diff options
Diffstat (limited to 'mk/flavor')
-rw-r--r-- | mk/flavor/pkg/check.mk | 66 |
1 files changed, 14 insertions, 52 deletions
diff --git a/mk/flavor/pkg/check.mk b/mk/flavor/pkg/check.mk index 8fbe0af08bc..58c7f8e6cd8 100644 --- a/mk/flavor/pkg/check.mk +++ b/mk/flavor/pkg/check.mk @@ -1,4 +1,4 @@ -# $NetBSD: check.mk,v 1.6 2008/01/03 20:51:21 adrianp Exp $ +# $NetBSD: check.mk,v 1.7 2008/03/15 16:12:27 joerg Exp $ # # _flavor-check-vulnerable: @@ -11,55 +11,17 @@ # _flavor-check-vulnerable: .PHONY ${_PKG_SILENT}${_PKG_DEBUG} \ - if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${PKGTOOLS_VERSION}; then \ - vulnfile=${PKGVULNDIR:Q}/pkg-vulnerabilities; \ - if ${TEST} ! -f "$$vulnfile"; then \ - ${PHASE_MSG} "Skipping vulnerability checks."; \ - ${WARNING_MSG} "No $$vulnfile file found."; \ - ${WARNING_MSG} "To fix, install the pkgsrc/security/audit-packages"; \ - ${WARNING_MSG} "package and run: \`${DOWNLOAD_VULN_LIST}'."; \ - exit 0; \ - fi; \ - ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \ - conffile=; \ - for dir in \ - __dummy \ - ${PKG_SYSCONFDIR.audit-packages:Q}"" \ - ${PKG_SYSCONFDIR:Q}""; \ - do \ - case $$dir in \ - /*) conffile="$$dir/audit-packages.conf"; break ;; \ - *) continue ;; \ - esac; \ - done; \ - if ${TEST} -z "$$conffile" -a -f "$$conffile"; then \ - . $$conffile; \ - fi; \ - ${SETENV} PKGNAME=${PKGNAME} \ - PKGBASE=${PKGBASE} \ - ${AWK} 'BEGIN { exitcode = 0 } \ - /^$$/ { next } \ - /^#.*/ { next } \ - $$1 !~ ENVIRON["PKGBASE"] && $$1 !~ /\{/ { next } \ - { s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ERROR_MSG:S/"/\"/g} \"%s vulnerability in %s - see %s for more information\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); if (system(s) == 0) { print $$1; exitcode += 1 }; } \ - END { exit exitcode }' < $$vulnfile || ${FALSE}; \ - if ${TEST} "$$?" -ne 0; then \ - ${ERROR_MSG} "Define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential"; \ - ${FALSE}; \ - fi; \ - else \ - _PKGVULNDIR=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \ - vulnfile=$$_PKGVULNDIR/pkg-vulnerabilities; \ - if ${TEST} ! -f "$$vulnfile"; then \ - ${PHASE_MSG} "Skipping vulnerability checks."; \ - ${WARNING_MSG} "No $$vulnfile file found."; \ - ${WARNING_MSG} "To fix run: \`${DOWNLOAD_VULN_LIST}'."; \ - exit 0; \ - fi; \ - ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \ - ${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -n ${PKGNAME}; \ - if ${TEST} "$$?" -ne 0; then \ - ${ERROR_MSG} "Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in audit-packages.conf(5) if this package is absolutely essential."; \ - ${FALSE}; \ - fi; \ + _PKGVULNDIR=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \ + vulnfile=$$_PKGVULNDIR/pkg-vulnerabilities; \ + if ${TEST} ! -f "$$vulnfile"; then \ + ${PHASE_MSG} "Skipping vulnerability checks."; \ + ${WARNING_MSG} "No $$vulnfile file found."; \ + ${WARNING_MSG} "To fix run: \`${DOWNLOAD_VULN_LIST}'."; \ + exit 0; \ + fi; \ + ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \ + ${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -n ${PKGNAME}; \ + if ${TEST} "$$?" -ne 0; then \ + ${ERROR_MSG} "Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in audit-packages.conf(5) if this package is absolutely essential."; \ + ${FALSE}; \ fi |