Subject: pkg/12457: download-vulnerability-list doesn't support audit-packages
To: None <gnats-bugs@gnats.netbsd.org>
From: None <jbernard@mines.edu>
List: netbsd-bugs
Date: 03/23/2001 07:22:18
>Number: 12457
>Category: pkg
>Synopsis: download-vulnerability-list doesn't support audit-packages
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Mar 23 06:26:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Jim Bernard
>Release: March 23, 2001
>Organization:
>Environment:
System: NetBSD zoo 1.5S NetBSD 1.5S (ZOO-$Revision: 1.62 $) #0: Thu Mar 15 19:51:01 MST 2001 jim@zoo:/home/tmp/compile/sys/arch/i386/compile/ZOO i386
Architecture: i386
Machine: i386
>Description:
The audit-packages script complains if the vulnerabilities file
is more than one week old. But the download-vulnerability-list
script does not update the timestamp on the file if the
vulnerabilities file on ftp.netbsd.org has not changed. Hence,
audit-packages makes spurious complaints about the age of the
file, even if download-vulnerability-list has just been run.
A second problem, also fixed below, is that the temporary file
in which the download-vulnerability-list script stores the
downloaded file is not deleted if it is identical to the local
copy, so these build up over time, polluting the distfiles
directory.
>How-To-Repeat:
It's obvious from reading the script, but running the pair of
scripts daily (e.g. in security.local) is a good (but slow!)
way to discover that there is a problem.
>Fix:
The download-vulnerability-list script should always touch the
list file if it has successfully downloaded the current version,
even if it doesn't change the local copy. While here, I took
the opportunity to make sure the script deletes the temporary
file if it doesn't update the "permanent" copy.
--- download-vulnerability-list-dist Wed Mar 21 05:00:38 2001
+++ download-vulnerability-list Fri Mar 23 06:59:35 2001
@@ -8,10 +8,14 @@
fi
${FETCH_CMD} -o ${NEW_VUL_LIST} ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities || \
(echo "Can't download vulnerability list"; exit 1)
-/usr/bin/cmp -s ${NEW_VUL_LIST} ${DISTDIR}/vulnerabilities > /dev/null 2>&1 || \
- (/bin/mv ${NEW_VUL_LIST} ${DISTDIR}/vulnerabilities; \
- ${TOUCH} ${DISTDIR}/vulnerabilities)
+if /usr/bin/cmp -s ${NEW_VUL_LIST} ${DISTDIR}/vulnerabilities > /dev/null 2>&1
+then
+ /bin/rm ${NEW_VUL_LIST}
+else
+ /bin/mv ${NEW_VUL_LIST} ${DISTDIR}/vulnerabilities
+fi
+${TOUCH} ${DISTDIR}/vulnerabilities
exit 0
>Release-Note:
>Audit-Trail:
>Unformatted: