pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/pkgtools/pkg_install/files pkg_install-20080313:
details: https://anonhg.NetBSD.org/pkgsrc/rev/49cca07376a0
branches: trunk
changeset: 539786:49cca07376a0
user: joerg <joerg%pkgsrc.org@localhost>
date: Thu Mar 13 16:35:30 2008 +0000
description:
pkg_install-20080313:
Audit functionality for pkg_admin. This uses the backend in
libpkg_install and will be extended to check for vulnerabilities at
pkg_add time later.
diffstat:
pkgtools/pkg_install/files/admin/Makefile.in | 19 +-
pkgtools/pkg_install/files/admin/admin.h | 18 +
pkgtools/pkg_install/files/admin/audit.c | 424 ++++++++++++++++++++++++
pkgtools/pkg_install/files/admin/config.c | 99 +++++
pkgtools/pkg_install/files/admin/main.c | 48 ++-
pkgtools/pkg_install/files/admin/pkg_admin.1 | 42 ++-
pkgtools/pkg_install/files/admin/pkg_admin.cat1 | 33 +-
pkgtools/pkg_install/files/lib/version.h | 4 +-
8 files changed, 668 insertions(+), 19 deletions(-)
diffs (truncated from 924 to 300 lines):
diff -r 4be06ce6d0c0 -r 49cca07376a0 pkgtools/pkg_install/files/admin/Makefile.in
--- a/pkgtools/pkg_install/files/admin/Makefile.in Thu Mar 13 16:07:12 2008 +0000
+++ b/pkgtools/pkg_install/files/admin/Makefile.in Thu Mar 13 16:35:30 2008 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile.in,v 1.13 2008/03/10 12:14:32 wiz Exp $
+# $NetBSD: Makefile.in,v 1.14 2008/03/13 16:35:30 joerg Exp $
srcdir= @srcdir@
prefix= @prefix@
exec_prefix= @exec_prefix@
+sysconfdir= @sysconfdir@
sbindir= @sbindir@
mandir= @mandir@
datarootdir= @datarootdir@
@@ -11,10 +12,10 @@
man1dir= $(mandir)/man1
cat1dir= $(mandir)/cat1
+BOOTSTRAP= @bootstrap@
+
CC= @CC@
CCLD= $(CC)
-LIBS= -linstall @LIBS@
-CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I../lib
DEFS= @DEFS@
CFLAGS= @CFLAGS@
LDFLAGS= @LDFLAGS@ -L../lib
@@ -23,7 +24,17 @@
PROG= pkg_admin
-OBJS= check.o main.o
+.if empty(BOOTSTRAP)
+LIBS= -linstall -lbz2 -lz @LIBS@
+OBJS= audit.o check.o config.o main.o
+CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I../lib \
+ -DSYSCONFDIR=\"$(sysconfdir)\"
+.else
+LIBS= -linstall @LIBS@
+OBJS= check.o config.o main.o
+CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I../lib -DBOOTSTRAP \
+ -DSYSCONFDIR=\"$(sysconfdir)\"
+.endif
all: $(PROG)
diff -r 4be06ce6d0c0 -r 49cca07376a0 pkgtools/pkg_install/files/admin/admin.h
--- a/pkgtools/pkg_install/files/admin/admin.h Thu Mar 13 16:07:12 2008 +0000
+++ b/pkgtools/pkg_install/files/admin/admin.h Thu Mar 13 16:35:30 2008 +0000
@@ -32,5 +32,23 @@
*/
extern int quiet;
+extern int verbose;
+
+extern const char *pkg_vulnerabilities_dir;
+extern const char *pkg_vulnerabilities_file;
+extern const char *pkg_vulnerabilities_url;
+extern const char *fetch_cmd;
+extern const char *ignore_advisories;
+extern const char tnf_vulnerability_base[];
void check(char **);
+
+void audit_pkgdb(int, char **);
+void audit_pkg(int, char **);
+void audit_batch(int, char **);
+void check_pkg_vulnerabilities(int, char **);
+void fetch_pkg_vulnerabilities(int, char **);
+
+void pkg_install_config(const char *);
+
+void usage(void);
diff -r 4be06ce6d0c0 -r 49cca07376a0 pkgtools/pkg_install/files/admin/audit.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/pkgtools/pkg_install/files/admin/audit.c Thu Mar 13 16:35:30 2008 +0000
@@ -0,0 +1,424 @@
+/* $NetBSD: audit.c,v 1.1 2008/03/13 16:35:30 joerg Exp $ */
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <nbcompat.h>
