summaryrefslogtreecommitdiff
path: root/mk/flavor
diff options
context:
space:
mode:
Diffstat (limited to 'mk/flavor')
-rw-r--r--mk/flavor/pkg/check.mk66
1 files changed, 14 insertions, 52 deletions
diff --git a/mk/flavor/pkg/check.mk b/mk/flavor/pkg/check.mk
index 8fbe0af08bc..58c7f8e6cd8 100644
--- a/mk/flavor/pkg/check.mk
+++ b/mk/flavor/pkg/check.mk
@@ -1,4 +1,4 @@
-# $NetBSD: check.mk,v 1.6 2008/01/03 20:51:21 adrianp Exp $
+# $NetBSD: check.mk,v 1.7 2008/03/15 16:12:27 joerg Exp $
#
# _flavor-check-vulnerable:
@@ -11,55 +11,17 @@
#
_flavor-check-vulnerable: .PHONY
${_PKG_SILENT}${_PKG_DEBUG} \
- if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${PKGTOOLS_VERSION}; then \
- vulnfile=${PKGVULNDIR:Q}/pkg-vulnerabilities; \
- if ${TEST} ! -f "$$vulnfile"; then \
- ${PHASE_MSG} "Skipping vulnerability checks."; \
- ${WARNING_MSG} "No $$vulnfile file found."; \
- ${WARNING_MSG} "To fix, install the pkgsrc/security/audit-packages"; \
- ${WARNING_MSG} "package and run: \`${DOWNLOAD_VULN_LIST}'."; \
- exit 0; \
- fi; \
- ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \
- conffile=; \
- for dir in \
- __dummy \
- ${PKG_SYSCONFDIR.audit-packages:Q}"" \
- ${PKG_SYSCONFDIR:Q}""; \
- do \
- case $$dir in \
- /*) conffile="$$dir/audit-packages.conf"; break ;; \
- *) continue ;; \
- esac; \
- done; \
- if ${TEST} -z "$$conffile" -a -f "$$conffile"; then \
- . $$conffile; \
- fi; \
- ${SETENV} PKGNAME=${PKGNAME} \
- PKGBASE=${PKGBASE} \
- ${AWK} 'BEGIN { exitcode = 0 } \
- /^$$/ { next } \
- /^#.*/ { next } \
- $$1 !~ ENVIRON["PKGBASE"] && $$1 !~ /\{/ { next } \
- { s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ERROR_MSG:S/"/\"/g} \"%s vulnerability in %s - see %s for more information\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); if (system(s) == 0) { print $$1; exitcode += 1 }; } \
- END { exit exitcode }' < $$vulnfile || ${FALSE}; \
- if ${TEST} "$$?" -ne 0; then \
- ${ERROR_MSG} "Define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential"; \
- ${FALSE}; \
- fi; \
- else \
- _PKGVULNDIR=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \
- vulnfile=$$_PKGVULNDIR/pkg-vulnerabilities; \
- if ${TEST} ! -f "$$vulnfile"; then \
- ${PHASE_MSG} "Skipping vulnerability checks."; \
- ${WARNING_MSG} "No $$vulnfile file found."; \
- ${WARNING_MSG} "To fix run: \`${DOWNLOAD_VULN_LIST}'."; \
- exit 0; \
- fi; \
- ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \
- ${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -n ${PKGNAME}; \
- if ${TEST} "$$?" -ne 0; then \
- ${ERROR_MSG} "Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in audit-packages.conf(5) if this package is absolutely essential."; \
- ${FALSE}; \
- fi; \
+ _PKGVULNDIR=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -Q PKGVULNDIR`; \
+ vulnfile=$$_PKGVULNDIR/pkg-vulnerabilities; \
+ if ${TEST} ! -f "$$vulnfile"; then \
+ ${PHASE_MSG} "Skipping vulnerability checks."; \
+ ${WARNING_MSG} "No $$vulnfile file found."; \
+ ${WARNING_MSG} "To fix run: \`${DOWNLOAD_VULN_LIST}'."; \
+ exit 0; \
+ fi; \
+ ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \
+ ${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -n ${PKGNAME}; \
+ if ${TEST} "$$?" -ne 0; then \
+ ${ERROR_MSG} "Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in audit-packages.conf(5) if this package is absolutely essential."; \
+ ${FALSE}; \
fi