Wed Feb 11 14:34:36 2009 UTC ()
Use pkg_admin for audit processing if pkg_install >= 20090201 is
installed.


(joerg)
diff -r1.9 -r1.10 pkgsrc/mk/flavor/pkg/check.mk
diff -r1.9 -r1.10 pkgsrc/mk/flavor/pkg/flavor-vars.mk
cvs diff -r1.9 -r1.10 pkgsrc/mk/flavor/pkg/Attic/check.mk (expand / switch to unified diff)

--- pkgsrc/mk/flavor/pkg/Attic/check.mk 2008/04/07 13:16:26 1.9
+++ pkgsrc/mk/flavor/pkg/Attic/check.mk 2009/02/11 14:34:36 1.10
@@ -1,23 +1,23 @@ @@ -1,23 +1,23 @@
1# $NetBSD: check.mk,v 1.9 2008/04/07 13:16:26 joerg Exp $ 1# $NetBSD: check.mk,v 1.10 2009/02/11 14:34:36 joerg Exp $
2# 2#
3 3
4# _flavor-check-vulnerable: 4# _flavor-check-vulnerable:
5# Checks for known vulnerabilities in the package if a vulnerability 5# Checks for known vulnerabilities in the package if a vulnerability
6# file exists. 6# file exists.
7# 7#
8_flavor-check-vulnerable: .PHONY 8_flavor-check-vulnerable: .PHONY
9 ${_PKG_SILENT}${_PKG_DEBUG} \ 9 ${_PKG_SILENT}${_PKG_DEBUG} \
10 _PKGVULNDIR=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \ 10 _PKGVULNDIR=`${_EXTRACT_PKGVULNDIR}`; \
11 vulnfile=$$_PKGVULNDIR/pkg-vulnerabilities; \ 11 vulnfile=$$_PKGVULNDIR/pkg-vulnerabilities; \
12 if ${TEST} ! -f "$$vulnfile"; then \ 12 if ${TEST} ! -f "$$vulnfile"; then \
13 ${PHASE_MSG} "Skipping vulnerability checks."; \ 13 ${PHASE_MSG} "Skipping vulnerability checks."; \
14 ${WARNING_MSG} "No $$vulnfile file found."; \ 14 ${WARNING_MSG} "No $$vulnfile file found."; \
15 ${WARNING_MSG} "To fix run: \`${DOWNLOAD_VULN_LIST}'."; \ 15 ${WARNING_MSG} "To fix run: \`${DOWNLOAD_VULN_LIST}'."; \
16 exit 0; \ 16 exit 0; \
17 fi; \ 17 fi; \
18 ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \ 18 ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \
19 ${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -n ${PKGNAME}; \ 19 ${AUDIT_PACKAGES} ${_AUDIT_PACKAGES_CMD} ${AUDIT_PACKAGES_FLAGS} ${PKGNAME}; \
20 if ${TEST} "$$?" -ne 0; then \ 20 if ${TEST} "$$?" -ne 0; then \
21 ${ERROR_MSG} "Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in audit-packages.conf(5) if this package is absolutely essential."; \ 21 ${ERROR_MSG} "Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in audit-packages.conf(5) if this package is absolutely essential."; \
22 ${FALSE}; \ 22 ${FALSE}; \
23 fi 23 fi
cvs diff -r1.9 -r1.10 pkgsrc/mk/flavor/pkg/Attic/flavor-vars.mk (expand / switch to unified diff)

