Date: Sun, 07 Dec 2014 13:08:06 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-doc@freebsd.org Subject: Re: Issue with Handbook section 5.2 Message-ID: <54845136.6050603@FreeBSD.org> In-Reply-To: <B06E0DF0-73F5-4B6B-A7B3-EFCCC9AD875A@technosorcery.net> References: <B06E0DF0-73F5-4B6B-A7B3-EFCCC9AD875A@technosorcery.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--rC9pJVtEsEoqNUnWrs0pxwVcqdstbBS30
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 07/12/2014 02:58, Jacob Helwig wrote:
> In going through the FreeBSD Handbook (as of Sun Dec 7 02:44:11 UTC
> 2014), section 5.2 (Overview of Software Installation) mentions using
> ports-mgmt/portaudit to check for security issues. Unfortunately,
> portaudit was removed from ports on October 13th[0].
>=20
> The commit that removed it says that =E2=80=9Cpkg audit=E2=80=9D should=
be used
> instead ("portaudit expired when pkg_tools did, use pkg audit=E2=80=9D)=
, but
> as someone pretty new to FreeBSD, it=E2=80=99s not clear that this woul=
d be
> appropriate for ports usage. Is =E2=80=9Cpkg audit=E2=80=9D appropriat=
e? The
> language in the warning section of this Handbook section suggests
> that =E2=80=9Cpkg audit=E2=80=9D isn=E2=80=99t appropriate outside of p=
ackage use. If =E2=80=9Cpkg
> audit=E2=80=9D isn=E2=80=99t appropriate, what should be used instead?
>=20
> -Jacob
>=20
> [0]
> https://github.com/freebsd/freebsd-ports/commit/a3523a34bbef563b0b50709=
f384729fa04bcbb7
pkg audit is certainly the correct tool to use. You can audit your
system for vulnerable packages by running 'pkg audit -F' at intervals.
If you add:
daily_status_security_pkgaudit_enable=3D"YES"
to /etc/periodic.conf then you can have it run automatically each night.
You seem to be suffering from a common misconception that packages and
ports are somehow much more distinct than is actually the case. It is
something that clearly we aren't explaining very effectively.
A port is a set of instructions for building a package -- and pkg is the
tool for creating and managing packages. So much so that packages
themselves are now referred to as 'pkgs.' (Partly that was to
distinguish them from the old pkg_tools style of packages, but that is
generally no longer a consideration. Even so, the usage persists.) All
pkgs are originally built from ports and the result of building a port
is a pkg[*]. Even if you're installing pre-built pkgs from the FreeBSD
pkg repositories, this is still true.
Pkgs have two states: installed -- with all the files extracted and
copied into place in the filesystem -- and as tarballs -- collected into
one compressed archive for easy network distribution. But they are both
still pkgs.
Cheers,
Matthew
[*] At the moment. There are plans to change this so that several pkgs
may be build from one port, and also plans to be able to create pkgs
from other sources than the ports tree.
--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
--rC9pJVtEsEoqNUnWrs0pxwVcqdstbBS30
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
iQJ8BAEBCgBmBQJUhFE/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATBMEP/1f2UGgPKV9XUrvAbOlcqAb5
1JsNd7uyljTUkfLWndGsJoOPrHJn3EKhucRAJLBaWbNtHDXenY4oSwyYOzFiTqvJ
3J0GrKddDngFSGB+x9bXOnJWlmoQqzRLsV460kA16mPuiB58r8Q/36EMcLrVz53i
CHBj0hJmleENCYeXFjUSvIzGaCo2u5mXHv+6EPJTYk/7OyppyALbRY88euQEZr/4
JyAriX34hJ3vM84DHDbD+Kv10D8SfTss1oKlKOfIjHfTB4OEJ0gFXrQfNqo8X+MJ
TGmPajQYLkNQVBQmNmxJrRggAOufTmVqrZzVmPUPWYXtwNhKCdG/3a9Xyo60oLL/
xywjLivhHDMZwddDt5kpy7eTsreZEAPlVx4ZW7WE5pD3u8im/Y8WElSgVXvstRHh
PW7ipDtuYrQljrgWPU2VX8nJXEZMMcHlnpChGrLf0BbNCtdz9b9vthYJyxFAIDry
I7momjzAgM9nCICpvo6FoVHgmJ3UOxi7ur3bGdWSs37PyxdGXaGMQ6TQEkKB9DxZ
zQt6eWDYuHveV8VUkX5rT+EuSfcn4Qi3+dzuEeypssqjUuat8fUnD1bYR1NY2n8H
BzekYXYvfKaSckdXbMETxO5LXAdD3Xln7wPkNGKQ3bPzGywnA/SoRSWS8Ef5HUPf
WDAksk6ADUNAqPfxO/zJ
=J+jp
-----END PGP SIGNATURE-----
--rC9pJVtEsEoqNUnWrs0pxwVcqdstbBS30--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54845136.6050603>