pkg_install-20100616: - Recognize -C for pkg_add like the rest of the tools do - Do the existing check for pkg_add -f, it makes the combination of -f and -U a bit less surprising - Fix option handling for CHECK_VULNERABILITIES (from spz@) - Make end-of-life check the default. pkg_install.conf(5) can be used to override the default. The existing admin -e & co continue to work as before.diff -r1.25 -r1.26 pkgsrc/pkgtools/pkg_install/files/add/main.c
(joerg)
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: main.c,v 1.25 2010/02/18 13:43:11 joerg Exp $ */ | 1 | /* $NetBSD: main.c,v 1.26 2010/06/16 23:02:48 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: main.c,v 1.25 2010/02/18 13:43:11 joerg Exp $"); | 10 | __RCSID("$NetBSD: main.c,v 1.26 2010/06/16 23:02:48 joerg Exp $"); | |
11 | 11 | |||
12 | /* | 12 | /* | |
13 | * | 13 | * | |
14 | * FreeBSD install - a package for the installation and maintainance | 14 | * FreeBSD install - a package for the installation and maintainance | |
15 | * of non-core utilities. | 15 | * of non-core utilities. | |
16 | * | 16 | * | |
17 | * Redistribution and use in source and binary forms, with or without | 17 | * Redistribution and use in source and binary forms, with or without | |
18 | * modification, are permitted provided that the following conditions | 18 | * modification, are permitted provided that the following conditions | |
19 | * are met: | 19 | * are met: | |
20 | * 1. Redistributions of source code must retain the above copyright | 20 | * 1. Redistributions of source code must retain the above copyright | |
21 | * notice, this list of conditions and the following disclaimer. | 21 | * notice, this list of conditions and the following disclaimer. | |
22 | * 2. Redistributions in binary form must reproduce the above copyright | 22 | * 2. Redistributions in binary form must reproduce the above copyright | |
23 | * notice, this list of conditions and the following disclaimer in the | 23 | * notice, this list of conditions and the following disclaimer in the | |
@@ -29,27 +29,27 @@ __RCSID("$NetBSD: main.c,v 1.25 2010/02/ | @@ -29,27 +29,27 @@ __RCSID("$NetBSD: main.c,v 1.25 2010/02/ | |||
29 | * This is the add module. | 29 | * This is the add module. | |
30 | * | 30 | * | |
31 | */ | 31 | */ | |
32 | 32 | |||
33 | #if HAVE_ERR_H | 33 | #if HAVE_ERR_H | |
34 | #include <err.h> | 34 | #include <err.h> | |
35 | #endif | 35 | #endif | |
36 | #if HAVE_SYS_PARAM_H | 36 | #if HAVE_SYS_PARAM_H | |
37 | #include <sys/param.h> | 37 | #include <sys/param.h> | |
38 | #endif | 38 | #endif | |
39 | #include "lib.h" | 39 | #include "lib.h" | |
40 | #include "add.h" | 40 | #include "add.h" | |
41 | 41 | |||
42 | static char Options[] = "AIK:LP:RVW:fhm:np:t:Uuvw:"; | 42 | static char Options[] = "AC:IK:LP:RVW:fhm:np:t:Uuvw:"; | |
43 | 43 | |||
44 | char *Destdir = NULL; | 44 | char *Destdir = NULL; | |
45 | char *OverrideMachine = NULL; | 45 | char *OverrideMachine = NULL; | |
46 | char *Prefix = NULL; | 46 | char *Prefix = NULL; | |
47 | char *View = NULL; | 47 | char *View = NULL; | |
48 | char *Viewbase = NULL; | 48 | char *Viewbase = NULL; | |
49 | Boolean NoView = FALSE; | 49 | Boolean NoView = FALSE; | |
50 | Boolean NoInstall = FALSE; | 50 | Boolean NoInstall = FALSE; | |
51 | Boolean NoRecord = FALSE; | 51 | Boolean NoRecord = FALSE; | |
52 | Boolean Automatic = FALSE; | 52 | Boolean Automatic = FALSE; | |
53 | Boolean ForceDepends = FALSE; | 53 | Boolean ForceDepends = FALSE; | |
54 | 54 | |||
55 | int LicenseCheck = 0; | 55 | int LicenseCheck = 0; |
@@ -1,22 +1,22 @@ | @@ -1,22 +1,22 @@ | |||
1 | /* $NetBSD: perform.c,v 1.96 2010/04/14 18:24:58 joerg Exp $ */ | 1 | /* $NetBSD: perform.c,v 1.97 2010/06/16 23:02:48 joerg Exp $ */ | |
2 | #if HAVE_CONFIG_H | 2 | #if HAVE_CONFIG_H | |
3 | #include "config.h" | 3 | #include "config.h" | |
4 | #endif | 4 | #endif | |
5 | #include <nbcompat.h> | 5 | #include <nbcompat.h> | |
6 | #if HAVE_SYS_CDEFS_H | 6 | #if HAVE_SYS_CDEFS_H | |
7 | #include <sys/cdefs.h> | 7 | #include <sys/cdefs.h> | |
8 | #endif | 8 | #endif | |
9 | __RCSID("$NetBSD: perform.c,v 1.96 2010/04/14 18:24:58 joerg Exp $"); | 9 | __RCSID("$NetBSD: perform.c,v 1.97 2010/06/16 23:02:48 joerg Exp $"); | |
10 | 10 | |||
11 | /*- | 11 | /*- | |
12 | * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> | 12 | * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> | |
13 | * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org> | 13 | * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org> | |
14 | * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org> | 14 | * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org> | |
15 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org> | 15 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org> | |
16 | * All rights reserved. | 16 | * All rights reserved. | |
17 | * | 17 | * | |
18 | * Redistribution and use in source and binary forms, with or without | 18 | * Redistribution and use in source and binary forms, with or without | |
19 | * modification, are permitted provided that the following conditions | 19 | * modification, are permitted provided that the following conditions | |
20 | * are met: | 20 | * are met: | |
21 | * | 21 | * | |
22 | * 1. Redistributions of source code must retain the above copyright | 22 | * 1. Redistributions of source code must retain the above copyright | |
@@ -329,49 +329,49 @@ dup_value(const char *line, const char * | @@ -329,49 +329,49 @@ dup_value(const char *line, const char * | |||
329 | key = strchr(line, '='); | 329 | key = strchr(line, '='); | |
330 | val = xmalloc(eol - key); | 330 | val = xmalloc(eol - key); | |
331 | memcpy(val, key + 1, eol - key - 1); | 331 | memcpy(val, key + 1, eol - key - 1); | |
332 | val[eol - key - 1] = '\0'; | 332 | val[eol - key - 1] = '\0'; | |
333 | return val; | 333 | return val; | |
334 | } | 334 | } | |
335 | 335 | |||
336 | static int | 336 | static int | |
337 | check_already_installed(struct pkg_task *pkg) | 337 | check_already_installed(struct pkg_task *pkg) | |
338 | { | 338 | { | |
339 | char *filename; | 339 | char *filename; | |
340 | int fd; | 340 | int fd; | |
341 | 341 | |||
342 | if (Force) | |||
343 | return 1; | |||
344 | ||||
345 | filename = pkgdb_pkg_file(pkg->pkgname, CONTENTS_FNAME); | 342 | filename = pkgdb_pkg_file(pkg->pkgname, CONTENTS_FNAME); | |
346 | fd = open(filename, O_RDONLY); | 343 | fd = open(filename, O_RDONLY); | |
347 | free(filename); | 344 | free(filename); | |
348 | if (fd == -1) | 345 | if (fd == -1) | |
349 | return 1; | 346 | return 1; | |
350 | 347 | |||
351 | if (ReplaceSame) { | 348 | if (ReplaceSame) { | |
352 | struct stat sb; | 349 | struct stat sb; | |
353 | 350 | |||
354 | pkg->install_logdir_real = pkg->install_logdir; | 351 | pkg->install_logdir_real = pkg->install_logdir; | |
355 | pkg->install_logdir = xasprintf("%s.xxxxxx", pkg->install_logdir); | 352 | pkg->install_logdir = xasprintf("%s.xxxxxx", pkg->install_logdir); | |
356 | if (stat(pkg->install_logdir, &sb) == 0) { | 353 | if (stat(pkg->install_logdir, &sb) == 0) { | |
357 | warnx("package `%s' already has a temporary update " | 354 | warnx("package `%s' already has a temporary update " | |
358 | "directory `%s', remove it manually", | 355 | "directory `%s', remove it manually", | |
359 | pkg->pkgname, pkg->install_logdir); | 356 | pkg->pkgname, pkg->install_logdir); | |
360 | return -1; | 357 | return -1; | |
361 | } | 358 | } | |
362 | return 1; | 359 | return 1; | |
363 | } | 360 | } | |
364 | 361 | |||
362 | if (Force) | |||
363 | return 1; | |||
364 | ||||
365 | /* We can only arrive here for explicitly requested packages. */ | 365 | /* We can only arrive here for explicitly requested packages. */ | |
366 | if (!Automatic && is_automatic_installed(pkg->pkgname)) { | 366 | if (!Automatic && is_automatic_installed(pkg->pkgname)) { | |
367 | if (Fake || | 367 | if (Fake || | |
