Date: Sun, 28 Sep 2008 13:49:18 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Roman Kurakin <rik@inse.ru> Cc: freebsd-hackers@freebsd.org, freebsd-ports@freebsd.org, bug-followup@freebsd.org Subject: Re: ports/126853: ports-mgmt/portaudit: speed up audit of installed packages Message-ID: <o/JeKQBFxyWYOEj%2BysAVRhQK6g8@iXA9ZWPrtc2I2BMzBXoToMd7YdQ> In-Reply-To: <48DE5CC0.9000708@localhost.inse.ru> References: <WGReTVL6CLts/44OKi4qLEsAGHs@jm/Q2DKg1djxmpGNf45V%2BWpjPIE> <48DE5CC0.9000708@localhost.inse.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--VV4b6MQE+OnNyhkM Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Roman, good day. Sat, Sep 27, 2008 at 08:18:08PM +0400, Roman Kurakin wrote: > Have you also posted this to ports@? No, forgot to do it. CC'ing ports@ Thanks! The original posting to hackers@ goes below. It will be double-posted to the bug-followup@ -- sorry for this. > Eygene Ryabinkin wrote: > > Good day. > > > > A while ago I had created the new utility that serves as VuXML > > filter for the installed packages: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/126853 > > > > My primary intention was to speed up the process of auditing the > > vulnerable ports: I needed to run portaudit checks with Nagios and to > > avoid large timeouts. > > > > The new utility is called pkg_audit and it serves as a simple text > > filter: on input it takes the full VuXML feed and on output it puts > > VuXML entries that matches ports that are installed in the system with > > port version specification substituted with the actual port versions. > > > > No harm is done to the actual poartudit -- if pkg_audit is missing, old > > code path is activated. > > > > If someone is interested and will be able to test -- I am all ears. Additional clarifications inspired by the off-line talk with rik@: I could take another route and add this functionality to the pkg_info. I took another approach for the following reasons. 1. pkg_info's option list is already quite big -- around 32 options and switches. 2. It is easier to test for the presence of the new tool (pkg_audit) and use it, instead of checking the support for the new option in pkg_info. 3. I see no options in pkg_info that can be naturally extended to absorbe the new functionality. The closest is '-E', but pkg_audit needs to read VuXML entries, choose ones that are present in the system and output the found VuXML entries with version templates substituted with the real entries, so pkg_audit is filter-like utility. In my opinion, such extension of pkg_info's "-E" will be very unnatural. 4. I feel that it is Unix-way to do the things: create small utilities that do their (small) job in a proper fashion. Moreover, since the majority of a code sits in the pkg_install's library, there is a very slight code duplication, if any. Thanks for you time. --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --VV4b6MQE+OnNyhkM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkjfUx4ACgkQthUKNsbL7YhBbwCfSA2OhrF4uP6vfYW/eQ2kQ7/p LbgAmwTYjAJor/5W5Tc5lzeVW3RQXgQx =xsRg -----END PGP SIGNATURE----- --VV4b6MQE+OnNyhkM--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?o/JeKQBFxyWYOEj%2BysAVRhQK6g8>