f1308fb6bd
Right now, users who install the pkg-vulnerabilities database find that
the vast majority of packages fail to build, penalizing them too severely.
Package auditing can still be done via "pkg_admin audit".
Alternatively, the previous behaviour can be restored with
ALLOW_VULNERABLE_PACKAGES=no in mk.conf.
Additionally, bmake-ify the check.mk logic. It was easier to do this,
as the package relied on a single long ${RUN} command.
Proposed on tech-pkg, with no objections to the idea of changing the
default, just the method of doing so.
17 lines
448 B
Makefile
17 lines
448 B
Makefile
# $NetBSD: check-vulnerable.mk,v 1.6 2020/05/28 16:22:58 maya Exp $
|
|
#
|
|
# Public targets:
|
|
#
|
|
# check-vulnerable:
|
|
# Checks for vulnerabilities in the package.
|
|
#
|
|
|
|
check-vulnerable: .PHONY _pkgformat-check-vulnerable
|
|
@${DO_NADA}
|
|
|
|
# A package format does not need to implement this target, so provide a
|
|
# default implementation.
|
|
.if !target(_pkgformat-check-vulnerable)
|
|
_pkgformat-check-vulnerable:
|
|
@${PHASE_MSG} "Skipping vulnerability checks."
|
|
.endif
|