Sat Apr 10 21:44:45 2010 UTC ()
Get rid of support for vulnerable/ directory.


(wiz)
diff -r1.14 -r1.15 pkgsrc/mk/bulk/sort-packages
diff -r1.47 -r1.48 pkgsrc/mk/bulk/upload
cvs diff -r1.14 -r1.15 pkgsrc/mk/bulk/Attic/sort-packages (expand / switch to unified diff)

--- pkgsrc/mk/bulk/Attic/sort-packages 2010/03/21 15:31:41 1.14
+++ pkgsrc/mk/bulk/Attic/sort-packages 2010/04/10 21:44:44 1.15
@@ -1,47 +1,41 @@ @@ -1,47 +1,41 @@
1#! /bin/sh 1#! /bin/sh
2# $NetBSD: sort-packages,v 1.14 2010/03/21 15:31:41 wiz Exp $ 2# $NetBSD: sort-packages,v 1.15 2010/04/10 21:44:44 wiz Exp $
3 3
4# This program scans all binary packages in the current directory and 4# This program scans all binary packages in the current directory and
5# creates three lists of files in OUTDIR: 5# creates two lists of files in OUTDIR:
6# 6#
7# restricted_packages 7# restricted_packages
8# contains all packages that must not be published on the FTP 8# contains all packages that must not be published on the FTP
9# server, for whatever reason 9# server, for whatever reason
10# 10#
11# vulnerable_packages 
12# contains all packages that are not restricted, but vulnerable 
13# 
14# regular_packages 11# regular_packages
15# contains all the other ("good") packages. 12# contains all the other ("good") packages.
16# 13#
17 14
18set -eu 15set -eu
19 16
20: ${OUTDIR="/tmp"} 17: ${OUTDIR="/tmp"}
21: ${PKG_SUFX=".tgz"} 18: ${PKG_SUFX=".tgz"}
22: ${AUDIT_PACKAGES="audit-packages"} 
23: ${PKG_ADMIN="pkg_admin"} 19: ${PKG_ADMIN="pkg_admin"}
24: ${PKG_INFO="pkg_info"} 20: ${PKG_INFO="pkg_info"}
25 21
26regular_packages="${OUTDIR}/regular_packages" 22regular_packages="${OUTDIR}/regular_packages"
27restricted_packages="${OUTDIR}/restricted_packages" 23restricted_packages="${OUTDIR}/restricted_packages"
28vulnerable_packages="${OUTDIR}/vulnerable_packages" 
29newline=" 24newline="
30" 25"
31 26
32: > "${regular_packages}" 27: > "${regular_packages}"
33: > "${restricted_packages}" 28: > "${restricted_packages}"
34: > "${vulnerable_packages}" 
35 29
36for pkg in *${PKG_SUFX}; do 30for pkg in *${PKG_SUFX}; do
37 build_info=`${PKG_INFO} -B "${pkg}"` 31 build_info=`${PKG_INFO} -B "${pkg}"`
38 32
39 # Note: this code needs to be that complicated because licensing 33 # Note: this code needs to be that complicated because licensing
40 # issues are critical to pkgsrc, and we really don't want 34 # issues are critical to pkgsrc, and we really don't want
41 # anything unexpected to happen here. The worst case would be 35 # anything unexpected to happen here. The worst case would be
42 # that some file is sorted wrongly because some change in the 36 # that some file is sorted wrongly because some change in the
43 # output of pkg_info which had not been foreseen. Therefore it 37 # output of pkg_info which had not been foreseen. Therefore it
44 # is better to check as strictly as possible to make those 38 # is better to check as strictly as possible to make those
45 # changes immediately visible. 39 # changes immediately visible.
