6 +17,7 @@
#LICENSE= modified-bsd
PKG_DESTDIR_SUPPORT= user-destdir
+BOOTSTRAP_PKG= yes
CONFLICTS+= audit-packages-[0-9]*
@@ -44,11 +45,18 @@
# We also use the newly built pkg_{add,create,delete} since upgrading
# from an older pkg_install might required features of the new program.
#
+# Note that the definitions are only overriden for the phases that are
+# supposed to use them. pkg_admin pmatch might be used when looking for
+# dependencies. If that is ever changed in a incompatible way, this has to
+# be rethought.
USE_NATIVE_GCC= yes
+
+.if defined(_PKGSRC_BARRIER)
PKG_ADD_CMD= ${WRKSRC}/add/pkg_add
PKG_CREATE_CMD= ${WRKSRC}/create/pkg_create
PKG_DELETE_CMD= ${WRKSRC}/delete/pkg_delete
PKG_INFO_CMD= ${WRKSRC}/info/pkg_info
+.endif
CPPFLAGS+= -D_LARGEFILE_SOURCE -D_LARGE_FILES
CPPFLAGS+= -D_FILE_OFFSET_BITS=64
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/files/add/main.c
--- a/pkgtools/pkg_install/files/add/main.c Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/files/add/main.c Mon Feb 02 11:55:15 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.14.4.5 2008/07/30 15:38:37 joerg Exp $ */
+/* $NetBSD: main.c,v 1.14.4.6 2009/02/02 11:55:16 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,13 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-#ifndef lint
-#if 0
-static char *rcsid = "from FreeBSD Id: main.c,v 1.16 1997/10/08 07:45:43 charnier Exp";
-#else
-__RCSID("$NetBSD: main.c,v 1.14.4.5 2008/07/30 15:38:37 joerg Exp $");
-#endif
-#endif
+__RCSID("$NetBSD: main.c,v 1.14.4.6 2009/02/02 11:55:16 joerg Exp $");
/*
*
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/files/add/perform.c
--- a/pkgtools/pkg_install/files/add/perform.c Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/files/add/perform.c Mon Feb 02 11:55:15 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: perform.c,v 1.70.4.21 2009/01/08 00:04:53 joerg Exp $ */
+/* $NetBSD: perform.c,v 1.70.4.22 2009/02/02 11:55:16 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
@@ -6,7 +6,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: perform.c,v 1.70.4.21 2009/01/08 00:04:53 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.70.4.22 2009/02/02 11:55:16 joerg Exp $");
/*-
* Copyright (c) 2003 Grant Beattie <grant%NetBSD.org@localhost>
@@ -1170,37 +1170,9 @@
}
static int
-check_ignored_entry(struct pkg_vulnerabilities *pv, size_t i)
-{
- const char *iter, *next;
- size_t entry_len, url_len;
-
- if (ignore_advisories == NULL)
- return 0;
-
- url_len = strlen(pv->advisory[i]);
-
- for (iter = ignore_advisories; *iter; iter = next) {
- if ((next = strchr(iter, '\n')) == NULL) {
- entry_len = strlen(iter);
- next = iter + entry_len;
- } else {
- entry_len = next - iter;
- ++next;
- }
- if (url_len != entry_len)
- continue;
- if (strncmp(pv->advisory[i], iter, entry_len) == 0)
- return 1;
- }
- return 0;
-}
-
-static int
check_vulnerable(struct pkg_task *pkg)
{
static struct pkg_vulnerabilities *pv;
- size_t i;
int require_check;
char *line;
size_t len;
@@ -1224,23 +1196,18 @@
return require_check;
}
- for (i = 0; i < pv->entries; ++i) {
- if (check_ignored_entry(pv, i))
- continue;
- if (!pkg_match(pv->vulnerability[i], pkg->pkgname))
- continue;
- if (strcmp("eol", pv->classification[i]) == 0)
- continue;
- warnx("Package %s has a %s vulnerability, see %s",
- pkg->pkgname, pv->classification[i], pv->advisory[i]);
- fprintf(stderr, "Do you want to proceed with "
- "the installation of %s [y/n]?\n", pkg->pkgname);
- line = fgetln(stdin, &len);
- if (check_input(line, len)) {
- fprintf(stderr, "Cancelling installation\n");
- return 1;
- }
+ if (!audit_package(pv, pkg->pkgname, NULL, 0, 2))
return 0;
+
+ if (require_check)
+ return 1;
+
+ fprintf(stderr, "Do you want to proceed with the installation of %s"
+ " [y/n]?\n", pkg->pkgname);
+ line = fgetln(stdin, &len);
+ if (check_input(line, len)) {
+ fprintf(stderr, "Cancelling installation\n");
+ return 1;
}
return 0;
}
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/files/admin/audit.c
--- a/pkgtools/pkg_install/files/admin/audit.c Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/files/admin/audit.c Mon Feb 02 11:55:15 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: audit.c,v 1.8.2.6 2008/11/27 19:24:13 joerg Exp $ */
+/* $NetBSD: audit.c,v 1.8.2.7 2009/02/02 11:55:16 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,9 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-#ifndef lint
-__RCSID("$NetBSD: audit.c,v 1.8.2.6 2008/11/27 19:24:13 joerg Exp $");
-#endif
+__RCSID("$NetBSD: audit.c,v 1.8.2.7 2009/02/02 11:55:16 joerg Exp $");
/*-
* Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -117,66 +115,10 @@
}
static int
-check_ignored_entry(size_t i)
-{
- const char *iter, *next;
- size_t entry_len, url_len;
-
- if (ignore_advisories == NULL)
- return 0;
-
- url_len = strlen(pv->advisory[i]);
-
- for (iter = ignore_advisories; *iter; iter = next) {
- if ((next = strchr(iter, '\n')) == NULL) {
- entry_len = strlen(iter);
- next = iter + entry_len;
- } else {
- entry_len = next - iter;
- ++next;
- }
- if (url_len != entry_len)
- continue;
- if (strncmp(pv->advisory[i], iter, entry_len) == 0)
- return 1;
- }
- return 0;
-}
-
-static int
check_exact_pkg(const char *pkg)
{
- int ret;
- size_t i;
-
- ret = 0;
- for (i = 0; i < pv->entries; ++i) {
- if (check_ignored_entry(i))
- continue;
- if (limit_vul_types != NULL &&
- strcmp(limit_vul_types, pv->classification[i]))
- continue;
- if (!pkg_match(pv->vulnerability[i], pkg))
- continue;
- if (strcmp("eol", pv->classification[i]) == 0) {
- if (!check_eol)
- continue;
- if (quiet)
- puts(pkg);
- else
- printf("Package %s has reached end-of-life (eol), "
- "see %s/eol-packages\n", pkg,
- tnf_vulnerability_base);
- continue;
- }
- if (quiet)
- puts(pkg);
- else
- printf("Package %s has a %s vulnerability, see %s\n",
Home |
Main Index |
Thread Index |
Old Index