ports/126853: ports-mgmt/portaudit: speed up audit of installed packages

Eygene Ryabinkin rea-fbsd at codelabs.ru
Mon Oct 6 12:22:19 UTC 2008 

Mel,

Mon, Oct 06, 2008 at 01:07:51PM +0200, Mel wrote:
> On Monday 06 October 2008 12:28:48 Eygene Ryabinkin wrote:
> Once you have the origin of the port, you can:
> - make -C $PORTSDIR/$origin -V PKGNAME
> - get the matching origin(s) out of ${INDEXDIR}/${INDEXFILE}
> - get the matching origin(s) out of a downloaded INDEX.bz2
> 
> This covers the majority of cases.
> 
> What portaudit lacks, is providing the origin along with the installed package
> name in easily parseable format. So, a central server wanting to query all 
> the machines for vulnerable packages, now has to do an extra step of going 
> into $PKG_DBDIR/$pkgname/+CONTENTS and getting the @comment ORIGIN: line, 
> while (port|pkg_)audit has just been there.
> 
> This would be something I'd expect:
> ssh clientmachine "/usr/sbin/pkg_audit -l"
> foo-1.2,3:misc/foo
> bar-4.5_6:devel/bar
> ...

OK, got it.  There is one neat: pkg_audit should be feeded with the
contents of the auditfile and the latter is located in the tar archive.
So, if you wouldn't mind about the following sequence
-----
tar xf /var/db/portaudit/auditfile.tbz
pkg_audit < auditfile | portaudit-checknew -o | cut -d '|' -f1,4,5
-----
then I can add the flag '-o' to the portaudit-checknew: it will
additionally output the port origin along with the new version.

Is that what you meant?
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual   
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook 
    {_.-``-'         {_/            #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20081006/0bdf4547/attachment.pgp

More information about the freebsd-hackers mailing list