| @@ -1,15 +1,15 @@ | | | @@ -1,15 +1,15 @@ |
1 | #!/bin/sh | | 1 | #!/bin/sh |
2 | # $NetBSD: upload,v 1.46 2010/03/21 10:52:29 wiz Exp $ | | 2 | # $NetBSD: upload,v 1.47 2010/03/21 15:31:42 wiz Exp $ |
3 | | | 3 | |
4 | # | | 4 | # |
5 | # Upload non-restricted binary pkgs to ftp server | | 5 | # Upload non-restricted binary pkgs to ftp server |
6 | # | | 6 | # |
7 | | | 7 | |
8 | AWK=${AWK:-/usr/bin/awk} | | 8 | AWK=${AWK:-/usr/bin/awk} |
9 | PKG_ADMIN="pkg_admin" | | 9 | PKG_ADMIN="pkg_admin" |
10 | PKG_INFO="pkg_info" | | 10 | PKG_INFO="pkg_info" |
11 | | | 11 | |
12 | set -eu | | 12 | set -eu |
13 | | | 13 | |
14 | # | | 14 | # |
15 | # Find out where we are | | 15 | # Find out where we are |
| @@ -208,68 +208,85 @@ fi | | | @@ -208,68 +208,85 @@ fi |
208 | # | | 208 | # |
209 | # Some temp files | | 209 | # Some temp files |
210 | # | | 210 | # |
211 | | | 211 | |
212 | umask 022 | | 212 | umask 022 |
213 | TMPDIR="${TMPDIR:-/tmp}" | | 213 | TMPDIR="${TMPDIR:-/tmp}" |
214 | TMP="${TMPDIR}"/pkg_upload.$$ | | 214 | TMP="${TMPDIR}"/pkg_upload.$$ |
215 | (umask 077 && mkdir "${TMP}") \ | | 215 | (umask 077 && mkdir "${TMP}") \ |
216 | || { | | 216 | || { |
217 | echo "upload> ERROR: cannot create temporary directory \"${TMP}\"." 1>&2 | | 217 | echo "upload> ERROR: cannot create temporary directory \"${TMP}\"." 1>&2 |
218 | exit 1 | | 218 | exit 1 |
219 | } | | 219 | } |
220 | | | 220 | |
| | | 221 | vulnerable_packages="$TMP/vulnerable_packages" |
221 | restricted_packages="$TMP/restricted_packages" | | 222 | restricted_packages="$TMP/restricted_packages" |
222 | old_packages="$TMP/old_packages" | | 223 | old_packages="$TMP/old_packages" |
223 | good_packages="$TMP/regular_packages" | | 224 | good_packages="$TMP/regular_packages" |
224 | all_good_packages="$TMP/all_regular_packages" | | 225 | all_good_packages="$TMP/all_regular_packages" |
225 | | | 226 | |
226 | upload_general="$TMP"/upload_general | | 227 | upload_general="$TMP"/upload_general |
| | | 228 | upload_vulnerable="$TMP"/upload_vulnerable |
227 | | | 229 | |
228 | # May be different than $USR_PKGSRC: | | 230 | # May be different than $USR_PKGSRC: |
229 | echo "upload> Running ${BMAKE} to get the pkgsrc variables" | | 231 | echo "upload> Running ${BMAKE} to get the pkgsrc variables" |
230 | pkgsrcdir=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=_PKGSRCDIR` | | 232 | pkgsrcdir=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=_PKGSRCDIR` |
231 | packages=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=PACKAGES` | | 233 | packages=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=PACKAGES` |
232 | distdir=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=DISTDIR` | | 234 | distdir=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=DISTDIR` |
233 | gzip_cmd=`cd pkgtools/lintpkgsrc; ${BMAKE} show-var VARNAME=GZIP_CMD USE_TOOLS=gzip` | | 235 | gzip_cmd=`cd pkgtools/lintpkgsrc; ${BMAKE} show-var VARNAME=GZIP_CMD USE_TOOLS=gzip` |