46 40
47 no_bin_on_ftp="unknown" 41 no_bin_on_ftp="unknown"
@@ -54,45 +48,33 @@ for pkg in *${PKG_SUFX}; do @@ -54,45 +48,33 @@ for pkg in *${PKG_SUFX}; do
54 ;; 48 ;;
55 esac 49 esac
56 50
57 restricted="unknown" 51 restricted="unknown"
58 case "${newline}${build_info}${newline}" in 52 case "${newline}${build_info}${newline}" in
59 *"${newline}RESTRICTED=${newline}"*) 53 *"${newline}RESTRICTED=${newline}"*)
60 restricted="no" 54 restricted="no"
61 ;; 55 ;;
62 *"${newline}RESTRICTED="*) 56 *"${newline}RESTRICTED="*)
63 restricted="yes" 57 restricted="yes"
64 ;; 58 ;;
65 esac 59 esac
66 60
67 if [ "${restricted}" = "no" ] && [ "${no_bin_on_ftp}" = "no" ]; then 61 if [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then
68 # Check whether the package is vulnerable or not. 
69 pkg_prefix="${pkg%%-*}" 
70 category="regular" 
71 _INFO_VER=`${PKG_INFO} -V`; 
72 vuln=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -p "${pkg}"` 
73 if [ -n "${vuln}" ]; then 
74 category="vulnerable" 
75 fi 
76 elif [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then 
77 category="restricted" 62 category="restricted"
78 else 63 else
79 category="unknown" 64 category="unknown"
80 fi 65 fi
81 66
82 : echo "upload> ${pkg} is ${category}." 67 : echo "upload> ${pkg} is ${category}."
83 68
84 case "${category}" in 69 case "${category}" in
85 "regular") 70 "regular")
86 echo "${pkg}" >> "${regular_packages}" 71 echo "${pkg}" >> "${regular_packages}"
87 ;; 72 ;;
88 "vulnerable") 
89 echo "${pkg}" >> "${vulnerable_packages}" 
90 ;; 
91 "restricted") 73 "restricted")
92 echo "${pkg}" >> "${restricted_packages}" 74 echo "${pkg}" >> "${restricted_packages}"
93 ;; 75 ;;
94 *) 76 *)
95 echo "sort-packages> WARNING: Could not sort ${pkg} into a category." 1>&2 77 echo "sort-packages> WARNING: Could not sort ${pkg} into a category." 1>&2
96 ;; 78 ;;
97 esac 79 esac
98done 80done
cvs diff -r1.47 -r1.48 pkgsrc/mk/bulk/Attic/upload (expand / switch to unified diff)

--- pkgsrc/mk/bulk/Attic/upload 2010/03/21 15:31:42 1.47
+++ pkgsrc/mk/bulk/Attic/upload 2010/04/10 21:44:44 1.48
@@ -1,15 +1,15 @@ @@ -1,15 +1,15 @@
1#!/bin/sh 1#!/bin/sh
2# $NetBSD: upload,v 1.47 2010/03/21 15:31:42 wiz Exp $ 2# $NetBSD: upload,v 1.48 2010/04/10 21:44:44 wiz Exp $
3 3
4# 4#
5# Upload non-restricted binary pkgs to ftp server 5# Upload non-restricted binary pkgs to ftp server
6# 6#
7 7
8AWK=${AWK:-/usr/bin/awk} 8AWK=${AWK:-/usr/bin/awk}
9PKG_ADMIN="pkg_admin" 9PKG_ADMIN="pkg_admin"
10PKG_INFO="pkg_info" 10PKG_INFO="pkg_info"
11 11
12set -eu 12set -eu
13 13
14# 14#
15# Find out where we are 15# Find out where we are
@@ -208,85 +208,68 @@ fi @@ -208,85 +208,68 @@ fi
208# 208#
209# Some temp files 209# Some temp files
210# 210#
211 211
212umask 022 212umask 022
