Re: pkg/59446: not respected: ALLOW_VULNERABLE_PACKAGES=NO

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,george%galis.org@localhost
Subject: Re: pkg/59446: not respected: ALLOW_VULNERABLE_PACKAGES=NO
From: "George Georgalis via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Tue, 27 May 2025 09:15:01 +0000 (UTC)

The following reply was made to PR pkg/59446; it has been noted by GNATS.

From: George Georgalis <george%galis.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: Re: pkg/59446: not respected: ALLOW_VULNERABLE_PACKAGES=NO
Date: Tue, 27 May 2025 02:11:23 -0700

 --0000000000007878d306361a7361
 Content-Type: text/plain; charset="UTF-8"
 Content-Transfer-Encoding: quoted-printable

 Hi Kimmo,

 That's what I thought the gap was at first... so I ran these commands (in
 the original report) to confirm the problem:

 cd $pkgsrc/net/tcpdump/ && bmake clean
 =3D=3D=3D> Cleaning for tcpdump-4.99.5
 cd $pkgsrc/net/tcpdump/ && bmake install
 =3D=3D=3D> Building binary package for tcpdump-4.99.5
 =3D> Creating binary package
 /opt/pkgsrc-stable/pkg-2025Q1-68350-Darwin_22.6.0_arm64/All/tcpdump-4.99.5.=
 tgz
 =3D=3D=3D> Installing binary package of tcpdump-4.99.5
 cd $pkgsrc/net/tcpdump/ && bmake show-var VARNAME=3DALLOW_VULNERABLE_PACKAG=
 ES
 NO

 that fails your expectation, doesn't it? if not, what exactly does
 ALLOW_VULNERABLE_PACKAGES mean?

 regards,
 -George

 On Tue, May 27, 2025 at 1:50=E2=80=AFAM Kimmo Suominen via gnats <
 gnats-admin%netbsd.org@localhost> wrote:

 > The following reply was made to PR pkg/59446; it has been noted by GNATS.
 >
 > From: Kimmo Suominen <kim%netbsd.org@localhost>
 > To: gnats-bugs%netbsd.org@localhost
 > Cc:
 > Subject: Re: pkg/59446: not respected: ALLOW_VULNERABLE_PACKAGES=3DNO
 > Date: Tue, 27 May 2025 11:45:02 +0300
 >
 >  Hi George,
 >
 >  On Tue, May 27, 2025 at 08:00:01AM +0000, george%galis.org@localhost wrote:
 >  > cat >>$LOCALBASE/etc/mk.conf <<eof
 >  > # Security and vulnerability management
 >  > ALLOW_VULNERABLE_PACKAGES=3D  NO
 >  > eof
 >  >
 >  > pkgin in tcpdump
 >
 >  You cannot configure pkgin settings in /etc/mk.conf as it has its own
 >  configuration files.  I don't think pkgin has a corresponding setting,
 >  though.
 >
 >  If you use "make package-install" instead of "make package" then I would
 >  expect the setting to be respected.
 >
 >  Kind regards,
 >  + Kimmo
 >
 >

 --=20
 George Georgalis, (415) 894-2710, http://www.galis.org/

 --0000000000007878d306361a7361
 Content-Type: text/html; charset="UTF-8"
 Content-Transfer-Encoding: quoted-printable

