diff options
| author | rillig <rillig@pkgsrc.org> | 2006-08-01 06:05:15 +0000 |
|---|---|---|
| committer | rillig <rillig@pkgsrc.org> | 2006-08-01 06:05:15 +0000 |
| commit | e888cd24c2a86ce3b73717341311c00c9d8c4abe (patch) | |
| tree | d98164ee47f9a7e2dcace5f1e9ced875e12bbd71 /mk | |
| parent | f1ac5f909ead3d3e1b38cf9cc5bdffaad74e78ff (diff) | |
| download | pkgsrc-e888cd24c2a86ce3b73717341311c00c9d8c4abe.tar.gz | |
Added a program that sorts binary packages into categories, depending on
whether they may be uploaded, are vulnerable, or good.
Diffstat (limited to 'mk')
| -rw-r--r-- | mk/bulk/sort-packages | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/mk/bulk/sort-packages b/mk/bulk/sort-packages new file mode 100644 index 00000000000..b823c112934 --- /dev/null +++ b/mk/bulk/sort-packages @@ -0,0 +1,94 @@ +#! /bin/sh +# $NetBSD: sort-packages,v 1.1 2006/08/01 06:05:15 rillig Exp $ + +# This program scans all binary packages in the current directory and +# creates three lists of files in OUTDIR: +# +# restricted_packages +# contains all packages that must not be published on the FTP +# server, for whatever reason +# +# vulnerable_packages +# contains all packages that are not restricted, but vulnerable +# +# regular_packages +# contains all the other ("good") packages. +# + +set -eu + +: ${OUTDIR="/tmp"} +: ${PKG_SUFX=".tgz"} +: ${AUDIT_PACKAGES="audit-packages"} +: ${PKG_INFO_CMD="pkg_info"} + +regular_packages="${OUTDIR}/regular_packages" +restricted_packages="${OUTDIR}/restricted_packages" +vulnerable_packages="${OUTDIR}/vulnerable_packages" +newline=" +" + +rm -f "${regular_packages}" "${restricted_packages}" "${vulnerable_packages}" + +for pkg in *${PKG_SUFX}; do + build_info=`${pkg_info_cmd} -B "${pkg}"` + + # Note: this code needs to be that complicated because licensing + # issues are critical to pkgsrc, and we really don't want + # anything unexpected to happen here. The worst case would be + # some file is sorted wrongly because some change in the output + # of pkg_info which had not been foreseen. Therefore it is + # better to check as strictly as possible to make those + # changes immediately visible. + + no_bin_on_ftp="unknown" + case "${newline}${build_info}${newline}" in + *"${newline}NO_BIN_ON_FTP=${newline}"*) + no_bin_on_ftp="no" + ;; + *"${newline}NO_BIN_ON_FTP="*) + no_bin_on_ftp="yes" + ;; + esac + + restricted="unknown" + case "${newline}${build_info}${newline}" in + *"${newline}RESTRICTED=${newline}"*) + restricted="no" + ;; + *"${newline}RESTRICTED="*) + restricted="yes" + ;; + esac + + if [ "${restricted}" = "no" ] && [ "${no_bin_on_ftp}" = "no" ]; then + # Check whether the package is vulnerable or not. + vuln=`${AUDIT_PACKAGES} -p "${pkg}"` + if [ "${vuln}" = "" ]; then + category="regular" + else + category="vulnerable" + fi + elif [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then + category="restricted" + else + category="unknown" + fi + + : echo "upload> ${pkg} is ${category}." + + case "${category}" in + "regular") + echo "${pkg}" >> "${regular_packages}" + ;; + "vulnerable") + echo "${pkg}" >> "${vulnerable_packages}" + ;; + "restricted") + echo "${pkg}" >> "${restricted_packages}" + ;; + *) + echo "upload> WARNING: Could not sort ${pkg} into a category." 1>&2 + ;; + esac +done |