213TMPDIR="${TMPDIR:-/tmp}" 213TMPDIR="${TMPDIR:-/tmp}"
214TMP="${TMPDIR}"/pkg_upload.$$ 214TMP="${TMPDIR}"/pkg_upload.$$
215(umask 077 && mkdir "${TMP}") \ 215(umask 077 && mkdir "${TMP}") \
216|| { 216|| {
217 echo "upload> ERROR: cannot create temporary directory \"${TMP}\"." 1>&2 217 echo "upload> ERROR: cannot create temporary directory \"${TMP}\"." 1>&2
218 exit 1 218 exit 1
219} 219}
220 220
221vulnerable_packages="$TMP/vulnerable_packages" 
222restricted_packages="$TMP/restricted_packages" 221restricted_packages="$TMP/restricted_packages"
223old_packages="$TMP/old_packages" 222old_packages="$TMP/old_packages"
224good_packages="$TMP/regular_packages" 223good_packages="$TMP/regular_packages"
225all_good_packages="$TMP/all_regular_packages" 224all_good_packages="$TMP/all_regular_packages"
226 225
227upload_general="$TMP"/upload_general 226upload_general="$TMP"/upload_general
228upload_vulnerable="$TMP"/upload_vulnerable 
229 227
230# May be different than $USR_PKGSRC: 228# May be different than $USR_PKGSRC:
231echo "upload> Running ${BMAKE} to get the pkgsrc variables" 229echo "upload> Running ${BMAKE} to get the pkgsrc variables"
232pkgsrcdir=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=_PKGSRCDIR` 230pkgsrcdir=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=_PKGSRCDIR`
233packages=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=PACKAGES` 231packages=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=PACKAGES`
234distdir=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=DISTDIR` 232distdir=`cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=DISTDIR`
235gzip_cmd=`cd pkgtools/lintpkgsrc; ${BMAKE} show-var VARNAME=GZIP_CMD USE_TOOLS=gzip` 233gzip_cmd=`cd pkgtools/lintpkgsrc; ${BMAKE} show-var VARNAME=GZIP_CMD USE_TOOLS=gzip`
236pkg_info=`cd pkgtools/lintpkgsrc && ${BMAKE} show-var VARNAME=PKG_INFO` 234pkg_info=`cd pkgtools/lintpkgsrc && ${BMAKE} show-var VARNAME=PKG_INFO`
237shell=`cd pkgtools/lintpkgsrc && ${BMAKE} show-var VARNAME=TOOLS_PLATFORM.sh` 235shell=`cd pkgtools/lintpkgsrc && ${BMAKE} show-var VARNAME=TOOLS_PLATFORM.sh`
238 236
239# Pull in some pkgs needed 237# Pull in some pkgs needed
240for pkg in ${REQUIRED_PACKAGES}; do 238for pkg in ${REQUIRED_PACKAGES}; do
241 install_required $pkg 239 install_required $pkg
242done 240done
243 241
244echo "upload> Making sure vulnerability-list is up-to-date:" 
245if [ -z "$UPDATE_VULNERABILITY_LIST" -o "$UPDATE_VULNERABILITY_LIST" = "yes" ] 
246then 
247 _PKGVULNDIR=`audit-packages ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR` 
248 download-vulnerability-list ${DOWNLOAD_VULNERABILITY_LIST_FLAGS} 
249 if [ "x${_PKGVULNDIR}" != "x${distdir}" ]; then 
250 cp ${_PKGVULNDIR}/pkg-vulnerabilities ${distdir} 
251 fi 
252 echo " done." 
