[src/trunk]: src Fix for problematic paths in /etc/daily and /etc/security re...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src Fix for problematic paths in /etc/daily and /etc/security re...
From: agc <agc%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 00:33:37 +0000

details:   https://anonhg.NetBSD.org/src/rev/8309f84f8f4c
branches:  trunk
changeset: 786539:8309f84f8f4c
user:      agc <agc%NetBSD.org@localhost>
date:      Wed May 01 05:36:25 2013 +0000

description:
Fix for problematic paths in /etc/daily and /etc/security reported in
PR/47645.

Add a separate file which contains the paths for the pkg_admin and
pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it
from pkg.conf).

Thanks also to Edgar Fuss for the sanity check.

diffstat:

 distrib/sets/lists/etc/mi  |   4 +++-
 etc/daily                  |   9 ++++++---
 etc/defaults/Makefile      |   4 ++--
 etc/defaults/pkgpath.conf  |  13 +++++++++++++
 etc/defaults/security.conf |   3 +--
 etc/pkgpath.conf           |  10 ++++++++++
 etc/security               |  11 +++++++----
 7 files changed, 42 insertions(+), 12 deletions(-)

diffs (174 lines):

diff -r 6eece22ed846 -r 8309f84f8f4c distrib/sets/lists/etc/mi
--- a/distrib/sets/lists/etc/mi Wed May 01 04:04:54 2013 +0000
+++ b/distrib/sets/lists/etc/mi Wed May 01 05:36:25 2013 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.230 2013/04/25 17:10:50 christos Exp $
+# $NetBSD: mi,v 1.231 2013/05/01 05:36:25 agc Exp $
 #
 # Note: end-user configuration files that are moved to another location
 #      should not be marked "obsolete"; they should just be removed from
@@ -40,6 +40,7 @@
 ./etc/defaults/daily.conf                      etc-sys-defaults
 ./etc/defaults/monthly.conf                    etc-sys-defaults
 ./etc/defaults/pf.boot.conf                    etc-pf-defaults         pf
+./etc/defaults/pkgpath.conf                    etc-sys-defaults
 ./etc/defaults/rc.conf                         etc-sys-defaults
 ./etc/defaults/security.conf                   etc-sys-defaults
 ./etc/defaults/weekly.conf                     etc-sys-defaults
@@ -133,6 +134,7 @@
 ./etc/pf.conf                                  etc-pf-etc              pf
 ./etc/pf.os                                    etc-pf-etc              pf
 ./etc/phones                                   etc-sys-etc
+./etc/pkgpath.conf                             etc-sys-etc
 ./etc/postfix/README                           etc-postfix-etc         postfix
 ./etc/postfix/main.cf                          etc-postfix-etc         postfix
 ./etc/postfix/master.cf                                etc-postfix-etc         postfix
diff -r 6eece22ed846 -r 8309f84f8f4c etc/daily
--- a/etc/daily Wed May 01 04:04:54 2013 +0000
+++ b/etc/daily Wed May 01 05:36:25 2013 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#      $NetBSD: daily,v 1.88 2013/03/08 14:32:12 christos Exp $
+#      $NetBSD: daily,v 1.89 2013/05/01 05:36:25 agc Exp $
 #      @(#)daily       8.2 (Berkeley) 1/25/94
 #
 
@@ -10,6 +10,9 @@
 if [ -s /etc/daily.conf ]; then
        . /etc/daily.conf
 fi
+if [ -s /etc/pkgpath.conf ]; then
+       . /etc/pkgpath.conf
+fi
 
 host="$(hostname)"
 date="$(date)"
@@ -257,7 +260,7 @@
        fi
 fi
 
-if pkg_info ${_compat_K_flag} -q -E '*'; then
+if ${pkg_info} ${_compat_K_flag} -q -E '*'; then
        if [ -z "$fetch_pkg_vulnerabilities" ]; then
                echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)."
                echo "You should set it to YES to enable vulnerability checks"
@@ -265,7 +268,7 @@
        elif checkyesno fetch_pkg_vulnerabilities; then
                echo ""
                echo "Fetching package vulnerabilities database:"
-               ( umask 022 && pkg_admin ${_compat_K_flag} \
+               ( umask 022 && ${pkg_admin} ${_compat_K_flag} \
                    fetch-pkg-vulnerabilities -u )
        fi
 fi
diff -r 6eece22ed846 -r 8309f84f8f4c etc/defaults/Makefile
--- a/etc/defaults/Makefile     Wed May 01 04:04:54 2013 +0000
+++ b/etc/defaults/Makefile     Wed May 01 05:36:25 2013 +0000
@@ -1,8 +1,8 @@
-#      $NetBSD: Makefile,v 1.5 2011/08/22 20:48:38 jym Exp $
+#      $NetBSD: Makefile,v 1.6 2013/05/01 05:36:25 agc Exp $
 
