From 04206adfdb3b2e9f0e01e3d9ad6b3a236441741f Mon Sep 17 00:00:00 2001 From: adrianp Date: Sat, 9 Dec 2006 12:30:46 +0000 Subject: Make pkglint really happy. Add IGNORE_URLS code from agc@: "If a URL is specified in IGNORE_URLS then all entries listed in pkg-vulnerabilities that match that URL will not be reported when audit-packages is run. Running audit-packages -v will display the details of all entries skipped if IGNORE_URLS is set." Add a sample audit-packages.conf detailing all the options we now support. Update to 1.46 --- security/audit-packages/Makefile | 63 +++++++++++++++-------- security/audit-packages/PLIST | 4 +- security/audit-packages/files/audit-packages | 21 +++++++- security/audit-packages/files/audit-packages.0 | 13 ++++- security/audit-packages/files/audit-packages.8 | 14 ++++- security/audit-packages/files/audit-packages.conf | 26 ++++++++++ 6 files changed, 114 insertions(+), 27 deletions(-) create mode 100644 security/audit-packages/files/audit-packages.conf (limited to 'security/audit-packages') diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile index 088bd5bfbb3..5c4088e2699 100644 --- a/security/audit-packages/Makefile +++ b/security/audit-packages/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.73 2006/11/25 13:43:42 agc Exp $ +# $NetBSD: Makefile,v 1.74 2006/12/09 12:30:46 adrianp Exp $ -DISTNAME= audit-packages-1.45 +DISTNAME= audit-packages-1.46 CATEGORIES= security pkgtools MASTER_SITES= # empty DISTFILES= # empty @@ -16,7 +16,7 @@ USE_TOOLS+= digest:run BUILD_DEFS+= PKGVULNDIR WRKSRC= ${WRKDIR} -NO_CHECKSUM= yes +NO_CHECKSUM= yes OWN_DIRS= ${PKGVULNDIR} MAN8DIR= ${PREFIX}/${PKGMANDIR}/man8 @@ -31,38 +31,57 @@ MESSAGE_SRC= ${PKGDIR}/MESSAGE.DragonFly MESSAGE_SRC= ${PKGDIR}/MESSAGE .endif +CONF_FILES= ${PREFIX}/share/examples/audit-packages/audit-packages.conf \ + ${PKG_SYSCONFDIR}/audit-packages.conf + +SUBST_CLASSES= paths +SUBST_STAGE.paths= post-build +SUBST_FILES.paths= audit-packages audit-packages.0 audit-packages.8 +SUBST_FILES.paths+= download-vulnerability-list +SUBST_SED.paths= -e 's|@PKGVULNDIR@|${PKGVULNDIR}|g' +SUBST_SED.paths+= -e 's|@AWK@|${AWK}|g' +SUBST_SED.paths+= -e 's|@FETCH_CMD@|${FETCH_CMD:Q}|g' +SUBST_SED.paths+= -e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T:Q}|g' +SUBST_SED.paths+= -e 's|@PKGSRCDIR@|${PKGSRCDIR}|g' +SUBST_SED.paths+= -e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g' +SUBST_SED.paths+= -e 's|@PREFIX@|${PREFIX}|g' +SUBST_SED.paths+= -e 's|@SH@|${SH}|g' +SUBST_SED.paths+= -e 's|@DIGEST@|${DIGEST}|g' +SUBST_SED.paths+= -e 's|@CHMOD@|${CHMOD}|g' +SUBST_SED.paths+= -e 's|@MV@|${MV}|g' +SUBST_SED.paths+= -e 's|@RM@|${RM}|g' +SUBST_SED.paths+= -e 's|@MKDIR@|${MKDIR}|g' +SUBST_SED.paths+= -e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g' +SUBST_SED.paths+= -e 's|@FIND@|${FIND}|g' +SUBST_MESSAGE.paths= Fixing paths. + do-build: - @for f in audit-packages audit-packages.0 audit-packages.8 \ + for f in audit-packages audit-packages.0 audit-packages.8 \ download-vulnerability-list; do \ - ${SED} -e 's|@PKGVULNDIR@|${PKGVULNDIR}|g' \ - -e 's|@AWK@|${AWK}|g' \ - -e 's|@FETCH_CMD@|${FETCH_CMD}|g' \ - -e 's|@FETCH_CMD_SHORT@|${FETCH_CMD:T}|g' \ - -e 's|@PKGSRCDIR@|${PKGSRCDIR}|g' \ - -e 's|@PKG_TOOLS_BIN@|${PKG_TOOLS_BIN}|g' \ - -e 's|@PREFIX@|${PREFIX}|g' \ - -e 's|@SH@|${SH}|g' \ - -e 's|@DIGEST@|${DIGEST}|g' \ - -e 's|@CHMOD@|${CHMOD}|g' \ - -e 's|@MV@|${MV}|g' \ - -e 's|@RM@|${RM}|g' \ - -e 's|@MKDIR@|${MKDIR}|g' \ - -e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g' \ - -e 's|@FIND@|${FIND}|g' \ - ${FILESDIR}/$$f > ${WRKSRC}/$$f; \ + ${CP} ${FILESDIR}/$$f ${WRKSRC} ; \ done + .if ${OPSYS} == "SunOS" || ${OPSYS} == "AIX" +USE_TOOLS+= nroff + # pre-created man-pages are "mandoc" pages, these OS need "man", # so regen the .0 page - nroff -man ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0 + ${NROFF} -man ${WRKSRC}/audit-packages.8 >${WRKSRC}/audit-packages.0 .endif do-install: - @for f in audit-packages download-vulnerability-list; do \ + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/audit-packages + + ${INSTALL_DATA} ${FILESDIR}/audit-packages.conf \ + ${PREFIX}/share/examples/audit-packages + + for f in audit-packages download-vulnerability-list; do \ ${INSTALL_SCRIPT} ${WRKSRC}/$$f ${DESTDIR}${PREFIX}/sbin; \ done + ${INSTALL_MAN} ${WRKSRC}/audit-packages.0 ${DESTDIR}${CAT8DIR}/ ${INSTALL_MAN} ${WRKSRC}/audit-packages.8 ${DESTDIR}${MAN8DIR}/ + ${RM} -f ${DESTDIR}${CAT8DIR}/download-vulnerability-list.0 ${LN} -s audit-packages.0 ${DESTDIR}${CAT8DIR}/download-vulnerability-list.0 ${RM} -f ${DESTDIR}${MAN8DIR}/download-vulnerability-list.8 diff --git a/security/audit-packages/PLIST b/security/audit-packages/PLIST index c337d07a7df..e6f0d589075 100644 --- a/security/audit-packages/PLIST +++ b/security/audit-packages/PLIST @@ -1,7 +1,9 @@ -@comment $NetBSD: PLIST,v 1.2 2003/06/12 06:59:30 wiz Exp $ +@comment $NetBSD: PLIST,v 1.3 2006/12/09 12:30:47 adrianp Exp $ man/cat8/audit-packages.0 man/cat8/download-vulnerability-list.0 man/man8/audit-packages.8 man/man8/download-vulnerability-list.8 sbin/audit-packages sbin/download-vulnerability-list +share/examples/audit-packages/audit-packages.conf +@dirrm share/examples/audit-packages diff --git a/security/audit-packages/files/audit-packages b/security/audit-packages/files/audit-packages index 89931890299..5f136bc077d 100755 --- a/security/audit-packages/files/audit-packages +++ b/security/audit-packages/files/audit-packages @@ -1,6 +1,6 @@ #! @SH@ # -# $NetBSD: audit-packages,v 1.29 2006/11/25 13:43:42 agc Exp $ +# $NetBSD: audit-packages,v 1.30 2006/12/09 12:30:47 adrianp Exp $ # # Copyright (c) 2000-2003 Alistair Crooks. All rights reserved. # @@ -193,6 +193,25 @@ while read pat type url; do \#*|'') continue;; esac + case "$IGNORE_URLS" in + "") ;; + *) ignore=false; + for u in $IGNORE_URLS; do + if [ "x$u" = "x$url" ]; then + ignore=true + break + fi + done + if $ignore; then + case "$verbose" in + yes) echo "Ignoring vulnerability for $url with pattern $pat" + ;; + esac + continue + fi + ;; + esac + if [ -z "$one_package" ] ; then vulnpkgs=`@PKG_TOOLS_BIN@/pkg_info -e "$pat"` else diff --git a/security/audit-packages/files/audit-packages.0 b/security/audit-packages/files/audit-packages.0 index 69bcd368520..da2389ba088 100644 --- a/security/audit-packages/files/audit-packages.0 +++ b/security/audit-packages/files/audit-packages.0 @@ -1,4 +1,4 @@ -AUDIT-PACKAGES(8) NetBSD System Manager's Manual AUDIT-PACKAGES(8) +AUDIT-PACKAGES(8) BSD System Manager's Manual AUDIT-PACKAGES(8) NNAAMMEE aauuddiitt--ppaacckkaaggeess, ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt -- show vulnerabilities in @@ -80,6 +80,11 @@ DDEESSCCRRIIPPTTIIOONN