tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ALLOW_VULNERABLE_PACKAGES

> definining "ALLOW_VULNERABLE_PACKAGES" currently disables checking for
> vulnerable packages completely.
> 
> I wonder whether it should just disable the error but not the message.

Yes, that seems fine. Maybe add CHECK_VULNERABLE_PACKAGES that defaults to 
yes.

I started coding it, but can't figure out how to get 
ALLOW_VULNERABLE_PACKAGES value to be passed to _flavor-check-vulnerable 
target in pkgsrc/mk/flavor/pkg/check.mk

Index: mk/flavor/pkg/check.mk
===================================================================
RCS file: /cvsroot/pkgsrc/mk/flavor/pkg/check.mk,v
retrieving revision 1.9
diff -u -r1.9 check.mk
--- mk/flavor/pkg/check.mk      7 Apr 2008 13:16:26 -0000       1.9
+++ mk/flavor/pkg/check.mk      22 May 2008 13:31:18 -0000
@@ -18,6 +18,8 @@
        ${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"; \
        ${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -n ${PKGNAME};        \
        if ${TEST} "$$?" -ne 0; then                            \
-               ${ERROR_MSG} "Define ALLOW_VULNERABLE_PACKAGES in mk.conf or 
IGNORE_URLS in audit-packages.conf(5) if this package is absolutely 
essential."; \
-               ${FALSE};                                       \
+               ${ERROR_MSG} "${ALLOW_VULNERABLE_PACKAGES} -- Define 
ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in audit-packages.conf(5) 
if this package is absolutely essential."; \
+               if ${TEST} "${ALLOW_VULNERABLE_PACKAGES:M[Nn][Oo]}"; then       
\
+                       ${FALSE};                               \
+               fi                                              \
        fi
Index: mk/check/check-vulnerable.mk
===================================================================
RCS file: /cvsroot/pkgsrc/mk/check/check-vulnerable.mk,v
retrieving revision 1.4
diff -u -r1.4 check-vulnerable.mk
--- mk/check/check-vulnerable.mk        9 Mar 2007 00:39:54 -0000       1.4
+++ mk/check/check-vulnerable.mk        22 May 2008 13:31:18 -0000
@@ -6,7 +6,9 @@
 #      Checks for vulnerabilities in the package.
 #
 
-.if defined(ALLOW_VULNERABLE_PACKAGES)
+CHECK_VULNERABLE_PACKAGES?=    yes
+
+.if empty(CHECK_VULNERABLE_PACKAGES:M[yY][eE][sS])
 check-vulnerable: .PHONY
        @${DO_NADA}
 .  else
Home | Main Index | Thread Index | Old Index