pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/28230: bsd.pkg.mk ignores /etc/audit-packages.conf
The following reply was made to PR pkg/28230; it has been noted by GNATS.
From: Hauke Fath <hauke%Espresso.Rhein-Neckar.DE@localhost>
To: Alistair Crooks <agc%pkgsrc.org@localhost>
Cc: Hauke Fath <hauke%Espresso.Rhein-Neckar.DE@localhost>,
"Julio M. Merino Vidal" <jmmv%menta.net@localhost>,
gnats-bugs%netbsd.org@localhost
Subject: Re: pkg/28230: bsd.pkg.mk ignores /etc/audit-packages.conf
Date: Thu, 7 Apr 2005 00:52:44 +0200
At 21:14 Uhr +0000 23.3.2005, Alistair Crooks wrote:
>On Wed, Nov 17, 2004 at 08:15:40PM +0100, Hauke Fath wrote:
>> Julio M. Merino Vidal wrote
>>
>> [Note that I saw this only by chance / because of the duplicate of this
>> bug; you left me off the Cc: list.]
>>
>> > How does the patch below look? (I've put the chunk of code just
>>before the
>> > check-vulnerable target, but I'm not sure that's the best place...)
>> [...]
>>
>> Works for me (although I must admit it looks a bit clumsy to me).
>
>Thanks to Julio - I wonder if the attached patch is any more
>aesthetically pleasing?
>
>Works for me, although my setup is depressingly standard.
Alistair,
sorry for being late with my comment - I've been distracted somewhat...
Testing what you committed now, I found that the do-fetch target needs
$PKGVULNDIR set up, too. Otherwise it will look at the pkg-vulnerabilities
default location, complain and not make check-vulnerable. The following
patch does that, duplicating your additions to the check-vulnerable target:
Index: bsd.pkg.mk
===================================================================
RCS file: /cvsroot/pkgsrc/mk/bsd.pkg.mk,v
retrieving revision 1.1608
diff -u -u -r1.1608 bsd.pkg.mk
--- bsd.pkg.mk 5 Apr 2005 14:00:33 -0000 1.1608
+++ bsd.pkg.mk 6 Apr 2005 22:31:17 -0000
@@ -1422,15 +1422,20 @@
do-fetch:
. if !defined(ALLOW_VULNERABLE_PACKAGES)
${_PKG_SILENT}${_PKG_DEBUG} \
- if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then \
+ if [ ! -z "${PKG_SYSCONFDIR.audit-packages}" -a -f
${PKG_SYSCONFDIR.audit-packages}/audit-packages.conf ]; then \
+ . ${PKG_SYSCONFDIR.audit-packages}/audit-packages.conf; \
+ elif [ ! -z "${PKG_SYSCONFDIR}" -a -f
${PKG_SYSCONFDIR}/audit-packages.conf ]; then \
+ . ${PKG_SYSCONFDIR}/audit-packages.conf; \
+ fi; \
+ if [ -f $${PKGVULNDIR}/pkg-vulnerabilities ]; then \
${ECHO_MSG} "${_PKGSRC_IN}> Checking for vulnerabilities in
${PKGNAME}"; \
vul=`${MAKE} ${MAKEFLAGS} check-vulnerable`; \
case "$$vul" in \
-- OTOH, since it looks like nothing but do-fetch uses check-vulnerable,
would it make sense to move the code to do-fetch and avoid the code
duplication? Alternatively, we could move all of theshell code concerned
with vulnerability checking to check-vulnerable.
I'd be happy to test both options and provide patches.
hauke
--
/~\ The ASCII Ribbon Campaign
\ / No HTML/RTF in email
X No Word docs in email
/ \ Respect for open standards
Home |
Main Index |
Thread Index |
Old Index