This is based on the decision The NetBSD Foundation made in 2008 to
do so, which was already applied to src.
This change has been applied to code which is likely not in other
repositories.
ok board@, reviewed by riastradh@
"pkg_admin audit-history" command to print the full list of
vulnerabilities and use further pkg_admin pmatch logic to mark them as
fixed or still open. For pkg_install versions before 20080415, skip the
vulnerability processing.
Discussed with: dmcmahill
* Add DOWNLOAD_VULN_LIST var
* Get AUDIT_PACKAGES and DOWNLOAD_VULN_LIST to point to the right binaries
taking into consideration OPSYS and pkg_install version
* Replace all references to audit-packages and download-vulnerability-list
with AUDIT_PACKAGES and DOWNLOAD_VULN_LIST
and to support the "inet6" option instead.
Remaining usage of USE_INET6 was solely for the benefit of the scripts
that generate the README.html files. Replace:
BUILD_DEFS+= USE_INET6
with
BUILD_DEFS+= IPV6_READY
and teach the README-generation tools to look for that instead.
This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code
to continue to support USE_INET6 for pkgsrc-wip until it has been nuked
from there as well.
PKGVULNDIR; else extract the current setting using audit-packages -Q and use
that. In addition to this mkreadme can still be called with -V to specify
a pkg-vulnerabilities file that will override any automatic detection.
* Add the necessary changes to allow genreadme.awk to process the v1.1.0
format pkg-vulnerabilities file.
* Changes are fully backward compatable i.e. mkreadme should be able to
parse v1.0.0 and v1.1.0 format files.
${BMAKE} show-subdir-var VARNAME=SUBDIR
instead of just grepping through the makefiles. This seems
to be a litle more robust. Suggested by Joerg Sonnenberger.
- completely redo the code which decides on the machine architecture,
operating system, and operating system version for the binary packages.
The old way just used to directory names to take a guess. The new
way creates a cache file containing meta-data for all the binary packages
in each "All" directory. This cache file is consulted when generating
the lists of available binary packages. The meta-data is obtained with
pkg_info so it should always be correct even if you do something silly
like mix OS_VERSION or MACHINE_ARCH packages up in the same directory.
Among the benefits are: works when PACKAGES is not $PKGSRC/packages,
works with a more or less arbitrary subdirectory structure, works
when there are subdirectories for multiple operating systems.
This portion of the fix should address PR25390.
The cache files are only updated when the contents of an "All" directory
changes or if the cache file format changes. There is some room for
improving the updating of the cache files, but its not too bad the way
it is.
- fix up some of the awk code so that generadme.awk works with Solaris
nawk as well as NetBSD's nawk and gawk (for pre-2.0 systems).
- remove some "if ! foo" shell constructs to increase portability.
- be more consistent with what variables get passed to mkreadme from
make and which ones are determined automatically. Mostly this meant
moving stuff into mkreadme to make it easier to run it standalone.
