Re: README.html: cannot find vulnerability list

To: Adrian Portelli <adrianp%stindustries.net@localhost>
Subject: Re: README.html: cannot find vulnerability list
From: "David Lord" <netbsd%lordynet.org@localhost>
Date: Thu, 2 Aug 2007 17:38:18 -0000

On 2 Aug 2007, at 17:35, Adrian Portelli wrote:

> David Lord wrote:
> > On 2 Aug 2007, at 14:24, Joerg Sonnenberger wrote:
> > 
> >> Index: check.mk
> >> ===================================================================
> >> RCS file: /home/joerg/repo/netbsd/pkgsrc/mk/flavor/pkg/check.mk,v
> >> retrieving revision 1.4
> >> diff -u -r1.4 check.mk
> >> --- check.mk       14 Jul 2007 17:17:46 -0000      1.4
> >> +++ check.mk       1 Aug 2007 11:44:03 -0000
> >> @@ -11,8 +11,7 @@
> >>  #
> >>  _flavor-check-vulnerable: .PHONY
> >>    ${_PKG_SILENT}${_PKG_DEBUG}                                     \
> >> -  _INFO_VER=`${PKG_INFO} -V`;                                     \
> >> -  if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-$$_INFO_VER; 
> >> then \
> >> +  if ${PKG_ADMIN} pmatch 'pkg_install<20070714' 
> >> pkg_install-${PKGTOOLS_VERSION}; then \
> >>            vulnfile=${PKGVULNDIR:Q}/pkg-vulnerabilities;           \
> >>            if ${TEST} ! -f "$$vulnfile"; then                      \
> >>                    ${PHASE_MSG} "Skipping vulnerability checks.";  \
> > 
> > I've been using separate PKGVULNDIR (/var/db/audit-packages) with 
> > PKGVULNDIR set in both mk.conf and audit-packages.conf.
> 
> If you're using pkg_install>=20070714 there's only a need to set it in
> audit-packages.conf.  Any setting of PKGVULNDIR in /etc/mk.conf _should_
> be ignored.
> 
> > 
> > Prior to patch the script was looking for /pkg-vulnerabilities and 
> > now looking for it in /usr/pkgsrc_distfiles.
> > 
> > David
> 
> If you run 'audit-packages -v' it should tell you which configuration
> file it's using.  Could you just check that that's the one you expect it
> to be and that you have correctly set PKGVULNDIR in it.
> 
> OTOH, there something wrong going on here and joerg@'s patch is a lot
> nicer way to do it than it's currently done.  I'll have a look into this.

The patch solves the original problem for default location of 
/usr/pkgsrc_distfiles. Here audit-packages.conf is being used and  
this is first problem I've noticed. There is a note in check.mk that 
implies database is being accessed outside audit-packages.


cheers

David

References:
- Re: README.html: cannot find vulnerability list
  - From: David Lord
- Re: README.html: cannot find vulnerability list
  - From: Adrian Portelli

Prev by Date: Re: README.html: cannot find vulnerability list
Next by Date: Re: README.html: cannot find vulnerability list
Previous by Thread: Re: README.html: cannot find vulnerability list
Next by Thread: Re: README.html: cannot find vulnerability list
Indexes:

Home | Main Index | Thread Index | Old Index