Subject: Re: Speeding up the vulnerabilities check
To: Roland Illig <roland.illig@gmx.de>
From: Alistair Crooks <agc@pkgsrc.org>
List: tech-pkg
Date: 02/27/2005 14:12:45
--k3qmt+ucFURmlhDS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Sun, Feb 27, 2005 at 03:25:50AM +0100, Roland Illig wrote:
> Hi all,
>
> I was bored by waiting 5 (NetBSD) to 15 (Solaris) seconds on the
> check-vulnerable target to finish, so I wrote a replacement for it. May
> I integrate it into pkgsrc if I document it properly?
>
> Before the patch, one pkg_admin(8) process is spawned for every line in
> pkg-vulnerabilities. There are almost 1000 lines now, and the number is
> monotonically increasing. After the patch, pkg_admin(8) is just called once.
I like your patch, but I thought I'd tackle the problem at source, the
way it used to be done.
I took smb's suggestion, and added a check in for a metacharacter in the
"skip" case, which makes things a lot faster for me, and restores the
previous behaviour of only running a pkg_admin check if the PKGBASE is
the vulnerable pattern, or if there's a metacharacter in the pattern.
Further testing is needed - hence this mail.
Regards,
Alistair
--k3qmt+ucFURmlhDS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="check-vulnerable.diff"
Index: bsd.pkg.mk
===================================================================
RCS file: /cvsroot/pkgsrc/mk/bsd.pkg.mk,v
retrieving revision 1.1595
diff -u -r1.1595 bsd.pkg.mk
--- bsd.pkg.mk 25 Feb 2005 13:05:52 -0000 1.1595
+++ bsd.pkg.mk 27 Feb 2005 14:08:56 -0000
@@ -1390,6 +1390,7 @@
PKGBASE="${PKGBASE}" \
${AWK} '/^$$/ { next } \
/^#.*/ { next } \
+ $$1 !~ ENVIRON["PKGBASE"] && $$1 !~ /\{/ { next } \
{ s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ECHO} \"*** WARNING - %s vulnerability in %s - see %s for more information ***\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); system(s); }' < ${PKGVULNDIR}/pkg-vulnerabilities || ${FALSE}; \
fi
--k3qmt+ucFURmlhDS--