253else 
254 echo " (skipped)" 
255fi 
256 
257case $LINTPKGSRC_CACHE in 242case $LINTPKGSRC_CACHE in
258yes|YES) 243yes|YES)
259 lintpkgsrc_cache="-I `cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=LINTPKGSRC_DB`" 244 lintpkgsrc_cache="-I `cd pkgtools/lintpkgsrc ; ${BMAKE} show-var VARNAME=LINTPKGSRC_DB`"
260 ;; 245 ;;
261*) 246*)
262 lintpkgsrc_cache='' 247 lintpkgsrc_cache=''
263 ;; 248 ;;
264esac 249esac
265 250
266echo "upload> Checking for out of date packages:" 251echo "upload> Checking for out of date packages:"
267# -p = report old versions of packages 252# -p = report old versions of packages
268lintpkgsrc $lintpkgsrc_cache -K $packages -P $pkgsrcdir -p > "${old_packages}.tmp" 253lintpkgsrc $lintpkgsrc_cache -K $packages -P $pkgsrcdir -p > "${old_packages}.tmp"
269sed 's@'$packages'/@@' < "${old_packages}.tmp" > "$old_packages" 254sed 's@'$packages'/@@' < "${old_packages}.tmp" > "$old_packages"
270 255
271RSFLAGS="-vap --progress $RSYNC_OPTS" 256RSFLAGS="-vap --progress $RSYNC_OPTS"
272 257
273failed=no 258failed=no
274cd $packages 259cd $packages
275 260
276echo "upload> Checking for restricted and vulnerable packages" 261echo "upload> Checking for restricted packages"
277(cd All && env PKG_INFO="${pkg_info}" OUTDIR="${TMP}" PKGVULNDIR="${distdir}" \ 262(cd All && env PKG_INFO="${pkg_info}" OUTDIR="${TMP}" \
278 AUDIT_PACKAGES_FLAGS="${AUDIT_PACKAGES_FLAGS}" \ 
279 DOWNLOAD_VULNERABILITY_LIST_FLAGS="${DOWNLOAD_VULNERABILITY_LIST_FLAGS}" \ 
280 ${shell} "${pkgsrcdir}/mk/bulk/sort-packages") 263 ${shell} "${pkgsrcdir}/mk/bulk/sort-packages")
281 264
282# Add the name of the package file, including all its symlinks to the 265# Add the name of the package file, including all its symlinks to the
283# list of files to be uploaded. 266# list of files to be uploaded.
284while read package; do 267while read package; do
285 ls -1 */"$package" 268 ls -1 */"$package"
286done < "$good_packages" > "$all_good_packages" 269done < "$good_packages" > "$all_good_packages"
287 270
288if [ "${MKSUMS}" = "yes" -o "${MKSUMS}" = "YES" ]; then 271if [ "${MKSUMS}" = "yes" -o "${MKSUMS}" = "YES" ]; then
289 272
290 echo "upload> Calculating checksum files..." 273 echo "upload> Calculating checksum files..."
291 274
292 SUMFILES="BSDSUM CKSUM MD5 SHA1 SYSVSUM" 275 SUMFILES="BSDSUM CKSUM MD5 SHA1 SYSVSUM"
@@ -298,27 +281,27 @@ if [ "${MKSUMS}" = "yes" -o "${MKSUMS}"  @@ -298,27 +281,27 @@ if [ "${MKSUMS}" = "yes" -o "${MKSUMS}"
298 for i in ${SUMFILES}; do 281 for i in ${SUMFILES}; do
299 echo > $i 282 echo > $i
300 echo "This file is signed with ${SIGN_AS}'s PGP key." >> $i 283 echo "This file is signed with ${SIGN_AS}'s PGP key." >> $i
301 echo >> $i 284 echo >> $i
302 done 285 done
303 fi 286 fi
304 287
305 install_required "pkgtools/digest" 288 install_required "pkgtools/digest"
306 289
307 [ -z "${BSDSUM}" ] && BSDSUM="echo" 290 [ -z "${BSDSUM}" ] && BSDSUM="echo"
308 [ -z "${CKSUM}" ] && CKSUM="echo" 291 [ -z "${CKSUM}" ] && CKSUM="echo"
309 [ -z "${SYSVSUM}" ] && SYSVSUM="echo" 292 [ -z "${SYSVSUM}" ] && SYSVSUM="echo"
310 293
311 for pkg in `cat "${good_packages}" "${vulnerable_packages}"`; do 294 for pkg in `cat "${good_packages}"`; do
312 pkg="All/$pkg" 295 pkg="All/$pkg"
313 ${BSDSUM} "$pkg" >> BSDSUM 296 ${BSDSUM} "$pkg" >> BSDSUM
