Add an ALLOW_VULNERABLE_PACKAGES switch, defaulting to undefined, to allow

vulnerable packages to be built (in extremis, of course).

Prompted by Thomas Klausner.

2 files changed, 13 insertions, 3 deletions

diff --git a/mk/bsd.pkg.defaults.mk b/mk/bsd.pkg.defaults.mk
index fc6e8c44c5d..e7b9469c267 100644
--- a/mk/bsd.pkg.defaults.mk
+++ b/mk/bsd.pkg.defaults.mk
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkg.defaults.mk,v 1.139 2003/04/10 20:32:29 grant Exp $
+# $NetBSD: bsd.pkg.defaults.mk,v 1.140 2003/04/17 13:04:56 agc Exp $
 #
 
 # A file providing defaults for pkgsrc and the packages collection.
@@ -10,6 +10,12 @@
 # NOTE TO PEOPLE EDITING THIS FILE - USE LEADING SPACES, NOT LEADING TABS.
 # ************************************************************************
 
+#ALLOW_VULNERABLE_PACKAGES=
+# allow the user to build packages which are known to be vulnerable to
+# security exploits
+# Possible: defined, not defined
+# Default: not defined
+
 #MANZ=
 # gzip manual pages at installation time
 # Possible: defined, not defined
diff --git a/mk/bsd.pkg.mk b/mk/bsd.pkg.mk
index dfe5b273bc7..c6ade62f30c 100644
--- a/mk/bsd.pkg.mk
+++ b/mk/bsd.pkg.mk
@@ -1,4 +1,4 @@
-#	$NetBSD: bsd.pkg.mk,v 1.1169 2003/04/17 12:36:54 agc Exp $
+#	$NetBSD: bsd.pkg.mk,v 1.1170 2003/04/17 13:04:57 agc Exp $
 #
 # This file is in the public domain.
 #
@@ -1410,13 +1410,17 @@ check-vulnerable:
 
 .if !target(do-fetch)
 do-fetch:
+.  if !defined(ALLOW_VULNERABLE_PACKAGES)
 	@${ECHO_MSG} "${_PKGSRC_IN}> Checking for vulnerabilities in ${PKGNAME}"
 	${_PKG_SILENT}${_PKG_DEBUG}					\
 	vul=`${MAKE} ${MAKEFLAGS} check-vulnerable`;			\
 	case "$$vul" in							\
 	"")	;;							\
-	*)	${ECHO} "$$vul"; ${FALSE} ;;				\
+	*)	${ECHO} "$$vul";					\
+		${ECHO} "or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential"; \
+		${FALSE} ;;						\
 	esac
+.  endif
 .  if !empty(_ALLFILES)
 	${_PKG_SILENT}${_PKG_DEBUG}					\
 	${TEST} -d ${_DISTDIR} || ${MKDIR} ${_DISTDIR}