portaudit won't let me build some ports
Michael Gmelin
freebsd at grem.de
Sat Apr 13 12:04:30 UTC 2013
On Sat, 13 Apr 2013 01:36:26 -0600 (MDT)
Mike Brown <mike at skew.org> wrote:
> I'm posting this overdue followup mostly for the benefit of anyone
> searching for this info, and for the maintainers of bsd.port.mk and
> portaudit.
>
> On Jun 6, 2012, I wrote:
> > What's going on with portaudit?
> > It always prints 7 useless lines of "done"
>
> Why "/var/db/portaudit/auditfile.tbz: done" shows up at all:
>
> My environment contains BZIP2=-v.
>
> I put that in there ages ago, because I like to see the extra output
> when compressing files, and I grew tired of typing it by hand.
> Unfortunately, it also affects decompression output.
>
> Why it shows up many times in a row:
>
> portaudit decompresses its database file that many times as part of
> its normal operation. Perhaps there's some room for optimization
> there. /usr/ports/Mk/bsd.port.mk just decompresses it once, to a temp
> file.
>
> > and now it has started stopping me from building some ports, due to
> > "known vulnerabilities", even though there are no vulnerabilities
> > in the database.
>
> I believe this is a combination of problems with portaudit and
> bsd.port.mk.
>
> bsd.port.mk saves portaudit's output (list of vulnerabilities in the
> current package) to a variable, and interprets it as having said
> vulnerabilities are present if it contains the string "X problem(s)
> found.", where X is any string of digits, including "0".
>
> vlist=`${LOCALBASE}/sbin/portaudit -X 14 "${PKGNAME}" \
> 2>&1 | grep -vE '^[0-9]+ problem\(s\) found.' \
> || true`; \
>
> With BZIP2=-v in the environment, the output of portaudit will
> contain all the bzip2 "done" messages, and then, if there are no
> vulnerabilities, it might say "0 problem(s) found."
>
> Surely "0 problem(s) found." is not cause for stopping a build. The
> regex in bsd.port.mk should probably be '^[1-9][0-9]+ problem\(s\)
> found.'
>
> I'm not sure if it's possible to avoid picking up the verbose bzip2
> output. portaudit could pass -q to BZIP2, but that might suppress
> desirable error messages. I leave that for you guys to worry about. :)
>
> > Last time I ran portmaster -a, I had to completely remove portaudit
> > just so I could get everything to build. Now that I've reinstalled
> > it, it's still causing me grief.
>
> Mental note: a better option is to define DISABLE_VULNERABILITIES
> before building any ports. See ports(7) man page.
>
> Thanks for reading.
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to
> "freebsd-ports-unsubscribe at freebsd.org"
Hi Mike,
I submitted a bug report for a related problem about a year ago:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/168479
In that case the unrelated output line is caused by downloading the
auditfile (the workaround I suggested is very simple and only fixes
that particular problem).
Cheers,
--
Michael Gmelin
More information about the freebsd-ports
mailing list