Date: Mon, 6 Oct 2008 16:22:13 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Mel <fbsd.hackers@rachie.is-a-geek.net> Cc: freebsd-hackers@freebsd.org, freebsd-ports@freebsd.org, Miroslav Lachman <000.fbsd@quip.cz>, bug-followup@freebsd.org Subject: Re: ports/126853: ports-mgmt/portaudit: speed up audit of installed packages Message-ID: <UT59cpekvGVMfakilCQCXBrQ/EM@nlQVqIfhkqt85LHWtyzszUDygTs> In-Reply-To: <200810061307.51977.fbsd.hackers@rachie.is-a-geek.net> References: <WGReTVL6CLts/44OKi4qLEsAGHs@jm/Q2DKg1djxmpGNf45V%2BWpjPIE> <200810061124.55209.fbsd.hackers@rachie.is-a-geek.net> <fBeVL1niDy9KJaVLxcjTW9Xe1Wo@De93eau6bBqwYjK6U3wF/jjVMVE> <200810061307.51977.fbsd.hackers@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--3BL0Ng5d1iPP6beU
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Mel,
Mon, Oct 06, 2008 at 01:07:51PM +0200, Mel wrote:
> On Monday 06 October 2008 12:28:48 Eygene Ryabinkin wrote:
> Once you have the origin of the port, you can:
> - make -C $PORTSDIR/$origin -V PKGNAME
> - get the matching origin(s) out of ${INDEXDIR}/${INDEXFILE}
> - get the matching origin(s) out of a downloaded INDEX.bz2
>=20
> This covers the majority of cases.
>=20
> What portaudit lacks, is providing the origin along with the installed pa=
ckage
> name in easily parseable format. So, a central server wanting to query al=
l=20
> the machines for vulnerable packages, now has to do an extra step of goin=
g=20
> into $PKG_DBDIR/$pkgname/+CONTENTS and getting the @comment ORIGIN: line,=
=20
> while (port|pkg_)audit has just been there.
>=20
> This would be something I'd expect:
> ssh clientmachine "/usr/sbin/pkg_audit -l"
> foo-1.2,3:misc/foo
> bar-4.5_6:devel/bar
> ...
OK, got it. There is one neat: pkg_audit should be feeded with the
contents of the auditfile and the latter is located in the tar archive.
So, if you wouldn't mind about the following sequence
-----
tar xf /var/db/portaudit/auditfile.tbz
pkg_audit < auditfile | portaudit-checknew -o | cut -d '|' -f1,4,5
-----
then I can add the flag '-o' to the portaudit-checknew: it will
additionally output the port origin along with the new version.
Is that what you meant?
--=20
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual =20
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20
{_.-``-' {_/ #
--3BL0Ng5d1iPP6beU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEARECAAYFAkjqAvUACgkQthUKNsbL7YiaFACfVxP/ieDIZZrUGE4O+DKgfvTh
YpgAn02ufj2yxuThuKezaIdezmBYuDYt
=UeZL
-----END PGP SIGNATURE-----
--3BL0Ng5d1iPP6beU--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?UT59cpekvGVMfakilCQCXBrQ/EM>