pkg_install-20090108: pkg_add optionally checks for vulnerable packages and bails out.diff -r1.70.4.19 -r1.70.4.20 pkgsrc/pkgtools/pkg_install/files/add/perform.c
(joerg)
@@ -1,28 +1,28 @@ | @@ -1,28 +1,28 @@ | |||
1 | /* $NetBSD: perform.c,v 1.70.4.19 2008/08/25 19:15:11 joerg Exp $ */ | 1 | /* $NetBSD: perform.c,v 1.70.4.20 2009/01/08 00:01:30 joerg Exp $ */ | |
2 | #if HAVE_CONFIG_H | 2 | #if HAVE_CONFIG_H | |
3 | #include "config.h" | 3 | #include "config.h" | |
4 | #endif | 4 | #endif | |
5 | #include <nbcompat.h> | 5 | #include <nbcompat.h> | |
6 | #if HAVE_SYS_CDEFS_H | 6 | #if HAVE_SYS_CDEFS_H | |
7 | #include <sys/cdefs.h> | 7 | #include <sys/cdefs.h> | |
8 | #endif | 8 | #endif | |
9 | __RCSID("$NetBSD: perform.c,v 1.70.4.19 2008/08/25 19:15:11 joerg Exp $"); | 9 | __RCSID("$NetBSD: perform.c,v 1.70.4.20 2009/01/08 00:01:30 joerg Exp $"); | |
10 | 10 | |||
11 | /*- | 11 | /*- | |
12 | * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> | 12 | * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> | |
13 | * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org> | 13 | * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org> | |
14 | * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org> | 14 | * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org> | |
15 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org> | 15 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org> | |
16 | * All rights reserved. | 16 | * All rights reserved. | |
17 | * | 17 | * | |
18 | * Redistribution and use in source and binary forms, with or without | 18 | * Redistribution and use in source and binary forms, with or without | |
19 | * modification, are permitted provided that the following conditions | 19 | * modification, are permitted provided that the following conditions | |
20 | * are met: | 20 | * are met: | |
21 | * | 21 | * | |
22 | * 1. Redistributions of source code must retain the above copyright | 22 | * 1. Redistributions of source code must retain the above copyright | |
23 | * notice, this list of conditions and the following disclaimer. | 23 | * notice, this list of conditions and the following disclaimer. | |
24 | * 2. Redistributions in binary form must reproduce the above copyright | 24 | * 2. Redistributions in binary form must reproduce the above copyright | |
25 | * notice, this list of conditions and the following disclaimer in | 25 | * notice, this list of conditions and the following disclaimer in | |
26 | * the documentation and/or other materials provided with the | 26 | * the documentation and/or other materials provided with the | |
27 | * distribution. | 27 | * distribution. | |
28 | * | 28 | * | |
@@ -1159,26 +1159,73 @@ check_signature(struct pkg_task *pkg, vo | @@ -1159,26 +1159,73 @@ check_signature(struct pkg_task *pkg, vo | |||
1159 | fprintf(stderr, "Do you want to proceed with " | 1159 | fprintf(stderr, "Do you want to proceed with " | |
1160 | "the installation of %s [y/n]?\n", pkg->pkgname); | 1160 | "the installation of %s [y/n]?\n", pkg->pkgname); | |
1161 | line = fgetln(stdin, &len); | 1161 | line = fgetln(stdin, &len); | |
1162 | if (check_input(line, len)) { | 1162 | if (check_input(line, len)) { | |
1163 | fprintf(stderr, "Cancelling installation\n"); | 1163 | fprintf(stderr, "Cancelling installation\n"); | |
1164 | return 1; | 1164 | return 1; | |
1165 | } | 1165 | } | |
1166 | return 0; | 1166 | return 0; | |
1167 | } | 1167 | } | |
1168 | warnx("Unknown value of configuration variable VERIFIED_INSTALLATION"); | 1168 | warnx("Unknown value of configuration variable VERIFIED_INSTALLATION"); | |
