kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/pkgtools/pkg_install/MESSAGE

38 lines
1.4 KiB
Text
Raw Normal View History

Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback and testing.
2007-07-14 22:17:06 +02:00
===========================================================================
Merge pkg_install-20090201 from pkg_install-renovation branch. - DB support is always included from libnbcompat if needed - pkg_view and linkfarm are not installed any more; they are not moved into the attic yet, so they can easily be installed as separte package - common configuration file to customise the behavior of various components; this supersedes the old audit-packages.conf - support for PKSC7 signatures (using X509 certs) and GPG signatures for packages in a secure way. See pkg_admin(8) for how to create them and pkg_install.conf(5) for the options to use them - audit-packages and download-vulnerability-list are wrapper scripts around pkg_admin. They try to mimic the classic options if used sanely. "pkg_admin audit" is now an order of magnitude faster than before - pkg_add uses libarchive and libfetch instead of external ftp and tar: - progress bar is currently missing for downloads - "pkg_add -" is no longer supported - no adhoc check for conficts between dependencies and already installed packages - "pkg_add -s" has been replaced with an option in pkg_install.conf, verification of plain detached GPG signatures is no longer supported - optional check for vulnerabilities before adding a package - if /var and /usr/pkg are on different fileystems it is twice as fast now - conflicts due to overlapping plists are checked before installation - pkg_add no longer plays with the process limits - pkg_add and pkg_delete have a new destdir option; scripts have to either be modified to use PKG_DESTDIR or should be disabled - pkg_add -u for now can't be used to update to the exact same version - internal "rm -rf" and "mkdir_p" code - all memory allocation failures are not explicitly fatal - if a file is not removed due to a failed checksum, still remove the entry from pkgdb
2009-02-02 13:34:59 +01:00
$NetBSD: MESSAGE,v 1.5 2009/02/02 12:34:59 joerg Exp $
Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback and testing.
2007-07-14 22:17:06 +02:00
You may wish to have the vulnerabilities file downloaded daily so that
it remains current. This may be done by adding an appropriate entry
Fixed typos.
2008-01-13 23:31:25 +01:00
to a user's crontab(5) entry. For example the entry
Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback and testing.
2007-07-14 22:17:06 +02:00
# download vulnerabilities file
Merge pkg_install-20090201 from pkg_install-renovation branch. - DB support is always included from libnbcompat if needed - pkg_view and linkfarm are not installed any more; they are not moved into the attic yet, so they can easily be installed as separte package - common configuration file to customise the behavior of various components; this supersedes the old audit-packages.conf - support for PKSC7 signatures (using X509 certs) and GPG signatures for packages in a secure way. See pkg_admin(8) for how to create them and pkg_install.conf(5) for the options to use them - audit-packages and download-vulnerability-list are wrapper scripts around pkg_admin. They try to mimic the classic options if used sanely. "pkg_admin audit" is now an order of magnitude faster than before - pkg_add uses libarchive and libfetch instead of external ftp and tar: - progress bar is currently missing for downloads - "pkg_add -" is no longer supported - no adhoc check for conficts between dependencies and already installed packages - "pkg_add -s" has been replaced with an option in pkg_install.conf, verification of plain detached GPG signatures is no longer supported - optional check for vulnerabilities before adding a package - if /var and /usr/pkg are on different fileystems it is twice as fast now - conflicts due to overlapping plists are checked before installation - pkg_add no longer plays with the process limits - pkg_add and pkg_delete have a new destdir option; scripts have to either be modified to use PKG_DESTDIR or should be disabled - pkg_add -u for now can't be used to update to the exact same version - internal "rm -rf" and "mkdir_p" code - all memory allocation failures are not explicitly fatal - if a file is not removed due to a failed checksum, still remove the entry from pkgdb
2009-02-02 13:34:59 +01:00
0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback and testing.
2007-07-14 22:17:06 +02:00
will update the vulnerability list every day at 3AM. You may wish to do
this more often than once a day.
