Date: Thu, 13 Jan 2005 09:51:36 +0100 (CET) From: Anton Berezin <tobez@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/76191: portaudit target, check-vulnerable, take inordinate amounts of time Message-ID: <20050113085136.1DA79125465@heechee.tobez.org> Resent-Message-ID: <200501130900.j0D90cZ2031406@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 76191
>Category: ports
>Synopsis: portaudit target, check-vulnerable, take inordinate amounts of time
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 13 09:00:38 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Anton Berezin
>Release: FreeBSD 5.3-STABLE amd64
>Organization:
>Environment:
>Description:
Every time check-vulnerable is invoked, it runs pkg_version -T against
every non-comment line in the audit file. As more and more
vulnerabilities are discovered, any port build (even make fetch) takes
longer.
Currently there are 912 non-comment lines in the audit file, so it takes
a while even on a fast machine.
This was discovered, discussed, and patched up by Valentin Nechayev
<netch@netch.kiev.ua> and myself.
>How-To-Repeat:
Install portaudit, go to any port, type make fetch and observe the
slow-down.
>Fix:
--- bsd.port.mk Fri Dec 31 19:23:43 2004
+++ /tmp/bsd.port.mk Wed Jan 12 23:12:18 2005
@@ -2953,8 +2953,8 @@ check-vulnerable:
if [ "$$audit_created" -lt "$$audit_expiry" ]; then \
${ECHO_MSG} "===> WARNING: Vulnerability database out of date, checking anyway"; \
fi; \
- vlist=`${_EXTRACT_AUDITFILE} | ${AWK} -F\| ' \
- /^[^#]/ { \
+ vlist=`${_EXTRACT_AUDITFILE} | ${GREP} "${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}" | \
+ ${AWK} -F\| ' /^[^#]/ { \
if (!system("${PKG_VERSION} -T \"${PKGNAME}\" \"" $$1 "\"")) \
print "=> " $$3 ".\n Reference: <" $$2 ">" \
} \
Alternative, less strict variant:
--- bsd.port.mk Fri Dec 31 19:23:43 2004
+++ /tmp/bsd.port.mk Wed Jan 12 23:12:18 2005
@@ -2953,8 +2953,8 @@ check-vulnerable:
if [ "$$audit_created" -lt "$$audit_expiry" ]; then \
${ECHO_MSG} "===> WARNING: Vulnerability database out of date, checking anyway"; \
fi; \
- vlist=`${_EXTRACT_AUDITFILE} | ${AWK} -F\| ' \
- /^[^#]/ { \
+ vlist=`${_EXTRACT_AUDITFILE} | ${GREP} "${PORTNAME}" | \
+ ${AWK} -F\| ' /^[^#]/ { \
if (!system("${PKG_VERSION} -T \"${PKGNAME}\" \"" $$1 "\"")) \
print "=> " $$3 ".\n Reference: <" $$2 ">" \
} \
Both variants work. The second potentially produces more lines for
pkg_version consideration.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050113085136.1DA79125465>