ports/126853: ports-mgmt/portaudit: speed up audit of installed
packages
Miroslav Lachman
000.fbsd at quip.cz
Sun Oct 5 22:40:41 UTC 2008
Eygene Ryabinkin wrote:
> Miroslav, good day.
>
> Sun, Sep 28, 2008 at 04:14:24PM +0400, Eygene Ryabinkin wrote:
>
>>>If I read nightly security e-mail with for example 4 vulnerable
>>>packages, then I need to log in to server and manualy try, if newer
>>>(fixed) packages are available. It seems not so hard to check output of
>>>`pkg_version -vIL =` and compare both versions (installed and available)
>>>with portaudit in some shellscript, I didn't start to write it yet ;).
>>
>>I think it won't be very hard: I'll try to see how to extend portaudit
>>with such functionality -- it would be very handy, in my opinion.
>
>
> OK, I extended portaudit with this -- flag '-n' will do it. Currently
> this option requires network access, but I think that it is perfectly
> fits into the security check -- it downloads auditfile anyway.
>
> I had greatly reworked the old part of patch and I have series of
> 4 patches that implement both my pkg_audit stuff and the '-n' stuff.
> I am also attaching the mega-patch, it can be applied to the current
> port sources to give the port version that includes both mentioned
> enchancements. If you have no pkg_audit -- this isn't a problem:
> portaudit fill fall back to the awk script.
>
> I had also changed the output format for pkg_audit, so I am attaching
> another version of the second patch for the pkg_install bundle.
>
> I had briefly tested my modifications -- they work for now, but I will
> continue testing. Any bug reports or thoughts about these patches are
> more that welcome.
>
>
>>Hadn't you have a chance to test my patch?
>
>
> Miroslav, still: had you tested the pkg_audit thingy?
I am busy these days, but it is nice to read about your progress. I hope
I will get some time to test all of these large patches in a few days
and I will report back my experiences!
One note before tests... do -n flag always download new INDEX file, or
is it possible to use one already existing in /usr/ports?
Miroslav Lachman
More information about the freebsd-ports
mailing list