1169 | return 1; | 1169 | return 1; | |
1170 | } | 1170 | } | |
1171 | 1171 | |||
1172 | static int | |||
1173 | check_vulnerable(struct pkg_task *pkg) | |||
1174 | { | |||
1175 | static struct pkg_vulnerabilities *pv; | |||
1176 | size_t i; | |||
1177 | int require_check; | |||
1178 | char *line; | |||
1179 | size_t len; | |||
1180 | ||||
1181 | if (strcasecmp(check_vulnerabilities, "never") == 0) | |||
1182 | return 0; | |||
1183 | else if (strcasecmp(check_vulnerabilities, "always")) | |||
1184 | require_check = 1; | |||
1185 | else if (strcasecmp(check_vulnerabilities, "interactive")) | |||
1186 | require_check = 0; | |||
1187 | else { | |||
1188 | warnx("Unknown value of the configuration variable" | |||
1189 | "CHECK_VULNERABILITIES"); | |||
1190 | return 1; | |||
1191 | } | |||
1192 | ||||
1193 | if (pv == NULL) { | |||
1194 | pv = read_pkg_vulnerabilities(pkg_vulnerabilities_file, | |||
1195 | require_check, 0); | |||
1196 | if (pv == NULL) | |||
1197 | return require_check; | |||
1198 | } | |||
1199 | ||||
1200 | for (i = 0; i < pv->entries; ++i) { | |||
1201 | if (!pkg_match(pv->vulnerability[i], pkg->pkgname)) | |||
1202 | continue; | |||
1203 | if (strcmp("eol", pv->classification[i]) == 0) | |||
1204 | continue; | |||
1205 | warnx("Package %s has a %s vulnerability, see %s", | |||
1206 | pkg->pkgname, pv->classification[i], pv->advisory[i]); | |||
1207 | fprintf(stderr, "Do you want to proceed with " | |||
1208 | "the installation of %s [y/n]?\n", pkg->pkgname); | |||
1209 | line = fgetln(stdin, &len); | |||
1210 | if (check_input(line, len)) { | |||
1211 | fprintf(stderr, "Cancelling installation\n"); | |||
1212 | return 1; | |||
1213 | } | |||
1214 | return 0; | |||
1215 | } | |||
1216 | return 0; | |||
1217 | } | |||
1218 | ||||
1172 | /* | 1219 | /* | |
1173 | * Install a single package. | 1220 | * Install a single package. | |
1174 | */ | 1221 | */ | |
1175 | static int | 1222 | static int | |
1176 | pkg_do(const char *pkgpath, int mark_automatic) | 1223 | pkg_do(const char *pkgpath, int mark_automatic) | |
1177 | { | 1224 | { | |
1178 | int status, invalid_sig; | 1225 | int status, invalid_sig; | |
1179 | void *archive_cookie; | 1226 | void *archive_cookie; | |
1180 | void *signature_cookie; | 1227 | void *signature_cookie; | |
1181 | struct pkg_task *pkg; | 1228 | struct pkg_task *pkg; | |
1182 | 1229 | |||
1183 | pkg = xcalloc(1, sizeof(*pkg)); | 1230 | pkg = xcalloc(1, sizeof(*pkg)); | |
1184 | 1231 | |||
@@ -1197,26 +1244,29 @@ pkg_do(const char *pkgpath, int mark_aut | @@ -1197,26 +1244,29 @@ pkg_do(const char *pkgpath, int mark_aut | |||
1197 | signature_cookie = NULL; | 1244 | signature_cookie = NULL; | |
1198 | #endif | 1245 | #endif | |
1199 | 1246 | |||
1200 | if (read_meta_data(pkg)) | 1247 | if (read_meta_data(pkg)) | |
1201 | goto clean_memory; | 1248 | goto clean_memory; | |
1202 | 1249 | |||
1203 | /* Parse PLIST early, so that messages can use real package name. */ | 1250 | /* Parse PLIST early, so that messages can use real package name. */ | |
1204 | if (pkg_parse_plist(pkg)) | 1251 | if (pkg_parse_plist(pkg)) | |
1205 | goto clean_memory; | 1252 | goto clean_memory; | |
1206 | 1253 | |||
1207 | if (check_signature(pkg, &signature_cookie, invalid_sig)) | 1254 | if (check_signature(pkg, &signature_cookie, invalid_sig)) | |
1208 | goto clean_memory; | 1255 | goto clean_memory; | |
1209 | 1256 | |||
1257 | if (check_vulnerable(pkg)) | |||
1258 | goto clean_memory; | |||
1259 | ||||
