Date: Thu, 13 Jan 2005 09:51:36 +0100 (CET) From: Anton Berezin <tobez@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/76191: portaudit target, check-vulnerable, take inordinate amounts of time Message-ID: <20050113085136.1DA79125465@heechee.tobez.org> Resent-Message-ID: <200501130900.j0D90cZ2031406@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 76191 >Category: ports >Synopsis: portaudit target, check-vulnerable, take inordinate amounts of time >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Jan 13 09:00:38 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Anton Berezin >Release: FreeBSD 5.3-STABLE amd64 >Organization: >Environment: >Description: Every time check-vulnerable is invoked, it runs pkg_version -T against every non-comment line in the audit file. As more and more vulnerabilities are discovered, any port build (even make fetch) takes longer. Currently there are 912 non-comment lines in the audit file, so it takes a while even on a fast machine. This was discovered, discussed, and patched up by Valentin Nechayev <netch@netch.kiev.ua> and myself. >How-To-Repeat: Install portaudit, go to any port, type make fetch and observe the slow-down. >Fix: --- bsd.port.mk Fri Dec 31 19:23:43 2004 +++ /tmp/bsd.port.mk Wed Jan 12 23:12:18 2005 @@ -2953,8 +2953,8 @@ check-vulnerable: if [ "$$audit_created" -lt "$$audit_expiry" ]; then \ ${ECHO_MSG} "===> WARNING: Vulnerability database out of date, checking anyway"; \ fi; \ - vlist=`${_EXTRACT_AUDITFILE} | ${AWK} -F\| ' \ - /^[^#]/ { \ + vlist=`${_EXTRACT_AUDITFILE} | ${GREP} "${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}" | \ + ${AWK} -F\| ' /^[^#]/ { \ if (!system("${PKG_VERSION} -T \"${PKGNAME}\" \"" $$1 "\"")) \ print "=> " $$3 ".\n Reference: <" $$2 ">" \ } \ Alternative, less strict variant: --- bsd.port.mk Fri Dec 31 19:23:43 2004 +++ /tmp/bsd.port.mk Wed Jan 12 23:12:18 2005 @@ -2953,8 +2953,8 @@ check-vulnerable: if [ "$$audit_created" -lt "$$audit_expiry" ]; then \ ${ECHO_MSG} "===> WARNING: Vulnerability database out of date, checking anyway"; \ fi; \ - vlist=`${_EXTRACT_AUDITFILE} | ${AWK} -F\| ' \ - /^[^#]/ { \ + vlist=`${_EXTRACT_AUDITFILE} | ${GREP} "${PORTNAME}" | \ + ${AWK} -F\| ' /^[^#]/ { \ if (!system("${PKG_VERSION} -T \"${PKGNAME}\" \"" $$1 "\"")) \ print "=> " $$3 ".\n Reference: <" $$2 ">" \ } \ Both variants work. The second potentially produces more lines for pkg_version consideration. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050113085136.1DA79125465>