ports/126853: ports-mgmt/portaudit: speed up audit of installed packages

Eygene Ryabinkin rea-fbsd at codelabs.ru
Mon Oct 6 10:28:52 UTC 2008 

Mel, good day.

Mon, Oct 06, 2008 at 11:24:54AM +0200, Mel wrote:
> On Monday 06 October 2008 07:23:37 Eygene Ryabinkin wrote:
> > But downloading the INDEX file from the central server seemed to be the
> > best way, since it almost always gives one the latest port versions, so
> > I had implemented this in a first place.
> 
> I've been following this, but I don't agree that (port|pkg_)audit should do 
> this, from the very perspective you're writing this program from:

The download is done not by the portaudit itself, but by the helper
script, portaudit-checknew.

> On Sunday 28 September 2008 11:49:18 Eygene Ryabinkin wrote:
> > 4. I feel that it is Unix-way to do the things: create small utilities
> >    that do their (small) job in a proper fashion.
> 
> Instead, it can provide installed-pkgname<seperator>pkgorigin output. Then, 
> any utility can check whether a new version is available, using what ever 
> source it finds relevant.
>
> For example, it is completely irrelevant if a new version is available on the 
> FreeBSD servers, when your machine uses a buildserver in a local network. For 
> those machines it's relevant whether their build server has a new version and 
> one can automatically upgrade if one so desires.
> Similarly, if your /usr/ports is ahead of the FreeBSD's INDEX.bz2, you're 
> again reporting false information.

I hear you, but it seems to me that I should just equip
portaudit-checknew with the other sources of a new ports information and
provide tunables for their location (on-disk path, URL, etc).  I am
planning to do this, but first I want to know if these patches will be
viable for the project: feeding these into the /dev/null or just using
them locally, but equipping with a lot of functionality, is not what I
really want ;))

> It's also quite trivial to provide this availibility information in a daily 
> security script, for the "majority of cases"

Didn't get it, sorry.  Could you, please, elaborate a bit?

> and it's better to have tunables 
> like _use_remote_portindex, _use_portsdir=/bigdisk/usr/ports in a script.

Yes, it was what I had talked about above in this mail.

Thanks for the input!
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual   
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook 
    {_.-``-'         {_/            #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20081006/1c364cd2/attachment.pgp

More information about the freebsd-hackers mailing list