118 lines
4.1 KiB
Text
118 lines
4.1 KiB
Text
#! @SH@
|
|
|
|
# $NetBSD: download-vulnerability-list,v 1.24 2004/04/14 09:04:15 wiz Exp $
|
|
#
|
|
# Copyright (c) 2000-2003 Alistair Crooks. All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions
|
|
# are met:
|
|
# 1. Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
# 2. Redistributions in binary form must reproduce the above copyright
|
|
# notice, this list of conditions and the following disclaimer in the
|
|
# documentation and/or other materials provided with the distribution.
|
|
# 3. All advertising materials mentioning features or use of this software
|
|
# must display the following acknowledgement:
|
|
# This product includes software developed by Alistair Crooks
|
|
# for the NetBSD project.
|
|
# 4. The name of the author may not be used to endorse or promote
|
|
# products derived from this software without specific prior written
|
|
# permission.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
|
|
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
|
|
# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
#
|
|
|
|
: ${PKGVULNDIR=@PKGVULNDIR@}
|
|
|
|
if [ ! -e ${PKGVULNDIR} ]; then
|
|
echo "Creating ${PKGVULNDIR}"
|
|
@MKDIR@ ${PKGVULNDIR} || (echo "Can't create ${PKGVULNDIR}" 1>&2; exit 1)
|
|
fi
|
|
|
|
VUL_SOURCE="ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"
|
|
NEW_VUL_LIST=pkg-vulnerabilities.$$
|
|
EXIST_VUL_LIST=pkg-vulnerabilities
|
|
|
|
if [ -r @PKG_SYSCONFDIR@/audit-packages.conf ]; then
|
|
echo "Reading settings from @PKG_SYSCONFDIR@/audit-packages.conf"
|
|
. @PKG_SYSCONFDIR@/audit-packages.conf
|
|
fi
|
|
|
|
cd ${PKGVULNDIR}
|
|
utility=`echo "@FETCH_CMD@" | @AWK@ '{ print $1 }'`
|
|
case "$utility" in
|
|
*curl) @FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
|
|
*ftp) @FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
|
|
*wget) @FETCH_CMD@ ${FETCH_ARGS} -O ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
|
|
*fetch) @FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
|
|
*) echo "Unknown fetch command - please use send-pr to send in support for your fetch command" 1>&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# see if we got a file
|
|
if [ ! -f "${NEW_VUL_LIST}" ]
|
|
then
|
|
echo "***WARNING*** Download of vulnerabilities file failed" 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
# see if the file got damaged while it was being downloaded
|
|
errmsg=""
|
|
recordedsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' ${NEW_VUL_LIST}`
|
|
recordedalg=`@AWK@ '$1 == "#CHECKSUM" { print $2 }' ${NEW_VUL_LIST}`
|
|
case "$recordedsum" in
|
|
"") errmsg="***WARNING*** No checksum found in the downloaded vulnerabilities file"
|
|
;;
|
|
*) case "$recordedalg" in
|
|
"") errmsg="***WARNING*** No checksum algorithm found in the downloaded vulnerabilities file"
|
|
;;
|
|
*) calcsum=`@AWK@ '$1 == "#CHECKSUM" || /\$NetBSD.*/ { next } { print }' ${NEW_VUL_LIST} | @DIGEST@ $recordedalg`
|
|
if [ "$recordedsum" != "$calcsum" ]; then
|
|
errmsg="***WARNING*** Checksum mismatch - recorded $recordedalg checksum \"$recordedsum\", calculated checksum \"$calcsum\""
|
|
fi
|
|
;;
|
|
esac
|
|
;;
|
|
esac
|
|
case "$errmsg" in
|
|
"") ;;
|
|
*) echo "$errmsg" 1>&2
|
|
@RM@ -f ${NEW_VUL_LIST}
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# test to see if file has been changed
|
|
neednew=false
|
|
if [ -f ${EXIST_VUL_LIST} ]; then
|
|
oldsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' ${EXIST_VUL_LIST}`
|
|
if [ "$oldsum" != "$calcsum" ]; then
|
|
neednew=true
|
|
fi
|
|
else
|
|
neednew=true
|
|
fi
|
|
|
|
# if we need the new file, move it into position
|
|
if $neednew; then
|
|
echo "Package vulnerabilities file has been updated"
|
|
@CHMOD@ a+r ${NEW_VUL_LIST}
|
|
@MV@ -f ${NEW_VUL_LIST} ${EXIST_VUL_LIST}
|
|
else
|
|
echo "No change from existing package vulnerabilities file"
|
|
@RM@ -f ${NEW_VUL_LIST}
|
|
fi
|
|
|
|
exit 0
|