diff options
author | Eygene Ryabinkin <rea@FreeBSD.org> | 2013-04-09 17:36:29 +0000 |
---|---|---|
committer | Eygene Ryabinkin <rea@FreeBSD.org> | 2013-04-09 17:36:29 +0000 |
commit | 8f2ef95e3426980d5b2726198991f42d0e4d6068 (patch) | |
tree | 83fac3d79273de0f4798d0c10046e103c0ad5857 | |
parent | d846db1c94153b8ff551c7597d9a69a8c89d9ae9 (diff) | |
download | ports-8f2ef95e3426980d5b2726198991f42d0e4d6068.tar.gz ports-8f2ef95e3426980d5b2726198991f42d0e4d6068.zip |
Packaudit: switch to Subversion
- use links to Subversion tree, HTTPS-flavored ones;
- extract revision using Subversion format of $FreeBSD$;
- refuse to work with vuln.xml that comes from CVS:
automated exporter is switched off, so this source of
vulnerabilities is stale.
Reviewed by: simon, bz (partly), gavin
Approved by: portmgr (tabthorpe), so (des), secteam (simon)
Notes
Notes:
svn path=/head/; revision=315772
-rw-r--r-- | ports-mgmt/portaudit-db/Makefile | 2 | ||||
-rw-r--r-- | ports-mgmt/portaudit-db/files/packaudit.sh | 25 |
2 files changed, 23 insertions, 4 deletions
diff --git a/ports-mgmt/portaudit-db/Makefile b/ports-mgmt/portaudit-db/Makefile index 3e5e06ffe909..b851babda119 100644 --- a/ports-mgmt/portaudit-db/Makefile +++ b/ports-mgmt/portaudit-db/Makefile @@ -7,7 +7,7 @@ PORTNAME= portaudit-db PORTVERSION= 0.2.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= ports-mgmt DISTFILES= diff --git a/ports-mgmt/portaudit-db/files/packaudit.sh b/ports-mgmt/portaudit-db/files/packaudit.sh index f0924dbca2de..6c6441840f82 100644 --- a/ports-mgmt/portaudit-db/files/packaudit.sh +++ b/ports-mgmt/portaudit-db/files/packaudit.sh @@ -67,8 +67,27 @@ fi TMPNAME=`$BASENAME "$0"` -VULVER=`$SED -En -e '/^.*\\$FreeBSD\: [^$ ]+,v ([0-9]+(\.[0-9]+)+) [^$]+\\$.*$/{s//\1/p;q;}' "$VUXMLDIR/vuln.xml"` -VULURL="http://cvsweb.freebsd.org/ports/security/vuxml/vuln.xml?rev=$VULVER" +# Is CVS still used for generation of VuXML entries? That's bad. +ISCVS=`$SED -En -e '/^.*\\$FreeBSD\: [^$ ]+\/vuln.xml,v ([0-9]+(\.[0-9]+)+) [^$]+\\$.*$/{s//\1/p;q;}' "$VUXMLDIR/vuln.xml"` +if [ -n "$ISCVS" ]; then + cat << EOF +File $VUXMLDIR/vuln.xml seem to come from CVS. + +CVS for FreeBSD ports is no longer synced with Subversion, so you will +get outdated vulnerability list. Please, check out your sources from +Subversion, refer to + http://www.freebsd.org/doc/handbook/svn.html +for the up to date instructions on how to actually do that. +EOF + exit 1 +fi + +VULPATH=`$SED -En -e '/^.*\\$FreeBSD\: ([^$ ]+\/vuln.xml) ([0-9]+) [^$]+\\$/{s//\1?revision=\2/p;q;}' "$VUXMLDIR/vuln.xml"` +if [ -z "$VULPATH" ]; then + echo "Can't determine origin and version of vuln.xml from $VUXMLDIR/vuln.xml" + exit 1 +fi +VULURL="https://svnweb.freebsd.org/ports/$VULPATH" [ -r "%%PREFIX%%/etc/packaudit.conf" ] && . "%%PREFIX%%/etc/packaudit.conf" @@ -90,7 +109,7 @@ fi TMPDIR=`$MKTEMP -d -t "$TMPNAME.$$"` || exit 1 TESTPORT="vulnerability-test-port>=2000<`$DATE -u +%Y.%m.%d`" -TESTURL="http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/" +TESTURL="https://svnweb.freebsd.org/ports/head/ports-mgmt/vulnerability-test-port/" TESTREASON="Not vulnerable, just a test port (database: `$DATE -u +%Y-%m-%d`)" XLIST_FILE="$PORTAUDITDBDIR/database/portaudit.xlist" |