368 | mark_as_automatic_installed(pkg->pkgname, 0) == 0) | 368 | mark_as_automatic_installed(pkg->pkgname, 0) == 0) | |
369 | warnx("package `%s' was already installed as " | 369 | warnx("package `%s' was already installed as " | |
370 | "dependency, now marked as installed " | 370 | "dependency, now marked as installed " | |
371 | "manually", pkg->pkgname); | 371 | "manually", pkg->pkgname); | |
372 | } else { | 372 | } else { | |
373 | warnx("package `%s' already recorded as installed", | 373 | warnx("package `%s' already recorded as installed", | |
374 | pkg->pkgname); | 374 | pkg->pkgname); | |
375 | } | 375 | } | |
376 | close(fd); | 376 | close(fd); | |
377 | return 0; | 377 | return 0; | |
@@ -1259,44 +1259,44 @@ check_signature(struct pkg_task *pkg, in | @@ -1259,44 +1259,44 @@ check_signature(struct pkg_task *pkg, in | |||
1259 | return 1; | 1259 | return 1; | |
1260 | } | 1260 | } | |
1261 | 1261 | |||
1262 | static int | 1262 | static int | |
1263 | check_vulnerable(struct pkg_task *pkg) | 1263 | check_vulnerable(struct pkg_task *pkg) | |
1264 | { | 1264 | { | |
1265 | static struct pkg_vulnerabilities *pv; | 1265 | static struct pkg_vulnerabilities *pv; | |
1266 | int require_check; | 1266 | int require_check; | |
1267 | char *line; | 1267 | char *line; | |
1268 | size_t len; | 1268 | size_t len; | |
1269 | 1269 | |||
1270 | if (strcasecmp(check_vulnerabilities, "never") == 0) | 1270 | if (strcasecmp(check_vulnerabilities, "never") == 0) | |
1271 | return 0; | 1271 | return 0; | |
1272 | else if (strcasecmp(check_vulnerabilities, "always")) | 1272 | else if (strcasecmp(check_vulnerabilities, "always") == 0) | |
1273 | require_check = 1; | 1273 | require_check = 1; | |
1274 | else if (strcasecmp(check_vulnerabilities, "interactive")) | 1274 | else if (strcasecmp(check_vulnerabilities, "interactive") == 0) | |
1275 | require_check = 0; | 1275 | require_check = 0; | |
1276 | else { | 1276 | else { | |
1277 | warnx("Unknown value of the configuration variable" | 1277 | warnx("Unknown value of the configuration variable" | |
1278 | "CHECK_VULNERABILITIES"); | 1278 | "CHECK_VULNERABILITIES"); | |
1279 | return 1; | 1279 | return 1; | |
1280 | } | 1280 | } | |
1281 | 1281 | |||
1282 | if (pv == NULL) { | 1282 | if (pv == NULL) { | |
1283 | pv = read_pkg_vulnerabilities_file(pkg_vulnerabilities_file, | 1283 | pv = read_pkg_vulnerabilities_file(pkg_vulnerabilities_file, | |
1284 | require_check, 0); | 1284 | require_check, 0); | |
1285 | if (pv == NULL) | 1285 | if (pv == NULL) | |
1286 | return require_check; | 1286 | return require_check; | |
1287 | } | 1287 | } | |
1288 | 1288 | |||
1289 | if (!audit_package(pv, pkg->pkgname, NULL, 0, 2)) | 1289 | if (!audit_package(pv, pkg->pkgname, NULL, 2)) | |
1290 | return 0; | 1290 | return 0; | |
1291 | 1291 | |||
1292 | if (require_check) | 1292 | if (require_check) | |
1293 | return 1; | 1293 | return 1; | |
1294 | 1294 | |||
1295 | fprintf(stderr, "Do you want to proceed with the installation of %s" | 1295 | fprintf(stderr, "Do you want to proceed with the installation of %s" | |
1296 | " [y/n]?\n", pkg->pkgname); | 1296 | " [y/n]?\n", pkg->pkgname); | |
1297 | line = fgetln(stdin, &len); | 1297 | line = fgetln(stdin, &len); | |
1298 | if (check_input(line, len)) { | 1298 | if (check_input(line, len)) { | |
1299 | fprintf(stderr, "Cancelling installation\n"); | 1299 | fprintf(stderr, "Cancelling installation\n"); | |
1300 | return 1; | 1300 | return 1; | |
1301 | } | 1301 | } | |
1302 | return 0; | 1302 | return 0; |
@@ -1,41 +1,42 @@ | @@ -1,41 +1,42 @@ | |||
1 | .\" $NetBSD: pkg_add.1,v 1.43 2010/02/18 13:43:11 joerg Exp $ | 1 | .\" $NetBSD: pkg_add.1,v 1.44 2010/06/16 23:02:48 joerg Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" FreeBSD install - a package for the installation and maintenance | 3 | .\" FreeBSD install - a package for the installation and maintenance | |
4 | .\" of non-core utilities. | 4 | .\" of non-core utilities. | |
5 | .\" | 5 | .\" | |
6 | .\" Redistribution and use in source and binary forms, with or without | 6 | .\" Redistribution and use in source and binary forms, with or without | |
7 | .\" modification, are permitted provided that the following conditions | 7 | .\" modification, are permitted provided that the following conditions | |
8 | .\" are met: | 8 | .\" are met: | |
9 | .\" 1. Redistributions of source code must retain the above copyright | 9 | .\" 1. Redistributions of source code must retain the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer. | 10 | .\" notice, this list of conditions and the following disclaimer. | |
11 | .\" 2. Redistributions in binary form must reproduce the above copyright | 11 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
12 | .\" notice, this list of conditions and the following disclaimer in the | 12 | .\" notice, this list of conditions and the following disclaimer in the | |
13 | .\" documentation and/or other materials provided with the distribution. | 13 | .\" documentation and/or other materials provided with the distribution. | |
14 | .\" | 14 | .\" | |
15 | .\" Jordan K. Hubbard | 15 | .\" Jordan K. Hubbard | |
16 | .\" | 16 | .\" | |
17 | .\" | 17 | .\" | |
18 | .\" @(#)pkg_add.1 | 18 | .\" @(#)pkg_add.1 | |
19 | .\" | 19 | .\" | |
20 | .Dd February 18, 2010 | 20 | .Dd June 16, 2010 | |
21 | .Dt PKG_ADD 1 | 21 | .Dt PKG_ADD 1 | |
22 | .Os | 22 | .Os | |
23 | .Sh NAME | 23 | .Sh NAME | |
24 | .Nm pkg_add | 24 | .Nm pkg_add | |
25 | .Nd a utility for installing and upgrading software package distributions | 25 | .Nd a utility for installing and upgrading software package distributions | |
26 | .Sh SYNOPSIS | 26 | .Sh SYNOPSIS | |
27 | .Nm | 27 | .Nm | |
28 | .Op Fl AfILnRUuVv | 28 | .Op Fl AfILnRUuVv | |
29 | .Op Fl C Ar config | |||
29 | .Op Fl K Ar pkg_dbdir | 30 | .Op Fl K Ar pkg_dbdir | |
30 | .Op Fl m Ar machine | 31 | .Op Fl m Ar machine | |
31 | .Op Fl P Ar destdir | 32 | .Op Fl P Ar destdir | |
32 | .Op Fl p Ar prefix | 33 | .Op Fl p Ar prefix | |
33 | .Op Fl W Ar viewbase | 34 | .Op Fl W Ar viewbase | |
34 | .Op Fl w Ar view | 35 | .Op Fl w Ar view | |
35 | .Ar Oo Oo Li ftp|http Oc Ns Li :// Ns Oo Ar user Oc Ns \ | 36 | .Ar Oo Oo Li ftp|http Oc Ns Li :// Ns Oo Ar user Oc Ns \ | |
36 | Oo Li \&: Ns Ar password Oc \ | 37 | Oo Li \&: Ns Ar password Oc \ | |
37 | Ns Li @ Oc Ns Ar host Ns Oo Li \&: Ns Ar port Oc Ns \ | 38 | Ns Li @ Oc Ns Ar host Ns Oo Li \&: Ns Ar port Oc Ns \ | |
38 | Oo Li / Ns Ar path/ Oc Ns Ar pkg-name ... | 39 | Oo Li / Ns Ar path/ Oc Ns Ar pkg-name ... | |
39 | .Sh DESCRIPTION | 40 | .Sh DESCRIPTION | |
40 | The | 41 | The | |
41 | .Nm | 42 | .Nm | |
@@ -106,26 +107,30 @@ variable are searched using the wildcard | @@ -106,26 +107,30 @@ variable are searched using the wildcard | |||
106 | Mark package as installed automatically, as dependency of another | 107 | Mark package as installed automatically, as dependency of another | |
107 | package. | 108 | package. | |
108 | You can use | 109 | You can use | |
109 | .Dl Ic pkg_admin set automatic=YES | 110 | .Dl Ic pkg_admin set automatic=YES | |
110 | to mark packages this way after installation, and | 111 | to mark packages this way after installation, and | |
111 | .Dl Ic pkg_admin unset automatic | 112 | .Dl Ic pkg_admin unset automatic | |
112 | to remove the mark. | 113 | to remove the mark. | |
113 | If you | 114 | If you | |
114 | .Nm | 115 | .Nm | |
115 | a package without specifying | 116 | a package without specifying | |
116 | .Fl A | 117 | .Fl A | |
117 | after it had already been automatically installed, the mark is | 118 | after it had already been automatically installed, the mark is | |
118 | removed. | 119 | removed. | |
120 | .It Fl C Ar config | |||
121 | Read the configuration file from | |||
122 | .Ar config | |||
123 | instead of the system default. | |||
119 | .It Fl f | 124 | .It Fl f | |
