pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkg_install-renovation]: pkgsrc/pkgtools/pkg_install pkg_install-2009...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/37de47f59f7c
branches:  pkg_install-renovation
changeset: 541619:37de47f59f7c
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Mon Feb 02 11:55:15 2009 +0000

description:
pkg_install-20090201:
- sync DESCR and MESSAGE with HEAD and the branch state
- sync Makefile
- regen configure
- cleanup __RCSID
- merge audit logic in pkg_add and pkg_admin into new audit_packages
function. As side effect, pkg_add will list all vulnerabilities before
asking the user whether it should continue
- sort config_variable array

diffstat:

 pkgtools/pkg_install/DESCR                            |    5 +
 pkgtools/pkg_install/MESSAGE                          |   29 +-
 pkgtools/pkg_install/Makefile                         |   10 +-
 pkgtools/pkg_install/files/add/main.c                 |   10 +-
 pkgtools/pkg_install/files/add/perform.c              |   59 +--
 pkgtools/pkg_install/files/admin/audit.c              |   66 +---
 pkgtools/pkg_install/files/admin/check.c              |    6 +-
 pkgtools/pkg_install/files/admin/main.c               |    6 +-
 pkgtools/pkg_install/files/configure                  |  364 +++++++++--------
 pkgtools/pkg_install/files/configure.ac               |    2 +-
 pkgtools/pkg_install/files/create/build.c             |   10 +-
 pkgtools/pkg_install/files/create/main.c              |   10 +-
 pkgtools/pkg_install/files/create/perform.c           |   10 +-
 pkgtools/pkg_install/files/create/pl.c                |   10 +-
 pkgtools/pkg_install/files/delete/main.c              |   10 +-
 pkgtools/pkg_install/files/delete/perform.c           |   10 +-
 pkgtools/pkg_install/files/info/main.c                |   10 +-
 pkgtools/pkg_install/files/info/perform.c             |   10 +-
 pkgtools/pkg_install/files/info/show.c                |   10 +-
 pkgtools/pkg_install/files/lib/automatic.c            |    6 +-
 pkgtools/pkg_install/files/lib/fexec.c                |    6 +-
 pkgtools/pkg_install/files/lib/file.c                 |   10 +-
 pkgtools/pkg_install/files/lib/global.c               |   10 +-
 pkgtools/pkg_install/files/lib/lib.h                  |    4 +-
 pkgtools/pkg_install/files/lib/opattern.c             |   10 +-
 pkgtools/pkg_install/files/lib/parse-config.c         |   10 +-
 pkgtools/pkg_install/files/lib/path.c                 |    6 +-
 pkgtools/pkg_install/files/lib/pkgdb.c                |    6 +-
 pkgtools/pkg_install/files/lib/plist.c                |   10 +-
 pkgtools/pkg_install/files/lib/str.c                  |   10 +-
 pkgtools/pkg_install/files/lib/var.c                  |    6 +-
 pkgtools/pkg_install/files/lib/version.c              |    6 +-
 pkgtools/pkg_install/files/lib/version.h              |    4 +-
 pkgtools/pkg_install/files/lib/vulnerabilities-file.c |   74 +++-
 34 files changed, 368 insertions(+), 457 deletions(-)

diffs (truncated from 1692 to 300 lines):

diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/DESCR
--- a/pkgtools/pkg_install/DESCR        Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/DESCR        Mon Feb 02 11:55:15 2009 +0000
@@ -12,3 +12,8 @@
 pkg_info       display information about installed or binary packages
 pkg_view       manage package views
 linkfarm       manage symbolic links for package views
+
+For the following tools compatibility wrappers are included:
+
+audit-packages audit installed packages for security vulnerabilities
+download-vulnerability-list    download the latest vulnerabilities list
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/MESSAGE
--- a/pkgtools/pkg_install/MESSAGE      Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/MESSAGE      Mon Feb 02 11:55:15 2009 +0000
@@ -1,12 +1,12 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.4 2008/01/13 22:31:25 rillig Exp $
+$NetBSD: MESSAGE,v 1.4.4.1 2009/02/02 11:55:15 joerg Exp $
 
 You may wish to have the vulnerabilities file downloaded daily so that
 it remains current.  This may be done by adding an appropriate entry
 to a user's crontab(5) entry.  For example the entry
 
 # download vulnerabilities file
-0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1
+0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
 
 will update the vulnerability list every day at 3AM. You may wish to do
 this more often than once a day.
@@ -15,28 +15,23 @@
 security script.  This may be accomplished by adding the following
 lines to /etc/security.local
 
-if [ -x ${PREFIX}/sbin/audit-packages ]; then
-        ${PREFIX}/sbin/audit-packages
+if [ -x ${PREFIX}/sbin/pkg_admin ]; then
+        ${PREFIX}/sbin/pkg_admin audit
 fi
 