1210 | if (pkg->meta_data.meta_mtree != NULL) | 1260 | if (pkg->meta_data.meta_mtree != NULL) | |
1211 | warnx("mtree specification in pkg `%s' ignored", pkg->pkgname); | 1261 | warnx("mtree specification in pkg `%s' ignored", pkg->pkgname); | |
1212 | 1262 | |||
1213 | if (pkg->meta_data.meta_views != NULL) { | 1263 | if (pkg->meta_data.meta_views != NULL) { | |
1214 | pkg->logdir = xstrdup(pkg->prefix); | 1264 | pkg->logdir = xstrdup(pkg->prefix); | |
1215 | _pkgdb_setPKGDB_DIR(dirname_of(pkg->logdir)); | 1265 | _pkgdb_setPKGDB_DIR(dirname_of(pkg->logdir)); | |
1216 | } else { | 1266 | } else { | |
1217 | pkg->logdir = xasprintf("%s/%s", _pkgdb_getPKGDB_DIR(), | 1267 | pkg->logdir = xasprintf("%s/%s", _pkgdb_getPKGDB_DIR(), | |
1218 | pkg->pkgname); | 1268 | pkg->pkgname); | |
1219 | } | 1269 | } | |
1220 | 1270 | |||
1221 | if (Destdir != NULL) { | 1271 | if (Destdir != NULL) { | |
1222 | pkg->install_logdir = xasprintf("%s/%s", Destdir, pkg->logdir); | 1272 | pkg->install_logdir = xasprintf("%s/%s", Destdir, pkg->logdir); |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: lib.h,v 1.42.2.16 2008/12/30 15:55:57 joerg Exp $ */ | 1 | /* $NetBSD: lib.h,v 1.42.2.17 2009/01/08 00:01:31 joerg Exp $ */ | |
2 | 2 | |||
3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | 3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * FreeBSD install - a package for the installation and maintainance | 6 | * FreeBSD install - a package for the installation and maintainance | |
7 | * of non-core utilities. | 7 | * of non-core utilities. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -402,25 +402,26 @@ int detached_gpg_sign(const char *, size | @@ -402,25 +402,26 @@ int detached_gpg_sign(const char *, size | |||
402 | char *xstrdup(const char *); | 402 | char *xstrdup(const char *); | |
403 | void *xrealloc(void *, size_t); | 403 | void *xrealloc(void *, size_t); | |
404 | void *xcalloc(size_t, size_t); | 404 | void *xcalloc(size_t, size_t); | |
405 | void *xmalloc(size_t); | 405 | void *xmalloc(size_t); | |
406 | char *xasprintf(const char *, ...); | 406 | char *xasprintf(const char *, ...); | |
407 | 407 | |||
408 | /* Externs */ | 408 | /* Externs */ | |
409 | extern Boolean Verbose; | 409 | extern Boolean Verbose; | |
410 | extern Boolean Fake; | 410 | extern Boolean Fake; | |
411 | extern Boolean Force; | 411 | extern Boolean Force; | |
412 | extern const char *cert_chain_file; | 412 | extern const char *cert_chain_file; | |
413 | extern const char *certs_packages; | 413 | extern const char *certs_packages; | |
414 | extern const char *certs_pkg_vulnerabilities; | 414 | extern const char *certs_pkg_vulnerabilities; | |
415 | extern const char *check_vulnerabilities; | |||
415 | extern const char *config_file; | 416 | extern const char *config_file; | |
416 | extern const char *verified_installation; | 417 | extern const char *verified_installation; | |
417 | extern const char *gpg_cmd; | 418 | extern const char *gpg_cmd; | |
418 | extern char fetch_flags[]; | 419 | extern char fetch_flags[]; | |
419 | 420 | |||
420 | extern const char *pkg_vulnerabilities_dir; | 421 | extern const char *pkg_vulnerabilities_dir; | |
421 | extern const char *pkg_vulnerabilities_file; | 422 | extern const char *pkg_vulnerabilities_file; | |
422 | extern const char *pkg_vulnerabilities_url; | 423 | extern const char *pkg_vulnerabilities_url; | |
423 | extern const char *ignore_advisories; | 424 | extern const char *ignore_advisories; | |
424 | extern const char tnf_vulnerability_base[]; | 425 | extern const char tnf_vulnerability_base[]; | |
