summaryrefslogtreecommitdiff
path: root/mk/bulk/sort-packages
blob: 6592d927293b903187c114e503ab7e360172cd13 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#! /bin/sh
# $NetBSD: sort-packages,v 1.10 2007/08/27 15:38:08 adrianp Exp $

# This program scans all binary packages in the current directory and
# creates three lists of files in OUTDIR:
#
# restricted_packages
#	contains all packages that must not be published on the FTP
#	server, for whatever reason
#
# vulnerable_packages
#	contains all packages that are not restricted, but vulnerable
#
# regular_packages
#	contains all the other ("good") packages.
#

set -eu

: ${OUTDIR="/tmp"}
: ${PKG_SUFX=".tgz"}
: ${AUDIT_PACKAGES="audit-packages"}
: ${PKG_ADMIN="pkg_admin"}
: ${PKG_INFO="pkg_info"}

regular_packages="${OUTDIR}/regular_packages"
restricted_packages="${OUTDIR}/restricted_packages"
vulnerable_packages="${OUTDIR}/vulnerable_packages"
newline="
"

: > "${regular_packages}"
: > "${restricted_packages}"
: > "${vulnerable_packages}"

for pkg in *${PKG_SUFX}; do
	build_info=`${PKG_INFO} -B "${pkg}"`

	# Note: this code needs to be that complicated because licensing
	# issues are critical to pkgsrc, and we really don't want
	# anything unexpected to happen here. The worst case would be
	# that some file is sorted wrongly because some change in the
	# output of pkg_info which had not been foreseen. Therefore it
	# is better to check as strictly as possible to make those
	# changes immediately visible.

	no_bin_on_ftp="unknown"
	case "${newline}${build_info}${newline}" in
	*"${newline}NO_BIN_ON_FTP=${newline}"*)
		no_bin_on_ftp="no"
		;;
	*"${newline}NO_BIN_ON_FTP="*)
		no_bin_on_ftp="yes"
		;;
	esac

	restricted="unknown"
	case "${newline}${build_info}${newline}" in
	*"${newline}RESTRICTED=${newline}"*)
		restricted="no"
		;;
	*"${newline}RESTRICTED="*)
		restricted="yes"
		;;
	esac

	if [ "${restricted}" = "no" ] && [ "${no_bin_on_ftp}" = "no" ]; then
		# Check whether the package is vulnerable or not.
		pkg_prefix="${pkg%%-*}"
		category="regular"
		_INFO_VER=`${PKG_INFO} -V`;
		if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}; then
			# XXX: The egrep command is only needed here because
			# audit-packages before pkg_install-20070714 is so 
			# awfully slow.
			if egrep "^({.*${pkg_prefix}.*}|${pkg_prefix}|{.*}${pkg_prefix})" ${PKGVULNDIR}/pkg-vulnerabilities >/dev/null 4>&1; then
				vuln=`${AUDIT_PACKAGES} -p "${pkg}"`
			fi
		else
			vuln=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -p "${pkg}"`
		fi
		if [ -n "${vuln}" ]; then
			category="vulnerable"
		fi
	elif [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then
		category="restricted"
	else
		category="unknown"
	fi

	: echo "upload> ${pkg} is ${category}."

	case "${category}" in
	"regular")
		echo "${pkg}" >> "${regular_packages}"
		;;
	"vulnerable")
		echo "${pkg}" >> "${vulnerable_packages}"
		;;
	"restricted")
		echo "${pkg}" >> "${restricted_packages}"
		;;
	*)
		echo "sort-packages> WARNING: Could not sort ${pkg} into a category." 1>&2
		;;
	esac
done