Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 6 Oct 2008 14:40:48 +0200
From:      Mel <fbsd.hackers@rachie.is-a-geek.net>
To:        freebsd-hackers@freebsd.org
Cc:        freebsd-ports@freebsd.org, Miroslav Lachman <000.fbsd@quip.cz>, bug-followup@freebsd.org
Subject:   Re: ports/126853: ports-mgmt/portaudit: speed up audit of installed packages
Message-ID:  <200810061440.49113.fbsd.hackers@rachie.is-a-geek.net>
In-Reply-To: <UT59cpekvGVMfakilCQCXBrQ/EM@nlQVqIfhkqt85LHWtyzszUDygTs>
References:  <WGReTVL6CLts/44OKi4qLEsAGHs@jm/Q2DKg1djxmpGNf45V%2BWpjPIE> <200810061307.51977.fbsd.hackers@rachie.is-a-geek.net> <UT59cpekvGVMfakilCQCXBrQ/EM@nlQVqIfhkqt85LHWtyzszUDygTs>

next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 06 October 2008 14:22:13 Eygene Ryabinkin wrote:
> Mel,
>
> Mon, Oct 06, 2008 at 01:07:51PM +0200, Mel wrote:
> > On Monday 06 October 2008 12:28:48 Eygene Ryabinkin wrote:
> > Once you have the origin of the port, you can:
> > - make -C $PORTSDIR/$origin -V PKGNAME
> > - get the matching origin(s) out of ${INDEXDIR}/${INDEXFILE}
> > - get the matching origin(s) out of a downloaded INDEX.bz2
> >
> > This covers the majority of cases.
> >
> > What portaudit lacks, is providing the origin along with the installed
> > package name in easily parseable format. So, a central server wanting to
> > query all the machines for vulnerable packages, now has to do an extra
> > step of going into $PKG_DBDIR/$pkgname/+CONTENTS and getting the @comment
> > ORIGIN: line, while (port|pkg_)audit has just been there.
> >
> > This would be something I'd expect:
> > ssh clientmachine "/usr/sbin/pkg_audit -l"
> > foo-1.2,3:misc/foo
> > bar-4.5_6:devel/bar
> > ...
>
> OK, got it.  There is one neat: pkg_audit should be feeded with the
> contents of the auditfile and the latter is located in the tar archive.
> So, if you wouldn't mind about the following sequence
> -----
> tar xf /var/db/portaudit/auditfile.tbz
> pkg_audit < auditfile | portaudit-checknew -o | cut -d '|' -f1,4,5
> -----
> then I can add the flag '-o' to the portaudit-checknew: it will
> additionally output the port origin along with the new version.
>
> Is that what you meant?

What I meant is the '-o' flag in pkg_audit, so I can figure out myself whether 
it's new or not and my buildserver can prioritize it's builds based on 
vulnerable packages it's clients have installed. The origin is the unique key 
that identifies any port, so that's vital information in a pipeline.

-- 
Mel



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810061440.49113.fbsd.hackers>