Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Jul 2022 16:12:52 GMT
From:      Yasuhiro Kimura <yasu@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: ad528e1c8370 - main - security/base-audit: Remove port
Message-ID:  <202207181612.26IGCqLf068972@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by yasu:

URL: https://cgit.FreeBSD.org/ports/commit/?id=ad528e1c8370284c561f4b4800337735c02b0440

commit ad528e1c8370284c561f4b4800337735c02b0440
Author:     Yasuhiro Kimura <yasu@FreeBSD.org>
AuthorDate: 2022-07-18 16:09:03 +0000
Commit:     Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2022-07-18 16:09:03 +0000

    security/base-audit: Remove port
    
    * Remove port as 405.pkg-base-audit, core file of the port, is merged
      into ports-mgmt/pkg with pkg 1.18.1.
    * Add entry to MOVED
    
    PR:             264878
    Approved by:    maintainer
---
 MOVED                                           |   1 +
 security/Makefile                               |   1 -
 security/base-audit/Makefile                    |  31 ----
 security/base-audit/files/405.pkg-base-audit.in | 223 ------------------------
 security/base-audit/pkg-descr                   |   4 -
 security/base-audit/pkg-message                 |  21 ---
 6 files changed, 1 insertion(+), 280 deletions(-)

diff --git a/MOVED b/MOVED
index e28e12e763e3..1e0a14611d22 100644
--- a/MOVED
+++ b/MOVED
@@ -17507,3 +17507,4 @@ www/rubygem-uglifier-node16|www/rubygem-uglifier|2022-07-13|Remove obsoleted por
 audio/espeak|audio/espeak-ng|2022-07-15|Switch to fork of (stale) original repository
 misc/ngraph||2022-07-15|Software is discontinued because its developer Nervana Systems is defunct
 math/hipmcl||2022-07-16|Discontinued: old versions aren't compatible with new combblas-2.0, latest versions require CUDA that is not available on FreeBSD
+security/base-audit|ports-mgmt/pkg|2022-07-17|Merged into ports-mgmt/pkg
diff --git a/security/Makefile b/security/Makefile
index b2a3cf41dda3..5c0317e122fd 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -40,7 +40,6 @@
     SUBDIR += aws-vault
     SUBDIR += barnyard2
     SUBDIR += barnyard2-sguil
-    SUBDIR += base-audit
     SUBDIR += bastillion
     SUBDIR += bcrypt
     SUBDIR += bcwipe
diff --git a/security/base-audit/Makefile b/security/base-audit/Makefile
deleted file mode 100644
index f6233a937f9e..000000000000
--- a/security/base-audit/Makefile
+++ /dev/null
@@ -1,31 +0,0 @@
-# Created by: Miroslav Lachman
-
-PORTNAME=	base-audit
-PORTVERSION=	0.5
-CATEGORIES=	security
-MASTER_SITES=	# none
-DISTFILES=	# none
-
-MAINTAINER=	000.fbsd@quip.cz
-COMMENT=	Daily periodic check of vulnerabilities in base system
-
-LICENSE=	BSD3CLAUSE
-
-RUN_DEPENDS=	${LOCALBASE}/sbin/pkg:${PKG_ORIGIN}
-
-NO_ARCH=	yes
-NO_BUILD=	yes
-NO_INSTALL=	yes
-
-SUB_FILES=	405.pkg-base-audit
-
-PERIODIC_SECURITY=	etc/periodic/security
-
-PLIST_FILES=	${PERIODIC_SECURITY}/405.pkg-base-audit
-
-do-install:
-	@${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_SECURITY}
-	 ${INSTALL_SCRIPT} ${WRKDIR}/405.pkg-base-audit \
-		${STAGEDIR}${PREFIX}/${PERIODIC_SECURITY}
-
-.include <bsd.port.mk>
diff --git a/security/base-audit/files/405.pkg-base-audit.in b/security/base-audit/files/405.pkg-base-audit.in
deleted file mode 100755
index f607a5929fc7..000000000000
--- a/security/base-audit/files/405.pkg-base-audit.in
+++ /dev/null
@@ -1,223 +0,0 @@
-#!/bin/sh -f
-#
-# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
-# Copyright (c) 2014 Matthew Seaman <matthew@FreeBSD.org>
