From owner-freebsd-questions@FreeBSD.ORG Tue Aug 6 18:23:17 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 9ED30DA7 for ; Tue, 6 Aug 2013 18:23:17 +0000 (UTC) (envelope-from dweimer@dweimer.net) Received: from webmail.dweimer.net (24-240-198-187.static.stls.mo.charter.com [24.240.198.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6DA022E45 for ; Tue, 6 Aug 2013 18:23:17 +0000 (UTC) Received: from www.dweimer.net (webmail.dweimer.local [192.168.5.2]) by webmail.dweimer.net (8.14.5/8.14.5) with ESMTP id r76INF1R002151 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 6 Aug 2013 13:23:16 -0500 (CDT) (envelope-from dweimer@dweimer.net) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 06 Aug 2013 13:23:15 -0500 From: dweimer To: freebsd-questions@freebsd.org Subject: Re: How to Fix Port Audit showing ports not installed on a system Organization: dweimer.net Mail-Reply-To: dweimer@dweimer.net In-Reply-To: <52012B43.5000000@ifdnrg.com> References: <58b0a130601de49508aa7f7b8c1c9833@dweimer.net> <52012B43.5000000@ifdnrg.com> Message-ID: <8826af281224e2db334d446a51c11342@dweimer.net> X-Sender: dweimer@dweimer.net User-Agent: Roundcube Webmail/0.8.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: dweimer@dweimer.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Aug 2013 18:23:17 -0000 On 08/06/2013 11:58 am, Paul Macdonald wrote: > On 06/08/2013 17:25, dweimer wrote: >> I have a system that I just recently setup port audit, after realizing >> I forgot to install it on the machine. The problem is that it is >> finding vulnerabilities in several ports that are not installed on the >> system. These may have been installed at one point and removed. >> Firefox is one of the ones listed, I know that it was on the system >> previously, but was removed a few months back. portmaster -l and pkg >> info don't list it as installed, but port audit shows: >> firefox-20.0,1. Where would portaudit be picking up these ports from? >> Is there anyway to reset its database? >> > rm -R /var/db/portaudit/ > > then run portaudit -Fda > > > -- Already tried that, but that data only contains the list of known vulnerabilities, not the installed ports/packages. Perhaps, its not using pkgng I discovered if I do a pkg info command I get the correct list of installed ports and packages. If I do a pkg_info I get a much larger list showing everything as corrupted. ... pkg_info: the package info for package 'fftw3-3.3.3_1' is corrupt pkg_info: the package info for package 'filelight-4.10.1' is corrupt pkg_info: the package info for package 'firefox-20.0,1' is corrupt pkg_info: the package info for package 'fixesproto-5.0' is corrupt pkg_info: the package info for package 'flac-1.2.1_3' is corrupt pkg_info: the package info for package 'flex-2.5.37_1' is corrupt ... Of course I have WITH_PKGNG="YES" in the make.conf, and I believe that has been there ever since the server was built. Is my best option to get the correct list from pkg info use rm -r /var/db/pkg/* to clear everything out and then reinstall all of the ports? -- Thanks, Dean E. Weimer http://www.dweimer.net/