120 | Force installation to proceed even if prerequisite packages are not | 125 | Force installation to proceed even if prerequisite packages are not | |
121 | installed or the install script fails. | 126 | installed or the install script fails. | |
122 | Although | 127 | Although | |
123 | .Nm | 128 | .Nm | |
124 | will still try to find and auto-install missing prerequisite packages, | 129 | will still try to find and auto-install missing prerequisite packages, | |
125 | a failure to find one will not be fatal. | 130 | a failure to find one will not be fatal. | |
126 | This flag also overrides the fatal error when the operating system or | 131 | This flag also overrides the fatal error when the operating system or | |
127 | architecture the package was built on differ from that of the host. | 132 | architecture the package was built on differ from that of the host. | |
128 | .It Fl I | 133 | .It Fl I | |
129 | If an installation script exists for a given package, do not execute it. | 134 | If an installation script exists for a given package, do not execute it. | |
130 | .It Fl K Ar pkg_dbdir | 135 | .It Fl K Ar pkg_dbdir | |
131 | Override the value of the | 136 | Override the value of the |
@@ -1,22 +1,22 @@ | @@ -1,22 +1,22 @@ | |||
1 | PKG_ADD(1) NetBSD General Commands Manual PKG_ADD(1) | 1 | PKG_ADD(1) NetBSD General Commands Manual PKG_ADD(1) | |
2 | 2 | |||
3 | NNAAMMEE | 3 | NNAAMMEE | |
4 | ppkkgg__aadddd -- a utility for installing and upgrading software package dis- | 4 | ppkkgg__aadddd -- a utility for installing and upgrading software package dis- | |
5 | tributions | 5 | tributions | |
6 | 6 | |||
7 | SSYYNNOOPPSSIISS | 7 | SSYYNNOOPPSSIISS | |
8 | ppkkgg__aadddd [--AAffIILLnnRRUUuuVVvv] [--KK _p_k_g___d_b_d_i_r] [--mm _m_a_c_h_i_n_e] [--PP _d_e_s_t_d_i_r] | 8 | ppkkgg__aadddd [--AAffIILLnnRRUUuuVVvv] [--CC _c_o_n_f_i_g] [--KK _p_k_g___d_b_d_i_r] [--mm _m_a_c_h_i_n_e] | |
9 | [--pp _p_r_e_f_i_x] [--WW _v_i_e_w_b_a_s_e] [--ww _v_i_e_w] _f_i_l_e _._._. | 9 | [--PP _d_e_s_t_d_i_r] [--pp _p_r_e_f_i_x] [--WW _v_i_e_w_b_a_s_e] [--ww _v_i_e_w] _f_i_l_e _._._. | |
10 | [[ftp|http]://[_u_s_e_r][:_p_a_s_s_w_o_r_d]@]_h_o_s_t[:_p_o_r_t][/_p_a_t_h_/]_p_k_g_-_n_a_m_e _._._. | 10 | [[ftp|http]://[_u_s_e_r][:_p_a_s_s_w_o_r_d]@]_h_o_s_t[:_p_o_r_t][/_p_a_t_h_/]_p_k_g_-_n_a_m_e _._._. | |
11 | 11 | |||
12 | DDEESSCCRRIIPPTTIIOONN | 12 | DDEESSCCRRIIPPTTIIOONN | |
13 | The ppkkgg__aadddd command is used to extract and upgrade packages that have | 13 | The ppkkgg__aadddd command is used to extract and upgrade packages that have | |
14 | been previously created with the pkg_create(1) command. Packages are | 14 | been previously created with the pkg_create(1) command. Packages are | |
15 | prepared collections of pre-built binaries, documentation, configura- | 15 | prepared collections of pre-built binaries, documentation, configura- | |
16 | tions, installation instructions and/or other files. ppkkgg__aadddd can recur- | 16 | tions, installation instructions and/or other files. ppkkgg__aadddd can recur- | |
17 | sively install other packages that the current package depends on or | 17 | sively install other packages that the current package depends on or | |
18 | requires from both local disk and via FTP or HTTP. | 18 | requires from both local disk and via FTP or HTTP. | |
19 | 19 | |||
20 | WWAARRNNIINNGG | 20 | WWAARRNNIINNGG | |
21 | _S_i_n_c_e _t_h_e ppkkgg__aadddd _c_o_m_m_a_n_d _m_a_y _e_x_e_c_u_t_e _s_c_r_i_p_t_s _o_r _p_r_o_g_r_a_m_s _c_o_n_t_a_i_n_e_d | 21 | _S_i_n_c_e _t_h_e ppkkgg__aadddd _c_o_m_m_a_n_d _m_a_y _e_x_e_c_u_t_e _s_c_r_i_p_t_s _o_r _p_r_o_g_r_a_m_s _c_o_n_t_a_i_n_e_d | |
22 | _w_i_t_h_i_n _a _p_a_c_k_a_g_e _f_i_l_e_, _y_o_u_r _s_y_s_t_e_m _m_a_y _b_e _s_u_s_c_e_p_t_i_b_l_e _t_o _`_`_T_r_o_j_a_n | 22 | _w_i_t_h_i_n _a _p_a_c_k_a_g_e _f_i_l_e_, _y_o_u_r _s_y_s_t_e_m _m_a_y _b_e _s_u_s_c_e_p_t_i_b_l_e _t_o _`_`_T_r_o_j_a_n | |
@@ -43,26 +43,30 @@ OOPPTTIIOONNSS | @@ -43,26 +43,30 @@ OOPPTTIIOONNSS | |||
43 | wildcard processing. If that fails as well and _p_k_g_-_n_a_m_e does not | 43 | wildcard processing. If that fails as well and _p_k_g_-_n_a_m_e does not | |
44 | contain any /, the entries of the PKG_PATH variable are searched | 44 | contain any /, the entries of the PKG_PATH variable are searched | |
45 | using the wildcard processing rules. | 45 | using the wildcard processing rules. | |
46 | 46 | |||
47 | --AA Mark package as installed automatically, as dependency of another | 47 | --AA Mark package as installed automatically, as dependency of another | |
48 | package. You can use | 48 | package. You can use | |
49 | ppkkgg__aaddmmiinn sseett aauuttoommaattiicc==YYEESS | 49 | ppkkgg__aaddmmiinn sseett aauuttoommaattiicc==YYEESS | |
50 | to mark packages this way after installation, and | 50 | to mark packages this way after installation, and | |
51 | ppkkgg__aaddmmiinn uunnsseett aauuttoommaattiicc | 51 | ppkkgg__aaddmmiinn uunnsseett aauuttoommaattiicc | |
52 | to remove the mark. If you ppkkgg__aadddd a package without specifying | 52 | to remove the mark. If you ppkkgg__aadddd a package without specifying | |
53 | --AA after it had already been automatically installed, the mark is | 53 | --AA after it had already been automatically installed, the mark is | |
54 | removed. | 54 | removed. | |
55 | 55 | |||
56 | --CC _c_o_n_f_i_g | |||
57 | Read the configuration file from _c_o_n_f_i_g instead of the system | |||
58 | default. | |||
59 | ||||
56 | --ff Force installation to proceed even if prerequisite packages are | 60 | --ff Force installation to proceed even if prerequisite packages are | |
57 | not installed or the install script fails. Although ppkkgg__aadddd will | 61 | not installed or the install script fails. Although ppkkgg__aadddd will | |
58 | still try to find and auto-install missing prerequisite packages, | 62 | still try to find and auto-install missing prerequisite packages, | |
59 | a failure to find one will not be fatal. This flag also over- | 63 | a failure to find one will not be fatal. This flag also over- | |
60 | rides the fatal error when the operating system or architecture | 64 | rides the fatal error when the operating system or architecture | |
61 | the package was built on differ from that of the host. | 65 | the package was built on differ from that of the host. | |
62 | 66 | |||
63 | --II If an installation script exists for a given package, do not exe- | 67 | --II If an installation script exists for a given package, do not exe- | |
64 | cute it. | 68 | cute it. | |
65 | 69 | |||
66 | --KK _p_k_g___d_b_d_i_r | 70 | --KK _p_k_g___d_b_d_i_r | |
67 | Override the value of the PKG_DBDIR configuration option with the | 71 | Override the value of the PKG_DBDIR configuration option with the | |
68 | value _p_k_g___d_b_d_i_r. | 72 | value _p_k_g___d_b_d_i_r. | |
@@ -252,14 +256,14 @@ AAUUTTHHOORRSS | @@ -252,14 +256,14 @@ AAUUTTHHOORRSS | |||
252 | NetBSD refinements. | 256 | NetBSD refinements. | |
253 | Hubert Feyrer | 257 | Hubert Feyrer | |
254 | NetBSD wildcard dependency processing, pkgdb, upgrading, etc. | 258 | NetBSD wildcard dependency processing, pkgdb, upgrading, etc. | |
255 | Thomas Klausner | 259 | Thomas Klausner | |
256 | HTTP support. | 260 | HTTP support. | |
257 | Joerg Sonnenberger | 261 | Joerg Sonnenberger | |
258 | Rewrote most of the code base to work without external commands. | 262 | Rewrote most of the code base to work without external commands. | |
259 | 263 | |||
260 | BBUUGGSS | 264 | BBUUGGSS | |
261 | Package upgrading needs a lot more work to be really universal. | 265 | Package upgrading needs a lot more work to be really universal. | |
262 | 266 | |||
263 | Sure to be others. | 267 | Sure to be others. | |
264 | 268 | |||
