Make the PKGVULNDIR variable more generic, so one can choose where to

store the vulnerabilities file.  This variable was already recognized by
audit-packages but not by bsd.pkg.mk which hardcoded DISTDIR.

2 files changed, 17 insertions, 10 deletions

diff --git a/mk/bsd.pkg.defaults.mk b/mk/bsd.pkg.defaults.mk
index e7b9469c267..9a675758e6a 100644
--- a/mk/bsd.pkg.defaults.mk
+++ b/mk/bsd.pkg.defaults.mk
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkg.defaults.mk,v 1.140 2003/04/17 13:04:56 agc Exp $
+# $NetBSD: bsd.pkg.defaults.mk,v 1.141 2003/04/25 20:05:19 jmmv Exp $
 #
 
 # A file providing defaults for pkgsrc and the packages collection.
@@ -138,6 +138,13 @@ PACKAGES?=       ${_PKGSRCDIR}/packages
 # Possible: any path you like
 # Default: /usr/pkgsrc/packages
 
+PKGVULNDIR?=     ${DISTDIR}
+# Specifies where the `vulnerabilities' file is located.  This variable
+# is used by the audit-packages program and by pkgsrc itself to do security
+# checks before building/installing programs.
+# Possible: any path you like
+# Default: /usr/pkgsrc/distfiles
+
 #PASSIVE_FETCH=
 # Use ftp(1) in passive mode, for use behind filtering firewalls. 
 # (Set by default in ftp(1) in NetBSD-current)
diff --git a/mk/bsd.pkg.mk b/mk/bsd.pkg.mk
index fcfe797c933..1a02fc5a2a9 100644
--- a/mk/bsd.pkg.mk
+++ b/mk/bsd.pkg.mk
@@ -1,4 +1,4 @@
-#	$NetBSD: bsd.pkg.mk,v 1.1171 2003/04/17 15:33:26 grant Exp $
+#	$NetBSD: bsd.pkg.mk,v 1.1172 2003/04/25 20:05:18 jmmv Exp $
 #
 # This file is in the public domain.
 #
@@ -1406,10 +1406,10 @@ batch-check-distfiles:
 # check for any vulnerabilities in the package
 # Please do not modify the leading "@" here
 check-vulnerable:
-	@if [ -f ${DISTDIR}/vulnerabilities ]; then			\
+	@if [ -f ${PKGVULNDIR}/vulnerabilities ]; then			\
 		${SETENV} PKGNAME="${PKGNAME}"				\
 			${AWK} '/#.*/ { next }				\
-				{ s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ECHO} \"*** WARNING - %s vulnerability in %s - see %s for more information ***\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); system(s); }' < ${DISTDIR}/vulnerabilities || ${FALSE}; \
+				{ s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ECHO} \"*** WARNING - %s vulnerability in %s - see %s for more information ***\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); system(s); }' < ${PKGVULNDIR}/vulnerabilities || ${FALSE}; \
 	fi
 
 .if !target(do-fetch)
@@ -3761,19 +3761,19 @@ SED_HOMEPAGE_EXPR=       -e 's|%%HOMEPAGE%%||'
 
 show-vulnerabilities:
 	${_PKG_SILENT}${_PKG_DEBUG}					\
-	if [ -f ${DISTDIR}/vulnerabilities ]; then			\
-		${AWK} '/^${PKGBASE}[-<>=]+[0-9]/ { print $$0 }' ${DISTDIR}/vulnerabilities; \
+	if [ -f ${PKGVULNDIR}/vulnerabilities ]; then			\
+		${AWK} '/^${PKGBASE}[-<>=]+[0-9]/ { print $$0 }' ${PKGVULNDIR}/vulnerabilities; \
 	else								\
 		${ECHO} "No vulnerabilities list found.";		\
 	fi
 
 show-vulnerabilities-html:
 	${_PKG_SILENT}${_PKG_DEBUG}					\
-	if [ -f ${DISTDIR}/vulnerabilities ]; then			\
+	if [ -f ${PKGVULNDIR}/vulnerabilities ]; then			\
 		${AWK} '/^${PKGBASE}[-<>=]+[0-9]/ { gsub("\<", "\\&lt;", $$1);	\
 			 gsub("\>", "\\&gt;", $$1);			\
 			 printf("<LI><STRONG>%s has a %s exploit (see <a href=\"%s\">%s</a> for more details)</STRONG></LI>\n", $$1, $$2, $$3, $$3) }' \
-			${DISTDIR}/vulnerabilities;			\
+			${PKGVULNDIR}/vulnerabilities;			\
 	fi
 
 
@@ -4164,8 +4164,8 @@ fake-pkg: ${PLIST} ${DESCR} ${MESSAGE}
 		done;							\
 	fi
 	${_PKG_SILENT}${_PKG_DEBUG}					\
-	if [ -f ${DISTDIR}/vulnerabilities ]; then			\
-		allvul="`${AWK} '/#.*/ { next } NF > 0 { cmd = sprintf(\"${PKG_INFO} -e \\\"%s\\\"\", $$1); system(cmd) }' ${DISTDIR}/vulnerabilities`"; \
+	if [ -f ${PKGVULNDIR}/vulnerabilities ]; then			\
+		allvul="`${AWK} '/#.*/ { next } NF > 0 { cmd = sprintf(\"${PKG_INFO} -e \\\"%s\\\"\", $$1); system(cmd) }' ${PKGVULNDIR}/vulnerabilities`"; \
 		for vul in "" $$allvul; do				\
 			if [ "X$$vul" = "X" ]; then continue; fi;	\
 			if [ "$$vul" = "${PKGNAME}" ]; then		\