pkg_install-20100616:

- Recognize -C for pkg_add like the rest of the tools do
- Do the existing check for pkg_add -f, it makes the combination of
  -f and -U a bit less surprising
- Fix option handling for CHECK_VULNERABILITIES (from spz@)
- Make end-of-life check the default. pkg_install.conf(5) can be used to
  override the default. The existing admin -e & co continue to work as
  before.

13 files changed, 69 insertions, 42 deletions

diff --git a/pkgtools/pkg_install/files/add/main.c b/pkgtools/pkg_install/files/add/main.c
index 41c27de2bd1..3df813ae96f 100644
--- a/pkgtools/pkg_install/files/add/main.c
+++ b/pkgtools/pkg_install/files/add/main.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.25 2010/02/18 13:43:11 joerg Exp $	*/
+/*	$NetBSD: main.c,v 1.26 2010/06/16 23:02:48 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: main.c,v 1.25 2010/02/18 13:43:11 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.26 2010/06/16 23:02:48 joerg Exp $");
 
 /*
  *
@@ -39,7 +39,7 @@ __RCSID("$NetBSD: main.c,v 1.25 2010/02/18 13:43:11 joerg Exp $");
 #include "lib.h"
 #include "add.h"
 
-static char Options[] = "AIK:LP:RVW:fhm:np:t:Uuvw:";
+static char Options[] = "AC:IK:LP:RVW:fhm:np:t:Uuvw:";
 
 char   *Destdir = NULL;
 char   *OverrideMachine = NULL;
diff --git a/pkgtools/pkg_install/files/add/perform.c b/pkgtools/pkg_install/files/add/perform.c
index 081b6d3f48f..3a7e1eb8587 100644
--- a/pkgtools/pkg_install/files/add/perform.c
+++ b/pkgtools/pkg_install/files/add/perform.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: perform.c,v 1.96 2010/04/14 18:24:58 joerg Exp $	*/
+/*	$NetBSD: perform.c,v 1.97 2010/06/16 23:02:48 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -6,7 +6,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: perform.c,v 1.96 2010/04/14 18:24:58 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.97 2010/06/16 23:02:48 joerg Exp $");
 
 /*-
  * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org>
@@ -339,9 +339,6 @@ check_already_installed(struct pkg_task *pkg)
 	char *filename;
 	int fd;
 
-	if (Force)
-		return 1;
-
 	filename = pkgdb_pkg_file(pkg->pkgname, CONTENTS_FNAME);
 	fd = open(filename, O_RDONLY);
 	free(filename);
@@ -362,6 +359,9 @@ check_already_installed(struct pkg_task *pkg)
 		return 1;
 	}
 
+	if (Force)
+		return 1;
+
 	/* We can only arrive here for explicitly requested packages. */
 	if (!Automatic && is_automatic_installed(pkg->pkgname)) {
 		if (Fake ||
@@ -1269,9 +1269,9 @@ check_vulnerable(struct pkg_task *pkg)
 
 	if (strcasecmp(check_vulnerabilities, "never") == 0)
 		return 0;
-	else if (strcasecmp(check_vulnerabilities, "always"))
+	else if (strcasecmp(check_vulnerabilities, "always") == 0)
 		require_check = 1;
-	else if (strcasecmp(check_vulnerabilities, "interactive"))
+	else if (strcasecmp(check_vulnerabilities, "interactive") == 0)
 		require_check = 0;
 	else {
 		warnx("Unknown value of the configuration variable"
@@ -1286,7 +1286,7 @@ check_vulnerable(struct pkg_task *pkg)
 			return require_check;
 	}
 
-	if (!audit_package(pv, pkg->pkgname, NULL, 0, 2))
+	if (!audit_package(pv, pkg->pkgname, NULL, 2))
 		return 0;
 