265 | NetBSD 5.0 February 18, 2010 NetBSD 5.0 | 269 | NetBSD 5.0 June 16, 2010 NetBSD 5.0 |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: audit.c,v 1.15 2010/04/14 18:24:58 joerg Exp $ */ | 1 | /* $NetBSD: audit.c,v 1.16 2010/06/16 23:02:48 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: audit.c,v 1.15 2010/04/14 18:24:58 joerg Exp $"); | 10 | __RCSID("$NetBSD: audit.c,v 1.16 2010/06/16 23:02:48 joerg Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | 13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * Redistribution and use in source and binary forms, with or without | 16 | * Redistribution and use in source and binary forms, with or without | |
17 | * modification, are permitted provided that the following conditions | 17 | * modification, are permitted provided that the following conditions | |
18 | * are met: | 18 | * are met: | |
19 | * | 19 | * | |
20 | * 1. Redistributions of source code must retain the above copyright | 20 | * 1. Redistributions of source code must retain the above copyright | |
21 | * notice, this list of conditions and the following disclaimer. | 21 | * notice, this list of conditions and the following disclaimer. | |
22 | * 2. Redistributions in binary form must reproduce the above copyright | 22 | * 2. Redistributions in binary form must reproduce the above copyright | |
23 | * notice, this list of conditions and the following disclaimer in | 23 | * notice, this list of conditions and the following disclaimer in | |
@@ -63,78 +63,76 @@ __RCSID("$NetBSD: audit.c,v 1.15 2010/04 | @@ -63,78 +63,76 @@ __RCSID("$NetBSD: audit.c,v 1.15 2010/04 | |||
63 | #include <string.h> | 63 | #include <string.h> | |
64 | #endif | 64 | #endif | |
65 | #ifdef NETBSD | 65 | #ifdef NETBSD | |
66 | #include <unistd.h> | 66 | #include <unistd.h> | |
67 | #else | 67 | #else | |
68 | #include <nbcompat/unistd.h> | 68 | #include <nbcompat/unistd.h> | |
69 | #endif | 69 | #endif | |
70 | 70 | |||
71 | #include <fetch.h> | 71 | #include <fetch.h> | |
72 | 72 | |||
73 | #include "admin.h" | 73 | #include "admin.h" | |
74 | #include "lib.h" | 74 | #include "lib.h" | |
75 | 75 | |||
76 | static int check_eol = 0; | |||
77 | static int check_signature = 0; | 76 | static int check_signature = 0; | |
78 | static const char *limit_vul_types = NULL; | 77 | static const char *limit_vul_types = NULL; | |
79 | static int update_pkg_vuln = 0; | 78 | static int update_pkg_vuln = 0; | |
80 | 79 | |||
81 | static struct pkg_vulnerabilities *pv; | 80 | static struct pkg_vulnerabilities *pv; | |
82 | 81 | |||
83 | static const char audit_options[] = "est:"; | 82 | static const char audit_options[] = "est:"; | |
84 | 83 | |||
85 | static void | 84 | static void | |
86 | parse_options(int argc, char **argv, const char *options) | 85 | parse_options(int argc, char **argv, const char *options) | |
87 | { | 86 | { | |
88 | int ch; | 87 | int ch; | |
89 | 88 | |||
90 | optreset = 1; | 89 | optreset = 1; | |
91 | /* | 90 | /* | |
92 | * optind == 0 is interpreted as partial reset request | 91 | * optind == 0 is interpreted as partial reset request | |
93 | * by GNU getopt, so compensate against this and cleanup | 92 | * by GNU getopt, so compensate against this and cleanup | |
94 | * at the end. | 93 | * at the end. | |
95 | */ | 94 | */ | |
96 | optind = 1; | 95 | optind = 1; | |
97 | ++argc; | 96 | ++argc; | |
98 | --argv; | 97 | --argv; | |
99 | 98 | |||
100 | while ((ch = getopt(argc, argv, options)) != -1) { | 99 | while ((ch = getopt(argc, argv, options)) != -1) { | |
101 | switch (ch) { | 100 | switch (ch) { | |
102 | case 'e': | 101 | case 'e': | |
103 | check_eol = 1; | 102 | check_eol = "yes"; | |
104 | break; | 103 | break; | |
105 | case 's': | 104 | case 's': | |
106 | check_signature = 1; | 105 | check_signature = 1; | |
107 | break; | 106 | break; | |
108 | case 't': | 107 | case 't': | |
109 | limit_vul_types = optarg; | 108 | limit_vul_types = optarg; | |
110 | break; | 109 | break; | |
111 | case 'u': | 110 | case 'u': | |
112 | update_pkg_vuln = 1; | 111 | update_pkg_vuln = 1; | |
113 | break; | 112 | break; | |
114 | default: | 113 | default: | |
115 | usage(); | 114 | usage(); | |
116 | /* NOTREACHED */ | 115 | /* NOTREACHED */ | |
117 | } | 116 | } | |
118 | } | 117 | } | |
119 | 118 | |||
120 | --optind; /* See above comment. */ | 119 | --optind; /* See above comment. */ | |
121 | } | 120 | } | |
122 | 121 | |||
123 | static int | 122 | static int | |
124 | check_exact_pkg(const char *pkg) | 123 | check_exact_pkg(const char *pkg) | |
125 | { | 124 | { | |
126 | return audit_package(pv, pkg, limit_vul_types, check_eol, | 125 | return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1); | |
127 | quiet ? 0 : 1); | |||
128 | } | 126 | } | |
129 | 127 | |||
130 | static int | 128 | static int | |
131 | check_batch_exact_pkgs(const char *fname) | 129 | check_batch_exact_pkgs(const char *fname) | |
132 | { | 130 | { | |
133 | FILE *f; | 131 | FILE *f; | |
134 | char buf[4096], *line, *eol; | 132 | char buf[4096], *line, *eol; | |
135 | int ret; | 133 | int ret; | |
136 | 134 | |||
137 | ret = 0; | 135 | ret = 0; | |
138 | if (strcmp(fname, "-") == 0) | 136 | if (strcmp(fname, "-") == 0) | |
139 | f = stdin; | 137 | f = stdin; | |
140 | else { | 138 | else { |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | .\" $NetBSD: pkg_admin.1,v 1.31 2010/01/22 13:30:41 joerg Exp $ | 1 | .\" $NetBSD: pkg_admin.1,v 1.32 2010/06/16 23:02:48 joerg Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc. | 3 | .\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc. | |
4 | .\" All rights reserved. | 4 | .\" All rights reserved. | |
5 | .\" | 5 | .\" | |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | 6 | .\" This code is derived from software contributed to The NetBSD Foundation | |
7 | .\" by Hubert Feyrer <hubert@feyrer.de>. | 7 | .\" by Hubert Feyrer <hubert@feyrer.de>. | |
8 | .\" | 8 | .\" | |
9 | .\" Redistribution and use in source and binary forms, with or without | 9 | .\" Redistribution and use in source and binary forms, with or without | |
10 | .\" modification, are permitted provided that the following conditions | 10 | .\" modification, are permitted provided that the following conditions | |
11 | .\" are met: | 11 | .\" are met: | |
12 | .\" 1. Redistributions of source code must retain the above copyright | 12 | .\" 1. Redistributions of source code must retain the above copyright | |
13 | .\" notice, this list of conditions and the following disclaimer. | 13 | .\" notice, this list of conditions and the following disclaimer. | |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
@@ -24,27 +24,27 @@ | @@ -24,27 +24,27 @@ | |||
24 | .\" | 24 | .\" | |
25 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | 25 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | |
26 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | 26 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
27 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 27 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
28 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | 28 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | |
29 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | 29 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
30 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 30 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
31 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 31 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
32 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 32 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
33 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 33 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
34 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 34 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
35 | .\" POSSIBILITY OF SUCH DAMAGE. | 35 | .\" POSSIBILITY OF SUCH DAMAGE. | |
36 | .\" | 36 | .\" | |
37 | .Dd January 22, 2010 | 37 | .Dd June 16, 2010 | |
38 | .Dt PKG_ADMIN 1 | 38 | .Dt PKG_ADMIN 1 | |
39 | .Os | 39 | .Os | |
40 | .Sh NAME | 40 | .Sh NAME | |
