Automatically updating pkgsrc to the latest branch

[Martti Kuparinen <martti.kuparinen%iki.fi@localhost>]

I maintain several NetBSD 5.0 servers and all of them have the latest 
pkgsrc branch checked out as I want to minimize the amount of 
maintenance work, i.e. I only want to act on security updates.

I want to receive notifications if I have any vulnerable package on my 
hosts (download-vulnerability-list + audit-packages). I also want to 
follow the latest stable branch and when a new branch is created, I want 
to switch to it. I also want to know if I have packages which should be 
upgraded (lintpkgsrc).

My setup consists of two parts:

1) vulnerability checks performed every night
2) pkgsrc update and version check performed either every night or once 
a week

As an example, my real hosts update their pkgsrc every night while my 
NetBSD/xen domU hosts update their pkgsrc only once a week in order not 
to make my dom0 crawl every night (10+ domUs running cvs at the same 
time)...

I hope this is useful to someone...

Martti


/etc/daily.local
################

# Vulnerable packages
if [ -x /usr/sbin/download-vulnerability-list ]; then
        echo "Fetching vulnerability list"
        /usr/sbin/download-vulnerability-list > /dev/null 2>&1
fi
if [ -x /usr/sbin/audit-packages ]; then
        echo "Checking vulnerability list"
        /usr/sbin/audit-packages
fi

/etc/daily.local or /etc/weekly.local
#####################################

# Update pkgsrc
if [ -d /usr/pkgsrc/CVS ]; then
        D=`pwd`
        cd /usr/pkgsrc
        TAG=`cvs status -v Makefile | grep pkgsrc-20 | grep branch | \
                awk '{print $1}' | sort | tail -1`
        echo ""
        cvs -q update -dPA -r ${TAG}
        cd "${D}"
fi
if [ -x /usr/pkg/bin/lintpkgsrc ]; then
        echo ""
        /usr/pkg/bin/lintpkgsrc -i
fi