 	if (require_check)
diff --git a/pkgtools/pkg_install/files/add/pkg_add.1 b/pkgtools/pkg_install/files/add/pkg_add.1
index 88f23c01002..046d3f27106 100644
--- a/pkgtools/pkg_install/files/add/pkg_add.1
+++ b/pkgtools/pkg_install/files/add/pkg_add.1
@@ -1,4 +1,4 @@
-.\" $NetBSD: pkg_add.1,v 1.43 2010/02/18 13:43:11 joerg Exp $
+.\" $NetBSD: pkg_add.1,v 1.44 2010/06/16 23:02:48 joerg Exp $
 .\"
 .\" FreeBSD install - a package for the installation and maintenance
 .\" of non-core utilities.
@@ -17,7 +17,7 @@
 .\"
 .\"     @(#)pkg_add.1
 .\"
-.Dd February 18, 2010
+.Dd June 16, 2010
 .Dt PKG_ADD 1
 .Os
 .Sh NAME
@@ -26,6 +26,7 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl AfILnRUuVv
+.Op Fl C Ar config
 .Op Fl K Ar pkg_dbdir
 .Op Fl m Ar machine
 .Op Fl P Ar destdir
@@ -116,6 +117,10 @@ a package without specifying
 .Fl A
 after it had already been automatically installed, the mark is
 removed.
+.It Fl C Ar config
+Read the configuration file from
+.Ar config
+instead of the system default.
 .It Fl f
 Force installation to proceed even if prerequisite packages are not
 installed or the install script fails.
diff --git a/pkgtools/pkg_install/files/add/pkg_add.cat b/pkgtools/pkg_install/files/add/pkg_add.cat
index ddd265f088b..1d0081236a8 100644
--- a/pkgtools/pkg_install/files/add/pkg_add.cat
+++ b/pkgtools/pkg_install/files/add/pkg_add.cat
@@ -5,8 +5,8 @@ NNAAMMEE
      tributions
 
 SSYYNNOOPPSSIISS
-     ppkkgg__aadddd [--AAffIILLnnRRUUuuVVvv] [--KK _p_k_g___d_b_d_i_r] [--mm _m_a_c_h_i_n_e] [--PP _d_e_s_t_d_i_r]
-             [--pp _p_r_e_f_i_x] [--WW _v_i_e_w_b_a_s_e] [--ww _v_i_e_w] _f_i_l_e _._._.
+     ppkkgg__aadddd [--AAffIILLnnRRUUuuVVvv] [--CC _c_o_n_f_i_g] [--KK _p_k_g___d_b_d_i_r] [--mm _m_a_c_h_i_n_e]
+             [--PP _d_e_s_t_d_i_r] [--pp _p_r_e_f_i_x] [--WW _v_i_e_w_b_a_s_e] [--ww _v_i_e_w] _f_i_l_e _._._.
              [[ftp|http]://[_u_s_e_r][:_p_a_s_s_w_o_r_d]@]_h_o_s_t[:_p_o_r_t][/_p_a_t_h_/]_p_k_g_-_n_a_m_e _._._.
 
 DDEESSCCRRIIPPTTIIOONN
@@ -53,6 +53,10 @@ OOPPTTIIOONNSS
              --AA after it had already been automatically installed, the mark is
              removed.
 
+     --CC _c_o_n_f_i_g
+             Read the configuration file from _c_o_n_f_i_g instead of the system
+             default.
+
      --ff      Force installation to proceed even if prerequisite packages are
              not installed or the install script fails.  Although ppkkgg__aadddd will
              still try to find and auto-install missing prerequisite packages,
@@ -262,4 +266,4 @@ BBUUGGSS
 
      Sure to be others.
 
-NetBSD 5.0                     February 18, 2010                    NetBSD 5.0
+NetBSD 5.0                       June 16, 2010                      NetBSD 5.0
diff --git a/pkgtools/pkg_install/files/admin/audit.c b/pkgtools/pkg_install/files/admin/audit.c
index c23ed42064c..9c1ea617ba6 100644
--- a/pkgtools/pkg_install/files/admin/audit.c
+++ b/pkgtools/pkg_install/files/admin/audit.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: audit.c,v 1.15 2010/04/14 18:24:58 joerg Exp $	*/
+/*	$NetBSD: audit.c,v 1.16 2010/06/16 23:02:48 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: audit.c,v 1.15 2010/04/14 18:24:58 joerg Exp $");
+__RCSID("$NetBSD: audit.c,v 1.16 2010/06/16 23:02:48 joerg Exp $");
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
@@ -73,7 +73,6 @@ __RCSID("$NetBSD: audit.c,v 1.15 2010/04/14 18:24:58 joerg Exp $");
 #include "admin.h"
 #include "lib.h"
 
-static int check_eol = 0;
 static int check_signature = 0;
 static const char *limit_vul_types = NULL;
 static int update_pkg_vuln = 0;
@@ -100,7 +99,7 @@ parse_options(int argc, char **argv, const char *options)
 	while ((ch = getopt(argc, argv, options)) != -1) {
 		switch (ch) {
 		case 'e':
-			check_eol = 1;
+			check_eol = "yes";
 			break;
 		case 's':
 			check_signature = 1;
@@ -123,8 +122,7 @@ parse_options(int argc, char **argv, const char *options)
 static int
 check_exact_pkg(const char *pkg)
 {
-	return audit_package(pv, pkg, limit_vul_types, check_eol,
-	    quiet ? 0 : 1);
+	return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1);
 }
 