234 | pkg_info=`cd pkgtools/lintpkgsrc && ${BMAKE} show-var VARNAME=PKG_INFO` | | 236 | pkg_info=`cd pkgtools/lintpkgsrc && ${BMAKE} show-var VARNAME=PKG_INFO` |
235 | shell=`cd pkgtools/lintpkgsrc && ${BMAKE} show-var VARNAME=TOOLS_PLATFORM.sh` | | 237 | shell=`cd pkgtools/lintpkgsrc && ${BMAKE} show-var VARNAME=TOOLS_PLATFORM.sh` |
236 | | | 238 | |
237 | # Pull in some pkgs needed | | 239 | # Pull in some pkgs needed |
238 | for pkg in ${REQUIRED_PACKAGES}; do | | 240 | for pkg in ${REQUIRED_PACKAGES}; do |
239 | install_required $pkg | | 241 | install_required $pkg |
240 | done | | 242 | done |
241 | | | 243 | |
| | | 244 | echo "upload> Making sure vulnerability-list is up-to-date:" |
| | | 245 | if [ -z "$UPDATE_VULNERABILITY_LIST" -o "$UPDATE_VULNERABILITY_LIST" = "yes" ] |
| | | 246 | then |
| | | 247 | _PKGVULNDIR=`audit-packages ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR` |
| | | 248 | download-vulnerability-list ${DOWNLOAD_VULNERABILITY_LIST_FLAGS} |
| | | 249 | if [ "x${_PKGVULNDIR}" != "x${distdir}" ]; then |
| | | 250 | cp ${_PKGVULNDIR}/pkg-vulnerabilities ${distdir} |
| | | 251 | fi |
| | | 252 | echo " done." |
| | | 253 | else |
| | | 254 | echo " (skipped)" |
| | | 255 | fi |
| | | 256 | |
242 | case $LINTPKGSRC_CACHE in | | 257 | case $LINTPKGSRC_CACHE in |
243 | yes|YES) | | 258 | yes|YES) |
244 | lintpkgsrc_cache="-I `cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=LINTPKGSRC_DB`" | | 259 | lintpkgsrc_cache="-I `cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=LINTPKGSRC_DB`" |
245 | ;; | | 260 | ;; |
246 | *) | | 261 | *) |
247 | lintpkgsrc_cache='' | | 262 | lintpkgsrc_cache='' |
248 | ;; | | 263 | ;; |
249 | esac | | 264 | esac |
250 | | | 265 | |
251 | echo "upload> Checking for out of date packages:" | | 266 | echo "upload> Checking for out of date packages:" |
252 | # -p = report old versions of packages | | 267 | # -p = report old versions of packages |
253 | lintpkgsrc $lintpkgsrc_cache -K $packages -P $pkgsrcdir -p > "${old_packages}.tmp" | | 268 | lintpkgsrc $lintpkgsrc_cache -K $packages -P $pkgsrcdir -p > "${old_packages}.tmp" |
254 | sed 's@'$packages'/@@' < "${old_packages}.tmp" > "$old_packages" | | 269 | sed 's@'$packages'/@@' < "${old_packages}.tmp" > "$old_packages" |
255 | | | 270 | |
256 | RSFLAGS="-vap --progress $RSYNC_OPTS" | | 271 | RSFLAGS="-vap --progress $RSYNC_OPTS" |
257 | | | 272 | |
258 | failed=no | | 273 | failed=no |
259 | cd $packages | | 274 | cd $packages |
260 | | | 275 | |
261 | echo "upload> Checking for restricted packages" | | 276 | echo "upload> Checking for restricted and vulnerable packages" |
262 | (cd All && env PKG_INFO="${pkg_info}" OUTDIR="${TMP}" \ | | 277 | (cd All && env PKG_INFO="${pkg_info}" OUTDIR="${TMP}" PKGVULNDIR="${distdir}" \ |
| | | 278 | AUDIT_PACKAGES_FLAGS="${AUDIT_PACKAGES_FLAGS}" \ |
| | | 279 | DOWNLOAD_VULNERABILITY_LIST_FLAGS="${DOWNLOAD_VULNERABILITY_LIST_FLAGS}" \ |
263 | ${shell} "${pkgsrcdir}/mk/bulk/sort-packages") | | 280 | ${shell} "${pkgsrcdir}/mk/bulk/sort-packages") |
