Date: Sat, 13 Apr 2013 13:57:37 +0200 From: Michael Gmelin <freebsd@grem.de> To: freebsd-ports@freebsd.org Cc: mike@skew.org Subject: Re: portaudit won't let me build some ports Message-ID: <20130413135737.7977ce0f@bsd64.grem.de> In-Reply-To: <201304130736.r3D7aQOf087588@chilled.skew.org> References: <201206070522.q575MIsK018463@chilled.skew.org> <201304130736.r3D7aQOf087588@chilled.skew.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 13 Apr 2013 01:36:26 -0600 (MDT)
Mike Brown <mike@skew.org> wrote:
> I'm posting this overdue followup mostly for the benefit of anyone
> searching for this info, and for the maintainers of bsd.port.mk and
> portaudit.
>
> On Jun 6, 2012, I wrote:
> > What's going on with portaudit?
> > It always prints 7 useless lines of "done"
>
> Why "/var/db/portaudit/auditfile.tbz: done" shows up at all:
>
> My environment contains BZIP2=-v.
>
> I put that in there ages ago, because I like to see the extra output
> when compressing files, and I grew tired of typing it by hand.
> Unfortunately, it also affects decompression output.
>
> Why it shows up many times in a row:
>
> portaudit decompresses its database file that many times as part of
> its normal operation. Perhaps there's some room for optimization
> there. /usr/ports/Mk/bsd.port.mk just decompresses it once, to a temp
> file.
>
> > and now it has started stopping me from building some ports, due to
> > "known vulnerabilities", even though there are no vulnerabilities
> > in the database.
>
> I believe this is a combination of problems with portaudit and
> bsd.port.mk.
>
> bsd.port.mk saves portaudit's output (list of vulnerabilities in the
> current package) to a variable, and interprets it as having said
> vulnerabilities are present if it contains the string "X problem(s)
> found.", where X is any string of digits, including "0".
>
> vlist=`${LOCALBASE}/sbin/portaudit -X 14 "${PKGNAME}" \
> 2>&1 | grep -vE '^[0-9]+ problem\(s\) found.' \
> || true`; \
>
> With BZIP2=-v in the environment, the output of portaudit will
> contain all the bzip2 "done" messages, and then, if there are no
> vulnerabilities, it might say "0 problem(s) found."
>
> Surely "0 problem(s) found." is not cause for stopping a build. The
> regex in bsd.port.mk should probably be '^[1-9][0-9]+ problem\(s\)
> found.'
>
> I'm not sure if it's possible to avoid picking up the verbose bzip2
> output. portaudit could pass -q to BZIP2, but that might suppress
> desirable error messages. I leave that for you guys to worry about. :)
>
> > Last time I ran portmaster -a, I had to completely remove portaudit
> > just so I could get everything to build. Now that I've reinstalled
> > it, it's still causing me grief.
>
> Mental note: a better option is to define DISABLE_VULNERABILITIES
> before building any ports. See ports(7) man page.
>
> Thanks for reading.
> _______________________________________________
> freebsd-ports@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to
> "freebsd-ports-unsubscribe@freebsd.org"
Hi Mike,
I submitted a bug report for a related problem about a year ago:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/168479
In that case the unrelated output line is caused by downloading the
auditfile (the workaround I suggested is very simple and only fixes
that particular problem).
Cheers,
--
Michael Gmelin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130413135737.7977ce0f>