blob: 537599df5816b63576b5d22f636ca554fefcc185 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# $NetBSD: check.mk,v 1.1 2006/06/03 23:11:42 jlam Exp $
######################################################################
### check-vulnerable (PUBLIC, pkgsrc/mk/check/check.mk)
######################################################################
### check-vulnerable checks for any vulnerabilities in the package
### without needing audit-packages to be installed.
###
### XXX This should really be invoking audit-packages directly. Having
### XXX a separately maintained piece of code that inspects the
### XXX vulnerabilities database is poor.
###
.PHONY: check-vulnerable
check-vulnerable:
@if [ ! -z "${PKG_SYSCONFDIR.audit-packages}" -a -f ${PKG_SYSCONFDIR.audit-packages}/audit-packages.conf ]; then \
. ${PKG_SYSCONFDIR.audit-packages}/audit-packages.conf; \
elif [ ! -z "${PKG_SYSCONFDIR}" -a -f ${PKG_SYSCONFDIR}/audit-packages.conf ]; then \
. ${PKG_SYSCONFDIR}/audit-packages.conf; \
fi; \
if [ -f ${PKGVULNDIR}/pkg-vulnerabilities ]; then \
${SETENV} PKGNAME=${PKGNAME} \
PKGBASE=${PKGBASE} \
${AWK} '/^$$/ { next } \
/^#.*/ { next } \
$$1 !~ ENVIRON["PKGBASE"] && $$1 !~ /\{/ { next } \
{ s = sprintf("${PKG_ADMIN} pmatch \"%s\" %s && ${ECHO} \"*** WARNING - %s vulnerability in %s - see %s for more information ***\"", $$1, ENVIRON["PKGNAME"], $$2, ENVIRON["PKGNAME"], $$3); system(s); }' < ${PKGVULNDIR}/pkg-vulnerabilities || ${FALSE}; \
fi
|
