summaryrefslogtreecommitdiff
path: root/pkgtools
diff options
context:
space:
mode:
authorjoerg <joerg@pkgsrc.org>2010-06-16 23:02:48 +0000
committerjoerg <joerg@pkgsrc.org>2010-06-16 23:02:48 +0000
commitb4189994418dd073da721ed6f514ee01448ff3cf (patch)
tree56364727590364247140836a17172fed15cfa689 /pkgtools
parent6628d729a1ea77b0a670052ab236670c7d5d8f00 (diff)
downloadpkgsrc-b4189994418dd073da721ed6f514ee01448ff3cf.tar.gz
pkg_install-20100616:
- Recognize -C for pkg_add like the rest of the tools do - Do the existing check for pkg_add -f, it makes the combination of -f and -U a bit less surprising - Fix option handling for CHECK_VULNERABILITIES (from spz@) - Make end-of-life check the default. pkg_install.conf(5) can be used to override the default. The existing admin -e & co continue to work as before.
Diffstat (limited to 'pkgtools')
-rw-r--r--pkgtools/pkg_install/files/add/main.c6
-rw-r--r--pkgtools/pkg_install/files/add/perform.c16
-rw-r--r--pkgtools/pkg_install/files/add/pkg_add.19
-rw-r--r--pkgtools/pkg_install/files/add/pkg_add.cat10
-rw-r--r--pkgtools/pkg_install/files/admin/audit.c10
-rw-r--r--pkgtools/pkg_install/files/admin/pkg_admin.111
-rw-r--r--pkgtools/pkg_install/files/admin/pkg_admin.cat7
-rw-r--r--pkgtools/pkg_install/files/lib/lib.h5
-rw-r--r--pkgtools/pkg_install/files/lib/parse-config.c6
-rw-r--r--pkgtools/pkg_install/files/lib/pkg_install.conf.5.in8
-rw-r--r--pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in6
-rw-r--r--pkgtools/pkg_install/files/lib/version.h4
-rw-r--r--pkgtools/pkg_install/files/lib/vulnerabilities-file.c13
13 files changed, 69 insertions, 42 deletions
diff --git a/pkgtools/pkg_install/files/add/main.c b/pkgtools/pkg_install/files/add/main.c
index 41c27de2bd1..3df813ae96f 100644
--- a/pkgtools/pkg_install/files/add/main.c
+++ b/pkgtools/pkg_install/files/add/main.c
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.25 2010/02/18 13:43:11 joerg Exp $ */
+/* $NetBSD: main.c,v 1.26 2010/06/16 23:02:48 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: main.c,v 1.25 2010/02/18 13:43:11 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.26 2010/06/16 23:02:48 joerg Exp $");
/*
*
@@ -39,7 +39,7 @@ __RCSID("$NetBSD: main.c,v 1.25 2010/02/18 13:43:11 joerg Exp $");
#include "lib.h"
#include "add.h"
-static char Options[] = "AIK:LP:RVW:fhm:np:t:Uuvw:";
+static char Options[] = "AC:IK:LP:RVW:fhm:np:t:Uuvw:";
char *Destdir = NULL;
char *OverrideMachine = NULL;
diff --git a/pkgtools/pkg_install/files/add/perform.c b/pkgtools/pkg_install/files/add/perform.c
index 081b6d3f48f..3a7e1eb8587 100644
--- a/pkgtools/pkg_install/files/add/perform.c
+++ b/pkgtools/pkg_install/files/add/perform.c
@@ -1,4 +1,4 @@
-/* $NetBSD: perform.c,v 1.96 2010/04/14 18:24:58 joerg Exp $ */
+/* $NetBSD: perform.c,v 1.97 2010/06/16 23:02:48 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
@@ -6,7 +6,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: perform.c,v 1.96 2010/04/14 18:24:58 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.97 2010/06/16 23:02:48 joerg Exp $");