 Alternatively this can also be acomplished by adding an entry to a user's
 crontab(5) file. e.g.:
 
 # run audit-packages
-0 3 * * * ${PREFIX}/sbin/audit-packages
+0 3 * * * ${PREFIX}/sbin/pkg_admin audit
 
-audit-packages and/or download-vulnerability-list need not be run by
-the root user.  They will function as an unprivileged user, as long
-as the user chosen has permission to write the pkg-vulnerabilites
-to ${PKGVULNDIR}.
-
-A sample audit-packages.conf has been installed to:
+Both pkg_admin subcommands can be run as as an unprivileged user,
+as long as the user chosen has permission to read the pkgdb and to write
+the pkg-vulnerabilites to ${PKGVULNDIR}.
 
-       ${EGDIR}/audit-packages.conf
+The behavior of pkg_admin and pkg_add can be customised with
+pkg_install.conf.  Please see pkg_install.conf(5) for details.
 
-You may want to customise this file and copy it to
-${PKG_SYSCONFDIR}/audit-packages.conf.
-If you want to use signature verification you will need to install GnuPG and
-set the path for GPG appropriately in your audit-packages.conf.  See
-audit-packages.conf(5) and audit-packages(8) for further information.
+If you want to use GPG signature verification you will need to install
+GnuPG and set the path for GPG appropriately in your pkg_install.conf.
 ===========================================================================
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/Makefile
--- a/pkgtools/pkg_install/Makefile     Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/Makefile     Mon Feb 02 11:55:15 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.152.2.4 2008/10/29 10:38:53 joerg Exp $
+# $NetBSD: Makefile,v 1.152.2.5 2009/02/02 11:55:15 joerg Exp $
 
 # Notes to package maintainers:
 #
@@ -17,6 +17,7 @@
 #LICENSE=              modified-bsd
 
 PKG_DESTDIR_SUPPORT=   user-destdir
+BOOTSTRAP_PKG= yes
 
 CONFLICTS+=            audit-packages-[0-9]*
 
@@ -44,11 +45,18 @@
 # We also use the newly built pkg_{add,create,delete} since upgrading
 # from an older pkg_install might required features of the new program. 
 #
+# Note that the definitions are only overriden for the phases that are
+# supposed to use them.  pkg_admin pmatch might be used when looking for
+# dependencies. If that is ever changed in a incompatible way, this has to
+# be rethought.
 USE_NATIVE_GCC=                yes
+
+.if defined(_PKGSRC_BARRIER)
 PKG_ADD_CMD=           ${WRKSRC}/add/pkg_add
 PKG_CREATE_CMD=                ${WRKSRC}/create/pkg_create
 PKG_DELETE_CMD=                ${WRKSRC}/delete/pkg_delete
 PKG_INFO_CMD=          ${WRKSRC}/info/pkg_info
+.endif
 
 CPPFLAGS+=             -D_LARGEFILE_SOURCE -D_LARGE_FILES
 CPPFLAGS+=             -D_FILE_OFFSET_BITS=64
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/files/add/main.c
--- a/pkgtools/pkg_install/files/add/main.c     Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/files/add/main.c     Mon Feb 02 11:55:15 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: main.c,v 1.14.4.5 2008/07/30 15:38:37 joerg Exp $      */
+/*     $NetBSD: main.c,v 1.14.4.6 2009/02/02 11:55:16 joerg Exp $      */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,13 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-#ifndef lint
-#if 0
-static char *rcsid = "from FreeBSD Id: main.c,v 1.16 1997/10/08 07:45:43 charnier Exp";
-#else
-__RCSID("$NetBSD: main.c,v 1.14.4.5 2008/07/30 15:38:37 joerg Exp $");
-#endif
-#endif
+__RCSID("$NetBSD: main.c,v 1.14.4.6 2009/02/02 11:55:16 joerg Exp $");
 
 /*
  *
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/files/add/perform.c
--- a/pkgtools/pkg_install/files/add/perform.c  Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/files/add/perform.c  Mon Feb 02 11:55:15 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: perform.c,v 1.70.4.21 2009/01/08 00:04:53 joerg Exp $  */
+/*     $NetBSD: perform.c,v 1.70.4.22 2009/02/02 11:55:16 joerg Exp $  */
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -6,7 +6,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: perform.c,v 1.70.4.21 2009/01/08 00:04:53 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.70.4.22 2009/02/02 11:55:16 joerg Exp $");
 