-# Copyright (c) 2016 Miroslav Lachman <000.fbsd@quip.cz>
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-# 1. Redistributions of source code must retain the above copyright notice
-#    this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# 3. Neither the name of the author nor the names of its contributors may be
-#    used to endorse or promote products derived from this software without
-#    specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-if [ -r /etc/defaults/periodic.conf ]; then
-	. /etc/defaults/periodic.conf
-	source_periodic_confs
-fi
-
-: ${security_status_baseaudit_enable:=YES}
-: ${security_status_baseaudit_period:=daily}
-: ${security_status_baseaudit_quiet:=NO}
-: ${security_status_baseaudit_chroots=$pkg_chroots}
-: ${security_status_baseaudit_jails=$pkg_jails}
-: ${security_status_baseaudit_jails_ignore=""}
-: ${security_status_baseaudit_expiry:=2}
-
-# Compute PKG_DBDIR from the config file.
-pkgcmd=%%PREFIX%%/sbin/pkg
-PKG_DBDIR=`${pkgcmd} config PKG_DBDIR`
-auditfile="${PKG_DBDIR}/vuln.xml"
-
-audit_base() {
-	local pkgargs="$1"
-	local basedir="$2"
-	local rc
-	local then
-	local now
-	local usrlv
-	local krnlv
-	local strlen
-	local chrootv
-	local jailv
-	local jid
-	
-	## get version from chroot
-	if [ -n "`echo "$pkgargs" | egrep '^-c'`" ]; then
-		if [ -x "$basedir/bin/freebsd-version" ]; then
-			chrootv=$($basedir/bin/freebsd-version -u)
-			## safety check - strlen
-			strlen=$(echo "$chrootv" | wc -c)
-			if [ $strlen -gt 17 -o $strlen -lt 11 ]; then
-				echo "Wrong version string, cannot run audit"
-				return 3
-			fi
-			usrlv=$(echo $chrootv | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,')
-		else
-			echo "Cannot guess chroot version"
-			return 3
-		fi
-	## get version from jail
-	elif [ -n "`echo "$pkgargs" | egrep '^-j'`" ]; then
-		jid=$(echo "$pkgargs" | awk '$1 ~ /^-[j]/ { print $2 }')
-		jailv=$(jexec $jid freebsd-version -u)
-		## safety check - strlen
-		strlen=$(echo "$jailv" | wc -c)
-		if [ $strlen -gt 17 -o $strlen -lt 11 ]; then
-			echo "Wrong version string, cannot run audit"
-			return 3
-		fi
-		usrlv=$(echo $jailv | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,')
-	## get version from host
-	else
-		usrlv=$(freebsd-version -u | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,')
-	fi
-
-	then=`stat -f '%m' "${basedir}${auditfile}" 2> /dev/null` || rc=3
-	now=`date +%s` || rc=3
-	## Add 10 minutes of padding since the check is in seconds.
-	if [ $rc -ne 0 -o \
-		$(( 86400 \* "${security_status_baseaudit_expiry}" )) \
-		-le $(( ${now} - ${then} + 600 )) ]; then
-		## When non-interactive, sleep to reduce congestion on mirrors
-		anticongestion
-		f="-F"
-	else
-		echo -n 'Database fetched: '
-		date -r "${then}" || rc=3
-	fi
-
-	## cannot check kernel in jail or chroot
-	if [ -z "`echo "$pkgargs" | egrep '^-[cj]'`" -a `sysctl -n security.jail.jailed` = 0 ]; then
-		krnlv=$(freebsd-version -k | sed 's,^,FreeBSD-kernel-,;s,-RELEASE-p,_,;s,-RELEASE$,,')
-		${pkgcmd} audit $f $q $krnlv || { rc=$?; [ $rc -lt 3 ] && rc=3; }
-	fi
-
-	${pkgcmd} audit $f $q $usrlv || { rc=$?; [ $rc -lt 3 ] && rc=3; }
-
-	return $rc
-}
-
-# Use $pkg_chroots to provide a default list of chroots, and
-# $pkg_jails to provide a default list of jails (or '*' for all jails)
-# for all pkg periodic scripts, or set
-# $security_status_baseaudit_chroots and
-# $security_status_baseaudit_jails for this script only.
-
-audit_base_all() {
-	local rc
-	local last_rc