425 | 426 | |||
426 | #endif /* _INST_LIB_LIB_H_ */ | 427 | #endif /* _INST_LIB_LIB_H_ */ |
@@ -1,24 +1,24 @@ | @@ -1,24 +1,24 @@ | |||
1 | /* $NetBSD: parse-config.c,v 1.1.2.5 2008/08/21 16:04:39 joerg Exp $ */ | 1 | /* $NetBSD: parse-config.c,v 1.1.2.6 2009/01/08 00:01:31 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | #ifndef lint | 10 | #ifndef lint | |
11 | __RCSID("$NetBSD: parse-config.c,v 1.1.2.5 2008/08/21 16:04:39 joerg Exp $"); | 11 | __RCSID("$NetBSD: parse-config.c,v 1.1.2.6 2009/01/08 00:01:31 joerg Exp $"); | |
12 | #endif | 12 | #endif | |
13 | 13 | |||
14 | /*- | 14 | /*- | |
15 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | 15 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | |
16 | * All rights reserved. | 16 | * All rights reserved. | |
17 | * | 17 | * | |
18 | * Redistribution and use in source and binary forms, with or without | 18 | * Redistribution and use in source and binary forms, with or without | |
19 | * modification, are permitted provided that the following conditions | 19 | * modification, are permitted provided that the following conditions | |
20 | * are met: | 20 | * are met: | |
21 | * | 21 | * | |
22 | * 1. Redistributions of source code must retain the above copyright | 22 | * 1. Redistributions of source code must retain the above copyright | |
23 | * notice, this list of conditions and the following disclaimer. | 23 | * notice, this list of conditions and the following disclaimer. | |
24 | * 2. Redistributions in binary form must reproduce the above copyright | 24 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -48,43 +48,45 @@ __RCSID("$NetBSD: parse-config.c,v 1.1.2 | @@ -48,43 +48,45 @@ __RCSID("$NetBSD: parse-config.c,v 1.1.2 | |||
48 | #endif | 48 | #endif | |
49 | 49 | |||
50 | #include "lib.h" | 50 | #include "lib.h" | |
51 | 51 | |||
52 | const char *config_file = SYSCONFDIR"/pkg_install.conf"; | 52 | const char *config_file = SYSCONFDIR"/pkg_install.conf"; | |
53 | 53 | |||
54 | char fetch_flags[10]; | 54 | char fetch_flags[10]; | |
55 | static const char *active_ftp; | 55 | static const char *active_ftp; | |
56 | static const char *verbose_netio; | 56 | static const char *verbose_netio; | |
57 | static const char *ignore_proxy; | 57 | static const char *ignore_proxy; | |
58 | const char *cert_chain_file; | 58 | const char *cert_chain_file; | |
59 | const char *certs_packages; | 59 | const char *certs_packages; | |
60 | const char *certs_pkg_vulnerabilities; | 60 | const char *certs_pkg_vulnerabilities; | |
61 | const char *check_vulnerabilities; | |||
61 | const char *verified_installation; | 62 | const char *verified_installation; | |
62 | const char *gpg_cmd; | 63 | const char *gpg_cmd; | |
63 | const char *pkg_vulnerabilities_dir; | 64 | const char *pkg_vulnerabilities_dir; | |
64 | const char *pkg_vulnerabilities_file; | 65 | const char *pkg_vulnerabilities_file; | |
65 | const char *pkg_vulnerabilities_url; | 66 | const char *pkg_vulnerabilities_url; | |
66 | const char *ignore_advisories = NULL; | 67 | const char *ignore_advisories = NULL; | |
67 | 68 | |||
68 | const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns"; | 69 | const char tnf_vulnerability_base[] = "ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns"; | |
69 | 70 | |||
70 | static struct config_variable { | 71 | static struct config_variable { | |
71 | const char *name; | 72 | const char *name; | |
72 | const char **var; | 73 | const char **var; | |
73 | } config_variables[] = { | 74 | } config_variables[] = { | |
