From owner-freebsd-ports@FreeBSD.ORG Sun Oct 5 22:40:41 2008 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E2B71065698 for ; Sun, 5 Oct 2008 22:40:41 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id BBAF38FC14 for ; Sun, 5 Oct 2008 22:40:40 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id A7DB919E027; Mon, 6 Oct 2008 00:40:38 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id EB7B719E023; Mon, 6 Oct 2008 00:40:32 +0200 (CEST) Message-ID: <48E94281.8010300@quip.cz> Date: Mon, 06 Oct 2008 00:41:05 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: Eygene Ryabinkin References: <48DE5CC0.9000708@localhost.inse.ru> <48DF6735.4030906@quip.cz> <4bESZpNwE3z/DdlE2fwK/BXzQSo@2MQ0uKCiT7mdMUuLeUzs8Nv3ToQ> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ports@freebsd.org Subject: Re: ports/126853: ports-mgmt/portaudit: speed up audit of installed packages X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2008 22:40:41 -0000 Eygene Ryabinkin wrote: > Miroslav, good day. > > Sun, Sep 28, 2008 at 04:14:24PM +0400, Eygene Ryabinkin wrote: > >>>If I read nightly security e-mail with for example 4 vulnerable >>>packages, then I need to log in to server and manualy try, if newer >>>(fixed) packages are available. It seems not so hard to check output of >>>`pkg_version -vIL =` and compare both versions (installed and available) >>>with portaudit in some shellscript, I didn't start to write it yet ;). >> >>I think it won't be very hard: I'll try to see how to extend portaudit >>with such functionality -- it would be very handy, in my opinion. > > > OK, I extended portaudit with this -- flag '-n' will do it. Currently > this option requires network access, but I think that it is perfectly > fits into the security check -- it downloads auditfile anyway. > > I had greatly reworked the old part of patch and I have series of > 4 patches that implement both my pkg_audit stuff and the '-n' stuff. > I am also attaching the mega-patch, it can be applied to the current > port sources to give the port version that includes both mentioned > enchancements. If you have no pkg_audit -- this isn't a problem: > portaudit fill fall back to the awk script. > > I had also changed the output format for pkg_audit, so I am attaching > another version of the second patch for the pkg_install bundle. > > I had briefly tested my modifications -- they work for now, but I will > continue testing. Any bug reports or thoughts about these patches are > more that welcome. > > >>Hadn't you have a chance to test my patch? > > > Miroslav, still: had you tested the pkg_audit thingy? I am busy these days, but it is nice to read about your progress. I hope I will get some time to test all of these large patches in a few days and I will report back my experiences! One note before tests... do -n flag always download new INDEX file, or is it possible to use one already existing in /usr/ports? Miroslav Lachman