diff options
| author | agc <agc@pkgsrc.org> | 2000-09-27 12:50:49 +0000 |
|---|---|---|
| committer | agc <agc@pkgsrc.org> | 2000-09-27 12:50:49 +0000 |
| commit | 79d9b964bb31d4198ebf77d325ea608ffe138c9c (patch) | |
| tree | f2fa51849eb353cf91371cfb987e2bcb660bc976 /mk | |
| parent | dd2fdb678d18f20a752f1c9f196863278d8afc9e (diff) | |
| download | pkgsrc-79d9b964bb31d4198ebf77d325ea608ffe138c9c.tar.gz | |
Postpone the check for vulnerabilities in the package being installed
from the middle of root-install until the end of fake-pkg target. At
the end of the fake-pkg target, the package has been registered using
pkg_create(1), and so it's possible to use relational comparisons of
the version numbers, thereby making it possible to use the information
from the standard vulnerabilities file.
This addresses PR 11077.
Diffstat (limited to 'mk')
| -rw-r--r-- | mk/bsd.pkg.mk | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/mk/bsd.pkg.mk b/mk/bsd.pkg.mk index 76be8ca8e1c..f9c5eb69688 100644 --- a/mk/bsd.pkg.mk +++ b/mk/bsd.pkg.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkg.mk,v 1.579 2000/09/20 21:53:32 hubertf Exp $ +# $NetBSD: bsd.pkg.mk,v 1.580 2000/09/27 12:50:49 agc Exp $ # # This file is in the public domain. # @@ -1623,18 +1623,6 @@ root-install: ${ECHO_MSG} "If this is not desired, set it to an appropriate value (${DEF_UMASK})"; \ ${ECHO_MSG} "and install this package again by \`\`${MAKE} deinstall reinstall''."; \ fi - ${_PKG_SILENT}${_PKG_DEBUG} \ - if [ -f ${DISTDIR}/vulnerabilities ]; then \ - vul="`${MAKE} show-vulnerabilities`"; \ - if [ "$$vul" != "" ]; then \ - ${ECHO_MSG} '*** WARNING: Vulnerabilities in this package ***'; \ - ${ECHO_MSG} "$$vul"; \ - fi \ - else \ - ${ECHO} "No ${DISTDIR}/vulnerabilities file."; \ - ${ECHO} "Consider installing the pkgsrc/security/audit-packages package"; \ - ${ECHO} "to provide automatic package security vulnerability detection."; \ - fi .if !defined(NO_MTREE) ${_PKG_SILENT}${_PKG_DEBUG}if [ `${ID} -u` = 0 ]; then \ if [ ! -f ${MTREE_FILE} ]; then \ @@ -3138,6 +3126,18 @@ fake-pkg: ${PLIST} ${DESCR} fi; \ done; \ fi + ${_PKG_SILENT}${_PKG_DEBUG} \ + if [ -f ${DISTDIR}/vulnerabilities ]; then \ + allvul="`${AWK} '/#.*/ { next } NF > 0 { cmd = sprintf(\"${PKG_INFO} -e \\\"%s\\\"\", $$1); system(cmd) }' ${DISTDIR}/vulnerabilities`"; \ + for vul in "" $$allvul; do \ + if [ "X$$vul" = "X" ]; then continue; fi; \ + if [ "$$vul" = "${PKGNAME}" ]; then \ + ${ECHO_MSG} '*** WARNING: This package (${PKGNAME}) has a security vulnerability ***'; \ + ${ECHO_MSG} "`${MAKE} show-vulnerabilities`"; \ + ${ECHO_MSG} '*** WARNING: You are strongly advised to deinstall ${PKGNAME} now ***'; \ + fi; \ + done; \ + fi .endif # Depend is generally meaningless for arbitrary packages, but if someone wants |