74 | { "ACTIVE_FTP", &active_ftp }, | 75 | { "ACTIVE_FTP", &active_ftp }, | |
75 | { "CERTIFICATE_ANCHOR_PKGS", &certs_packages }, | 76 | { "CERTIFICATE_ANCHOR_PKGS", &certs_packages }, | |
76 | { "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities }, | 77 | { "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities }, | |
77 | { "CERTIFICATE_CHAIN", &cert_chain_file }, | 78 | { "CERTIFICATE_CHAIN", &cert_chain_file }, | |
79 | { "CHECK_VULNERABILITIES", &check_vulnerabilities }, | |||
78 | { "GPG", &gpg_cmd }, | 80 | { "GPG", &gpg_cmd }, | |
79 | { "IGNORE_PROXY", &ignore_proxy }, | 81 | { "IGNORE_PROXY", &ignore_proxy }, | |
80 | { "IGNORE_URL", &ignore_advisories }, | 82 | { "IGNORE_URL", &ignore_advisories }, | |
81 | { "PKGVULNDIR", &pkg_vulnerabilities_dir }, | 83 | { "PKGVULNDIR", &pkg_vulnerabilities_dir }, | |
82 | { "PKGVULNURL", &pkg_vulnerabilities_url }, | 84 | { "PKGVULNURL", &pkg_vulnerabilities_url }, | |
83 | { "VERBOSE_NETIO", &verbose_netio }, | 85 | { "VERBOSE_NETIO", &verbose_netio }, | |
84 | { "VERIFIED_INSTALLATION", &verified_installation }, | 86 | { "VERIFIED_INSTALLATION", &verified_installation }, | |
85 | { NULL, NULL } | 87 | { NULL, NULL } | |
86 | }; | 88 | }; | |
87 | 89 | |||
88 | void | 90 | void | |
89 | pkg_install_config(void) | 91 | pkg_install_config(void) | |
90 | { | 92 | { | |
@@ -98,26 +100,29 @@ pkg_install_config(void) | @@ -98,26 +100,29 @@ pkg_install_config(void) | |||
98 | } | 100 | } | |
99 | 101 | |||
100 | if (pkg_vulnerabilities_dir == NULL) | 102 | if (pkg_vulnerabilities_dir == NULL) | |
101 | pkg_vulnerabilities_dir = _pkgdb_getPKGDB_DIR(); | 103 | pkg_vulnerabilities_dir = _pkgdb_getPKGDB_DIR(); | |
102 | pkg_vulnerabilities_file = xasprintf("%s/pkg-vulnerabilities", | 104 | pkg_vulnerabilities_file = xasprintf("%s/pkg-vulnerabilities", | |
103 | pkg_vulnerabilities_dir); | 105 | pkg_vulnerabilities_dir); | |
104 | if (pkg_vulnerabilities_url == NULL) { | 106 | if (pkg_vulnerabilities_url == NULL) { | |
105 | pkg_vulnerabilities_url = xasprintf("%s/pkg-vulnerabilities.gz", | 107 | pkg_vulnerabilities_url = xasprintf("%s/pkg-vulnerabilities.gz", | |
106 | tnf_vulnerability_base); | 108 | tnf_vulnerability_base); | |
107 | } | 109 | } | |
108 | if (verified_installation == NULL) | 110 | if (verified_installation == NULL) | |
109 | verified_installation = "never"; | 111 | verified_installation = "never"; | |
110 | 112 | |||
113 | if (check_vulnerabilities == NULL) | |||
114 | check_vulnerabilities = "never"; | |||
115 | ||||
111 | snprintf(fetch_flags, sizeof(fetch_flags), "%s%s%s", | 116 | snprintf(fetch_flags, sizeof(fetch_flags), "%s%s%s", | |
112 | (verbose_netio && *verbose_netio) ? "v" : "", | 117 | (verbose_netio && *verbose_netio) ? "v" : "", | |
113 | (active_ftp && *active_ftp) ? "" : "p", | 118 | (active_ftp && *active_ftp) ? "" : "p", | |
114 | (ignore_proxy && *ignore_proxy) ? "d" : ""); | 119 | (ignore_proxy && *ignore_proxy) ? "d" : ""); | |
115 | } | 120 | } | |
116 | 121 | |||
117 | void | 122 | void | |
118 | pkg_install_show_variable(const char *var_name) | 123 | pkg_install_show_variable(const char *var_name) | |
119 | { | 124 | { | |
120 | struct config_variable *var; | 125 | struct config_variable *var; | |
121 | 126 | |||
122 | for (var = config_variables; var->name != NULL; ++var) { | 127 | for (var = config_variables; var->name != NULL; ++var) { | |
123 | if (strcmp(var->name, var_name) != 0) | 128 | if (strcmp(var->name, var_name) != 0) |
@@ -1,43 +1,43 @@ | @@ -1,43 +1,43 @@ | |||
