Re: Switch vulnerable packages to a warning only

[maya%NetBSD.org@localhost]

Committed this version. It behaves the same as before (telling you how
to fetch the vulnerabilities file if it's absent).

http://mail-index.netbsd.org/pkgsrc-changes/2020/05/28/msg214777.html

Feel free to keep objecting if you find this objectionable.

On Sat, May 23, 2020 at 12:15:55AM +0000, maya%NetBSD.org@localhost wrote:
> This was an unintended change. I didn't realize the effect I had on
> changing it, it was a long ${RUN} with \ in the end of all the lines,
> and I removed one of them for the bmake-conditional.
> 
> I've bmake-ified the file, so it no longer does this. Attached full file
> which might be easier to read than the diff.

> # $NetBSD: check.mk,v 1.1 2011/10/15 00:23:09 reed Exp $
> #
> 
> # _pkgformat-check-vulnerable:
> #	Checks for known vulnerabilities in the package if a vulnerability
> #	file exists.
> #
> 
> ALLOW_VULNERABLE_PACKAGES?=	yes
> 
> .if defined(NO_PKGTOOLS_REQD_CHECK)
> _pkgformat-check-vulnerable: .PHONY
> 	${RUN}${DO_NADA}
> .else
> 
> _VULNFILE:=	${_EXTRACT_PKGVULNDIR:sh}/pkg-vulnerabilities
> _pkgformat-check-vulnerable: .PHONY
> .  if exists(${_VULNFILE})
> 	@${PHASE_MSG} "Checking for vulnerabilities in ${PKGNAME}"
> .    if !empty(ALLOW_VULNERABLE_PACKAGES:tl:Mno)
> 	@${AUDIT_PACKAGES} ${_AUDIT_PACKAGES_CMD} ${AUDIT_PACKAGES_FLAGS} ${PKGNAME} \
> 	|| ${FAIL_MSG} "Define ALLOW_VULNERABLE_PACKAGES in mk.conf or ${_AUDIT_CONFIG_OPTION} in ${_AUDIT_CONFIG_FILE}(5) if this package is absolutely essential."
> .    else
> 	@${AUDIT_PACKAGES} ${_AUDIT_PACKAGES_CMD} ${AUDIT_PACKAGES_FLAGS} ${PKGNAME} || ${TRUE}
> .    endif
> .  else
> 	@${PHASE_MSG} "Skipping vulnerability checks."
> 	@${WARNING_MSG} "No ${_VULNFILE} file found."
> 	@${WARNING_MSG} "To fix run: \`${DOWNLOAD_VULN_LIST}'."
> .  endif
> 
> .endif