In addition, you may wish to run the package audit from the daily
security script. This may be accomplished by adding the following
lines to /etc/security.local
Merge pkg_install-20090201 from pkg_install-renovation branch. - DB support is always included from libnbcompat if needed - pkg_view and linkfarm are not installed any more; they are not moved into the attic yet, so they can easily be installed as separte package - common configuration file to customise the behavior of various components; this supersedes the old audit-packages.conf - support for PKSC7 signatures (using X509 certs) and GPG signatures for packages in a secure way. See pkg_admin(8) for how to create them and pkg_install.conf(5) for the options to use them - audit-packages and download-vulnerability-list are wrapper scripts around pkg_admin. They try to mimic the classic options if used sanely. "pkg_admin audit" is now an order of magnitude faster than before - pkg_add uses libarchive and libfetch instead of external ftp and tar: - progress bar is currently missing for downloads - "pkg_add -" is no longer supported - no adhoc check for conficts between dependencies and already installed packages - "pkg_add -s" has been replaced with an option in pkg_install.conf, verification of plain detached GPG signatures is no longer supported - optional check for vulnerabilities before adding a package - if /var and /usr/pkg are on different fileystems it is twice as fast now - conflicts due to overlapping plists are checked before installation - pkg_add no longer plays with the process limits - pkg_add and pkg_delete have a new destdir option; scripts have to either be modified to use PKG_DESTDIR or should be disabled - pkg_add -u for now can't be used to update to the exact same version - internal "rm -rf" and "mkdir_p" code - all memory allocation failures are not explicitly fatal - if a file is not removed due to a failed checksum, still remove the entry from pkgdb
2009-02-02 13:34:59 +01:00
if [ -x ${PREFIX}/sbin/pkg_admin ]; then
${PREFIX}/sbin/pkg_admin audit
Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback and testing.
2007-07-14 22:17:06 +02:00
fi
Fixed typos.
2008-01-13 23:31:25 +01:00
Alternatively this can also be acomplished by adding an entry to a user's
Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback and testing.
2007-07-14 22:17:06 +02:00
crontab(5) file. e.g.:
# run audit-packages
Merge pkg_install-20090201 from pkg_install-renovation branch. - DB support is always included from libnbcompat if needed - pkg_view and linkfarm are not installed any more; they are not moved into the attic yet, so they can easily be installed as separte package - common configuration file to customise the behavior of various components; this supersedes the old audit-packages.conf - support for PKSC7 signatures (using X509 certs) and GPG signatures for packages in a secure way. See pkg_admin(8) for how to create them and pkg_install.conf(5) for the options to use them - audit-packages and download-vulnerability-list are wrapper scripts around pkg_admin. They try to mimic the classic options if used sanely. "pkg_admin audit" is now an order of magnitude faster than before - pkg_add uses libarchive and libfetch instead of external ftp and tar: - progress bar is currently missing for downloads - "pkg_add -" is no longer supported - no adhoc check for conficts between dependencies and already installed packages - "pkg_add -s" has been replaced with an option in pkg_install.conf, verification of plain detached GPG signatures is no longer supported - optional check for vulnerabilities before adding a package - if /var and /usr/pkg are on different fileystems it is twice as fast now - conflicts due to overlapping plists are checked before installation - pkg_add no longer plays with the process limits - pkg_add and pkg_delete have a new destdir option; scripts have to either be modified to use PKG_DESTDIR or should be disabled - pkg_add -u for now can't be used to update to the exact same version - internal "rm -rf" and "mkdir_p" code - all memory allocation failures are not explicitly fatal - if a file is not removed due to a failed checksum, still remove the entry from pkgdb
2009-02-02 13:34:59 +01:00
0 3 * * * ${PREFIX}/sbin/pkg_admin audit
Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback and testing.
2007-07-14 22:17:06 +02:00
Merge pkg_install-20090201 from pkg_install-renovation branch. - DB support is always included from libnbcompat if needed - pkg_view and linkfarm are not installed any more; they are not moved into the attic yet, so they can easily be installed as separte package - common configuration file to customise the behavior of various components; this supersedes the old audit-packages.conf - support for PKSC7 signatures (using X509 certs) and GPG signatures for packages in a secure way. See pkg_admin(8) for how to create them and pkg_install.conf(5) for the options to use them - audit-packages and download-vulnerability-list are wrapper scripts around pkg_admin. They try to mimic the classic options if used sanely. "pkg_admin audit" is now an order of magnitude faster than before - pkg_add uses libarchive and libfetch instead of external ftp and tar: - progress bar is currently missing for downloads - "pkg_add -" is no longer supported - no adhoc check for conficts between dependencies and already installed packages - "pkg_add -s" has been replaced with an option in pkg_install.conf, verification of plain detached GPG signatures is no longer supported - optional check for vulnerabilities before adding a package - if /var and /usr/pkg are on different fileystems it is twice as fast now - conflicts due to overlapping plists are checked before installation - pkg_add no longer plays with the process limits - pkg_add and pkg_delete have a new destdir option; scripts have to either be modified to use PKG_DESTDIR or should be disabled - pkg_add -u for now can't be used to update to the exact same version - internal "rm -rf" and "mkdir_p" code - all memory allocation failures are not explicitly fatal - if a file is not removed due to a failed checksum, still remove the entry from pkgdb
2009-02-02 13:34:59 +01:00
Both pkg_admin subcommands can be run as as an unprivileged user,
as long as the user chosen has permission to read the pkgdb and to write
the pkg-vulnerabilites to ${PKGVULNDIR}.
Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback and testing.
2007-07-14 22:17:06 +02:00
Merge pkg_install-20090201 from pkg_install-renovation branch. - DB support is always included from libnbcompat if needed - pkg_view and linkfarm are not installed any more; they are not moved into the attic yet, so they can easily be installed as separte package - common configuration file to customise the behavior of various components; this supersedes the old audit-packages.conf - support for PKSC7 signatures (using X509 certs) and GPG signatures for packages in a secure way. See pkg_admin(8) for how to create them and pkg_install.conf(5) for the options to use them - audit-packages and download-vulnerability-list are wrapper scripts around pkg_admin. They try to mimic the classic options if used sanely. "pkg_admin audit" is now an order of magnitude faster than before - pkg_add uses libarchive and libfetch instead of external ftp and tar: - progress bar is currently missing for downloads - "pkg_add -" is no longer supported - no adhoc check for conficts between dependencies and already installed packages - "pkg_add -s" has been replaced with an option in pkg_install.conf, verification of plain detached GPG signatures is no longer supported - optional check for vulnerabilities before adding a package - if /var and /usr/pkg are on different fileystems it is twice as fast now - conflicts due to overlapping plists are checked before installation - pkg_add no longer plays with the process limits - pkg_add and pkg_delete have a new destdir option; scripts have to either be modified to use PKG_DESTDIR or should be disabled - pkg_add -u for now can't be used to update to the exact same version - internal "rm -rf" and "mkdir_p" code - all memory allocation failures are not explicitly fatal - if a file is not removed due to a failed checksum, still remove the entry from pkgdb
2009-02-02 13:34:59 +01:00
The behavior of pkg_admin and pkg_add can be customised with
pkg_install.conf. Please see pkg_install.conf(5) for details.
Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback and testing.
2007-07-14 22:17:06 +02:00
Merge pkg_install-20090201 from pkg_install-renovation branch. - DB support is always included from libnbcompat if needed - pkg_view and linkfarm are not installed any more; they are not moved into the attic yet, so they can easily be installed as separte package - common configuration file to customise the behavior of various components; this supersedes the old audit-packages.conf - support for PKSC7 signatures (using X509 certs) and GPG signatures for packages in a secure way. See pkg_admin(8) for how to create them and pkg_install.conf(5) for the options to use them - audit-packages and download-vulnerability-list are wrapper scripts around pkg_admin. They try to mimic the classic options if used sanely. "pkg_admin audit" is now an order of magnitude faster than before - pkg_add uses libarchive and libfetch instead of external ftp and tar: - progress bar is currently missing for downloads - "pkg_add -" is no longer supported - no adhoc check for conficts between dependencies and already installed packages - "pkg_add -s" has been replaced with an option in pkg_install.conf, verification of plain detached GPG signatures is no longer supported - optional check for vulnerabilities before adding a package - if /var and /usr/pkg are on different fileystems it is twice as fast now - conflicts due to overlapping plists are checked before installation - pkg_add no longer plays with the process limits - pkg_add and pkg_delete have a new destdir option; scripts have to either be modified to use PKG_DESTDIR or should be disabled - pkg_add -u for now can't be used to update to the exact same version - internal "rm -rf" and "mkdir_p" code - all memory allocation failures are not explicitly fatal - if a file is not removed due to a failed checksum, still remove the entry from pkgdb
2009-02-02 13:34:59 +01:00
If you want to use GPG signature verification you will need to install
GnuPG and set the path for GPG appropriately in your pkg_install.conf.
Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@, jschauma@, agc@, joerg@ and pkgsrc-security@ for feedback and testing.
2007-07-14 22:17:06 +02:00
===========================================================================
Reference in a new issue Copy permalink