blob: 6592d927293b903187c114e503ab7e360172cd13 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
#! /bin/sh
# $NetBSD: sort-packages,v 1.10 2007/08/27 15:38:08 adrianp Exp $
# This program scans all binary packages in the current directory and
# creates three lists of files in OUTDIR:
#
# restricted_packages
# contains all packages that must not be published on the FTP
# server, for whatever reason
#
# vulnerable_packages
# contains all packages that are not restricted, but vulnerable
#
# regular_packages
# contains all the other ("good") packages.
#
set -eu
: ${OUTDIR="/tmp"}
: ${PKG_SUFX=".tgz"}
: ${AUDIT_PACKAGES="audit-packages"}
: ${PKG_ADMIN="pkg_admin"}
: ${PKG_INFO="pkg_info"}
regular_packages="${OUTDIR}/regular_packages"
restricted_packages="${OUTDIR}/restricted_packages"
vulnerable_packages="${OUTDIR}/vulnerable_packages"
newline="
"
: > "${regular_packages}"
: > "${restricted_packages}"
: > "${vulnerable_packages}"
for pkg in *${PKG_SUFX}; do
build_info=`${PKG_INFO} -B "${pkg}"`
# Note: this code needs to be that complicated because licensing
# issues are critical to pkgsrc, and we really don't want
# anything unexpected to happen here. The worst case would be
# that some file is sorted wrongly because some change in the
# output of pkg_info which had not been foreseen. Therefore it
# is better to check as strictly as possible to make those
# changes immediately visible.
no_bin_on_ftp="unknown"
case "${newline}${build_info}${newline}" in
*"${newline}NO_BIN_ON_FTP=${newline}"*)
no_bin_on_ftp="no"
;;
*"${newline}NO_BIN_ON_FTP="*)
no_bin_on_ftp="yes"
;;
esac
restricted="unknown"
case "${newline}${build_info}${newline}" in
*"${newline}RESTRICTED=${newline}"*)
restricted="no"
;;
*"${newline}RESTRICTED="*)
restricted="yes"
;;
esac
if [ "${restricted}" = "no" ] && [ "${no_bin_on_ftp}" = "no" ]; then
# Check whether the package is vulnerable or not.
pkg_prefix="${pkg%%-*}"
category="regular"
_INFO_VER=`${PKG_INFO} -V`;
if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}; then
# XXX: The egrep command is only needed here because
# audit-packages before pkg_install-20070714 is so
# awfully slow.
if egrep "^({.*${pkg_prefix}.*}|${pkg_prefix}|{.*}${pkg_prefix})" ${PKGVULNDIR}/pkg-vulnerabilities >/dev/null 4>&1; then
vuln=`${AUDIT_PACKAGES} -p "${pkg}"`
fi
else
vuln=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -p "${pkg}"`
fi
if [ -n "${vuln}" ]; then
category="vulnerable"
fi
elif [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then
category="restricted"
else
category="unknown"
fi
: echo "upload> ${pkg} is ${category}."
case "${category}" in
"regular")
echo "${pkg}" >> "${regular_packages}"
;;
"vulnerable")
echo "${pkg}" >> "${vulnerable_packages}"
;;
"restricted")
echo "${pkg}" >> "${restricted_packages}"
;;
*)
echo "sort-packages> WARNING: Could not sort ${pkg} into a category." 1>&2
;;
esac
done
|