[pkgsrc/trunk]: pkgsrc/pkgtools/pkg_install/files pkg_install-20090205:

[joerg <joerg%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ceecd01d9584
branches:  trunk
changeset: 553985:ceecd01d9584
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Thu Feb 05 17:22:19 2009 +0000

description:
pkg_install-20090205:
- Restrict audit related commands to the documented set and/or fix the
  documention.
- Add support for conditional fetch-pkg-vulnerabilities via -u option.

diffstat:

 pkgtools/pkg_install/files/admin/audit.c        |  60 ++++++++++++++++++++----
 pkgtools/pkg_install/files/admin/pkg_admin.1    |   6 +-
 pkgtools/pkg_install/files/admin/pkg_admin.cat1 |  16 +++++-
 pkgtools/pkg_install/files/lib/version.h        |   4 +-
 4 files changed, 67 insertions(+), 19 deletions(-)

diffs (246 lines):

diff -r 65ec23fb56a8 -r ceecd01d9584 pkgtools/pkg_install/files/admin/audit.c
--- a/pkgtools/pkg_install/files/admin/audit.c  Thu Feb 05 17:14:06 2009 +0000
+++ b/pkgtools/pkg_install/files/admin/audit.c  Thu Feb 05 17:22:19 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: audit.c,v 1.11 2009/02/02 12:35:00 joerg Exp $ */
+/*     $NetBSD: audit.c,v 1.12 2009/02/05 17:22:19 joerg Exp $ */
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: audit.c,v 1.11 2009/02/02 12:35:00 joerg Exp $");
+__RCSID("$NetBSD: audit.c,v 1.12 2009/02/05 17:22:19 joerg Exp $");
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg%NetBSD.org@localhost>.
@@ -76,11 +76,14 @@
 static int check_eol = 0;
 static int check_signature = 0;
 static const char *limit_vul_types = NULL;
+static int update_pkg_vuln = 0;
 
 static struct pkg_vulnerabilities *pv;
 
+static const char audit_options[] = "est:";
+
 static void
-parse_options(int argc, char **argv)
+parse_options(int argc, char **argv, const char *options)
 {
        int ch;
 
@@ -94,7 +97,7 @@
        ++argc;
        --argv;
 
-       while ((ch = getopt(argc, argv, "est:")) != -1) {
+       while ((ch = getopt(argc, argv, options)) != -1) {
                switch (ch) {
                case 'e':
                        check_eol = 1;
@@ -105,6 +108,9 @@
                case 't':
                        limit_vul_types = optarg;
                        break;
+               case 'u':
+                       update_pkg_vuln = 1;
+                       break;
                default:
                        usage();
                        /* NOTREACHED */
@@ -211,7 +217,7 @@
 {
        int rv;
 
-       parse_options(argc, argv);
+       parse_options(argc, argv, audit_options);
        argv += optind;
 
        check_and_read_pkg_vulnerabilities();
@@ -235,7 +241,7 @@
 {
        int rv;
 
-       parse_options(argc, argv);
+       parse_options(argc, argv, audit_options);
        argv += optind;
 
        check_and_read_pkg_vulnerabilities();
@@ -255,7 +261,7 @@
 {
        int rv;
 
-       parse_options(argc, argv);
+       parse_options(argc, argv, audit_options);
        argv += optind;
 
        check_and_read_pkg_vulnerabilities();
@@ -272,7 +278,7 @@
 void
 check_pkg_vulnerabilities(int argc, char **argv)
 {
-       parse_options(argc, argv);
+       parse_options(argc, argv, "s");
        if (argc != optind + 1)
                usage();
 
@@ -287,18 +293,50 @@
        char *buf, *decompressed_input;
        size_t buf_len, buf_fetched, decompressed_len;
        ssize_t cur_fetched;
+       struct url *url;
        struct url_stat st;
        fetchIO *f;
        int fd;
+       struct stat sb;
+       char my_flags[20];
+       const char *flags;
 
-       parse_options(argc, argv);
+       parse_options(argc, argv, "su");
        if (argc != optind)
                usage();
 
        if (verbose >= 2)
                fprintf(stderr, "Fetching %s\n", pkg_vulnerabilities_url);
 
-       f = fetchXGetURL(pkg_vulnerabilities_url, &st, fetch_flags);
+       url = fetchParseURL(pkg_vulnerabilities_url);
+       if (url == NULL)
+               errx(EXIT_FAILURE,
+                   "Could not parse location of pkg_vulnerabilities: %s",
+                   fetchLastErrString);
+
+       flags = fetch_flags;
+       if (update_pkg_vuln) {
+               fd = open(pkg_vulnerabilities_file, O_RDONLY);
+               if (fd != -1 && fstat(fd, &sb) != -1) {
+                       url->last_modified = sb.st_mtime;
+                       snprintf(my_flags, sizeof(my_flags), "%si",
+                           fetch_flags);
+                       flags = my_flags;
+               } else
+                       update_pkg_vuln = 0;
+               if (fd != -1)
+                       close(fd);
+       }
+
+       f = fetchXGet(url, &st, flags);
+       if (f == NULL && update_pkg_vuln &&
+           fetchLastErrCode == FETCH_UNCHANGED) {
+               if (verbose >= 1)
+                       fprintf(stderr, "%s is not newer\n",
+                           pkg_vulnerabilities_url);
+               exit(EXIT_SUCCESS);
+       }
+
        if (f == NULL)
                errx(EXIT_FAILURE, "Could not fetch vulnerability file: %s",
                    fetchLastErrString);
@@ -460,7 +498,7 @@
 void
 audit_history(int argc, char **argv)
 {
-       parse_options(argc, argv);
+       parse_options(argc, argv, "st:");
        argv += optind;
 
