From owner-freebsd-ports-bugs@freebsd.org  Fri Jul 21 22:25:51 2017
Return-Path: <owner-freebsd-ports-bugs@freebsd.org>
Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 33018C093CE
 for <freebsd-ports-bugs@mailman.ysv.freebsd.org>;
 Fri, 21 Jul 2017 22:25:51 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 184CB12FC
 for <freebsd-ports-bugs@FreeBSD.org>; Fri, 21 Jul 2017 22:25:51 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v6LMPoA6027979
 for <freebsd-ports-bugs@FreeBSD.org>; Fri, 21 Jul 2017 22:25:50 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-ports-bugs@FreeBSD.org
Subject: [Bug 220561] [NEW PORT] security/go-cve-dictionary: Local CVE database
Date: Fri, 21 Jul 2017 22:25:51 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: feature
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ultima@freebsd.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ultima@freebsd.org
X-Bugzilla-Flags: maintainer-feedback+
X-Bugzilla-Changed-Fields: cc assigned_to bug_status
Message-ID: <bug-220561-13-RbiEfUMYmP@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-220561-13@https.bugs.freebsd.org/bugzilla/>
References: <bug-220561-13@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jul 2017 22:25:51 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220561

Richard Gallamore <ultima@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ultima@freebsd.org
           Assignee|freebsd-ports-bugs@FreeBSD. |ultima@freebsd.org
                   |org                         |
             Status|Open                        |In Progress

--- Comment #11 from Richard Gallamore <ultima@freebsd.org> ---
I found a few more things. Once they are fixed, i'll do one more runtime ch=
eck
to verify working order and it should be ready for commit.


This port requires security/ca_root_nss to download the database because it
uses https. It will fail due to unable to validate the ssl certificate. This
should be added to runtime depends.

The STRIP=3D # variable can be removed, stripping is always safe. Back in
2010-2011, there were a couple go bugs that improperly generated ELF, long
since fixed. [1] is an article about if you are interested in more details.

The pkg-message is clever, I like it! To make it easier for new users to ge=
t up
and running, and also make run-time testing easier, I suggest adding someth=
ing
along these lines:

chown vuls:vuls /var/db/vuls/*

To enable go-cve-dictionary and start
sysrc go_cve_dictionary_enable=3D"YES"
service go-cve-dictionary start


The do-build should not install directly into the staging area. Change this=
 to
${WRKDIR} or ${WRKSRC} or just somewhere in the working area. Use
${INSTALL_PROGRAM} to install into staging area during do-install target.

Take a look at Mk/Uses/go.mk and look at the do-build and do-install targets
there and see if these targets can be removed entirely or partially and move
the bit that is needed to post-*. If they can't, change them to include the
other environment variables and use ${GO_CMD} instead of calling the command
directly.

One last thing that should be addressed, there are many hard coded items to
this port and should be changed to a single variable in the Makefile. For
instance, /var/db/vuls in rc script should be changed to %%DBDIR%% or
%%DB_DIR%% and add a var DB_DIR=3D /var/db/vuls, add to SUB_LIST. This will
change all those entries appropriately when processed. Similar, LOG_DIR sho=
uld
also be added. These hard coded entries should also be addressed in the pat=
ch
files where /var/db/vuls and /var/log/vuls, change to %%DB_DIR%% then in
post-patch: add a ${REINPLACE_CMD} to change to the corrected value.

Some of these items also apply to security/vuls. Please adapt where
appropriate.

[1] https://dominik.honnef.co/posts/2016/10/go-and-strip

--=20
You are receiving this mail because:
You are the assignee for the bug.=