41 | .Nm pkg_admin | 41 | .Nm pkg_admin | |
42 | .Nd perform various administrative tasks to the pkg system | 42 | .Nd perform various administrative tasks to the pkg system | |
43 | .Sh SYNOPSIS | 43 | .Sh SYNOPSIS | |
44 | .Nm | 44 | .Nm | |
45 | .Op Fl bqSVv | 45 | .Op Fl bqSVv | |
46 | .Op Fl C Ar config | 46 | .Op Fl C Ar config | |
47 | .Op Fl d Ar lsdir | 47 | .Op Fl d Ar lsdir | |
48 | .Op Fl K Ar pkg_dbdir | 48 | .Op Fl K Ar pkg_dbdir | |
49 | .Op Fl s Ar sfx_pattern | 49 | .Op Fl s Ar sfx_pattern | |
50 | .Ar command Op args ... | 50 | .Ar command Op args ... | |
@@ -108,27 +108,32 @@ The following commands are supported: | @@ -108,27 +108,32 @@ The following commands are supported: | |||
108 | .Bl -tag -width indent | 108 | .Bl -tag -width indent | |
109 | .It Cm add Ar pkg ... | 109 | .It Cm add Ar pkg ... | |
110 | For each listed package, write the absolute pathnames of the files listed in | 110 | For each listed package, write the absolute pathnames of the files listed in | |
111 | its | 111 | its | |
112 | .Pa +CONTENTS | 112 | .Pa +CONTENTS | |
113 | file together with the package they belong to into the package database. | 113 | file together with the package they belong to into the package database. | |
114 | This should be used only by | 114 | This should be used only by | |
115 | .Xr pkg_view 1 . | 115 | .Xr pkg_view 1 . | |
116 | .It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... | 116 | .It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... | |
117 | Check the listed installed packages for vulnerabilities. | 117 | Check the listed installed packages for vulnerabilities. | |
118 | If no package is given, check all installed packages. | 118 | If no package is given, check all installed packages. | |
119 | If | 119 | If | |
120 | .Fl e | 120 | .Fl e | |
121 | is given, also include end-of-life information. | 121 | is given, override the | |
122 | .Dv CHECK_END_OF_LIFE | |||
123 | option from | |||
124 | .Xr pkg_install.conf 5 | |||
125 | with | |||
126 | .Qq Li yes . | |||
122 | If | 127 | If | |
123 | .Fl s | 128 | .Fl s | |
124 | is given, check the signature of the pkg-vulnerabilities file before using it. | 129 | is given, check the signature of the pkg-vulnerabilities file before using it. | |
125 | .Fl t | 130 | .Fl t | |
126 | restricts the reported vulnerabilities to type | 131 | restricts the reported vulnerabilities to type | |
127 | .Ar type . | 132 | .Ar type . | |
128 | .It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... | 133 | .It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ... | |
129 | Like | 134 | Like | |
130 | .Cm audit , | 135 | .Cm audit , | |
131 | but check only the given package names or patterns. | 136 | but check only the given package names or patterns. | |
132 | .It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ... | 137 | .It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ... | |
133 | Like | 138 | Like | |
134 | .Cm audit-pkg , | 139 | .Cm audit-pkg , |
@@ -46,29 +46,30 @@ OOPPTTIIOONNSS | @@ -46,29 +46,30 @@ OOPPTTIIOONNSS | |||
46 | --vv Be more verbose. | 46 | --vv Be more verbose. | |
47 | 47 | |||
48 | The following commands are supported: | 48 | The following commands are supported: | |
49 | 49 | |||
50 | aadddd _p_k_g _._._. | 50 | aadddd _p_k_g _._._. | |
51 | For each listed package, write the absolute pathnames of the | 51 | For each listed package, write the absolute pathnames of the | |
52 | files listed in its _+_C_O_N_T_E_N_T_S file together with the package they | 52 | files listed in its _+_C_O_N_T_E_N_T_S file together with the package they | |
53 | belong to into the package database. This should be used only by | 53 | belong to into the package database. This should be used only by | |
54 | pkg_view(1). | 54 | pkg_view(1). | |
55 | 55 | |||
56 | aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ... | 56 | aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ... | |
57 | Check the listed installed packages for vulnerabilities. If no | 57 | Check the listed installed packages for vulnerabilities. If no | |
58 | package is given, check all installed packages. If --ee is given, | 58 | package is given, check all installed packages. If --ee is given, | |
59 | also include end-of-life information. If --ss is given, check the | 59 | override the CHECK_END_OF_LIFE option from pkg_install.conf(5) | |
60 | signature of the pkg-vulnerabilities file before using it. --tt | 60 | with "yes". If --ss is given, check the signature of the pkg-vul- | |
61 | restricts the reported vulnerabilities to type _t_y_p_e. | 61 | nerabilities file before using it. --tt restricts the reported | |
62 | vulnerabilities to type _t_y_p_e. | |||
62 | 63 | |||
63 | aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ... | 64 | aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ... | |
64 | Like aauuddiitt, but check only the given package names or patterns. | 65 | Like aauuddiitt, but check only the given package names or patterns. | |
65 | 66 | |||
66 | aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ... | 67 | aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ... | |
67 | Like aauuddiitt--ppkkgg, but read the package names or patterns one per | 68 | Like aauuddiitt--ppkkgg, but read the package names or patterns one per | |
68 | line from the given files. | 69 | line from the given files. | |
69 | 70 | |||
70 | aauuddiitt--hhiissttoorryy [--ss] [--tt _t_y_p_e] [_p_k_g_b_a_s_e] ... | 71 | aauuddiitt--hhiissttoorryy [--ss] [--tt _t_y_p_e] [_p_k_g_b_a_s_e] ... | |
71 | Print all vulnerabilities for the given base package names. | 72 | Print all vulnerabilities for the given base package names. | |
72 | 73 | |||
73 | cchheecckk [_p_k_g _._._.] | 74 | cchheecckk [_p_k_g _._._.] | |
74 | Use this command to check the files belonging to some or all of | 75 | Use this command to check the files belonging to some or all of |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: lib.h,v 1.63 2010/04/14 18:24:58 joerg Exp $ */ | 1 | /* $NetBSD: lib.h,v 1.64 2010/06/16 23:02:49 joerg Exp $ */ | |
2 | 2 | |||
3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | 3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * FreeBSD install - a package for the installation and maintainance | 6 | * FreeBSD install - a package for the installation and maintainance | |
7 | * of non-core utilities. | 7 | * of non-core utilities. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -370,27 +370,27 @@ char *pkgdb_pkg_dir(const char *); | @@ -370,27 +370,27 @@ char *pkgdb_pkg_dir(const char *); | |||
370 | char *pkgdb_pkg_file(const char *, const char *); | 370 | char *pkgdb_pkg_file(const char *, const char *); | |
371 | 371 | |||
372 | /* List of packages functions */ | 372 | /* List of packages functions */ | |
373 | lpkg_t *alloc_lpkg(const char *); | 373 | lpkg_t *alloc_lpkg(const char *); | |
374 | lpkg_t *find_on_queue(lpkg_head_t *, const char *); | 374 | lpkg_t *find_on_queue(lpkg_head_t *, const char *); | |
375 | void free_lpkg(lpkg_t *); | 375 | void free_lpkg(lpkg_t *); | |
376 | 376 | |||
377 | /* Read pkg_vulnerabilities from file */ | 377 | /* Read pkg_vulnerabilities from file */ | |
378 | struct pkg_vulnerabilities *read_pkg_vulnerabilities_file(const char *, int, int); | 378 | struct pkg_vulnerabilities *read_pkg_vulnerabilities_file(const char *, int, int); | |
379 | /* Read pkg_vulnerabilities from memory */ | 379 | /* Read pkg_vulnerabilities from memory */ | |
380 | struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int); | 380 | struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int); | |
381 | void free_pkg_vulnerabilities(struct pkg_vulnerabilities *); | 381 | void free_pkg_vulnerabilities(struct pkg_vulnerabilities *); | |
382 | int audit_package(struct pkg_vulnerabilities *, const char *, const char *, | 382 | int audit_package(struct pkg_vulnerabilities *, const char *, const char *, | |
