Checking for vulnerable packages before installing

To: <pkgsrc-users%netbsd.org@localhost>
Subject: Checking for vulnerable packages before installing
From: Iain Morgan <Iain.Morgan%nasa.gov@localhost>
Date: Wed, 27 Feb 2019 12:10:04 -0800

Hwllo,

I use a home-grown script to automate the building and installation of a
hundred or so packages and their dependencies. With the dependencies,
the installation ends up being over 1000 packages and frequently is
halted due to packages with some vulnerability or other.

Currently, I evaevaluate whether to add an IGNORE_URL line to the
pkg_install.conf as each vulnerability is encountered. But, this slows
down the build process since it often halts overnight. I know I could
set ALLOW_VULNERABLE_PACKAGES, but that is something I would rather not
do.

What I would like is a way to have pkgsrc check for vulnerabilities for
all packages (and their dependencies) without building them or halting,
so that I can evaluate the vulnerabilities in one go and then run the
build with less of a chance of it being interrupted. I'm not aware of
any make target that would accomplish this, but is such an approach
supported?

Thanks,

-- 
Iain Morgan

Follow-Ups:
- Re: Checking for vulnerable packages before installing
  - From: Leonardo Taccari

Prev by Date: Re: samba4 tdb dependency fails to build on NetBSD 8.0-STABLE
Next by Date: Re: Checking for vulnerable packages before installing
Previous by Thread: samba4 tdb dependency fails to build on NetBSD 8.0-STABLE
Next by Thread: Re: Checking for vulnerable packages before installing
Indexes:

Home | Main Index | Thread Index | Old Index