--- pkgsrc/mk/flavor/pkg/Attic/flavor-vars.mk 2008/04/07 13:18:25 1.9
+++ pkgsrc/mk/flavor/pkg/Attic/flavor-vars.mk 2009/02/11 14:34:36 1.10
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: flavor-vars.mk,v 1.9 2008/04/07 13:18:25 joerg Exp $ 1# $NetBSD: flavor-vars.mk,v 1.10 2009/02/11 14:34:36 joerg Exp $
2# 2#
3# This Makefile fragment is included indirectly by bsd.prefs.mk and 3# This Makefile fragment is included indirectly by bsd.prefs.mk and
4# defines some variables which must be defined earlier than where 4# defines some variables which must be defined earlier than where
5# flavor.mk is included. 5# flavor.mk is included.
6# 6#
7 7
8PKGSRC_MESSAGE_RECIPIENTS?= # empty 8PKGSRC_MESSAGE_RECIPIENTS?= # empty
9 9
10.if !empty(PKGSRC_MESSAGE_RECIPIENTS) 10.if !empty(PKGSRC_MESSAGE_RECIPIENTS)
11USE_TOOLS+= mail 11USE_TOOLS+= mail
12.endif 12.endif
13 13
14.if defined(PKG_PRESERVE) 14.if defined(PKG_PRESERVE)
@@ -39,28 +39,38 @@ LINKFARM_CMD?= ${PKG_TOOLS_BIN}/linkfar @@ -39,28 +39,38 @@ LINKFARM_CMD?= ${PKG_TOOLS_BIN}/linkfar
39PKGTOOLS_REQD= 20070813 39PKGTOOLS_REQD= 20070813
40 40
41.if !defined(PKGTOOLS_VERSION) 41.if !defined(PKGTOOLS_VERSION)
42PKGTOOLS_VERSION!= ${PKG_INFO_CMD} -V 2>/dev/null || echo 20010302 42PKGTOOLS_VERSION!= ${PKG_INFO_CMD} -V 2>/dev/null || echo 20010302
43MAKEFLAGS+= PKGTOOLS_VERSION=${PKGTOOLS_VERSION} 43MAKEFLAGS+= PKGTOOLS_VERSION=${PKGTOOLS_VERSION}
44.endif 44.endif
45 45
46# Check that we are using up-to-date pkg_* tools with this file. 46# Check that we are using up-to-date pkg_* tools with this file.
47.if !defined(NO_PKGTOOLS_REQD_CHECK) && ${PKGTOOLS_VERSION} < ${PKGTOOLS_REQD} 47.if !defined(NO_PKGTOOLS_REQD_CHECK) && ${PKGTOOLS_VERSION} < ${PKGTOOLS_REQD}
48BOOTSTRAP_DEPENDS+= pkg_install>=${PKGTOOLS_REQD}:../../pkgtools/pkg_install 48BOOTSTRAP_DEPENDS+= pkg_install>=${PKGTOOLS_REQD}:../../pkgtools/pkg_install
49_PKG_INSTALL_DEPENDS= yes 49_PKG_INSTALL_DEPENDS= yes
50.endif 50.endif
51 51
 52.if !defined(NO_PKGTOOLS_REQD_CHECK) && ${PKGTOOLS_VERSION} >= 20090201
 53AUDIT_PACKAGES?= ${PKG_ADMIN}
 54_AUDIT_PACKAGES_CMD?= audit-pkg
 55_EXTRACT_PKGVULNDIR= ${PKG_ADMIN} config-var PKGVULNDIR
 56DOWNLOAD_VULN_LIST?= ${PKG_ADMIN} fetch-pkg-vulnerabilities
 57.else
52AUDIT_PACKAGES?= ${PKG_TOOLS_BIN}/audit-packages 58AUDIT_PACKAGES?= ${PKG_TOOLS_BIN}/audit-packages
 59_AUDIT_PACKAGES_CMD?= -n
 60_EXTRACT_PKGVULNDIR= ${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR
53DOWNLOAD_VULN_LIST?= ${PKG_TOOLS_BIN}/download-vulnerability-list 61DOWNLOAD_VULN_LIST?= ${PKG_TOOLS_BIN}/download-vulnerability-list
 62.endif
 63
54 64
55# The binary pkg_install tools all need to consistently to refer to the 65# The binary pkg_install tools all need to consistently to refer to the
56# correct package database directory. 66# correct package database directory.
57# 67#
58PKGTOOLS_ARGS?= -K ${_PKG_DBDIR} 68PKGTOOLS_ARGS?= -K ${_PKG_DBDIR}
59 69
60# Views are rooted in ${LOCALBASE}, all packages are depoted in 70# Views are rooted in ${LOCALBASE}, all packages are depoted in
61# ${DEPOTBASE}, and the package database directory for the default view 71# ${DEPOTBASE}, and the package database directory for the default view
62# is in ${PKG_DBDIR}. 72# is in ${PKG_DBDIR}.
63# 73#
64PKG_VIEW_ARGS?= -W ${LOCALBASE} -d ${DEPOTBASE} -k ${PKG_DBDIR} 74PKG_VIEW_ARGS?= -W ${LOCALBASE} -d ${DEPOTBASE} -k ${PKG_DBDIR}
65 75
66PKG_ADD?= ${PKG_ADD_CMD} ${PKGTOOLS_ARGS} 76PKG_ADD?= ${PKG_ADD_CMD} ${PKGTOOLS_ARGS}