1 | .\" $NetBSD: pkg_install.conf.5,v 1.1.2.3 2008/08/21 16:10:01 joerg Exp $ | 1 | .\" $NetBSD: pkg_install.conf.5,v 1.1.2.4 2009/01/08 00:01:31 joerg Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Copyright (c) 2008 The NetBSD Foundation, Inc. | 3 | .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. | |
4 | .\" All rights reserved. | 4 | .\" All rights reserved. | |
5 | .\" | 5 | .\" | |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | 6 | .\" This code is derived from software contributed to The NetBSD Foundation | |
7 | .\" by Thomas Klausner. | 7 | .\" by Thomas Klausner. | |
8 | .\" | 8 | .\" | |
9 | .\" Redistribution and use in source and binary forms, with or without | 9 | .\" Redistribution and use in source and binary forms, with or without | |
10 | .\" modification, are permitted provided that the following conditions | 10 | .\" modification, are permitted provided that the following conditions | |
11 | .\" are met: | 11 | .\" are met: | |
12 | .\" 1. Redistributions of source code must retain the above copyright | 12 | .\" 1. Redistributions of source code must retain the above copyright | |
13 | .\" notice, this list of conditions and the following disclaimer. | 13 | .\" notice, this list of conditions and the following disclaimer. | |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
15 | .\" notice, this list of conditions and the following disclaimer in the | 15 | .\" notice, this list of conditions and the following disclaimer in the | |
16 | .\" documentation and/or other materials provided with the distribution. | 16 | .\" documentation and/or other materials provided with the distribution. | |
17 | .\" | 17 | .\" | |
18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | 18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | |
19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | 19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | 21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | |
22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | 22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
28 | .\" POSSIBILITY OF SUCH DAMAGE. | 28 | .\" POSSIBILITY OF SUCH DAMAGE. | |
29 | .\" | 29 | .\" | |
30 | .Dd August 21, 2008 | 30 | .Dd January 8, 2009 | |
31 | .Dt PKG_INSTALL.CONF 5 | 31 | .Dt PKG_INSTALL.CONF 5 | |
32 | .Os | 32 | .Os | |
33 | .Sh NAME | 33 | .Sh NAME | |
34 | .Nm pkg_install.conf | 34 | .Nm pkg_install.conf | |
35 | .Nd configuration file for package installation tools | 35 | .Nd configuration file for package installation tools | |
36 | .Sh DESCRIPTION | 36 | .Sh DESCRIPTION | |
37 | The file | 37 | The file | |
38 | .Nm | 38 | .Nm | |
39 | contains system defaults for the package installation tools | 39 | contains system defaults for the package installation tools | |
40 | as a list of variable-value pairs. | 40 | as a list of variable-value pairs. | |
41 | Each line has the format | 41 | Each line has the format | |
42 | .Ev VARIABLE=VALUE . | 42 | .Ev VARIABLE=VALUE . | |
43 | If the value consists of more than one line, each line is prefixed with | 43 | If the value consists of more than one line, each line is prefixed with | |
@@ -57,26 +57,38 @@ A package is trusted when a certificate | @@ -57,26 +57,38 @@ A package is trusted when a certificate | |||
57 | certificates contained in this file. | 57 | certificates contained in this file. | |
58 | The certificates must be PEM-encoded. | 58 | The certificates must be PEM-encoded. | |
59 | .It Dv CERTIFICATE_ANCHOR_PKGVULN | 59 | .It Dv CERTIFICATE_ANCHOR_PKGVULN | |
60 | Analogous to | 60 | Analogous to | |
