Date: Sat, 13 Apr 2013 01:36:26 -0600 (MDT) From: Mike Brown <mike@skew.org> To: ports@freebsd.org Subject: Re: portaudit won't let me build some ports Message-ID: <201304130736.r3D7aQOf087588@chilled.skew.org> In-Reply-To: <201206070522.q575MIsK018463@chilled.skew.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm posting this overdue followup mostly for the benefit of anyone searching
for this info, and for the maintainers of bsd.port.mk and portaudit.
On Jun 6, 2012, I wrote:
> What's going on with portaudit?
> It always prints 7 useless lines of "done"
Why "/var/db/portaudit/auditfile.tbz: done" shows up at all:
My environment contains BZIP2=-v.
I put that in there ages ago, because I like to see the extra output
when compressing files, and I grew tired of typing it by hand.
Unfortunately, it also affects decompression output.
Why it shows up many times in a row:
portaudit decompresses its database file that many times as part of its
normal operation. Perhaps there's some room for optimization there.
/usr/ports/Mk/bsd.port.mk just decompresses it once, to a temp file.
> and now it has started stopping me from building some ports, due to "known
> vulnerabilities", even though there are no vulnerabilities in the database.
I believe this is a combination of problems with portaudit and bsd.port.mk.
bsd.port.mk saves portaudit's output (list of vulnerabilities in the current
package) to a variable, and interprets it as having said vulnerabilities are
present if it contains the string "X problem(s) found.", where X is any string
of digits, including "0".
vlist=`${LOCALBASE}/sbin/portaudit -X 14 "${PKGNAME}" \
2>&1 | grep -vE '^[0-9]+ problem\(s\) found.' \
|| true`; \
With BZIP2=-v in the environment, the output of portaudit will contain all the
bzip2 "done" messages, and then, if there are no vulnerabilities, it might say
"0 problem(s) found."
Surely "0 problem(s) found." is not cause for stopping a build. The regex in
bsd.port.mk should probably be '^[1-9][0-9]+ problem\(s\) found.'
I'm not sure if it's possible to avoid picking up the verbose bzip2 output.
portaudit could pass -q to BZIP2, but that might suppress desirable error
messages. I leave that for you guys to worry about. :)
> Last time I ran portmaster -a, I had to completely remove portaudit just so
> I could get everything to build. Now that I've reinstalled it, it's still
> causing me grief.
Mental note: a better option is to define DISABLE_VULNERABILITIES before
building any ports. See ports(7) man page.
Thanks for reading.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304130736.r3D7aQOf087588>