/*-
* Copyright (c) 2003 Grant Beattie <grant@NetBSD.org>
@@ -339,9 +339,6 @@ check_already_installed(struct pkg_task *pkg)
char *filename;
int fd;
- if (Force)
- return 1;
-
filename = pkgdb_pkg_file(pkg->pkgname, CONTENTS_FNAME);
fd = open(filename, O_RDONLY);
free(filename);
@@ -362,6 +359,9 @@ check_already_installed(struct pkg_task *pkg)
return 1;
}
+ if (Force)
+ return 1;
+
/* We can only arrive here for explicitly requested packages. */
if (!Automatic && is_automatic_installed(pkg->pkgname)) {
if (Fake ||
@@ -1269,9 +1269,9 @@ check_vulnerable(struct pkg_task *pkg)
if (strcasecmp(check_vulnerabilities, "never") == 0)
return 0;
- else if (strcasecmp(check_vulnerabilities, "always"))
+ else if (strcasecmp(check_vulnerabilities, "always") == 0)
require_check = 1;
- else if (strcasecmp(check_vulnerabilities, "interactive"))
+ else if (strcasecmp(check_vulnerabilities, "interactive") == 0)
require_check = 0;
else {
warnx("Unknown value of the configuration variable"
@@ -1286,7 +1286,7 @@ check_vulnerable(struct pkg_task *pkg)
return require_check;
}
- if (!audit_package(pv, pkg->pkgname, NULL, 0, 2))
+ if (!audit_package(pv, pkg->pkgname, NULL, 2))
return 0;
if (require_check)
diff --git a/pkgtools/pkg_install/files/add/pkg_add.1 b/pkgtools/pkg_install/files/add/pkg_add.1
index 88f23c01002..046d3f27106 100644
--- a/pkgtools/pkg_install/files/add/pkg_add.1
+++ b/pkgtools/pkg_install/files/add/pkg_add.1
@@ -1,4 +1,4 @@
-.\" $NetBSD: pkg_add.1,v 1.43 2010/02/18 13:43:11 joerg Exp $
+.\" $NetBSD: pkg_add.1,v 1.44 2010/06/16 23:02:48 joerg Exp $
.\"
.\" FreeBSD install - a package for the installation and maintenance
.\" of non-core utilities.
@@ -17,7 +17,7 @@
.\"
.\" @(#)pkg_add.1
.\"
-.Dd February 18, 2010
+.Dd June 16, 2010
.Dt PKG_ADD 1
.Os
.Sh NAME
@@ -26,6 +26,7 @@
.Sh SYNOPSIS
.Nm
.Op Fl AfILnRUuVv
+.Op Fl C Ar config
.Op Fl K Ar pkg_dbdir
.Op Fl m Ar machine
.Op Fl P Ar destdir
@@ -116,6 +117,10 @@ a package without specifying
.Fl A
after it had already been automatically installed, the mark is
removed.
+.It Fl C Ar config
+Read the configuration file from
+.Ar config
+instead of the system default.
.It Fl f
Force installation to proceed even if prerequisite packages are not
installed or the install script fails.
diff --git a/pkgtools/pkg_install/files/add/pkg_add.cat b/pkgtools/pkg_install/files/add/pkg_add.cat
index ddd265f088b..1d0081236a8 100644
--- a/pkgtools/pkg_install/files/add/pkg_add.cat
+++ b/pkgtools/pkg_install/files/add/pkg_add.cat
@@ -5,8 +5,8 @@ NNAAMMEE
tributions
SSYYNNOOPPSSIISS
- ppkkgg__aadddd [--AAffIILLnnRRUUuuVVvv] [--KK _p_k_g___d_b_d_i_r] [--mm _m_a_c_h_i_n_e] [--PP _d_e_s_t_d_i_r]
- [--pp _p_r_e_f_i_x] [--WW _v_i_e_w_b_a_s_e] [--ww _v_i_e_w] _f_i_l_e _._._.
+ ppkkgg__aadddd [--AAffIILLnnRRUUuuVVvv] [--CC _c_o_n_f_i_g] [--KK _p_k_g___d_b_d_i_r] [--mm _m_a_c_h_i_n_e]
+ [--PP _d_e_s_t_d_i_r] [--pp _p_r_e_f_i_x] [--WW _v_i_e_w_b_a_s_e] [--ww _v_i_e_w] _f_i_l_e _._._.