61 | .Dv CERTIFICATE_ANCHOR_PKGS . | 61 | .Dv CERTIFICATE_ANCHOR_PKGS . | |
62 | The | 62 | The | |
63 | .Pa pkg-vulnerabilities | 63 | .Pa pkg-vulnerabilities | |
64 | is trusted when a certificate chain ends in one of the certificates | 64 | is trusted when a certificate chain ends in one of the certificates | |
65 | contained in this file. | 65 | contained in this file. | |
66 | .It Dv CERTIFICATE_CHAIN | 66 | .It Dv CERTIFICATE_CHAIN | |
67 | Path to a file containing additional certificates that can be used | 67 | Path to a file containing additional certificates that can be used | |
68 | for completing certicate chains when validating binary packages or | 68 | for completing certicate chains when validating binary packages or | |
69 | pkg-vulnerabilities files. | 69 | pkg-vulnerabilities files. | |
70 | .Dv CHECK_VULNERABILITIES | |||
71 | Check for vulnerabilities when installating packages. | |||
72 | Supported values are: | |||
73 | .Bl -tag -width interactiveXX | |||
74 | .It Dv never | |||
75 | No check is performed. | |||
76 | .It Dv always | |||
77 | Passing the vulnerability check is required. | |||
78 | A missing pkg-vulnerabilities file is considered an error. | |||
79 | .It Dv interactive | |||
80 | The user is always asked to confirm installation of vulnerable packages. | |||
81 | .El | |||
70 | .It Dv GPG | 82 | .It Dv GPG | |
71 | Deprecated. | 83 | Deprecated. | |
72 | Path to | 84 | Path to | |
73 | .Xr gpg 1 , | 85 | .Xr gpg 1 , | |
74 | which can be used to verify the signature in the | 86 | which can be used to verify the signature in the | |
75 | .Pa pkg-vulnerabilities | 87 | .Pa pkg-vulnerabilities | |
76 | file when running | 88 | file when running | |
77 | .Dl Ic pkg_admin check-pkg-vulnerabilities -s | 89 | .Dl Ic pkg_admin check-pkg-vulnerabilities -s | |
78 | or | 90 | or | |
79 | .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s | 91 | .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s | |
80 | .It Dv IGNORE_PROXY | 92 | .It Dv IGNORE_PROXY | |
81 | Use direct connections and ignore | 93 | Use direct connections and ignore | |
82 | .Ev FTP_PROXY | 94 | .Ev FTP_PROXY |
@@ -21,27 +21,38 @@ DDEESSCCRRIIPPTTIIOONN | @@ -21,27 +21,38 @@ DDEESSCCRRIIPPTTIIOONN | |||
21 | Path to the file containing the certificates used for validating | 21 | Path to the file containing the certificates used for validating | |
22 | binary packages. A package is trusted when a certificate chain | 22 | binary packages. A package is trusted when a certificate chain | |
23 | ends in one of the certificates contained in this file. The cer- | 23 | ends in one of the certificates contained in this file. The cer- | |
24 | tificates must be PEM-encoded. | 24 | tificates must be PEM-encoded. | |
25 | 25 | |||
26 | CERTIFICATE_ANCHOR_PKGVULN | 26 | CERTIFICATE_ANCHOR_PKGVULN | |
27 | Analogous to CERTIFICATE_ANCHOR_PKGS. The _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s is | 27 | Analogous to CERTIFICATE_ANCHOR_PKGS. The _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s is | |
28 | trusted when a certificate chain ends in one of the certificates | 28 | trusted when a certificate chain ends in one of the certificates | |
29 | contained in this file. | 29 | contained in this file. | |
30 | 30 | |||
31 | CERTIFICATE_CHAIN | 31 | CERTIFICATE_CHAIN | |
32 | Path to a file containing additional certificates that can be | 32 | Path to a file containing additional certificates that can be | |
33 | used for completing certicate chains when validating binary pack- | 33 | used for completing certicate chains when validating binary pack- | |
