ports/126853: ports-mgmt/portaudit: speed up audit of
installed packages
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Sun Sep 28 09:49:21 UTC 2008
Roman, good day.
Sat, Sep 27, 2008 at 08:18:08PM +0400, Roman Kurakin wrote:
> Have you also posted this to ports@?
No, forgot to do it. CC'ing ports@
Thanks!
The original posting to hackers@ goes below. It will be double-posted
to the bug-followup@ -- sorry for this.
> Eygene Ryabinkin wrote:
> > Good day.
> >
> > A while ago I had created the new utility that serves as VuXML
> > filter for the installed packages:
> > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/126853
> >
> > My primary intention was to speed up the process of auditing the
> > vulnerable ports: I needed to run portaudit checks with Nagios and to
> > avoid large timeouts.
> >
> > The new utility is called pkg_audit and it serves as a simple text
> > filter: on input it takes the full VuXML feed and on output it puts
> > VuXML entries that matches ports that are installed in the system with
> > port version specification substituted with the actual port versions.
> >
> > No harm is done to the actual poartudit -- if pkg_audit is missing, old
> > code path is activated.
> >
> > If someone is interested and will be able to test -- I am all ears.
Additional clarifications inspired by the off-line talk with rik@:
I could take another route and add this functionality to the pkg_info.
I took another approach for the following reasons.
1. pkg_info's option list is already quite big -- around 32 options
and switches.
2. It is easier to test for the presence of the new tool (pkg_audit)
and use it, instead of checking the support for the new option in
pkg_info.
3. I see no options in pkg_info that can be naturally extended to
absorbe the new functionality. The closest is '-E', but pkg_audit
needs to read VuXML entries, choose ones that are present in the system
and output the found VuXML entries with version templates substituted
with the real entries, so pkg_audit is filter-like utility. In my
opinion, such extension of pkg_info's "-E" will be very unnatural.
4. I feel that it is Unix-way to do the things: create small utilities
that do their (small) job in a proper fashion. Moreover, since the
majority of a code sits in the pkg_install's library, there is a very
slight code duplication, if any.
Thanks for you time.
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20080928/ae620de5/attachment.pgp
More information about the freebsd-hackers
mailing list