ports/126853: ports-mgmt/portaudit: speed up audit of installed
packages
Mel
fbsd.hackers at rachie.is-a-geek.net
Mon Oct 6 12:40:51 UTC 2008
On Monday 06 October 2008 14:22:13 Eygene Ryabinkin wrote:
> Mel,
>
> Mon, Oct 06, 2008 at 01:07:51PM +0200, Mel wrote:
> > On Monday 06 October 2008 12:28:48 Eygene Ryabinkin wrote:
> > Once you have the origin of the port, you can:
> > - make -C $PORTSDIR/$origin -V PKGNAME
> > - get the matching origin(s) out of ${INDEXDIR}/${INDEXFILE}
> > - get the matching origin(s) out of a downloaded INDEX.bz2
> >
> > This covers the majority of cases.
> >
> > What portaudit lacks, is providing the origin along with the installed
> > package name in easily parseable format. So, a central server wanting to
> > query all the machines for vulnerable packages, now has to do an extra
> > step of going into $PKG_DBDIR/$pkgname/+CONTENTS and getting the @comment
> > ORIGIN: line, while (port|pkg_)audit has just been there.
> >
> > This would be something I'd expect:
> > ssh clientmachine "/usr/sbin/pkg_audit -l"
> > foo-1.2,3:misc/foo
> > bar-4.5_6:devel/bar
> > ...
>
> OK, got it. There is one neat: pkg_audit should be feeded with the
> contents of the auditfile and the latter is located in the tar archive.
> So, if you wouldn't mind about the following sequence
> -----
> tar xf /var/db/portaudit/auditfile.tbz
> pkg_audit < auditfile | portaudit-checknew -o | cut -d '|' -f1,4,5
> -----
> then I can add the flag '-o' to the portaudit-checknew: it will
> additionally output the port origin along with the new version.
>
> Is that what you meant?
What I meant is the '-o' flag in pkg_audit, so I can figure out myself whether
it's new or not and my buildserver can prioritize it's builds based on
vulnerable packages it's clients have installed. The origin is the unique key
that identifies any port, so that's vital information in a pipeline.
--
Mel
More information about the freebsd-hackers
mailing list