314 ${CKSUM} "$pkg" >> CKSUM 297 ${CKSUM} "$pkg" >> CKSUM
315 ${MD5} "$pkg" >> MD5 298 ${MD5} "$pkg" >> MD5
316 ${SHA1} "$pkg" >> SHA1 299 ${SHA1} "$pkg" >> SHA1
317 ${SYSVSUM} "$pkg" >> SYSVSUM 300 ${SYSVSUM} "$pkg" >> SYSVSUM
318 done 301 done
319 302
320 [ "${BSDSUM}" = "echo" ] && rm BSDSUM 303 [ "${BSDSUM}" = "echo" ] && rm BSDSUM
321 [ "${CKSUM}" = "echo" ] && rm CKSUM 304 [ "${CKSUM}" = "echo" ] && rm CKSUM
322 [ "${SYSVSUM}" = "echo" ] && rm SYSVSUM 305 [ "${SYSVSUM}" = "echo" ] && rm SYSVSUM
323 306
324 if [ "${SIGN_AS-}" != "" ]; then 307 if [ "${SIGN_AS-}" != "" ]; then
@@ -340,54 +323,34 @@ if [ "${MKSUMMARY-}" = "yes" -o "${MKSUM @@ -340,54 +323,34 @@ if [ "${MKSUMMARY-}" = "yes" -o "${MKSUM
340 && ls -t | grep '\.t[gb]z$' | while read n; do pkg_info -X "$n"; done) \ 323 && ls -t | grep '\.t[gb]z$' | while read n; do pkg_info -X "$n"; done) \
341 | ${gzip_cmd} > "${packages}"/All/pkg_summary.gz 324 | ${gzip_cmd} > "${packages}"/All/pkg_summary.gz
342fi 325fi
343 326
344cat <<EOF > "$upload_general" 327cat <<EOF > "$upload_general"
345#! /bin/sh 328#! /bin/sh
346set -e 329set -e
347cd "$packages" 330cd "$packages"
348rsync $RSFLAGS --files-from="${all_good_packages}" --exclude-from="${old_packages}" . "$RSYNC_DST/" 331rsync $RSFLAGS --files-from="${all_good_packages}" --exclude-from="${old_packages}" . "$RSYNC_DST/"
349EOF 332EOF
350chmod +x "$upload_general" 333chmod +x "$upload_general"
351 334
352if [ "$do_upload" = "yes" ]; then 335if [ "$do_upload" = "yes" ]; then
353 echo "upload> Uploading non-vulnerable packages" 336 echo "upload> Uploading packages"
354 ${shell} "$upload_general" \ 337 ${shell} "$upload_general" \
355 || { 338 || {
356 echo "upload> ERROR: rsync failed. To retry later, you can run $upload_general" 1>&2 339 echo "upload> ERROR: rsync failed. To retry later, you can run $upload_general" 1>&2
357 failed=yes 340 failed=yes
358 } 341 }
359else 342else
360 echo "upload> Skipping upload of non-vulnerable packages." 343 echo "upload> Skipping upload of packages."
361 echo " Run \"$upload_general\" to upload them later." 344 echo " Run \"$upload_general\" to upload them later."
362fi 345fi
363 346
364cat <<EOF > "$upload_vulnerable" 
365#! /bin/sh 
366set -e 
367cd "$packages/All" 
368rsync $RSFLAGS --files-from="${vulnerable_packages}" --exclude-from="${old_packages}" . "$RSYNC_DST/All/" 
369EOF 
370chmod +x "$upload_vulnerable" 
371 
372if [ "$do_upload" = "yes" ]; then 
373 echo "upload> Uploading vulnerable packages" 
374 ${shell} "$upload_vulnerable" \ 
375 || { 
376 echo "upload> ERROR: rsync failed. To retry later, you can run $upload_vulnerable" 1>&2 
377 failed=yes 
378 } 
379else 
380 echo "upload> Skipping upload of vulnerable packages." 
381 echo " Run \"$upload_vulnerable\" to upload them later." 
382fi 
383 
384# clean up temp files 347# clean up temp files
385if [ "$failed,$debug,$do_upload" = "no,no,yes" ]; then 348if [ "$failed,$debug,$do_upload" = "no,no,yes" ]; then
386 rm -fr "$TMP" 349 rm -fr "$TMP"
387else 350else
388 echo "upload> Preserving temporary directory ${TMP}" 351 echo "upload> Preserving temporary directory ${TMP}"
389fi 352fi
390 353
391if [ "$failed" = "yes" ]; then 354if [ "$failed" = "yes" ]; then
392 exit 1 355 exit 1
393fi 356fi