[[ftp|http]://[_u_s_e_r][:_p_a_s_s_w_o_r_d]@]_h_o_s_t[:_p_o_r_t][/_p_a_t_h_/]_p_k_g_-_n_a_m_e _._._.
DDEESSCCRRIIPPTTIIOONN
@@ -53,6 +53,10 @@ OOPPTTIIOONNSS
--AA after it had already been automatically installed, the mark is
removed.
+ --CC _c_o_n_f_i_g
+ Read the configuration file from _c_o_n_f_i_g instead of the system
+ default.
+
--ff Force installation to proceed even if prerequisite packages are
not installed or the install script fails. Although ppkkgg__aadddd will
still try to find and auto-install missing prerequisite packages,
@@ -262,4 +266,4 @@ BBUUGGSS
Sure to be others.
-NetBSD 5.0 February 18, 2010 NetBSD 5.0
+NetBSD 5.0 June 16, 2010 NetBSD 5.0
diff --git a/pkgtools/pkg_install/files/admin/audit.c b/pkgtools/pkg_install/files/admin/audit.c
index c23ed42064c..9c1ea617ba6 100644
--- a/pkgtools/pkg_install/files/admin/audit.c
+++ b/pkgtools/pkg_install/files/admin/audit.c
@@ -1,4 +1,4 @@
-/* $NetBSD: audit.c,v 1.15 2010/04/14 18:24:58 joerg Exp $ */
+/* $NetBSD: audit.c,v 1.16 2010/06/16 23:02:48 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: audit.c,v 1.15 2010/04/14 18:24:58 joerg Exp $");
+__RCSID("$NetBSD: audit.c,v 1.16 2010/06/16 23:02:48 joerg Exp $");
/*-
* Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
@@ -73,7 +73,6 @@ __RCSID("$NetBSD: audit.c,v 1.15 2010/04/14 18:24:58 joerg Exp $");
#include "admin.h"
#include "lib.h"
-static int check_eol = 0;
static int check_signature = 0;
static const char *limit_vul_types = NULL;
static int update_pkg_vuln = 0;
@@ -100,7 +99,7 @@ parse_options(int argc, char **argv, const char *options)
while ((ch = getopt(argc, argv, options)) != -1) {
switch (ch) {
case 'e':
- check_eol = 1;
+ check_eol = "yes";
break;
case 's':
check_signature = 1;
@@ -123,8 +122,7 @@ parse_options(int argc, char **argv, const char *options)
static int
check_exact_pkg(const char *pkg)
{
- return audit_package(pv, pkg, limit_vul_types, check_eol,
- quiet ? 0 : 1);
+ return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1);
}
static int
diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.1 b/pkgtools/pkg_install/files/admin/pkg_admin.1
index 1e099448ffd..50d88b1cc6f 100644
--- a/pkgtools/pkg_install/files/admin/pkg_admin.1
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.1
@@ -1,4 +1,4 @@
-.\" $NetBSD: pkg_admin.1,v 1.31 2010/01/22 13:30:41 joerg Exp $
+.\" $NetBSD: pkg_admin.1,v 1.32 2010/06/16 23:02:48 joerg Exp $
.\"
.\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -34,7 +34,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd January 22, 2010
+.Dd June 16, 2010
.Dt PKG_ADMIN 1
.Os
.Sh NAME
@@ -118,7 +118,12 @@ Check the listed installed packages for vulnerabilities.
If no package is given, check all installed packages.
If
.Fl e
-is given, also include end-of-life information.
+is given, override the
+.Dv CHECK_END_OF_LIFE
+option from
+.Xr pkg_install.conf 5
+with
+.Qq Li yes .
If
.Fl s
is given, check the signature of the pkg-vulnerabilities file before using it.
diff --git a/pkgtools/pkg_install/files/admin/pkg_admin.cat b/pkgtools/pkg_install/files/admin/pkg_admin.cat
index 5684647f26d..768433633c3 100644
--- a/pkgtools/pkg_install/files/admin/pkg_admin.cat
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.cat
@@ -56,9 +56,10 @@ OOPPTTIIOONNSS
aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ...