383 | int, int); | 383 | int); | |
384 | 384 | |||
385 | /* Parse configuration file */ | 385 | /* Parse configuration file */ | |
386 | void pkg_install_config(void); | 386 | void pkg_install_config(void); | |
387 | /* Print configuration variable */ | 387 | /* Print configuration variable */ | |
388 | void pkg_install_show_variable(const char *); | 388 | void pkg_install_show_variable(const char *); | |
389 | 389 | |||
390 | /* Package signature creation and validation */ | 390 | /* Package signature creation and validation */ | |
391 | int pkg_verify_signature(const char *, struct archive **, struct archive_entry **, char **); | 391 | int pkg_verify_signature(const char *, struct archive **, struct archive_entry **, char **); | |
392 | int pkg_full_signature_check(const char *, struct archive **); | 392 | int pkg_full_signature_check(const char *, struct archive **); | |
393 | #ifdef HAVE_SSL | 393 | #ifdef HAVE_SSL | |
394 | void pkg_sign_x509(const char *, const char *, const char *, const char *); | 394 | void pkg_sign_x509(const char *, const char *, const char *, const char *); | |
395 | #endif | 395 | #endif | |
396 | 396 | |||
@@ -420,26 +420,27 @@ void load_license_lists(void); | @@ -420,26 +420,27 @@ void load_license_lists(void); | |||
420 | char *xstrdup(const char *); | 420 | char *xstrdup(const char *); | |
421 | void *xrealloc(void *, size_t); | 421 | void *xrealloc(void *, size_t); | |
422 | void *xcalloc(size_t, size_t); | 422 | void *xcalloc(size_t, size_t); | |
423 | void *xmalloc(size_t); | 423 | void *xmalloc(size_t); | |
424 | char *xasprintf(const char *, ...); | 424 | char *xasprintf(const char *, ...); | |
425 | 425 | |||
426 | /* Externs */ | 426 | /* Externs */ | |
427 | extern Boolean Verbose; | 427 | extern Boolean Verbose; | |
428 | extern Boolean Fake; | 428 | extern Boolean Fake; | |
429 | extern Boolean Force; | 429 | extern Boolean Force; | |
430 | extern const char *cert_chain_file; | 430 | extern const char *cert_chain_file; | |
431 | extern const char *certs_packages; | 431 | extern const char *certs_packages; | |
432 | extern const char *certs_pkg_vulnerabilities; | 432 | extern const char *certs_pkg_vulnerabilities; | |
433 | extern const char *check_eol; | |||
433 | extern const char *check_vulnerabilities; | 434 | extern const char *check_vulnerabilities; | |
434 | extern const char *config_file; | 435 | extern const char *config_file; | |
435 | extern const char *config_pkg_dbdir; | 436 | extern const char *config_pkg_dbdir; | |
436 | extern const char *config_pkg_path; | 437 | extern const char *config_pkg_path; | |
437 | extern const char *config_pkg_refcount_dbdir; | 438 | extern const char *config_pkg_refcount_dbdir; | |
438 | extern const char *do_license_check; | 439 | extern const char *do_license_check; | |
439 | extern const char *verified_installation; | 440 | extern const char *verified_installation; | |
440 | extern const char *gpg_cmd; | 441 | extern const char *gpg_cmd; | |
441 | extern const char *gpg_keyring_pkgvuln; | 442 | extern const char *gpg_keyring_pkgvuln; | |
442 | extern const char *gpg_keyring_sign; | 443 | extern const char *gpg_keyring_sign; | |
443 | extern const char *gpg_keyring_verify; | 444 | extern const char *gpg_keyring_verify; | |
444 | extern const char *gpg_sign_as; | 445 | extern const char *gpg_sign_as; | |
445 | extern char fetch_flags[]; | 446 | extern char fetch_flags[]; |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: parse-config.c,v 1.14 2010/01/22 13:30:42 joerg Exp $ */ | 1 | /* $NetBSD: parse-config.c,v 1.15 2010/06/16 23:02:49 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: parse-config.c,v 1.14 2010/01/22 13:30:42 joerg Exp $"); | 10 | __RCSID("$NetBSD: parse-config.c,v 1.15 2010/06/16 23:02:49 joerg Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org>. | 13 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org>. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * Redistribution and use in source and binary forms, with or without | 16 | * Redistribution and use in source and binary forms, with or without | |
17 | * modification, are permitted provided that the following conditions | 17 | * modification, are permitted provided that the following conditions | |
18 | * are met: | 18 | * are met: | |
19 | * | 19 | * | |
20 | * 1. Redistributions of source code must retain the above copyright | 20 | * 1. Redistributions of source code must retain the above copyright | |
21 | * notice, this list of conditions and the following disclaimer. | 21 | * notice, this list of conditions and the following disclaimer. | |
22 | * 2. Redistributions in binary form must reproduce the above copyright | 22 | * 2. Redistributions in binary form must reproduce the above copyright | |
23 | * notice, this list of conditions and the following disclaimer in | 23 | * notice, this list of conditions and the following disclaimer in | |
@@ -55,26 +55,27 @@ __RCSID("$NetBSD: parse-config.c,v 1.14 | @@ -55,26 +55,27 @@ __RCSID("$NetBSD: parse-config.c,v 1.14 | |||
55 | static int cache_connections = 16; | 55 | static int cache_connections = 16; | |
56 | static int cache_connections_host = 4; | 56 | static int cache_connections_host = 4; | |
57 | 57 | |||
58 | const char *config_file = SYSCONFDIR"/pkg_install.conf"; | 58 | const char *config_file = SYSCONFDIR"/pkg_install.conf"; | |
59 | 59 | |||
60 | char fetch_flags[10] = ""; /* Workaround Mac OS X linker issues with BSS */ | 60 | char fetch_flags[10] = ""; /* Workaround Mac OS X linker issues with BSS */ | |
61 | static const char *active_ftp; | 61 | static const char *active_ftp; | |
62 | static const char *verbose_netio; | 62 | static const char *verbose_netio; | |
63 | static const char *ignore_proxy; | 63 | static const char *ignore_proxy; | |
64 | const char *cache_index = "yes"; | 64 | const char *cache_index = "yes"; | |
65 | const char *cert_chain_file; | 65 | const char *cert_chain_file; | |
66 | const char *certs_packages; | 66 | const char *certs_packages; | |
67 | const char *certs_pkg_vulnerabilities; | 67 | const char *certs_pkg_vulnerabilities; | |
68 | const char *check_eol = "yes"; | |||
68 | const char *check_vulnerabilities; | 69 | const char *check_vulnerabilities; | |
69 | static const char *config_cache_connections; | 70 | static const char *config_cache_connections; | |
70 | static const char *config_cache_connections_host; | 71 | static const char *config_cache_connections_host; | |
71 | const char *config_pkg_dbdir; | 72 | const char *config_pkg_dbdir; | |
72 | const char *config_pkg_path; | 73 | const char *config_pkg_path; | |
73 | const char *config_pkg_refcount_dbdir; | 74 | const char *config_pkg_refcount_dbdir; | |
74 | const char *do_license_check; | 75 | const char *do_license_check; | |
75 | const char *verified_installation; | 76 | const char *verified_installation; | |
76 | const char *gpg_cmd; | 77 | const char *gpg_cmd; | |
77 | const char *gpg_keyring_pkgvuln; | 78 | const char *gpg_keyring_pkgvuln; | |
78 | const char *gpg_keyring_sign; | 79 | const char *gpg_keyring_sign; | |
79 | const char *gpg_keyring_verify; | 80 | const char *gpg_keyring_verify; | |
80 | const char *gpg_sign_as; | 81 | const char *gpg_sign_as; | |
@@ -88,26 +89,27 @@ const char *acceptable_licenses = NULL; | @@ -88,26 +89,27 @@ const char *acceptable_licenses = NULL; | |||
88 | static struct config_variable { | 89 | static struct config_variable { | |
89 | const char *name; | 90 | const char *name; | |
90 | const char **var; | 91 | const char **var; | |
91 | } config_variables[] = { | 92 | } config_variables[] = { | |
92 | { "ACCEPTABLE_LICENSES", &acceptable_licenses }, | 93 | { "ACCEPTABLE_LICENSES", &acceptable_licenses }, | |
93 | { "ACTIVE_FTP", &active_ftp }, | 94 | { "ACTIVE_FTP", &active_ftp }, | |
94 | { "CACHE_INDEX", &cache_index }, | 95 | { "CACHE_INDEX", &cache_index }, | |