 .include <bsd.own.mk>
 
-CONFIGFILES=   daily.conf monthly.conf security.conf weekly.conf
+CONFIGFILES=   daily.conf monthly.conf pkgpath.conf security.conf weekly.conf
 FILESDIR=      /etc/defaults
 FILESMODE=     ${NONBINMODE}
 
diff -r 6eece22ed846 -r 8309f84f8f4c etc/defaults/pkgpath.conf
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/etc/defaults/pkgpath.conf Wed May 01 05:36:25 2013 +0000
@@ -0,0 +1,13 @@
+#      $NetBSD: pkgpath.conf,v 1.1 2013/05/01 05:36:25 agc Exp $
+#
+# /etc/defaults/pkgpath.conf --
+#      default configuration of /etc/pkgpath.conf
+#
+# packaging tools configuration
+#
+# DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
+# EDIT /etc/pkgpath.conf INSTEAD.
+#
+
+pkg_admin=/usr/sbin/pkg_admin
+pkg_info=/usr/sbin/pkg_info
diff -r 6eece22ed846 -r 8309f84f8f4c etc/defaults/security.conf
--- a/etc/defaults/security.conf        Wed May 01 04:04:54 2013 +0000
+++ b/etc/defaults/security.conf        Wed May 01 05:36:25 2013 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: security.conf,v 1.24 2012/04/05 09:09:27 spz Exp $
+#      $NetBSD: security.conf,v 1.25 2013/05/01 05:36:25 agc Exp $
 #
 # /etc/defaults/security.conf --
 #      default configuration of /etc/security.conf
@@ -30,7 +30,6 @@
 backup_dir=/var/backups
 backup_uses_rcs=YES
 diff_options=-u
-pkg_info=/usr/sbin/pkg_info
 
 check_homes_permit_usergroups=NO
 
diff -r 6eece22ed846 -r 8309f84f8f4c etc/pkgpath.conf
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/etc/pkgpath.conf  Wed May 01 05:36:25 2013 +0000
@@ -0,0 +1,10 @@
+#      $NetBSD: pkgpath.conf,v 1.1 2013/05/01 05:36:25 agc Exp $
+#
+# packaging tools configuration
+
+if [ -r /etc/defaults/pkgpath.conf ]; then
+       . /etc/defaults/pkgpath.conf
+fi
+
+# Add local overrides below
+#
diff -r 6eece22ed846 -r 8309f84f8f4c etc/security
--- a/etc/security      Wed May 01 04:04:54 2013 +0000
+++ b/etc/security      Wed May 01 05:36:25 2013 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#      $NetBSD: security,v 1.111 2012/04/05 09:09:27 spz Exp $
+#      $NetBSD: security,v 1.112 2013/05/01 05:36:25 agc Exp $
 #      from: @(#)security      8.1 (Berkeley) 6/9/93
 #
 
@@ -21,6 +21,9 @@
 if [ -s /etc/security.conf ]; then
        . /etc/security.conf
 fi
+if [ -s /etc/pkgpath.conf ]; then
+       . /etc/pkgpath.conf
+fi
 
 # Set reasonable defaults (if they're not set in security.conf)
 #
@@ -926,7 +929,7 @@
 if checkyesno check_pkgs && have_pkgs; then
        pkgs=$work_dir/pkgs
        migrate_file "$backup_dir/pkgs" "$pkgs"
-       pkg_dbdir=$(pkg_admin config-var PKG_DBDIR)
+       pkg_dbdir=$(${pkg_admin} config-var PKG_DBDIR)
        : ${pkg_dbdir:=/var/db/pkg}
        (       cd $pkg_dbdir
                $pkg_info | sort
@@ -1009,7 +1012,7 @@
 
 if have_pkgs; then
        if checkyesno check_pkg_vulnerabilities; then
-               pkg_admin ${_compat_K_flag} audit >${OUTPUT} 2>&1
+               ${pkg_admin} ${_compat_K_flag} audit >${OUTPUT} 2>&1
                if [ -s ${OUTPUT} ]; then
                        printf "\nInstalled vulnerable packages:\n"
                        cat ${OUTPUT}
@@ -1017,7 +1020,7 @@
        fi
 
        if checkyesno check_pkg_signatures; then
-               pkg_admin ${_compat_K_flag} check >${OUTPUT} 2>&1
+               ${pkg_admin} ${_compat_K_flag} check >${OUTPUT} 2>&1
                if [ $? -ne 0 ]; then
                        printf "\nFiles with invalid signatures:\n"
                        cat ${OUTPUT}

Prev by Date: [src/trunk]: src/lib/libm Use MKSOFTFLOAT = no for including arm hardfloat fi...
Next by Date: [src/trunk]: src/sys/rump/net/lib/libshmif Three cheers for the mighty C type...
Previous by Thread: [src/trunk]: src/lib/libm Use MKSOFTFLOAT = no for including arm hardfloat fi...
Next by Thread: [src/trunk]: src/sys/rump/net/lib/libshmif Three cheers for the mighty C type...
Indexes:

Home | Main Index | Thread Index | Old Index