From owner-svn-src-stable-8@FreeBSD.ORG  Sun Nov  7 11:51:58 2010
Return-Path: <owner-svn-src-stable-8@FreeBSD.ORG>
Delivered-To: svn-src-stable-8@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 00B2A106566B;
	Sun,  7 Nov 2010 11:51:58 +0000 (UTC)
	(envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id C81A88FC1C;
	Sun,  7 Nov 2010 11:51:57 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id oA7BpvWl042200;
	Sun, 7 Nov 2010 11:51:57 GMT (envelope-from delphij@svn.freebsd.org)
Received: (from delphij@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id oA7BpvdX042196;
	Sun, 7 Nov 2010 11:51:57 GMT (envelope-from delphij@svn.freebsd.org)
Message-Id: <201011071151.oA7BpvdX042196@svn.freebsd.org>
From: Xin LI <delphij@FreeBSD.org>
Date: Sun, 7 Nov 2010 11:51:57 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r214912 - in stable/8/etc: defaults periodic/security
X-BeenThere: svn-src-stable-8@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 8-stable src tree
	<svn-src-stable-8.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-8>, 
	<mailto:svn-src-stable-8-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-8>
List-Post: <mailto:svn-src-stable-8@freebsd.org>
List-Help: <mailto:svn-src-stable-8-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-8>, 
	<mailto:svn-src-stable-8-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Nov 2010 11:51:58 -0000

Author: delphij
Date: Sun Nov  7 11:51:57 2010
New Revision: 214912
URL: http://svn.freebsd.org/changeset/base/214912

Log:
  Redo r214897:
  
  MFC r211141 (gabor)
  
  - Fixes to the chkportsum script to handle better some special cases,
    like spaces in filename
  
  Submitted by:   Alex Kozlov <spam@rm-rf.kiev.ua>
  
  MFC r210254 (gabor)
  
  - Add a periodic script, which can be used to find installed ports' files with
    mismatched checksum
  
  PR:             conf/124641
  Submitted by:   Alex Kozlov <spam@rm-rf.kiev.ua>

Added:
  stable/8/etc/periodic/security/460.chkportsum
     - copied, changed from r210254, head/etc/periodic/security/460.chkportsum
Modified:
  stable/8/etc/defaults/periodic.conf
  stable/8/etc/periodic/security/Makefile
Directory Properties:
  stable/8/etc/periodic/security/   (props changed)

Modified: stable/8/etc/defaults/periodic.conf
==============================================================================
--- stable/8/etc/defaults/periodic.conf	Sun Nov  7 11:39:48 2010	(r214911)
+++ stable/8/etc/defaults/periodic.conf	Sun Nov  7 11:51:57 2010	(r214912)
@@ -171,6 +171,9 @@ daily_status_security_passwdless_enable=
 # 410.logincheck
 daily_status_security_logincheck_enable="YES"
 
+# 460.chkportsum
+daily_status_security_chkportsum_enable="NO"	# Check ports w/ wrong checksum
+
 # 500.ipfwdenied
 daily_status_security_ipfwdenied_enable="YES"
 

Copied and modified: stable/8/etc/periodic/security/460.chkportsum (from r210254, head/etc/periodic/security/460.chkportsum)
==============================================================================
--- head/etc/periodic/security/460.chkportsum	Mon Jul 19 20:19:14 2010	(r210254, copy source)
+++ stable/8/etc/periodic/security/460.chkportsum	Sun Nov  7 11:51:57 2010	(r214912)
@@ -42,20 +42,20 @@ echo 'Checking for ports with mismatched
 
 case "${daily_status_security_chkportsum_enable}" in
 	[Yy][Ee][Ss])
+	set -f
 	pkg_info -ga 2>/dev/null | \
-	while read one two three; do
-		case ${one} in
+	while IFS= read -r line; do
+		set -- $line
+		case $1 in
 			Information)
-			case ${two} in
-				  for) name=${three%%:} ;;
-					*) name='??' ;;
+			case $2 in
+				for) name="${3%%:}" ;;
+				*) name='??' ;;
 			esac
 			;;
 			Mismatched|'') ;;
-			*)
-			if [ -n ${name} ]; then
-				echo ${name}: ${one}
-			fi
+			*) [ -n "${name}" ] &&
+				echo "${name}: ${line%% fails the original MD5 checksum}"
 			;;
 		esac
 	done

Modified: stable/8/etc/periodic/security/Makefile
==============================================================================
--- stable/8/etc/periodic/security/Makefile	Sun Nov  7 11:39:48 2010	(r214911)
+++ stable/8/etc/periodic/security/Makefile	Sun Nov  7 11:51:57 2010	(r214912)
@@ -7,6 +7,7 @@ FILES=	100.chksetuid \
 	300.chkuid0 \
 	400.passwdless \
 	410.logincheck \
+	460.chkportsum \
 	700.kernelmsg \
 	800.loginfail \
 	900.tcpwrap \