34 | ages or pkg-vulnerabilities files. | 34 | ages or pkg-vulnerabilities files. CHECK_VULNERABILITIES Check | |
35 | for vulnerabilities when installating packages. Supported values | |||
36 | are: | |||
37 | ||||
38 | never No check is performed. | |||
39 | ||||
40 | always Passing the vulnerability check is required. A | |||
41 | missing pkg-vulnerabilities file is considered an | |||
42 | error. | |||
43 | ||||
44 | interactive The user is always asked to confirm installation | |||
45 | of vulnerable packages. | |||
35 | 46 | |||
36 | GPG Deprecated. Path to gpg(1), which can be used to verify the sig- | 47 | GPG Deprecated. Path to gpg(1), which can be used to verify the sig- | |
37 | nature in the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file when running | 48 | nature in the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file when running | |
38 | ppkkgg__aaddmmiinn cchheecckk--ppkkgg--vvuullnneerraabbiilliittiieess --ss | 49 | ppkkgg__aaddmmiinn cchheecckk--ppkkgg--vvuullnneerraabbiilliittiieess --ss | |
39 | or | 50 | or | |
40 | ppkkgg__aaddmmiinn ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess --ss | 51 | ppkkgg__aaddmmiinn ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess --ss | |
41 | 52 | |||
42 | IGNORE_PROXY | 53 | IGNORE_PROXY | |
43 | Use direct connections and ignore FTP_PROXY and HTTP_PROXY. | 54 | Use direct connections and ignore FTP_PROXY and HTTP_PROXY. | |
44 | 55 | |||
45 | IGNORE_URL | 56 | IGNORE_URL | |
46 | One line per advisory which should be ignored when running | 57 | One line per advisory which should be ignored when running | |
47 | ppkkgg__aaddmmiinn aauuddiitt | 58 | ppkkgg__aaddmmiinn aauuddiitt | |
@@ -78,14 +89,14 @@ DDEESSCCRRIIPPTTIIOONN | @@ -78,14 +89,14 @@ DDEESSCCRRIIPPTTIIOONN | |||
78 | package can not be verified, the user is asked | 89 | package can not be verified, the user is asked | |
79 | interactively. | 90 | interactively. | |
80 | 91 | |||
81 | interactive The user is always asked interactively when | 92 | interactive The user is always asked interactively when | |
82 | installing a package. | 93 | installing a package. | |
83 | 94 | |||
84 | FFIILLEESS | 95 | FFIILLEESS | |
85 | @SYSCONFDIR@/pkg_install.conf Default location for the file described | 96 | @SYSCONFDIR@/pkg_install.conf Default location for the file described | |
86 | in this manual page. | 97 | in this manual page. | |
87 | 98 | |||
88 | SSEEEE AALLSSOO | 99 | SSEEEE AALLSSOO | |
89 | pkg_add(1), pkg_admin(1) | 100 | pkg_add(1), pkg_admin(1) | |
90 | 101 | |||
91 | NetBSD 4.0 August 21, 2008 NetBSD 4.0 | 102 | NetBSD 5.0 January 8, 2009 NetBSD 5.0 |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: version.h,v 1.102.2.19 2008/12/30 15:55:57 joerg Exp $ */ | 1 | /* $NetBSD: version.h,v 1.102.2.20 2009/01/08 00:01:31 joerg Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 2001 Thomas Klausner. All rights reserved. | 4 | * Copyright (c) 2001 Thomas Klausner. All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * | 14 | * | |
@@ -17,16 +17,16 @@ | @@ -17,16 +17,16 @@ | |||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
25 | */ | 25 | */ | |
26 | 26 | |||
27 | #ifndef _INST_LIB_VERSION_H_ | 27 | #ifndef _INST_LIB_VERSION_H_ | |
28 | #define _INST_LIB_VERSION_H_ | 28 | #define _INST_LIB_VERSION_H_ | |
29 | 29 | |||
30 | #define PKGTOOLS_VERSION "20081230" | 30 | #define PKGTOOLS_VERSION "20090108" | |
31 | 31 | |||
32 | #endif /* _INST_LIB_VERSION_H_ */ | 32 | #endif /* _INST_LIB_VERSION_H_ */ |