 /*-
  * Copyright (c) 2003 Grant Beattie <grant%NetBSD.org@localhost>
@@ -1170,37 +1170,9 @@
 }
 
 static int
-check_ignored_entry(struct pkg_vulnerabilities *pv, size_t i)
-{
-       const char *iter, *next;
-       size_t entry_len, url_len;
-
-       if (ignore_advisories == NULL)
-               return 0;
-
-       url_len = strlen(pv->advisory[i]);
-
-       for (iter = ignore_advisories; *iter; iter = next) {
-               if ((next = strchr(iter, '\n')) == NULL) {
-                       entry_len = strlen(iter);
-                       next = iter + entry_len;
-               } else {
-                       entry_len = next - iter;
-                       ++next;
-               }
-               if (url_len != entry_len)
-                       continue;
-               if (strncmp(pv->advisory[i], iter, entry_len) == 0)
-                       return 1;
-       }
-       return 0;
-}
-
-static int
 check_vulnerable(struct pkg_task *pkg)
 {
        static struct pkg_vulnerabilities *pv;
-       size_t i;
        int require_check;
        char *line;
        size_t len;
@@ -1224,23 +1196,18 @@
                        return require_check;
        }
 
-       for (i = 0; i < pv->entries; ++i) {
-               if (check_ignored_entry(pv, i))
-                       continue;
-               if (!pkg_match(pv->vulnerability[i], pkg->pkgname))
-                       continue;
-               if (strcmp("eol", pv->classification[i]) == 0)
-                       continue;
-               warnx("Package %s has a %s vulnerability, see %s",
-                   pkg->pkgname, pv->classification[i], pv->advisory[i]);
-               fprintf(stderr, "Do you want to proceed with "
-                   "the installation of %s [y/n]?\n", pkg->pkgname);
-               line = fgetln(stdin, &len);
-               if (check_input(line, len)) {
-                       fprintf(stderr, "Cancelling installation\n");
-                       return 1;
-               }
+       if (!audit_package(pv, pkg->pkgname, NULL, 0, 2))
                return 0;
+
+       if (require_check)
+               return 1;
+
+       fprintf(stderr, "Do you want to proceed with the installation of %s"
+           " [y/n]?\n", pkg->pkgname);
+       line = fgetln(stdin, &len);
+       if (check_input(line, len)) {
+               fprintf(stderr, "Cancelling installation\n");
+               return 1;
        }
        return 0;
 }
diff -r b0174e44b7f5 -r 37de47f59f7c pkgtools/pkg_install/files/admin/audit.c
--- a/pkgtools/pkg_install/files/admin/audit.c  Wed Jan 28 06:41:47 2009 +0000
+++ b/pkgtools/pkg_install/files/admin/audit.c  Mon Feb 02 11:55:15 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: audit.c,v 1.8.2.6 2008/11/27 19:24:13 joerg Exp $      */
+/*     $NetBSD: audit.c,v 1.8.2.7 2009/02/02 11:55:16 joerg Exp $      */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,9 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-#ifndef lint
-__RCSID("$NetBSD: audit.c,v 1.8.2.6 2008/11/27 19:24:13 joerg Exp $");
-#endif
+__RCSID("$NetBSD: audit.c,v 1.8.2.7 2009/02/02 11:55:16 joerg Exp $");
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -117,66 +115,10 @@
 }
 
 static int
-check_ignored_entry(size_t i)
-{
-       const char *iter, *next;
-       size_t entry_len, url_len;
-
-       if (ignore_advisories == NULL)
-               return 0;
-
-       url_len = strlen(pv->advisory[i]);
-
-       for (iter = ignore_advisories; *iter; iter = next) {
-               if ((next = strchr(iter, '\n')) == NULL) {
-                       entry_len = strlen(iter);
-                       next = iter + entry_len;
-               } else {
-                       entry_len = next - iter;
-                       ++next;
-               }
-               if (url_len != entry_len)
-                       continue;
-               if (strncmp(pv->advisory[i], iter, entry_len) == 0)
-                       return 1;
-       }
-       return 0;
-}
-
-static int
 check_exact_pkg(const char *pkg)
 {
-       int ret;
-       size_t i;
-
-       ret = 0;
-       for (i = 0; i < pv->entries; ++i) {
-               if (check_ignored_entry(i))
-                       continue;
-               if (limit_vul_types != NULL &&
-                   strcmp(limit_vul_types, pv->classification[i]))
-                       continue;
-               if (!pkg_match(pv->vulnerability[i], pkg))
-                       continue;
-               if (strcmp("eol", pv->classification[i]) == 0) {
-                       if (!check_eol)
-                               continue;
-                       if (quiet)
-                               puts(pkg);
-                       else
-                               printf("Package %s has reached end-of-life (eol), "
-                                   "see %s/eol-packages\n", pkg,
-                                   tnf_vulnerability_base);
-                       continue;
-               }
-               if (quiet)
-                       puts(pkg);
-               else
-                       printf("Package %s has a %s vulnerability, see %s\n",



Home | Main Index | Thread Index | Old Index