Check the listed installed packages for vulnerabilities. If no
package is given, check all installed packages. If --ee is given,
- also include end-of-life information. If --ss is given, check the
- signature of the pkg-vulnerabilities file before using it. --tt
- restricts the reported vulnerabilities to type _t_y_p_e.
+ override the CHECK_END_OF_LIFE option from pkg_install.conf(5)
+ with "yes". If --ss is given, check the signature of the pkg-vul-
+ nerabilities file before using it. --tt restricts the reported
+ vulnerabilities to type _t_y_p_e.
aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ...
Like aauuddiitt, but check only the given package names or patterns.
diff --git a/pkgtools/pkg_install/files/lib/lib.h b/pkgtools/pkg_install/files/lib/lib.h
index 4006474c9ea..f79de966aed 100644
--- a/pkgtools/pkg_install/files/lib/lib.h
+++ b/pkgtools/pkg_install/files/lib/lib.h
@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.63 2010/04/14 18:24:58 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.64 2010/06/16 23:02:49 joerg Exp $ */
/* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
@@ -380,7 +380,7 @@ struct pkg_vulnerabilities *read_pkg_vulnerabilities_file(const char *, int, int
struct pkg_vulnerabilities *read_pkg_vulnerabilities_memory(void *, size_t, int);
void free_pkg_vulnerabilities(struct pkg_vulnerabilities *);
int audit_package(struct pkg_vulnerabilities *, const char *, const char *,
- int, int);
+ int);
/* Parse configuration file */
void pkg_install_config(void);
@@ -430,6 +430,7 @@ extern Boolean Force;
extern const char *cert_chain_file;
extern const char *certs_packages;
extern const char *certs_pkg_vulnerabilities;
+extern const char *check_eol;
extern const char *check_vulnerabilities;
extern const char *config_file;
extern const char *config_pkg_dbdir;
diff --git a/pkgtools/pkg_install/files/lib/parse-config.c b/pkgtools/pkg_install/files/lib/parse-config.c
index 7c55c110dbc..bdeba73756c 100644
--- a/pkgtools/pkg_install/files/lib/parse-config.c
+++ b/pkgtools/pkg_install/files/lib/parse-config.c
@@ -1,4 +1,4 @@
-/* $NetBSD: parse-config.c,v 1.14 2010/01/22 13:30:42 joerg Exp $ */
+/* $NetBSD: parse-config.c,v 1.15 2010/06/16 23:02:49 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
@@ -7,7 +7,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: parse-config.c,v 1.14 2010/01/22 13:30:42 joerg Exp $");
+__RCSID("$NetBSD: parse-config.c,v 1.15 2010/06/16 23:02:49 joerg Exp $");
/*-
* Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org>.
@@ -65,6 +65,7 @@ const char *cache_index = "yes";
const char *cert_chain_file;
const char *certs_packages;
const char *certs_pkg_vulnerabilities;
+const char *check_eol = "yes";
const char *check_vulnerabilities;
static const char *config_cache_connections;
static const char *config_cache_connections_host;
@@ -98,6 +99,7 @@ static struct config_variable {
{ "CERTIFICATE_ANCHOR_PKGVULN", &certs_pkg_vulnerabilities },
{ "CERTIFICATE_CHAIN", &cert_chain_file },
{ "CHECK_LICENSE", &do_license_check },
+ { "CHECK_END_OF_LIFE", &check_eol },
{ "CHECK_VULNERABILITIES", &check_vulnerabilities },
{ "DEFAULT_ACCEPTABLE_LICENSES", &default_acceptable_licenses },
{ "GPG", &gpg_cmd },
diff --git a/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in b/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in
index 8f8bf3d5088..bf4c703750f 100644
--- a/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in
+++ b/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in
@@ -1,4 +1,4 @@
-.\" $NetBSD: pkg_install.conf.5.in,v 1.13 2010/01/22 13:30:42 joerg Exp $
+.\" $NetBSD: pkg_install.conf.5.in,v 1.14 2010/06/16 23:02:49 joerg Exp $
.\"
.\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd January 22, 2010
+.Dd June 16, 2010
.Dt PKG_INSTALL.CONF 5
.Os
.Sh NAME
@@ -89,6 +89,10 @@ The check is performed if the package has license conditions set.