264 | | | 281 | |
265 | # Add the name of the package file, including all its symlinks to the | | 282 | # Add the name of the package file, including all its symlinks to the |
266 | # list of files to be uploaded. | | 283 | # list of files to be uploaded. |
267 | while read package; do | | 284 | while read package; do |
268 | ls -1 */"$package" | | 285 | ls -1 */"$package" |
269 | done < "$good_packages" > "$all_good_packages" | | 286 | done < "$good_packages" > "$all_good_packages" |
270 | | | 287 | |
271 | if [ "${MKSUMS}" = "yes" -o "${MKSUMS}" = "YES" ]; then | | 288 | if [ "${MKSUMS}" = "yes" -o "${MKSUMS}" = "YES" ]; then |
272 | | | 289 | |
273 | echo "upload> Calculating checksum files..." | | 290 | echo "upload> Calculating checksum files..." |
274 | | | 291 | |
275 | SUMFILES="BSDSUM CKSUM MD5 SHA1 SYSVSUM" | | 292 | SUMFILES="BSDSUM CKSUM MD5 SHA1 SYSVSUM" |
| @@ -281,27 +298,27 @@ if [ "${MKSUMS}" = "yes" -o "${MKSUMS}" | | | @@ -281,27 +298,27 @@ if [ "${MKSUMS}" = "yes" -o "${MKSUMS}" |
281 | for i in ${SUMFILES}; do | | 298 | for i in ${SUMFILES}; do |
282 | echo > $i | | 299 | echo > $i |
283 | echo "This file is signed with ${SIGN_AS}'s PGP key." >> $i | | 300 | echo "This file is signed with ${SIGN_AS}'s PGP key." >> $i |
284 | echo >> $i | | 301 | echo >> $i |
285 | done | | 302 | done |
286 | fi | | 303 | fi |
287 | | | 304 | |
288 | install_required "pkgtools/digest" | | 305 | install_required "pkgtools/digest" |
289 | | | 306 | |
290 | [ -z "${BSDSUM}" ] && BSDSUM="echo" | | 307 | [ -z "${BSDSUM}" ] && BSDSUM="echo" |
291 | [ -z "${CKSUM}" ] && CKSUM="echo" | | 308 | [ -z "${CKSUM}" ] && CKSUM="echo" |
292 | [ -z "${SYSVSUM}" ] && SYSVSUM="echo" | | 309 | [ -z "${SYSVSUM}" ] && SYSVSUM="echo" |
293 | | | 310 | |
294 | for pkg in `cat "${good_packages}"`; do | | 311 | for pkg in `cat "${good_packages}" "${vulnerable_packages}"`; do |
295 | pkg="All/$pkg" | | 312 | pkg="All/$pkg" |
296 | ${BSDSUM} "$pkg" >> BSDSUM | | 313 | ${BSDSUM} "$pkg" >> BSDSUM |
297 | ${CKSUM} "$pkg" >> CKSUM | | 314 | ${CKSUM} "$pkg" >> CKSUM |
298 | ${MD5} "$pkg" >> MD5 | | 315 | ${MD5} "$pkg" >> MD5 |
299 | ${SHA1} "$pkg" >> SHA1 | | 316 | ${SHA1} "$pkg" >> SHA1 |
300 | ${SYSVSUM} "$pkg" >> SYSVSUM | | 317 | ${SYSVSUM} "$pkg" >> SYSVSUM |
301 | done | | 318 | done |
302 | | | 319 | |
303 | [ "${BSDSUM}" = "echo" ] && rm BSDSUM | | 320 | [ "${BSDSUM}" = "echo" ] && rm BSDSUM |
304 | [ "${CKSUM}" = "echo" ] && rm CKSUM | | 321 | [ "${CKSUM}" = "echo" ] && rm CKSUM |
305 | [ "${SYSVSUM}" = "echo" ] && rm SYSVSUM | | 322 | [ "${SYSVSUM}" = "echo" ] && rm SYSVSUM |
306 | | | 323 | |
307 | if [ "${SIGN_AS-}" != "" ]; then | | 324 | if [ "${SIGN_AS-}" != "" ]; then |
| @@ -323,34 +340,54 @@ if [ "${MKSUMMARY-}" = "yes" -o "${MKSUM | | | @@ -323,34 +340,54 @@ if [ "${MKSUMMARY-}" = "yes" -o "${MKSUM |
323 | && ls -t | grep '\.t[gb]z$' | while read n; do pkg_info -X "$n"; done) \ | | 340 | && ls -t | grep '\.t[gb]z$' | while read n; do pkg_info -X "$n"; done) \ |
