blob: fe54e1bf83513368c8e51287bc850a1933daa974 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
#! /bin/sh
# $NetBSD: sort-packages,v 1.3.2.2 2006/08/02 15:56:15 salo Exp $
# This program scans all binary packages in the current directory and
# creates three lists of files in OUTDIR:
#
# restricted_packages
# contains all packages that must not be published on the FTP
# server, for whatever reason
#
# vulnerable_packages
# contains all packages that are not restricted, but vulnerable
#
# regular_packages
# contains all the other ("good") packages.
#
set -eu
: ${OUTDIR="/tmp"}
: ${PKG_SUFX=".tgz"}
: ${AUDIT_PACKAGES="audit-packages"}
: ${PKG_INFO_CMD="pkg_info"}
regular_packages="${OUTDIR}/regular_packages"
restricted_packages="${OUTDIR}/restricted_packages"
vulnerable_packages="${OUTDIR}/vulnerable_packages"
newline="
"
rm -f "${regular_packages}" "${restricted_packages}" "${vulnerable_packages}"
for pkg in *${PKG_SUFX}; do
build_info=`${pkg_info_cmd} -B "${pkg}"`
# Note: this code needs to be that complicated because licensing
# issues are critical to pkgsrc, and we really don't want
# anything unexpected to happen here. The worst case would be
# some file is sorted wrongly because some change in the output
# of pkg_info which had not been foreseen. Therefore it is
# better to check as strictly as possible to make those
# changes immediately visible.
no_bin_on_ftp="unknown"
case "${newline}${build_info}${newline}" in
*"${newline}NO_BIN_ON_FTP=${newline}"*)
no_bin_on_ftp="no"
;;
*"${newline}NO_BIN_ON_FTP="*)
no_bin_on_ftp="yes"
;;
esac
restricted="unknown"
case "${newline}${build_info}${newline}" in
*"${newline}RESTRICTED=${newline}"*)
restricted="no"
;;
*"${newline}RESTRICTED="*)
restricted="yes"
;;
esac
if [ "${restricted}" = "no" ] && [ "${no_bin_on_ftp}" = "no" ]; then
# Check whether the package is vulnerable or not.
vuln=`${AUDIT_PACKAGES} -p "${pkg}"`
if [ "${vuln}" = "" ]; then
category="regular"
else
category="vulnerable"
fi
elif [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then
category="restricted"
else
category="unknown"
fi
: echo "upload> ${pkg} is ${category}."
case "${category}" in
"regular")
echo "${pkg}" >> "${regular_packages}"
;;
"vulnerable")
echo "${pkg}" >> "${vulnerable_packages}"
;;
"restricted")
echo "${pkg}" >> "${restricted_packages}"
;;
*)
echo "upload> WARNING: Could not sort ${pkg} into a category." 1>&2
;;
esac
done
|