tory. This can be changed by defining the environment variable PKGVULNDIR to the directory containing the vulnerabilities file. + If a URL is specified in IGNORE_URLS then all entries listed in + _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s that match that URL will not be reported when + _a_u_d_i_t_-_p_a_c_k_a_g_e_s is run. Running _a_u_d_i_t_-_p_a_c_k_a_g_e_s -v will display the + details of all entries skipped if IGNORE_URLS is set. + EEXXIITT SSTTAATTUUSS The aauuddiitt--ppaacckkaaggeess utility exits 0 on success, and >0 if an error occurs. @@ -97,6 +102,10 @@ EENNVVIIRROONNMMEENNTT _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. Currently supports only http and ftp. The default is ftp. + IGNORE_URLS + A list of vulnerability URLs to be ignored. This allows for + ignoring certain URLs that are attached to a vulnerability. + FFIILLEESS @PKGVULNDIR@/pkg-vulnerabilities @@ -161,4 +170,4 @@ HHIISSTTOORRYY September 19, 2000. The original idea came from Roland Dowdeswell and Bill Sommerfeld. -NetBSD 3.0 April 15, 2006 NetBSD 3.0 +BSD April 15, 2006 BSD diff --git a/security/audit-packages/files/audit-packages.8 b/security/audit-packages/files/audit-packages.8 index 4ce2c6313c4..282cba1db27 100644 --- a/security/audit-packages/files/audit-packages.8 +++ b/security/audit-packages/files/audit-packages.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: audit-packages.8,v 1.19 2006/05/21 13:31:27 adrianp Exp $ +.\" $NetBSD: audit-packages.8,v 1.20 2006/12/09 12:30:47 adrianp Exp $ .\" .\" Copyright (c) 2003 Jeremy C. Reed. All rights reserved. .\" @@ -172,6 +172,15 @@ directory. This can be changed by defining the environment variable .Ev PKGVULNDIR to the directory containing the vulnerabilities file. +.Pp +If a URL is specified in IGNORE_URLS then all entries listed in +.Pa pkg-vulnerabilities +that match that URL will not be reported when +.Pa audit-packages +is run. Running +.Pa audit-packages +-v will display the details of all entries skipped if IGNORE_URLS +is set. .Sh EXIT STATUS .Ex -std audit-packages .Sh ENVIRONMENT @@ -190,6 +199,9 @@ Specifies optional arguments for the ftp client. Specifies the protocol to use when fetching the .Pa pkg-vulnerabilities file. Currently supports only http and ftp. The default is ftp. +.It Ev IGNORE_URLS +A list of vulnerability URLs to be ignored. This allows for +ignoring certain URLs that are attached to a vulnerability. .El .Sh FILES @PKGVULNDIR@/pkg-vulnerabilities diff --git a/security/audit-packages/files/audit-packages.conf b/security/audit-packages/files/audit-packages.conf new file mode 100644 index 00000000000..a7980535d74 --- /dev/null +++ b/security/audit-packages/files/audit-packages.conf @@ -0,0 +1,26 @@ +# $NetBSD: audit-packages.conf,v 1.1 2006/12/09 12:30:47 adrianp Exp $ + +# +# sample configuration file for audit-packages(8) and +# download-vulnerability-list(8) +# + +# PKGVULNDIR +# +# Specifies the directory containing the pkg-vulnerabilities file. +# Default: PKGVULNDIR="${DISTDIR}" + +# FETCH_ARGS +# +# Specifies optional arguments for the download-vulnerability-list client. +# Default: FETCH_ARGS= + +# FETCH_PROTO +# +# Specifies the protocol to use when fetching the pkg-vulnerabilities file. +# Default: FETCH_PROTO="ftp" + +# IGNORE_URLS +# +# A list of vulnerability URLs to be ignored. +# Default: IGNORE_URLS= -- cgit v1.2.3