ports/126853: ports-mgmt/portaudit: speed up audit of installed packages

Eygene Ryabinkin rea-fbsd at codelabs.ru
Sun Sep 28 09:49:21 UTC 2008 

Roman, good day.

Sat, Sep 27, 2008 at 08:18:08PM +0400, Roman Kurakin wrote:
> Have you also posted this to ports@?

No, forgot to do it.  CC'ing ports@

Thanks!

The original posting to hackers@ goes below.  It will be double-posted
to the bug-followup@ -- sorry for this.

> Eygene Ryabinkin wrote:
> > Good day.
> >
> > A while ago I had created the new utility that serves as VuXML
> > filter for the installed packages:
> >   http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/126853
> >
> > My primary intention was to speed up the process of auditing the
> > vulnerable ports: I needed to run portaudit checks with Nagios and to
> > avoid large timeouts.
> >
> > The new utility is called pkg_audit and it serves as a simple text
> > filter: on input it takes the full VuXML feed and on output it puts
> > VuXML entries that matches ports that are installed in the system with
> > port version specification substituted with the actual port versions.
> >
> > No harm is done to the actual poartudit -- if pkg_audit is missing, old
> > code path is activated.
> >
> > If someone is interested and will be able to test -- I am all ears.

Additional clarifications inspired by the off-line talk with rik@:
I could take another route and add this functionality to the pkg_info.
I took another approach for the following reasons.

1. pkg_info's option list is already quite big -- around 32 options
   and switches.

2. It is easier to test for the presence of the new tool (pkg_audit)
   and use it, instead of checking the support for the new option in
   pkg_info.

3. I see no options in pkg_info that can be naturally extended to
   absorbe the new functionality.  The closest is '-E', but pkg_audit
   needs to read VuXML entries, choose ones that are present in the system
   and output the found VuXML entries with version templates substituted
   with the real entries, so pkg_audit is filter-like utility.  In my
   opinion, such extension of pkg_info's "-E" will be very unnatural.

4. I feel that it is Unix-way to do the things: create small utilities
   that do their (small) job in a proper fashion.  Moreover, since the
   majority of a code sits in the pkg_install's library, there is a very
   slight code duplication, if any.

Thanks for you time.
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual   
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook 
    {_.-``-'         {_/            #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20080928/ae620de5/attachment.pgp

More information about the freebsd-hackers mailing list