pkg_install-20090108:

pkg_add optionally checks for vulnerable packages and bails out.

1 files changed, 7 insertions, 2 deletions

diff --git a/pkgtools/pkg_install/files/lib/parse-config.c b/pkgtools/pkg_install/files/lib/parse-config.c
index e35271a36cf..d629c85c3af 100644
--- a/pkgtools/pkg_install/files/lib/parse-config.c
+++ b/pkgtools/pkg_install/files/lib/parse-config.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: parse-config.c,v 1.1.2.5 2008/08/21 16:04:39 joerg Exp $	*/
+/*	$NetBSD: parse-config.c,v 1.1.2.6 2009/01/08 00:01:31 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -8,7 +8,7 @@
 #include <sys/cdefs.h>
 #endif
 #ifndef lint
-__RCSID("$NetBSD: parse-config.c,v 1.1.2.5 2008/08/21 16:04:39 joerg Exp $");
+__RCSID("$NetBSD: parse-config.c,v 1.1.2.6 2009/01/08 00:01:31 joerg Exp $");
 #endif
 
 /*-
@@ -58,6 +58,7 @@ static const char *ignore_proxy;
 const char *cert_chain_file;
 const char *certs_packages;
 const char *certs_pkg_vulnerabilities;
+const char *check_vulnerabilities;
 const char *verified_installation;
 const char *gpg_cmd;
 const char *pkg_vulnerabilities_dir;
@@ -75,6 +76,7 @@ static struct config_variable {
 	{ "CERTIFICATE_ANCHOR_PKGS", &certs_packages },
 	{ "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities },
 	{ "CERTIFICATE_CHAIN", &cert_chain_file },
+	{ "CHECK_VULNERABILITIES", &check_vulnerabilities },
 	{ "GPG", &gpg_cmd },
 	{ "IGNORE_PROXY", &ignore_proxy },
 	{ "IGNORE_URL", &ignore_advisories },
@@ -108,6 +110,9 @@ pkg_install_config(void)
 	if (verified_installation == NULL)
 		verified_installation = "never";
 
+	if (check_vulnerabilities == NULL)
+		check_vulnerabilities = "never";
+
 	snprintf(fetch_flags, sizeof(fetch_flags), "%s%s%s",
 	    (verbose_netio && *verbose_netio) ? "v" : "",
 	    (active_ftp && *active_ftp) ? "" : "p",