#! /bin/sh # $NetBSD: sort-packages,v 1.7 2007/03/22 11:43:18 rillig Exp $ # This program scans all binary packages in the current directory and # creates three lists of files in OUTDIR: # # restricted_packages # contains all packages that must not be published on the FTP # server, for whatever reason # # vulnerable_packages # contains all packages that are not restricted, but vulnerable # # regular_packages # contains all the other ("good") packages. # set -eu : ${OUTDIR="/tmp"} : ${PKG_SUFX=".tgz"} : ${AUDIT_PACKAGES="audit-packages"} : ${PKG_INFO="pkg_info"} regular_packages="${OUTDIR}/regular_packages" restricted_packages="${OUTDIR}/restricted_packages" vulnerable_packages="${OUTDIR}/vulnerable_packages" newline=" " : > "${regular_packages}" : > "${restricted_packages}" : > "${vulnerable_packages}" for pkg in *${PKG_SUFX}; do build_info=`${PKG_INFO} -B "${pkg}"` # Note: this code needs to be that complicated because licensing # issues are critical to pkgsrc, and we really don't want # anything unexpected to happen here. The worst case would be # that some file is sorted wrongly because some change in the # output of pkg_info which had not been foreseen. Therefore it # is better to check as strictly as possible to make those # changes immediately visible. no_bin_on_ftp="unknown" case "${newline}${build_info}${newline}" in *"${newline}NO_BIN_ON_FTP=${newline}"*) no_bin_on_ftp="no" ;; *"${newline}NO_BIN_ON_FTP="*) no_bin_on_ftp="yes" ;; esac restricted="unknown" case "${newline}${build_info}${newline}" in *"${newline}RESTRICTED=${newline}"*) restricted="no" ;; *"${newline}RESTRICTED="*) restricted="yes" ;; esac if [ "${restricted}" = "no" ] && [ "${no_bin_on_ftp}" = "no" ]; then # Check whether the package is vulnerable or not. pkg_prefix="${pkg%%-*}" category="regular" # XXX: The egrep command is only needed here because # audit-packages is so awfully slow. if egrep "^({.*${pkg_prefix}.*}|${pkg_prefix}|{.*}${pkg_prefix})" ${PKGVULNDIR}/pkg-vulnerabilities >/dev/null 4>&1; then vuln=`${AUDIT_PACKAGES} -p "${pkg}"` if [ -n "${vuln}" ]; then category="vulnerable" fi fi elif [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then category="restricted" else category="unknown" fi : echo "upload> ${pkg} is ${category}." case "${category}" in "regular") echo "${pkg}" >> "${regular_packages}" ;; "vulnerable") echo "${pkg}" >> "${vulnerable_packages}" ;; "restricted") echo "${pkg}" >> "${restricted_packages}" ;; *) echo "sort-packages> WARNING: Could not sort ${pkg} into a category." 1>&2 ;; esac done