 <div dir=3D"ltr"><div>Hi Kimmo,</div><div><br></div><div>That&#39;s what I =
 thought the gap was at first... so I ran these commands (in the original re=
 port) to confirm the problem:<pre>cd $pkgsrc/net/tcpdump/ &amp;&amp; bmake =
 clean
 =3D=3D=3D&gt; Cleaning for tcpdump-4.99.5
 cd $pkgsrc/net/tcpdump/ &amp;&amp; bmake install
 =3D=3D=3D&gt; Building binary package for tcpdump-4.99.5
 =3D&gt; Creating binary package /opt/pkgsrc-stable/pkg-2025Q1-68350-Darwin_=
 22.6.0_arm64/All/tcpdump-4.99.5.tgz
 =3D=3D=3D&gt; Installing binary package of tcpdump-4.99.5
 cd $pkgsrc/net/tcpdump/ &amp;&amp; bmake show-var VARNAME=3DALLOW_VULNERABL=
 E_PACKAGES
 NO</pre> </div><div>that fails your expectation, doesn&#39;t it? if not, wh=
 at exactly does ALLOW_VULNERABLE_PACKAGES mean?</div><div><br></div><div>re=
 gards,</div><div>-George</div><div><br></div></div><br><div class=3D"gmail_=
 quote gmail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, =
 May 27, 2025 at 1:50=E2=80=AFAM Kimmo Suominen via gnats &lt;<a href=3D"mai=
 lto:gnats-admin%netbsd.org@localhost">gnats-admin%netbsd.org@localhost</a>&gt; wrote:<br></div>=
 <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
 left:1px solid rgb(204,204,204);padding-left:1ex">The following reply was m=
 ade to PR pkg/59446; it has been noted by GNATS.<br>
 <br>
 From: Kimmo Suominen &lt;<a href=3D"mailto:kim%netbsd.org@localhost"; target=3D"_blank=
 ">kim%netbsd.org@localhost</a>&gt;<br>
 To: <a href=3D"mailto:gnats-bugs%netbsd.org@localhost"; target=3D"_blank">gnats-bugs@n=
 etbsd.org</a><br>
 Cc: <br>
 Subject: Re: pkg/59446: not respected: ALLOW_VULNERABLE_PACKAGES=3DNO<br>
 Date: Tue, 27 May 2025 11:45:02 +0300<br>
 <br>
 =C2=A0Hi George,<br>
 <br>
 =C2=A0On Tue, May 27, 2025 at 08:00:01AM +0000, <a href=3D"mailto:george@ga=
 lis.org" target=3D"_blank">george%galis.org@localhost</a> wrote:<br>
 =C2=A0&gt; cat &gt;&gt;$LOCALBASE/etc/mk.conf &lt;&lt;eof<br>
 =C2=A0&gt; # Security and vulnerability management<br>
 =C2=A0&gt; ALLOW_VULNERABLE_PACKAGES=3D=C2=A0 NO<br>
 =C2=A0&gt; eof<br>
 =C2=A0&gt; <br>
 =C2=A0&gt; pkgin in tcpdump<br>
 <br>
 =C2=A0You cannot configure pkgin settings in /etc/mk.conf as it has its own=
 <br>
 =C2=A0configuration files.=C2=A0 I don&#39;t think pkgin has a correspondin=
 g setting,<br>
 =C2=A0though.<br>
 <br>
 =C2=A0If you use &quot;make package-install&quot; instead of &quot;make pac=
 kage&quot; then I would<br>
 =C2=A0expect the setting to be respected.<br>
 <br>
 =C2=A0Kind regards,<br>
 =C2=A0+ Kimmo<br>
 <br>
 </blockquote></div><div><br clear=3D"all"></div><br><span class=3D"gmail_si=
 gnature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature">Ge=
 orge Georgalis, (415) 894-2710, <a href=3D"http://www.galis.org/"; target=3D=
 "_blank">http://www.galis.org/</a><br><br></div>

 --0000000000007878d306361a7361--

Prev by Date: Re: pkg/59444 (textproc/ruby-nokogiri fails to install)
Next by Date: Re: pkg/59444 (textproc/ruby-nokogiri fails to install)
Previous by Thread: Re: pkg/59446: not respected: ALLOW_VULNERABLE_PACKAGES=NO
Next by Thread: Re: pkg/59446: not respected: ALLOW_VULNERABLE_PACKAGES=NO
Indexes:

Home | Main Index | Thread Index | Old Index