95 | { "CACHE_CONNECTIONS", &config_cache_connections }, | 96 | { "CACHE_CONNECTIONS", &config_cache_connections }, | |
96 | { "CACHE_CONNECTIONS_HOST", &config_cache_connections_host }, | 97 | { "CACHE_CONNECTIONS_HOST", &config_cache_connections_host }, | |
97 | { "CERTIFICATE_ANCHOR_PKGS", &certs_packages }, | 98 | { "CERTIFICATE_ANCHOR_PKGS", &certs_packages }, | |
98 | { "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities }, | 99 | { "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities }, | |
99 | { "CERTIFICATE_CHAIN", &cert_chain_file }, | 100 | { "CERTIFICATE_CHAIN", &cert_chain_file }, | |
100 | { "CHECK_LICENSE", &do_license_check }, | 101 | { "CHECK_LICENSE", &do_license_check }, | |
102 | { "CHECK_END_OF_LIFE", &check_eol }, | |||
101 | { "CHECK_VULNERABILITIES", &check_vulnerabilities }, | 103 | { "CHECK_VULNERABILITIES", &check_vulnerabilities }, | |
102 | { "DEFAULT_ACCEPTABLE_LICENSES", &default_acceptable_licenses }, | 104 | { "DEFAULT_ACCEPTABLE_LICENSES", &default_acceptable_licenses }, | |
103 | { "GPG", &gpg_cmd }, | 105 | { "GPG", &gpg_cmd }, | |
104 | { "GPG_KEYRING_PKGVULN", &gpg_keyring_pkgvuln }, | 106 | { "GPG_KEYRING_PKGVULN", &gpg_keyring_pkgvuln }, | |
105 | { "GPG_KEYRING_SIGN", &gpg_keyring_sign }, | 107 | { "GPG_KEYRING_SIGN", &gpg_keyring_sign }, | |
106 | { "GPG_KEYRING_VERIFY", &gpg_keyring_verify }, | 108 | { "GPG_KEYRING_VERIFY", &gpg_keyring_verify }, | |
107 | { "GPG_SIGN_AS", &gpg_sign_as }, | 109 | { "GPG_SIGN_AS", &gpg_sign_as }, | |
108 | { "IGNORE_PROXY", &ignore_proxy }, | 110 | { "IGNORE_PROXY", &ignore_proxy }, | |
109 | { "IGNORE_URL", &ignore_advisories }, | 111 | { "IGNORE_URL", &ignore_advisories }, | |
110 | { "PKG_DBDIR", &config_pkg_dbdir }, | 112 | { "PKG_DBDIR", &config_pkg_dbdir }, | |
111 | { "PKG_PATH", &config_pkg_path }, | 113 | { "PKG_PATH", &config_pkg_path }, | |
112 | { "PKG_REFCOUNT_DBDIR", &config_pkg_refcount_dbdir }, | 114 | { "PKG_REFCOUNT_DBDIR", &config_pkg_refcount_dbdir }, | |
113 | { "PKGVULNDIR", &pkg_vulnerabilities_dir }, | 115 | { "PKGVULNDIR", &pkg_vulnerabilities_dir }, |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | .\" $NetBSD: pkg_install.conf.5.in,v 1.13 2010/01/22 13:30:42 joerg Exp $ | 1 | .\" $NetBSD: pkg_install.conf.5.in,v 1.14 2010/06/16 23:02:49 joerg Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. | 3 | .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. | |
4 | .\" All rights reserved. | 4 | .\" All rights reserved. | |
5 | .\" | 5 | .\" | |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | 6 | .\" This code is derived from software contributed to The NetBSD Foundation | |
7 | .\" by Thomas Klausner. | 7 | .\" by Thomas Klausner. | |
8 | .\" | 8 | .\" | |
9 | .\" Redistribution and use in source and binary forms, with or without | 9 | .\" Redistribution and use in source and binary forms, with or without | |
10 | .\" modification, are permitted provided that the following conditions | 10 | .\" modification, are permitted provided that the following conditions | |
11 | .\" are met: | 11 | .\" are met: | |
12 | .\" 1. Redistributions of source code must retain the above copyright | 12 | .\" 1. Redistributions of source code must retain the above copyright | |
13 | .\" notice, this list of conditions and the following disclaimer. | 13 | .\" notice, this list of conditions and the following disclaimer. | |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
@@ -17,27 +17,27 @@ | @@ -17,27 +17,27 @@ | |||
17 | .\" | 17 | .\" | |
18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | 18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | |
19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | 19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | 21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | |
22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | 22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
28 | .\" POSSIBILITY OF SUCH DAMAGE. | 28 | .\" POSSIBILITY OF SUCH DAMAGE. | |
29 | .\" | 29 | .\" | |
30 | .Dd January 22, 2010 | 30 | .Dd June 16, 2010 | |
31 | .Dt PKG_INSTALL.CONF 5 | 31 | .Dt PKG_INSTALL.CONF 5 | |
32 | .Os | 32 | .Os | |
33 | .Sh NAME | 33 | .Sh NAME | |
34 | .Nm pkg_install.conf | 34 | .Nm pkg_install.conf | |
35 | .Nd configuration file for package installation tools | 35 | .Nd configuration file for package installation tools | |
36 | .Sh DESCRIPTION | 36 | .Sh DESCRIPTION | |
37 | The file | 37 | The file | |
38 | .Nm | 38 | .Nm | |
39 | contains system defaults for the package installation tools | 39 | contains system defaults for the package installation tools | |
40 | as a list of variable-value pairs. | 40 | as a list of variable-value pairs. | |
41 | Each line has the format | 41 | Each line has the format | |
42 | .Ev VARIABLE=VALUE . | 42 | .Ev VARIABLE=VALUE . | |
43 | If the value consists of more than one line, each line is prefixed with | 43 | If the value consists of more than one line, each line is prefixed with | |
@@ -79,26 +79,30 @@ for completing certificate chains when v | @@ -79,26 +79,30 @@ for completing certificate chains when v | |||
79 | pkg-vulnerabilities files. | 79 | pkg-vulnerabilities files. | |
80 | .It Dv CHECK_LICENSE | 80 | .It Dv CHECK_LICENSE | |
81 | Check the license conditions of packages before installing them. | 81 | Check the license conditions of packages before installing them. | |
82 | Supported values are: | 82 | Supported values are: | |
83 | .Bl -tag -width interactiveXX | 83 | .Bl -tag -width interactiveXX | |
84 | .It Dv no | 84 | .It Dv no | |
85 | The check is not performed. | 85 | The check is not performed. | |
86 | .It Dv yes | 86 | .It Dv yes | |
87 | The check is performed if the package has license conditions set. | 87 | The check is performed if the package has license conditions set. | |
88 | .It Dv always | 88 | .It Dv always | |
89 | Passing the license check is required. | 89 | Passing the license check is required. | |
90 | Missing license conditions are considered an error. | 90 | Missing license conditions are considered an error. | |
91 | .El | 91 | .El | |
92 | .It Dv CHECK_END_OF_FILE | |||
93 | During vulnerability checks, consider packages that have reached end-of-life | |||
94 | as vulnerable. | |||
95 | This option is enabled by default. | |||
92 | .It Dv CHECK_VULNERABILITIES | 96 | .It Dv CHECK_VULNERABILITIES | |
93 | Check for vulnerabilities when installing packages. | 97 | Check for vulnerabilities when installing packages. | |
94 | Supported values are: | 98 | Supported values are: | |
95 | .Bl -tag -width interactiveXX | 99 | .Bl -tag -width interactiveXX | |
96 | .It Dv never | 100 | .It Dv never | |
97 | No check is performed. | 101 | No check is performed. | |
98 | .It Dv always | 102 | .It Dv always | |
99 | Passing the vulnerability check is required. | 103 | Passing the vulnerability check is required. | |
100 | A missing pkg-vulnerabilities file is considered an error. | 104 | A missing pkg-vulnerabilities file is considered an error. | |
101 | .It Dv interactive | 105 | .It Dv interactive | |
102 | The user is always asked to confirm installation of vulnerable packages. | 106 | The user is always asked to confirm installation of vulnerable packages. | |
103 | .El | 107 | .El | |
104 | .It Dv CONFIG_CACHE_CONNECTIONS | 108 | .It Dv CONFIG_CACHE_CONNECTIONS |
@@ -46,26 +46,30 @@ DDEESSCCRRIIPPTTIIOONN | @@ -46,26 +46,30 @@ DDEESSCCRRIIPPTTIIOONN | |||
46 | 46 | |||
47 | CHECK_LICENSE | 47 | CHECK_LICENSE | |
48 | Check the license conditions of packages before installing them. | 48 | Check the license conditions of packages before installing them. | |
49 | Supported values are: | 49 | Supported values are: | |
50 | 50 | |||
51 | no The check is not performed. | 51 | no The check is not performed. | |
52 | 52 | |||
53 | yes The check is performed if the package has license | 53 | yes The check is performed if the package has license | |
