Subject: Re: pkg-vulnerabilities error message
To: Perry E. Metzger <perry@piermont.com>
From: Martin Weber <Ephaeton@gmx.net>
List: tech-pkg
Date: 12/30/2003 00:21:44
On Mon, Dec 29, 2003 at 11:58:02AM -0500, Perry E. Metzger wrote:
>
> Michal Pasternak <michal@pasternak.w.lub.pl> writes:
> > Perry E. Metzger [Mon, Dec 29, 2003 at 11:20:41AM -0500]:
> >> We really either need to remove that message, or add a job that
> >> automatically tweaks the vulnerability list if it hasn't been touched
> >> in a few days. Getting this message spuriously is a serious pain in
> >> the neck -- we should not generate errors if all is well.
> >
> > And how do you know if it is really all well?
>
> If you can download the file without any trouble, then you should not
> be screaming. At worst, an alarm should be screaming for the pkgsrc
> maintainers, not for each of the tens of thousands of users.
...
221-
Data traffic for this session was 40312 bytes in 1 file.
Total traffic for this session was 44634 bytes in 1 transfer.
221 Thank you for using the FTP service on ftp.NetBSD.org.
No change from existing package vulnerabilities file
...
This implies a successful attempt of the system administrator (or
cron) to fetch the vulnerabilities file. If you patch
download-vulnerability-list like this ...
================================================================================
Index: Makefile
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/security/audit-packages/Makefile,v
retrieving revision 1.38
diff -u -r1.38 Makefile
--- Makefile 2003/12/12 21:40:32 1.38
+++ Makefile 2003/12/29 23:21:11
@@ -37,6 +37,7 @@
-e 's|@CHMOD@|${CHMOD}|g' \
-e 's|@MV@|${MV}|g' \
-e 's|@RM@|${RM}|g' \
+ -e 's|@TOUCH@|${TOUCH}|g' \
-e 's|@MKDIR@|${MKDIR}|g' \
-e 's|@PKG_SYSCONFDIR@|${PKG_SYSCONFDIR}|g' \
${FILESDIR}/$$f > ${WRKSRC}/$$f; \
Index: files/download-vulnerability-list
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/security/audit-packages/files/download-vulnerability-list,v
retrieving revision 1.22
diff -u -r1.22 download-vulnerability-list
--- files/download-vulnerability-list 2003/12/03 04:58:01 1.22
+++ files/download-vulnerability-list 2003/12/29 23:21:11
@@ -105,6 +105,7 @@
else
echo "No change from existing package vulnerabilities file"
@RM@ -f ${NEW_VUL_LIST}
+ @TOUCH@ ${EXIST_VUL_LIST}
fi
exit 0
================================================================================
... it would prevent triggering this message. Yes, it didn't change,
but yes, we also did fetch the file successfully.
Regards,
-Martin