pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/mk
Module Name: pkgsrc
Committed By: maya
Date: Thu May 28 16:22:58 UTC 2020
Modified Files:
pkgsrc/mk/check: check-vulnerable.mk
pkgsrc/mk/defaults: mk.conf
pkgsrc/mk/pkgformat/pkg: check.mk
Log Message:
Flip the switch on ALLOW_VULNERABLE_PACKAGES to allow them by default.
Right now, users who install the pkg-vulnerabilities database find that
the vast majority of packages fail to build, penalizing them too severely.
Package auditing can still be done via "pkg_admin audit".
Alternatively, the previous behaviour can be restored with
ALLOW_VULNERABLE_PACKAGES=no in mk.conf.
Additionally, bmake-ify the check.mk logic. It was easier to do this,
as the package relied on a single long ${RUN} command.
Proposed on tech-pkg, with no objections to the idea of changing the
default, just the method of doing so.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/mk/check/check-vulnerable.mk
cvs rdiff -u -r1.310 -r1.311 pkgsrc/mk/defaults/mk.conf
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mk/pkgformat/pkg/check.mk
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/mk/check/check-vulnerable.mk
diff -u pkgsrc/mk/check/check-vulnerable.mk:1.5 pkgsrc/mk/check/check-vulnerable.mk:1.6
--- pkgsrc/mk/check/check-vulnerable.mk:1.5 Sat Oct 15 00:23:08 2011
+++ pkgsrc/mk/check/check-vulnerable.mk Thu May 28 16:22:58 2020
@@ -1,4 +1,4 @@
-# $NetBSD: check-vulnerable.mk,v 1.5 2011/10/15 00:23:08 reed Exp $
+# $NetBSD: check-vulnerable.mk,v 1.6 2020/05/28 16:22:58 maya Exp $
#
# Public targets:
#
@@ -6,13 +6,8 @@
# Checks for vulnerabilities in the package.
#
-.if defined(ALLOW_VULNERABLE_PACKAGES)
-check-vulnerable: .PHONY
- @${DO_NADA}
-. else
check-vulnerable: .PHONY _pkgformat-check-vulnerable
@${DO_NADA}
-.endif
# A package format does not need to implement this target, so provide a
# default implementation.
Index: pkgsrc/mk/defaults/mk.conf
diff -u pkgsrc/mk/defaults/mk.conf:1.310 pkgsrc/mk/defaults/mk.conf:1.311
--- pkgsrc/mk/defaults/mk.conf:1.310 Fri May 15 10:22:42 2020
+++ pkgsrc/mk/defaults/mk.conf Thu May 28 16:22:58 2020
@@ -1,4 +1,4 @@
-# $NetBSD: mk.conf,v 1.310 2020/05/15 10:22:42 nia Exp $
+# $NetBSD: mk.conf,v 1.311 2020/05/28 16:22:58 maya Exp $
#
# This file provides default values for variables that may be overridden
@@ -31,8 +31,8 @@ USE_PKG_ADMIN_DIGEST?= no
#ALLOW_VULNERABLE_PACKAGES=
# allow the user to build packages which are known to be vulnerable to
# security exploits
-# Possible: defined, not defined
-# Default: not defined
+# Possible: yes, no
+# Default: yes
#AUDIT_PACKAGES_FLAGS=
# List of flags passed to ``pkg_admin audit-pkg''.
Index: pkgsrc/mk/pkgformat/pkg/check.mk
diff -u pkgsrc/mk/pkgformat/pkg/check.mk:1.1 pkgsrc/mk/pkgformat/pkg/check.mk:1.2
--- pkgsrc/mk/pkgformat/pkg/check.mk:1.1 Sat Oct 15 00:23:09 2011
+++ pkgsrc/mk/pkgformat/pkg/check.mk Thu May 28 16:22:58 2020
@@ -1,25 +1,32 @@
-# $NetBSD: check.mk,v 1.1 2011/10/15 00:23:09 reed Exp $
+# $NetBSD: check.mk,v 1.2 2020/05/28 16:22:58 maya Exp $
#
# _pkgformat-check-vulnerable:
# Checks for known vulnerabilities in the package if a vulnerability
# file exists.
#
+
+ALLOW_VULNERABLE_PACKAGES?= yes
+
.if defined(NO_PKGTOOLS_REQD_CHECK)
_pkgformat-check-vulnerable: .PHONY
${RUN}${DO_NADA}
.else
+
+_VULNFILE:= ${_EXTRACT_PKGVULNDIR:sh}/pkg-vulnerabilities
_pkgformat-check-vulnerable: .PHONY
- ${RUN}\
- _PKGVULNDIR=`${_EXTRACT_PKGVULNDIR}`; \
- vulnfile=$$_PKGVULNDIR/pkg-vulnerabilities; \
- if ${TEST} ! -f "$$vulnfile"; then \
- ${PHASE_MSG} "Skipping vulnerability checks."; \
- ${WARNING_MSG} "No $$vulnfile file found."; \
- ${WARNING_MSG} "To fix run: \`${DOWNLOAD_VULN_LIST}'."; \
- exit 0; \
- fi; \
- ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \
- ${AUDIT_PACKAGES} ${_AUDIT_PACKAGES_CMD} ${AUDIT_PACKAGES_FLAGS} ${PKGNAME} \
+. if exists(${_VULNFILE})
+ @${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"
+. if !empty(ALLOW_VULNERABLE_PACKAGES:tl:Mno)
+ @${AUDIT_PACKAGES} ${_AUDIT_PACKAGES_CMD} ${AUDIT_PACKAGES_FLAGS} ${PKGNAME} \
|| ${FAIL_MSG} "Define ALLOW_VULNERABLE_PACKAGES in mk.conf or ${_AUDIT_CONFIG_OPTION} in ${_AUDIT_CONFIG_FILE}(5) if this package is absolutely essential."
+. else
+ @${AUDIT_PACKAGES} ${_AUDIT_PACKAGES_CMD} ${AUDIT_PACKAGES_FLAGS} ${PKGNAME} || ${TRUE}
+. endif
+. else
+ @${PHASE_MSG} "Skipping vulnerability checks."
+ @${WARNING_MSG} "No ${_VULNFILE} file found."
+ @${WARNING_MSG} "To fix run: \`${DOWNLOAD_VULN_LIST}'."
+. endif
+
.endif
Home |
Main Index |
Thread Index |
Old Index