54 | conditions set. | 54 | conditions set. | |
55 | 55 | |||
56 | always Passing the license check is required. Missing | 56 | always Passing the license check is required. Missing | |
57 | license conditions are considered an error. | 57 | license conditions are considered an error. | |
58 | 58 | |||
59 | CHECK_END_OF_FILE | |||
60 | During vulnerability checks, consider packages that have reached | |||
61 | end-of-life as vulnerable. This option is enabled by default. | |||
62 | ||||
59 | CHECK_VULNERABILITIES | 63 | CHECK_VULNERABILITIES | |
60 | Check for vulnerabilities when installing packages. Supported | 64 | Check for vulnerabilities when installing packages. Supported | |
61 | values are: | 65 | values are: | |
62 | 66 | |||
63 | never No check is performed. | 67 | never No check is performed. | |
64 | 68 | |||
65 | always Passing the vulnerability check is required. A | 69 | always Passing the vulnerability check is required. A | |
66 | missing pkg-vulnerabilities file is considered an | 70 | missing pkg-vulnerabilities file is considered an | |
67 | error. | 71 | error. | |
68 | 72 | |||
69 | interactive The user is always asked to confirm installation | 73 | interactive The user is always asked to confirm installation | |
70 | of vulnerable packages. | 74 | of vulnerable packages. | |
71 | 75 | |||
@@ -156,14 +160,14 @@ DDEESSCCRRIIPPTTIIOONN | @@ -156,14 +160,14 @@ DDEESSCCRRIIPPTTIIOONN | |||
156 | package can not be verified, the user is asked | 160 | package can not be verified, the user is asked | |
157 | interactively. | 161 | interactively. | |
158 | 162 | |||
159 | interactive The user is always asked interactively when | 163 | interactive The user is always asked interactively when | |
160 | installing a package. | 164 | installing a package. | |
161 | 165 | |||
162 | FFIILLEESS | 166 | FFIILLEESS | |
163 | @SYSCONFDIR@/pkg_install.conf Default location for the file described in | 167 | @SYSCONFDIR@/pkg_install.conf Default location for the file described in | |
164 | this manual page. | 168 | this manual page. | |
165 | 169 | |||
166 | SSEEEE AALLSSOO | 170 | SSEEEE AALLSSOO | |
167 | pkg_add(1), pkg_admin(1) pkg_create(1), pkg_delete(1), pkg_info(1) | 171 | pkg_add(1), pkg_admin(1) pkg_create(1), pkg_delete(1), pkg_info(1) | |
168 | 172 | |||
169 | NetBSD 5.0 January 22, 2010 NetBSD 5.0 | 173 | NetBSD 5.0 June 16, 2010 NetBSD 5.0 |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: version.h,v 1.155 2010/04/20 21:22:38 joerg Exp $ */ | 1 | /* $NetBSD: version.h,v 1.156 2010/06/16 23:02:49 joerg Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 2001 Thomas Klausner. All rights reserved. | 4 | * Copyright (c) 2001 Thomas Klausner. All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * | 14 | * | |
@@ -17,16 +17,16 @@ | @@ -17,16 +17,16 @@ | |||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
25 | */ | 25 | */ | |
26 | 26 | |||
27 | #ifndef _INST_LIB_VERSION_H_ | 27 | #ifndef _INST_LIB_VERSION_H_ | |
28 | #define _INST_LIB_VERSION_H_ | 28 | #define _INST_LIB_VERSION_H_ | |
29 | 29 | |||
30 | #define PKGTOOLS_VERSION 20100421 | 30 | #define PKGTOOLS_VERSION 20100616 | |
31 | 31 | |||
32 | #endif /* _INST_LIB_VERSION_H_ */ | 32 | #endif /* _INST_LIB_VERSION_H_ */ |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: vulnerabilities-file.c,v 1.6 2010/04/14 18:24:58 joerg Exp $ */ | 1 | /* $NetBSD: vulnerabilities-file.c,v 1.7 2010/06/16 23:02:49 joerg Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>. | 4 | * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * | 10 | * | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in | 14 | * notice, this list of conditions and the following disclaimer in | |
@@ -28,27 +28,27 @@ | @@ -28,27 +28,27 @@ | |||
28 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 28 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
29 | * SUCH DAMAGE. | 29 | * SUCH DAMAGE. | |
30 | */ | 30 | */ | |
31 | 31 | |||
32 | #if HAVE_CONFIG_H | 32 | #if HAVE_CONFIG_H | |
33 | #include "config.h" | 33 | #include "config.h" | |
34 | #endif | 34 | #endif | |
35 | 35 | |||
36 | #include <nbcompat.h> | 36 | #include <nbcompat.h> | |
37 | 37 | |||
38 | #if HAVE_SYS_CDEFS_H | 38 | #if HAVE_SYS_CDEFS_H | |
39 | #include <sys/cdefs.h> | 39 | #include <sys/cdefs.h> | |
40 | #endif | 40 | #endif | |
41 | __RCSID("$NetBSD: vulnerabilities-file.c,v 1.6 2010/04/14 18:24:58 joerg Exp $"); | 41 | __RCSID("$NetBSD: vulnerabilities-file.c,v 1.7 2010/06/16 23:02:49 joerg Exp $"); | |
42 | 42 | |||
43 | #if HAVE_SYS_STAT_H | 43 | #if HAVE_SYS_STAT_H | |
44 | #include <sys/stat.h> | 44 | #include <sys/stat.h> | |
45 | #endif | 45 | #endif | |
46 | #if HAVE_SYS_WAIT_H | 46 | #if HAVE_SYS_WAIT_H | |
47 | #include <sys/wait.h> | 47 | #include <sys/wait.h> | |
48 | #endif | 48 | #endif | |
49 | #ifndef BOOTSTRAP | 49 | #ifndef BOOTSTRAP | |
50 | #include <archive.h> | 50 | #include <archive.h> | |
51 | #endif | 51 | #endif | |
52 | #include <ctype.h> | 52 | #include <ctype.h> | |
53 | #if HAVE_ERR_H | 53 | #if HAVE_ERR_H | |
54 | #include <err.h> | 54 | #include <err.h> | |
@@ -597,45 +597,48 @@ check_ignored_entry(struct pkg_vulnerabi | @@ -597,45 +597,48 @@ check_ignored_entry(struct pkg_vulnerabi | |||
597 | entry_len = next - iter; | 597 | entry_len = next - iter; | |
598 | ++next; | 598 | ++next; | |
599 | } | 599 | } | |
600 | if (url_len != entry_len) | 600 | if (url_len != entry_len) | |
601 | continue; | 601 | continue; | |
602 | if (strncmp(pv->advisory[i], iter, entry_len) == 0) | 602 | if (strncmp(pv->advisory[i], iter, entry_len) == 0) | |
603 | return 1; | 603 | return 1; | |
604 | } | 604 | } | |
605 | return 0; | 605 | return 0; | |
606 | } | 606 | } | |
607 | 607 | |||
608 | int | 608 | int | |
609 | audit_package(struct pkg_vulnerabilities *pv, const char *pkgname, | 609 | audit_package(struct pkg_vulnerabilities *pv, const char *pkgname, | |
610 | const char *limit_vul_types, int check_eol, int output_type) | 610 | const char *limit_vul_types, int output_type) | |
611 | { | 611 | { | |
612 | FILE *output = output_type == 1 ? stdout : stderr; | 612 | FILE *output = output_type == 1 ? stdout : stderr; | |
613 | size_t i; | 613 | size_t i; | |
614 | int retval; | 614 | int retval, do_eol; | |
615 | 615 | |||
616 | retval = 0; | 616 | retval = 0; | |
617 | 617 | |||
618 | do_eol = (strcasecmp(check_eol, "yes") == 0); | |||
619 | ||||
618 | for (i = 0; i < pv->entries; ++i) { | 620 | for (i = 0; i < pv->entries; ++i) { | |
619 | if (check_ignored_entry(pv, i)) | 621 | if (check_ignored_entry(pv, i)) | |
620 | continue; | 622 | continue; | |
621 | if (limit_vul_types != NULL && | 623 | if (limit_vul_types != NULL && | |
622 | strcmp(limit_vul_types, pv->classification[i])) | 624 | strcmp(limit_vul_types, pv->classification[i])) | |
623 | continue; | 625 | continue; | |
624 | if (!pkg_match(pv->vulnerability[i], pkgname)) | 626 | if (!pkg_match(pv->vulnerability[i], pkgname)) | |
625 | continue; | 627 | continue; | |
626 | if (strcmp("eol", pv->classification[i]) == 0) { | 628 | if (strcmp("eol", pv->classification[i]) == 0) { | |
627 | if (!check_eol) | 629 | if (!do_eol) | |
628 | continue; | 630 | continue; | |
631 | retval = 1; | |||
629 | if (output_type == 0) { | 632 | if (output_type == 0) { | |
630 | puts(pkgname); | 633 | puts(pkgname); | |
631 | continue; | 634 | continue; | |
632 | } | 635 | } | |
633 | fprintf(output, | 636 | fprintf(output, | |
634 | "Package %s has reached end-of-life (eol), " | 637 | "Package %s has reached end-of-life (eol), " | |
635 | "see %s/eol-packages\n", pkgname, | 638 | "see %s/eol-packages\n", pkgname, | |
636 | tnf_vulnerability_base); | 639 | tnf_vulnerability_base); | |
637 | continue; | 640 | continue; | |
638 | } | 641 | } | |
639 | retval = 1; | 642 | retval = 1; | |
640 | if (output_type == 0) { | 643 | if (output_type == 0) { | |
641 | puts(pkgname); | 644 | puts(pkgname); |