-	local jails
-
-	# We always show audit results for the base system, but only print
-	# a banner line if we're also showing audit results for any
-	# chroots or jails.
-
-	if [ -n "${security_status_baseaudit_chroots}" -o \
-		-n "${security_status_baseaudit_jails}" ]; then
-		echo "Host system:"
-	fi
-
-	audit_base '' ''
-	last_rc=$?
-	[ $last_rc -gt 1 ] && rc=$last_rc
-
-	for c in $security_status_baseaudit_chroots ; do
-		echo
-		echo "chroot: $c"
-		audit_base "-c $c" $c
-		last_rc=$?
-		[ $last_rc -gt 1 ] && rc=$last_rc
-	done
-
-	case $security_status_baseaudit_jails in
-	\*)
-		jails=$(jls -q -h name path | sed -e 1d -e 's/ /|/')
-		;;
-	'')
-		jails=
-		;;
-	*)
-		# Given the jail name or jid, find the jail path
-		jails=
-		for j in $security_status_baseaudit_jails ; do
-			p=$(jls -j $j -h name path | sed -e 1d -e 's/ /|/')
-			jails="${jails} ${p}"
-		done
-		;;
-	esac
-
-	for j in $jails ; do
-		# ignore some jails
-		if [ -n "$security_status_baseaudit_jails_ignore" ]; then
-			# we iterate to get exact matches because we want substring matches
-			# foo should not match foo.bar
-			for ignore in $security_status_baseaudit_jails_ignore ; do
-				if [ "${j%|*}" == "$ignore" ]; then
-					echo
-					echo "ignoring jail: ${j%|*}"
-					# continue with the main loop
-					continue 2
-				fi
-			done
-		fi
-		echo
-		echo "jail: ${j%|*}"
-		audit_base "-j ${j%|*}" ${j##*|}
-		last_rc=$?
-		[ $last_rc -gt 1 ] && rc=$last_rc
-	done
-
-	return $rc
-}
-
-security_daily_compat_var security_status_baseaudit_enable
-security_daily_compat_var security_status_baseaudit_quiet
-security_daily_compat_var security_status_baseaudit_chroots
-security_daily_compat_var security_status_baseaudit_jails
-security_daily_compat_var security_status_baseaudit_exipiry
-
-rc=0
-
-if check_yesno_period security_status_baseaudit_enable
-then
-	echo
-	echo 'Checking for security vulnerabilities in base (userland & kernel):'
-
-	if ! ${pkgcmd} -N >/dev/null 2>&1 ; then
-		echo 'pkg-audit is enabled but pkg is not used'
-		rc=2
-	else
-		case "${security_status_baseaudit_quiet}" in
-		[Yy][Ee][Ss])
-			q='-q'
-			;;
-		*)
-			q=
-			;;
-		esac
-
-		audit_base_all ; rc=$?
-	fi
-fi
-
-exit "$rc"
diff --git a/security/base-audit/pkg-descr b/security/base-audit/pkg-descr
deleted file mode 100644
index 11e8cb99a1aa..000000000000
--- a/security/base-audit/pkg-descr
+++ /dev/null
@@ -1,4 +0,0 @@
-Audit base system against known vulnerabilities and generate reports
-including references to security advisories.
-It uses pkg audit and Vuxml database as is used for packages but this script
-checks base system.
diff --git a/security/base-audit/pkg-message b/security/base-audit/pkg-message
deleted file mode 100644
index bc13d51ef98f..000000000000
--- a/security/base-audit/pkg-message
+++ /dev/null
@@ -1,21 +0,0 @@
-[
-{ type: install
-  message: <<EOM
-Add the following lines to /etc/periodic.conf(.local) to enable periodic check
-	security_status_baseaudit_enable="YES"
-	security_status_baseaudit_quiet="NO"
-
-Use pkg_chroots to provide a default list of chroots
-and pkg_jails to provide a default list of jails (or '*' for all jails)
-for all pkg periodic scripts, or set
-	security_status_baseaudit_chroots
-and
-	security_status_baseaudit_jails
-for this script only.
-
-You can also change following variables:
-	security_status_baseaudit_period="daily"
-	security_status_baseaudit_expiry="2"
-EOM
-}
-]



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202207181612.26IGCqLf068972>