Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 04 Feb 2005 11:19:57 +0100
From:      Florent Thoumie <flz@xbsd.org>
To:        Mike Brown <mike@skew.org>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: variable data in pkg-message?
Message-ID:  <42034C4D.7040101@xbsd.org>
In-Reply-To: <200502040942.j149g60T079093@chilled.skew.org>
References:  <200502040942.j149g60T079093@chilled.skew.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig46AE12EEDADFE729B4365457
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Mike Brown wrote:
> security-check.awk cannot reasonably be expected to figure out that a Python
> script that gets installed by my port is a daemon that imports another module
> in order to get a class that, when instantiated and a certain method is called,
> uses Python's socket.socket() to create servers.
>
> Therefore, post-install, I have a need to print my own security warning, like
>
> ===> SECURITY REPORT:
>       This port has installed the following files which may act as network
>       servers and may therefore pose a remote security risk to the system.
>
>       %%FOO%%/mydaemond
>
>       If there are vulnerabilities in these programs there may be a security
>       risk to the system. FreeBSD makes no guarantee about the security of
>       ports included in the Ports Collection. Please type 'make deinstall'
>       to deinstall the port if this is a concern.
>
> I need to substitute %%FOO%% with ${BINDIR} in order to have the right path
> appear in the message. I can do this easily in my port's Makefile, which will
> be fine for people installing the port. But I don't think it's possible to do
> this for the people installing the package, because pkg-message is just going
> to be displayed as-is.
>
> What should be done?

	Look at SUB_{FILES,LIST} (eg. net/bnbt).

	I've submitted a PH update to explain how to use it [1].
	
	[1] http://www.freebsd.org/cgi/query-pr.cgi?pr=docs/76688

--
Florent Thoumie
flz@xbsd.org

--------------enig46AE12EEDADFE729B4365457
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCA0xSMxEkbVFH3PQRAkyaAJ4/u7jfcA0rT6TKG8K9CZvNHp6Q4gCeJoXs
uMHomXXOps4JrrJbtukyy78=
=5181
-----END PGP SIGNATURE-----

--------------enig46AE12EEDADFE729B4365457--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42034C4D.7040101>