324 | | ${gzip_cmd} > "${packages}"/All/pkg_summary.gz | | 341 | | ${gzip_cmd} > "${packages}"/All/pkg_summary.gz |
325 | fi | | 342 | fi |
326 | | | 343 | |
327 | cat <<EOF > "$upload_general" | | 344 | cat <<EOF > "$upload_general" |
328 | #! /bin/sh | | 345 | #! /bin/sh |
329 | set -e | | 346 | set -e |
330 | cd "$packages" | | 347 | cd "$packages" |
331 | rsync $RSFLAGS --files-from="${all_good_packages}" --exclude-from="${old_packages}" . "$RSYNC_DST/" | | 348 | rsync $RSFLAGS --files-from="${all_good_packages}" --exclude-from="${old_packages}" . "$RSYNC_DST/" |
332 | EOF | | 349 | EOF |
333 | chmod +x "$upload_general" | | 350 | chmod +x "$upload_general" |
334 | | | 351 | |
335 | if [ "$do_upload" = "yes" ]; then | | 352 | if [ "$do_upload" = "yes" ]; then |
336 | echo "upload> Uploading packages" | | 353 | echo "upload> Uploading non-vulnerable packages" |
337 | ${shell} "$upload_general" \ | | 354 | ${shell} "$upload_general" \ |
338 | || { | | 355 | || { |
339 | echo "upload> ERROR: rsync failed. To retry later, you can run $upload_general" 1>&2 | | 356 | echo "upload> ERROR: rsync failed. To retry later, you can run $upload_general" 1>&2 |
340 | failed=yes | | 357 | failed=yes |
341 | } | | 358 | } |
342 | else | | 359 | else |
343 | echo "upload> Skipping upload of packages." | | 360 | echo "upload> Skipping upload of non-vulnerable packages." |
344 | echo " Run \"$upload_general\" to upload them later." | | 361 | echo " Run \"$upload_general\" to upload them later." |
345 | fi | | 362 | fi |
346 | | | 363 | |
| | | 364 | cat <<EOF > "$upload_vulnerable" |
| | | 365 | #! /bin/sh |
| | | 366 | set -e |
| | | 367 | cd "$packages/All" |
| | | 368 | rsync $RSFLAGS --files-from="${vulnerable_packages}" --exclude-from="${old_packages}" . "$RSYNC_DST/All/" |
| | | 369 | EOF |
| | | 370 | chmod +x "$upload_vulnerable" |
| | | 371 | |
| | | 372 | if [ "$do_upload" = "yes" ]; then |
| | | 373 | echo "upload> Uploading vulnerable packages" |
| | | 374 | ${shell} "$upload_vulnerable" \ |
| | | 375 | || { |
| | | 376 | echo "upload> ERROR: rsync failed. To retry later, you can run $upload_vulnerable" 1>&2 |
| | | 377 | failed=yes |
| | | 378 | } |
| | | 379 | else |
| | | 380 | echo "upload> Skipping upload of vulnerable packages." |
| | | 381 | echo " Run \"$upload_vulnerable\" to upload them later." |
| | | 382 | fi |
| | | 383 | |
347 | # clean up temp files | | 384 | # clean up temp files |
348 | if [ "$failed,$debug,$do_upload" = "no,no,yes" ]; then | | 385 | if [ "$failed,$debug,$do_upload" = "no,no,yes" ]; then |
349 | rm -fr "$TMP" | | 386 | rm -fr "$TMP" |
350 | else | | 387 | else |
351 | echo "upload> Preserving temporary directory ${TMP}" | | 388 | echo "upload> Preserving temporary directory ${TMP}" |
352 | fi | | 389 | fi |
353 | | | 390 | |
354 | if [ "$failed" = "yes" ]; then | | 391 | if [ "$failed" = "yes" ]; then |
355 | exit 1 | | 392 | exit 1 |
356 | fi | | 393 | fi |