107 lines
2.9 KiB
Bash
107 lines
2.9 KiB
Bash
#! /bin/sh
|
|
# $NetBSD: sort-packages,v 1.9 2007/08/06 02:43:34 adrianp Exp $
|
|
|
|
# This program scans all binary packages in the current directory and
|
|
# creates three lists of files in OUTDIR:
|
|
#
|
|
# restricted_packages
|
|
# contains all packages that must not be published on the FTP
|
|
# server, for whatever reason
|
|
#
|
|
# vulnerable_packages
|
|
# contains all packages that are not restricted, but vulnerable
|
|
#
|
|
# regular_packages
|
|
# contains all the other ("good") packages.
|
|
#
|
|
|
|
set -eu
|
|
|
|
: ${OUTDIR="/tmp"}
|
|
: ${PKG_SUFX=".tgz"}
|
|
: ${AUDIT_PACKAGES="audit-packages"}
|
|
: ${PKG_ADMIN="pkg_admin"}
|
|
: ${PKG_INFO="pkg_info"}
|
|
|
|
regular_packages="${OUTDIR}/regular_packages"
|
|
restricted_packages="${OUTDIR}/restricted_packages"
|
|
vulnerable_packages="${OUTDIR}/vulnerable_packages"
|
|
newline="
|
|
"
|
|
|
|
: > "${regular_packages}"
|
|
: > "${restricted_packages}"
|
|
: > "${vulnerable_packages}"
|
|
|
|
for pkg in *${PKG_SUFX}; do
|
|
build_info=`${PKG_INFO} -B "${pkg}"`
|
|
|
|
# Note: this code needs to be that complicated because licensing
|
|
# issues are critical to pkgsrc, and we really don't want
|
|
# anything unexpected to happen here. The worst case would be
|
|
# that some file is sorted wrongly because some change in the
|
|
# output of pkg_info which had not been foreseen. Therefore it
|
|
# is better to check as strictly as possible to make those
|
|
# changes immediately visible.
|
|
|
|
no_bin_on_ftp="unknown"
|
|
case "${newline}${build_info}${newline}" in
|
|
*"${newline}NO_BIN_ON_FTP=${newline}"*)
|
|
no_bin_on_ftp="no"
|
|
;;
|
|
*"${newline}NO_BIN_ON_FTP="*)
|
|
no_bin_on_ftp="yes"
|
|
;;
|
|
esac
|
|
|
|
restricted="unknown"
|
|
case "${newline}${build_info}${newline}" in
|
|
*"${newline}RESTRICTED=${newline}"*)
|
|
restricted="no"
|
|
;;
|
|
*"${newline}RESTRICTED="*)
|
|
restricted="yes"
|
|
;;
|
|
esac
|
|
|
|
if [ "${restricted}" = "no" ] && [ "${no_bin_on_ftp}" = "no" ]; then
|
|
# Check whether the package is vulnerable or not.
|
|
pkg_prefix="${pkg%%-*}"
|
|
category="regular"
|
|
_INFO_VER=`${PKG_INFO} -V`;
|
|
if ${PKG_ADMIN} pmatch 'pkg_install<20070714' pkg_install-${_INFO_VER}; then
|
|
# XXX: The egrep command is only needed here because
|
|
# audit-packages before pkg_install-20070714 is so
|
|
# awfully slow.
|
|
if egrep "^({.*${pkg_prefix}.*}|${pkg_prefix}|{.*}${pkg_prefix})" ${PKGVULNDIR}/pkg-vulnerabilities >/dev/null 4>&1; then
|
|
vuln=`${AUDIT_PACKAGES} -p "${pkg}"`
|
|
fi
|
|
else
|
|
vuln=`${AUDIT_PACKAGES} ${AUDIT_PACKAGES_FLAGS} -p "${pkg}" 2>&1`
|
|
fi
|
|
if [ -n "${vuln}" ]; then
|
|
category="vulnerable"
|
|
fi
|
|
elif [ "${restricted}" != "unknown" ] && [ "${no_bin_on_ftp}" != "unknown" ]; then
|
|
category="restricted"
|
|
else
|
|
category="unknown"
|
|
fi
|
|
|
|
: echo "upload> ${pkg} is ${category}."
|
|
|
|
case "${category}" in
|
|
"regular")
|
|
echo "${pkg}" >> "${regular_packages}"
|
|
;;
|
|
"vulnerable")
|
|
echo "${pkg}" >> "${vulnerable_packages}"
|
|
;;
|
|
"restricted")
|
|
echo "${pkg}" >> "${restricted_packages}"
|
|
;;
|
|
*)
|
|
echo "sort-packages> WARNING: Could not sort ${pkg} into a category." 1>&2
|
|
;;
|
|
esac
|
|
done
|