pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg/28230: bsd.pkg.mk ignores /etc/audit-packages.conf



The following reply was made to PR pkg/28230; it has been noted by GNATS.

From: Hauke Fath <hauke%Espresso.Rhein-Neckar.DE@localhost>
To: Alistair Crooks <agc%pkgsrc.org@localhost>
Cc: Hauke Fath <hauke%Espresso.Rhein-Neckar.DE@localhost>,
        "Julio M. Merino Vidal" <jmmv%menta.net@localhost>, 
gnats-bugs%netbsd.org@localhost
Subject: Re: pkg/28230: bsd.pkg.mk ignores /etc/audit-packages.conf
Date: Thu, 7 Apr 2005 00:52:44 +0200

 At 21:14 Uhr +0000 23.3.2005, Alistair Crooks wrote:
 >On Wed, Nov 17, 2004 at 08:15:40PM +0100, Hauke Fath wrote:
 >> Julio M. Merino Vidal wrote
 >>
 >> [Note that I saw this only by chance / because of the duplicate of this
 >> bug; you left me off the Cc: list.]
 >>
 >> > How does the patch below look?  (I've put the chunk of code just
 >>before the
 >> > check-vulnerable target, but I'm not sure that's the best place...)
 >> [...]
 >>
 >> Works for me (although I must admit it looks a bit clumsy to me).
 >
 >Thanks to Julio - I wonder if the attached patch is any more
 >aesthetically pleasing?
 >
 >Works for me, although my setup is depressingly standard.
 
 Alistair,
 
 sorry for being late with my comment - I've been distracted somewhat...
 
 Testing what you committed now, I found that the do-fetch target needs
 $PKGVULNDIR set up, too. Otherwise it will look at the pkg-vulnerabilities
 default location, complain and not make check-vulnerable. The following
 patch does that, duplicating your additions to the check-vulnerable target:
 
 Index: bsd.pkg.mk
 ===================================================================
 RCS file: /cvsroot/pkgsrc/mk/bsd.pkg.mk,v
 retrieving revision 1.1608
 diff -u -u -r1.1608 bsd.pkg.mk
 --- bsd.pkg.mk 5 Apr 2005 14:00:33 -0000       1.1608
 +++ bsd.pkg.mk 6 Apr 2005 22:31:17 -0000
 @@ -1422,15 +1422,20 @@
  do-fetch:
  .  if !defined(ALLOW_VULNERABLE_PACKAGES)
        ${_PKG_SILENT}${_PKG_DEBUG}                                     \
 -      if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then               \
 +      if [ ! -z "${PKG_SYSCONFDIR.audit-packages}" -a -f
 ${PKG_SYSCONFDIR.audit-packages}/audit-packages.conf ]; then \
 +              . ${PKG_SYSCONFDIR.audit-packages}/audit-packages.conf; \
 +      elif [ ! -z "${PKG_SYSCONFDIR}" -a -f
 ${PKG_SYSCONFDIR}/audit-packages.conf ]; then \
 +              . ${PKG_SYSCONFDIR}/audit-packages.conf;                \
 +      fi;                                                             \
 +      if [ -f $${PKGVULNDIR}/pkg-vulnerabilities ]; then              \
                ${ECHO_MSG} "${_PKGSRC_IN}> Checking for vulnerabilities in
 ${PKGNAME}"; \
                vul=`${MAKE} ${MAKEFLAGS} check-vulnerable`;            \
                case "$$vul" in                                         \
 
 
 -- OTOH, since it looks like nothing but do-fetch uses check-vulnerable,
 would it make sense to move the code to do-fetch and avoid the code
 duplication? Alternatively, we could move all of theshell code concerned
 with vulnerability checking to check-vulnerable.
 
 I'd be happy to test both options and provide patches.
 
        hauke
 
 --
 /~\  The ASCII Ribbon Campaign
 \ /    No HTML/RTF in email
  X     No Word docs in email
 / \  Respect for open standards
 
 



Home | Main Index | Thread Index | Old Index