diff options
| author | agc <agc@pkgsrc.org> | 2000-09-27 12:50:49 +0000 |
|---|---|---|
| committer | agc <agc@pkgsrc.org> | 2000-09-27 12:50:49 +0000 |
| commit | 79d9b964bb31d4198ebf77d325ea608ffe138c9c (patch) | |
| tree | f2fa51849eb353cf91371cfb987e2bcb660bc976 | |
| parent | dd2fdb678d18f20a752f1c9f196863278d8afc9e (diff) | |
| download | pkgsrc-79d9b964bb31d4198ebf77d325ea608ffe138c9c.tar.gz | |
Postpone the check for vulnerabilities in the package being installed
from the middle of root-install until the end of fake-pkg target. At
the end of the fake-pkg target, the package has been registered using
pkg_create(1), and so it's possible to use relational comparisons of
the version numbers, thereby making it possible to use the information
from the standard vulnerabilities file.
This addresses PR 11077.
| -rw-r--r-- | mk/bsd.pkg.mk | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/mk/bsd.pkg.mk b/mk/bsd.pkg.mk index 76be8ca8e1c..f9c5eb69688 100644 --- a/mk/bsd.pkg.mk +++ b/mk/bsd.pkg.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkg.mk,v 1.579 2000/09/20 21:53:32 hubertf Exp $ +# $NetBSD: bsd.pkg.mk,v 1.580 2000/09/27 12:50:49 agc Exp $ # # This file is in the public domain. # @@ -1623,18 +1623,6 @@ root-install: ${ECHO_MSG} "If this is not desired, set it to an appropriate value (${DEF_UMASK})"; \ ${ECHO_MSG} "and install this package again by \`\`${MAKE} deinstall reinstall''."; \ fi - ${_PKG_SILENT}${_PKG_DEBUG} \ - if [ -f ${DISTDIR}/vulnerabilities ]; then \ - vul="`${MAKE} show-vulnerabilities`"; \ - if [ "$$vul" != "" ]; then \ - ${ECHO_MSG} '*** WARNING: Vulnerabilities in this package ***'; \ - ${ECHO_MSG} "$$vul"; \ - fi \ - else \ - ${ECHO} "No ${DISTDIR}/vulnerabilities file."; \ - ${ECHO} "Consider installing the pkgsrc/security/audit-packages package"; \ - ${ECHO} "to provide automatic package security vulnerability detection."; \ - fi .if !defined(NO_MTREE) ${_PKG_SILENT}${_PKG_DEBUG}if [ `${ID} -u` = 0 ]; then \ if [ ! -f ${MTREE_FILE} ]; then \ @@ -3138,6 +3126,18 @@ fake-pkg: ${PLIST} ${DESCR} fi; \ done; \ fi + ${_PKG_SILENT}${_PKG_DEBUG} \ + if [ -f ${DISTDIR}/vulnerabilities ]; then \ + allvul="`${AWK} '/#.*/ { next } NF > 0 { cmd = sprintf(\"${PKG_INFO} -e \\\"%s\\\"\", $$1); system(cmd) }' ${DISTDIR}/vulnerabilities`"; \ + for vul in "" $$allvul; do \ + if [ "X$$vul" = "X" ]; then continue; fi; \ + if [ "$$vul" = "${PKGNAME}" ]; then \ + ${ECHO_MSG} '*** WARNING: This package (${PKGNAME}) has a security vulnerability ***'; \ + ${ECHO_MSG} "`${MAKE} show-vulnerabilities`"; \ + ${ECHO_MSG} '*** WARNING: You are strongly advised to deinstall ${PKGNAME} now ***'; \ + fi; \ + done; \ + fi .endif # Depend is generally meaningless for arbitrary packages, but if someone wants |