+#if HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#endif
+#ifndef lint
+__RCSID("$NetBSD: audit.c,v 1.1 2008/03/13 16:35:30 joerg Exp $");
+#endif
+
+/*-
+ * Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#if HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#if HAVE_ERR_H
+#include <err.h>
+#endif
+#if HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#if HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+#if HAVE_STDIO_H
+#include <stdio.h>
+#endif
+#if HAVE_STRING_H
+#include <string.h>
+#endif
+
+#include "admin.h"
+#include "lib.h"
+
+static int check_eol = 0;
+static int check_signature = 0;
+static const char *limit_vul_types = NULL;
+
+static struct pkg_vulnerabilities *pv;
+
+static void
+parse_options(int argc, char **argv)
+{
+ int ch;
+
+ optreset = 1;
+ optind = 0;
+
+ while ((ch = getopt(argc, argv, "est")) != -1) {
+ switch (ch) {
+ case 'e':
+ check_eol = 1;
+ break;
+ case 's':
+ check_signature = 1;
+ break;
+ case 't':
+ limit_vul_types = optarg;
+ break;
+ default:
+ usage();
+ /* NOTREACHED */
+ }
+ }
+}
+
+static int
+check_exact_pkg(const char *pkg)
+{
+ const char *iter, *next;
+ int ret;
+ size_t i;
+
+ ret = 0;
+ for (i = 0; i < pv->entries; ++i) {
+ if (ignore_advisories != NULL) {
+ size_t url_len = strlen(pv->advisory[i]);
+ size_t entry_len;
+
+ for (iter = ignore_advisories; *iter; iter = next) {
+ if ((next = strchr(iter, '\n')) == NULL) {
+ entry_len = strlen(iter);
+ next = iter + entry_len;
+ } else {
+ entry_len = next - iter;
+ ++next;
+ }
+ if (url_len != entry_len)
+ continue;
+ if (!strncmp(pv->advisory[i], iter, entry_len))
+ break;
+ }
+ if (*iter != '\0')
+ continue;
+ }
+ if (limit_vul_types != NULL &&
+ strcmp(limit_vul_types, pv->classification[i]))
+ continue;
+ if (!pkg_match(pv->vulnerability[i], pkg))
+ continue;
+ if (strcmp("eol", pv->classification[i]) == 0) {
+ if (!check_eol)
+ continue;
+ if (quiet)
+ puts(pkg);
+ else
+ printf("Package %s has reached end-of-life (eol), "
+ "see %s/eol-packages\n", pkg,
+ tnf_vulnerability_base);
+ continue;
+ }
+ if (quiet)
+ puts(pkg);
+ else
+ printf("Package %s has a %s vulnerability, see %s\n",
+ pkg, pv->classification[i], pv->advisory[i]);
+ ret = 1;
+ }
+ return ret;
+}
+
+static int
+check_batch_exact_pkgs(const char *fname)
+{
+ FILE *f;
+ char buf[4096], *line, *eol;
+ int ret;
+
+ ret = 0;
+ if (strcmp(fname, "-") == 0)
+ f = stdin;
+ else {
+ f = fopen(fname, "r");
+ if (f == NULL)
+ err(EXIT_FAILURE, "Failed to open input file %s",
+ fname);
+ }
+ while ((line = fgets(buf, sizeof(buf), f)) != NULL) {
+ eol = line + strlen(line);
+ if (eol == line)
+ continue;
+ --eol;
+ if (*eol == '\n') {
+ if (eol == line)
+ continue;
+ *eol = '\0';
+ }
+ ret |= check_exact_pkg(line);
+ }
+ if (f != stdin)
+ fclose(f);
+
+ return ret;
+}
+
+static int
+check_one_installed_pkg(const char *pkg, void *cookie)
+{
+ int *ret = cookie;
+
+ *ret |= check_exact_pkg(pkg);
+ return 0;
+}
+
+static int
+check_installed_pattern(const char *pattern)
+{
+ int ret = 0;
+
+ match_installed_pkgs(pattern, check_one_installed_pkg, &ret);
+
+ return ret;
+}
+
+static void
+check_and_read_pkg_vulnerabilities(void)
+{
+ struct stat st;
+ time_t now;
+
+ if (pkg_vulnerabilities_file == NULL)
+ errx(EXIT_FAILURE, "PKG_VULNERABILITIES is not set");
+
+ if (verbose >= 1) {
+ if (stat(pkg_vulnerabilities_file, &st) == -1) {
+ if (errno == ENOENT)
Home |
Main Index |
Thread Index |
Old Index