        check_and_read_pkg_vulnerabilities();
diff -r 65ec23fb56a8 -r ceecd01d9584 pkgtools/pkg_install/files/admin/pkg_admin.1
--- a/pkgtools/pkg_install/files/admin/pkg_admin.1      Thu Feb 05 17:14:06 2009 +0000
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.1      Thu Feb 05 17:22:19 2009 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: pkg_admin.1,v 1.19 2009/02/02 12:35:00 joerg Exp $
+.\"    $NetBSD: pkg_admin.1,v 1.20 2009/02/05 17:22:19 joerg Exp $
 .\"
 .\" Copyright (c) 1999-2008 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -137,7 +137,7 @@
 Like
 .Cm audit-pkg ,
 but read the package names or patterns one per line from the given files.
-.It Cm audit-history Oo Fl t Ar type Oc Oo Ar pkgbase Oc ...
+.It Cm audit-history Oo Fl s Oc Oo Fl t Ar type Oc Oo Ar pkgbase Oc ...
 Print all vulnerabilities for the given base package names.
 .It Cm check Op Ar pkg ...
 Use this command to check the files belonging to some or all of the
@@ -184,7 +184,7 @@
 .Cm pkg_info -F .
 Columns are printed for the keyfield used in the pkgdb - the filename -,
 and the data field - the package the file belongs to.
-.It Cm fetch-pkg-vulnerabilities Op Fl s
+.It Cm fetch-pkg-vulnerabilities Oo Fl su Oc
 Fetch a new pkg-vulnerabilities file, check the format and if
 .Fl s
 is given the signature.
diff -r 65ec23fb56a8 -r ceecd01d9584 pkgtools/pkg_install/files/admin/pkg_admin.cat1
--- a/pkgtools/pkg_install/files/admin/pkg_admin.cat1   Thu Feb 05 17:14:06 2009 +0000
+++ b/pkgtools/pkg_install/files/admin/pkg_admin.cat1   Thu Feb 05 17:22:19 2009 +0000
@@ -69,7 +69,7 @@
              Like aauuddiitt--ppkkgg, but read the package names or patterns one per
              line from the given files.
 
-     aauuddiitt--hhiissttoorryy [--tt _t_y_p_e] [_p_k_g_b_a_s_e] ...
+     aauuddiitt--hhiissttoorryy [--ss] [--tt _t_y_p_e] [_p_k_g_b_a_s_e] ...
              Print all vulnerabilities for the given base package names.
 
      cchheecckk [_p_k_g _._._.]
@@ -93,6 +93,9 @@
              Check format and hashes in the pkg-vulnerabilties file _f_i_l_e.  If
              --ss is given, also check the embedded signature.
 
+     cchheecckk--ssiiggnnaattuurree _f_i_l_e _._._.
+             Reports if _f_i_l_e is a correctly signed package.
+
      ccoonnffiigg--vvaarr _v_a_r_i_a_b_l_e
              Print the current value of _v_a_r_i_a_b_l_e as used after parsing the
              configuration file.
@@ -106,7 +109,7 @@
              --FF.  Columns are printed for the keyfield used in the pkgdb - the
              filename -, and the data field - the package the file belongs to.
 
-     ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess [--ss]
+     ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess [--ssuu]
              Fetch a new pkg-vulnerabilities file, check the format and if --ss
              is given the signature.  If all checks are passed, write it to
              pkgdb.
@@ -172,6 +175,13 @@
              Packages that are not installed directly by the user but pulled
              in as dependencies are marked by setting ``automatic=YES''.
 
+     ggppgg--ssiiggnn--ppaacckkaaggee ppkkgg
+             Sign the binary package _p_k_g using GPG.
+
+     xx550099--ssiiggnn--ppaacckkaaggee ppkkgg ssppkkgg kkeeyy cceerrtt
+             Sign the binary package _p_k_g using the key _k_e_y and the certificate
+             _c_e_r_t, using _s_p_k_g as output file.
+
      uunnsseett _v_a_r_i_a_b_l_e _p_k_g _._._.
              Remove an installation variable.
 
@@ -213,4 +223,4 @@
 AAUUTTHHOORRSS
      The ppkkgg__aaddmmiinn command was written by Hubert Feyrer.
 
-NetBSD 4.0                       May 26, 2008                       NetBSD 4.0
+NetBSD 5.0                       May 30, 2008                       NetBSD 5.0
diff -r 65ec23fb56a8 -r ceecd01d9584 pkgtools/pkg_install/files/lib/version.h
--- a/pkgtools/pkg_install/files/lib/version.h  Thu Feb 05 17:14:06 2009 +0000
+++ b/pkgtools/pkg_install/files/lib/version.h  Thu Feb 05 17:22:19 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: version.h,v 1.108 2009/02/02 12:35:01 joerg Exp $      */
+/*     $NetBSD: version.h,v 1.109 2009/02/05 17:22:19 joerg Exp $      */
 
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
@@ -27,6 +27,6 @@
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
 
-#define PKGTOOLS_VERSION "20090201"
+#define PKGTOOLS_VERSION "20090205"
 
 #endif /* _INST_LIB_VERSION_H_ */