Passing the license check is required.
Missing license conditions are considered an error.
.El
+.It Dv CHECK_END_OF_FILE
+During vulnerability checks, consider packages that have reached end-of-life
+as vulnerable.
+This option is enabled by default.
.It Dv CHECK_VULNERABILITIES
Check for vulnerabilities when installing packages.
Supported values are:
diff --git a/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in b/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in
index 514430570f0..3ce11405194 100644
--- a/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in
+++ b/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in
@@ -56,6 +56,10 @@ DDEESSCCRRIIPPTTIIOONN
always Passing the license check is required. Missing
license conditions are considered an error.
+ CHECK_END_OF_FILE
+ During vulnerability checks, consider packages that have reached
+ end-of-life as vulnerable. This option is enabled by default.
+
CHECK_VULNERABILITIES
Check for vulnerabilities when installing packages. Supported
values are:
@@ -166,4 +170,4 @@ FFIILLEESS
SSEEEE AALLSSOO
pkg_add(1), pkg_admin(1) pkg_create(1), pkg_delete(1), pkg_info(1)
-NetBSD 5.0 January 22, 2010 NetBSD 5.0
+NetBSD 5.0 June 16, 2010 NetBSD 5.0
diff --git a/pkgtools/pkg_install/files/lib/version.h b/pkgtools/pkg_install/files/lib/version.h
index 1a4927de84d..0d4125cc9ce 100644
--- a/pkgtools/pkg_install/files/lib/version.h
+++ b/pkgtools/pkg_install/files/lib/version.h
@@ -1,4 +1,4 @@
-/* $NetBSD: version.h,v 1.155 2010/04/20 21:22:38 joerg Exp $ */
+/* $NetBSD: version.h,v 1.156 2010/06/16 23:02:49 joerg Exp $ */
/*
* Copyright (c) 2001 Thomas Klausner. All rights reserved.
@@ -27,6 +27,6 @@
#ifndef _INST_LIB_VERSION_H_
#define _INST_LIB_VERSION_H_
-#define PKGTOOLS_VERSION 20100421
+#define PKGTOOLS_VERSION 20100616
#endif /* _INST_LIB_VERSION_H_ */
diff --git a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c
index 897795fd9b1..1b29baf6a1a 100644
--- a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c
+++ b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c
@@ -1,4 +1,4 @@
-/* $NetBSD: vulnerabilities-file.c,v 1.6 2010/04/14 18:24:58 joerg Exp $ */
+/* $NetBSD: vulnerabilities-file.c,v 1.7 2010/06/16 23:02:49 joerg Exp $ */
/*-
* Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>.
@@ -38,7 +38,7 @@
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
-__RCSID("$NetBSD: vulnerabilities-file.c,v 1.6 2010/04/14 18:24:58 joerg Exp $");
+__RCSID("$NetBSD: vulnerabilities-file.c,v 1.7 2010/06/16 23:02:49 joerg Exp $");
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
@@ -607,14 +607,16 @@ check_ignored_entry(struct pkg_vulnerabilities *pv, size_t i)
int
audit_package(struct pkg_vulnerabilities *pv, const char *pkgname,
- const char *limit_vul_types, int check_eol, int output_type)
+ const char *limit_vul_types, int output_type)
{
FILE *output = output_type == 1 ? stdout : stderr;
size_t i;
- int retval;
+ int retval, do_eol;
retval = 0;
+ do_eol = (strcasecmp(check_eol, "yes") == 0);
+
for (i = 0; i < pv->entries; ++i) {
if (check_ignored_entry(pv, i))
continue;
@@ -624,8 +626,9 @@ audit_package(struct pkg_vulnerabilities *pv, const char *pkgname,
if (!pkg_match(pv->vulnerability[i], pkgname))
continue;
if (strcmp("eol", pv->classification[i]) == 0) {
- if (!check_eol)
+ if (!do_eol)
continue;
+ retval = 1;
if (output_type == 0) {
puts(pkgname);
continue;
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-17 22:14:55 +0000