 static int
diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.1 b/pkgtools/pkg_install/files/admin/pkg_admin.1
index 1e099448ffd..50d88b1cc6f 100644
--- a/pkgtools/pkg_install/files/admin/pkg_admin.1
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.1
@@ -1,4 +1,4 @@
-.\"	$NetBSD: pkg_admin.1,v 1.31 2010/01/22 13:30:41 joerg Exp $
+.\"	$NetBSD: pkg_admin.1,v 1.32 2010/06/16 23:02:48 joerg Exp $
 .\"
 .\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -34,7 +34,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 22, 2010
+.Dd June 16, 2010
 .Dt PKG_ADMIN 1
 .Os
 .Sh NAME
@@ -118,7 +118,12 @@ Check the listed installed packages for vulnerabilities.
 If no package is given, check all installed packages.
 If
 .Fl e
-is given, also include end-of-life information.
+is given, override the
+.Dv CHECK_END_OF_LIFE
+option from
+.Xr pkg_install.conf 5
+with
+.Qq Li yes .
 If
 .Fl s
 is given, check the signature of the pkg-vulnerabilities file before using it.
diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.cat b/pkgtools/pkg_install/files/admin/pkg_admin.cat
index 5684647f26d..768433633c3 100644
--- a/pkgtools/pkg_install/files/admin/pkg_admin.cat
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.cat
@@ -56,9 +56,10 @@ OOPPTTIIOONNSS
      aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ...
              Check the listed installed packages for vulnerabilities.  If no
              package is given, check all installed packages.  If --ee is given,
-             also include end-of-life information.  If --ss is given, check the
-             signature of the pkg-vulnerabilities file before using it.  --tt
-             restricts the reported vulnerabilities to type _t_y_p_e.
+             override the CHECK_END_OF_LIFE option from pkg_install.conf(5)
+             with "yes".  If --ss is given, check the signature of the pkg-vul-
+             nerabilities file before using it.  --tt restricts the reported
+             vulnerabilities to type _t_y_p_e.
 
      aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ...
              Like aauuddiitt, but check only the given package names or patterns.
diff --git a/pkgtools/pkg_install/files/lib/lib.h b/pkgtools/pkg_install/files/lib/lib.h
index 4006474c9ea..f79de966aed 100644
--- a/pkgtools/pkg_install/files/lib/lib.h
+++ b/pkgtools/pkg_install/files/lib/lib.h
@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.63 2010/04/14 18:24:58 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.64 2010/06/16 23:02:49 joerg Exp $ */
 
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 
@@ -380,7 +380,7 @@ struct pkg_vulnerabilities *read_pkg_vulnerabilities_file(const char *, int, int
 struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int);
 void free_pkg_vulnerabilities(struct pkg_vulnerabilities *);
 int audit_package(struct pkg_vulnerabilities *, const char *, const char *,
-    int, int);
+    int);
 
 /* Parse configuration file */
 void pkg_install_config(void);
@@ -430,6 +430,7 @@ extern Boolean Force;
 extern const char *cert_chain_file;
 extern const char *certs_packages;
 extern const char *certs_pkg_vulnerabilities;
+extern const char *check_eol;
 extern const char *check_vulnerabilities;
 extern const char *config_file;
 extern const char *config_pkg_dbdir;
diff --git a/pkgtools/pkg_install/files/lib/parse-config.c b/pkgtools/pkg_install/files/lib/parse-config.c
index 7c55c110dbc..bdeba73756c 100644
--- a/pkgtools/pkg_install/files/lib/parse-config.c
+++ b/pkgtools/pkg_install/files/lib/parse-config.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: parse-config.c,v 1.14 2010/01/22 13:30:42 joerg Exp $	*/
+/*	$NetBSD: parse-config.c,v 1.15 2010/06/16 23:02:49 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: parse-config.c,v 1.14 2010/01/22 13:30:42 joerg Exp $");
+__RCSID("$NetBSD: parse-config.c,v 1.15 2010/06/16 23:02:49 joerg Exp $");
 
