pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/28230: bsd.pkg.mk ignores /etc/audit-packages.conf
>Number: 28230
>Category: pkg
>Synopsis: bsd.pkg.mk ignores /etc/audit-packages.conf
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Nov 11 21:43:00 +0000 2004
>Originator: Hauke Fath <hauke%Espresso.Rhein-Neckar.DE@localhost>
>Release: NetBSD 2.0_RC4
>Organization:
Falling Raindrops
>Environment:
System: NetBSD pizza.causeuse.org 2.0_RC4 NetBSD 2.0_RC4 (PIZZA) #16: Wed Oct
20 00:51:42 CEST 2004
hauke%pizza.causeuse.org@localhost:/var/obj/netbsd-builds/2_0/sparc/obj/sys/arch/sparc/compile/PIZZA
sparc
Architecture: sparc
Machine: sparc
>Description:
security/audit-packages sources /etc/audit-packages.conf where
you can provide an alternate location for the
download-vulnerability-list file. Unfortunately, mk/bsd.pkg.mk
does not know about this preference file, and complains
loudly:
===> *** No /usr/src/pkgsrc/distfiles/pkg-vulnerabilities file found,
===> *** skipping vulnerability checks. To fix, install
===> *** the pkgsrc/security/audit-packages package and run
===> *** '/usr/pkg/sbin/download-vulnerability-list'.
>How-To-Repeat:
Set PKGVULNDIR in /etc/audit-packages.conf to a non-default
location, schedule a nightly download-vulnerability-list run
and be surprised about the warning that appears during each
and every package build. Find that bsd.pkg.mk looks at the
PKGVULNDIR variable but does not bother with
/etc/audit-packages.conf.
>Fix:
Teach mk/bsd.pkg.mk to look at /etc/audit-packages.conf.
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index