#! /bin/sh
# $NetBSD: sort-packages,v 1.11 2007/10/09 19:19:13 martti Exp $

# This program scans all binary packages in the current directory and
# creates three lists of files in OUTDIR:
#
# restricted_packages
#	contains all packages that must not be published on the FTP
#	server, for whatever reason
#
# vulnerable_packages
#	contains all packages that are not restricted, but vulnerable
#
# regular_packages
#	contains all the other ("good") packages.
#

set -eu

: ${OUTDIR="/tmp"}
: ${PKG_SUFX=".tgz"}
: ${AUDIT_PACKAGES="audit-packages"}
: ${PKG_ADMIN="pkg_admin"}
: ${PKG_INFO="pkg_info"}

regular_packages="${OUTDIR}/regular_packages"
restricted_packages="${OUTDIR}/restricted_packages"
vulnerable_packages="${OUTDIR}/vulnerable_packages"
newline="
"

: > "${regular_packages}"
: > "${restricted_packages}"
: > "${vulnerable_packages}"

for pkg in *${PKG_SUFX}; do
	build_info=`${PKG_INFO} -B "${pkg}"`

	# Note: this code needs to be that complicated because licensing
	# issues are critical to pkgsrc, and we really don't want
	# anything unexpected to happen here. The worst case would be
	# that some file is sorted wrongly because some change in the
	# output of pkg_info which had not been foreseen. Therefore it
	# is better to check as strictly as possible to make those
	# changes immediately visible.

	no_bin_on_ftp="unknown"
	case "${newline}${build_info}${newline}" in
	*"${newline}NO_BIN_ON_FTP=${newline}"*)
		no_bin_on_ftp="no"
		;;
	*"${newline}NO_BIN_ON_FTP="*)
		no_bin_on_ftp="yes"
		;;
	esac

	restricted="unknown"
	case "${newline}${build_info}${newline}" in
	*"${newline}RESTRICTED=${newline}"*)
		restricted="no"
		;;
	*"${newline}RESTRICTED="*)
		restricted="yes"
		;;
	esac

	if [ "${restricted}" = "no" ] && [ "${no_bin_on_ftp}" = "no" ]; then
		# Check whether the package is vulnerable or not.
		pkg_prefix="${pkg%%-*}"
		category="regular"
		_INFO_VER=`${PKG_INFO} -V`;
		if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}; then
			# XXX: The egrep command is only needed here because
			# audit-packages before pkg_install-20070714 is so
			# awfully slow.
			if egrep "^({.*${pkg_prefix}.*}|${pkg_prefix}|{.*}${pkg_prefix})" ${PKGVULNDIR}/pkg-vulnerabilities >/dev/null 4>&1; then
				vuln=`${AUDIT_PACKAGES} -p "${pkg}"`
			fi
		else
			vuln=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -p "${pkg}"`
		fi
		if [ -n "${vuln}" ]; then
			category="vulnerable"
		fi
	elif [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then
		category="restricted"
	else
		category="unknown"
	fi

	: echo "upload> ${pkg} is ${category}."

	case "${category}" in
	"regular")
		echo "${pkg}" >> "${regular_packages}"
		;;
	"vulnerable")
		echo "${pkg}" >> "${vulnerable_packages}"
		;;
	"restricted")
		echo "${pkg}" >> "${restricted_packages}"
		;;
	*)
		echo "sort-packages> WARNING: Could not sort ${pkg} into a category." 1>&2
		;;
	esac
done