 /*-
  * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org>.
@@ -65,6 +65,7 @@ const char *cache_index = "yes";
 const char *cert_chain_file;
 const char *certs_packages;
 const char *certs_pkg_vulnerabilities;
+const char *check_eol = "yes";
 const char *check_vulnerabilities;
 static const char *config_cache_connections;
 static const char *config_cache_connections_host;
@@ -98,6 +99,7 @@ static struct config_variable {
 	{ "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities },
 	{ "CERTIFICATE_CHAIN", &cert_chain_file },
 	{ "CHECK_LICENSE", &do_license_check },
+	{ "CHECK_END_OF_LIFE", &check_eol },
 	{ "CHECK_VULNERABILITIES", &check_vulnerabilities },
 	{ "DEFAULT_ACCEPTABLE_LICENSES", &default_acceptable_licenses },
 	{ "GPG", &gpg_cmd },
diff --git a/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in b/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in
index 8f8bf3d5088..bf4c703750f 100644
--- a/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in
+++ b/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in
@@ -1,4 +1,4 @@
-.\"	$NetBSD: pkg_install.conf.5.in,v 1.13 2010/01/22 13:30:42 joerg Exp $
+.\"	$NetBSD: pkg_install.conf.5.in,v 1.14 2010/06/16 23:02:49 joerg Exp $
 .\"
 .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 22, 2010
+.Dd June 16, 2010
 .Dt PKG_INSTALL.CONF 5
 .Os
 .Sh NAME
@@ -89,6 +89,10 @@ The check is performed if the package has license conditions set.
 Passing the license check is required.
 Missing license conditions are considered an error.
 .El
+.It Dv CHECK_END_OF_FILE
+During vulnerability checks, consider packages that have reached end-of-life
+as vulnerable.
+This option is enabled by default.
 .It Dv CHECK_VULNERABILITIES
 Check for vulnerabilities when installing packages.
 Supported values are:
diff --git a/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in b/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in
index 514430570f0..3ce11405194 100644
--- a/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in
+++ b/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in
@@ -56,6 +56,10 @@ DDEESSCCRRIIPPTTIIOONN
              always         Passing the license check is required.  Missing
                             license conditions are considered an error.
 
+     CHECK_END_OF_FILE
+             During vulnerability checks, consider packages that have reached
+             end-of-life as vulnerable.  This option is enabled by default.
+
      CHECK_VULNERABILITIES
              Check for vulnerabilities when installing packages.  Supported
              values are:
@@ -166,4 +170,4 @@ FFIILLEESS
 SSEEEE AALLSSOO
      pkg_add(1), pkg_admin(1) pkg_create(1), pkg_delete(1), pkg_info(1)
 
-NetBSD 5.0                     January 22, 2010                     NetBSD 5.0
+NetBSD 5.0                       June 16, 2010                      NetBSD 5.0
diff --git a/pkgtools/pkg_install/files/lib/version.h b/pkgtools/pkg_install/files/lib/version.h
index 1a4927de84d..0d4125cc9ce 100644
--- a/pkgtools/pkg_install/files/lib/version.h
+++ b/pkgtools/pkg_install/files/lib/version.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: version.h,v 1.155 2010/04/20 21:22:38 joerg Exp $	*/
+/*	$NetBSD: version.h,v 1.156 2010/06/16 23:02:49 joerg Exp $	*/
 
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
@@ -27,6 +27,6 @@
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
 
-#define PKGTOOLS_VERSION 20100421
+#define PKGTOOLS_VERSION 20100616
 
 #endif /* _INST_LIB_VERSION_H_ */
diff --git a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c
index 897795fd9b1..1b29baf6a1a 100644
--- a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c
+++ b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: vulnerabilities-file.c,v 1.6 2010/04/14 18:24:58 joerg Exp $	*/
+/*	$NetBSD: vulnerabilities-file.c,v 1.7 2010/06/16 23:02:49 joerg Exp $	*/
 
 /*-
  * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>.
@@ -38,7 +38,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: vulnerabilities-file.c,v 1.6 2010/04/14 18:24:58 joerg Exp $");
+__RCSID("$NetBSD: vulnerabilities-file.c,v 1.7 2010/06/16 23:02:49 joerg Exp $");
 
 #if HAVE_SYS_STAT_H
 #include <sys/stat.h>
@@ -607,14 +607,16 @@ check_ignored_entry(struct pkg_vulnerabilities *pv, size_t i)
 
 int
 audit_package(struct pkg_vulnerabilities *pv, const char *pkgname,
-    const char *limit_vul_types, int check_eol, int output_type)
+    const char *limit_vul_types, int output_type)
 {
 	FILE *output = output_type == 1 ? stdout : stderr;
 	size_t i;
-	int retval;
+	int retval, do_eol;
 
 	retval = 0;
 
+	do_eol = (strcasecmp(check_eol, "yes") == 0);
+
 	for (i = 0; i < pv->entries; ++i) {
 		if (check_ignored_entry(pv, i))
 			continue;
@@ -624,8 +626,9 @@ audit_package(struct pkg_vulnerabilities *pv, const char *pkgname,
 		if (!pkg_match(pv->vulnerability[i], pkgname))
 			continue;
 		if (strcmp("eol", pv->classification[i]) == 0) {
-			if (!check_eol)
+			if (!do_eol)
 				continue;
+			retval = 1;
 			if (output_type == 0) {
 				puts(pkgname);
 				continue;