Date: Mon, 06 Oct 2008 00:41:05 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Cc: freebsd-ports@freebsd.org Subject: Re: ports/126853: ports-mgmt/portaudit: speed up audit of installed packages Message-ID: <48E94281.8010300@quip.cz> In-Reply-To: <xIGBGzzNkgJfXK2hY3ABIqS4mko@Nv45r0f9gWT8HCu35qu0Xm2Zg98> References: <WGReTVL6CLts/44OKi4qLEsAGHs@jm/Q2DKg1djxmpGNf45V%2BWpjPIE> <48DE5CC0.9000708@localhost.inse.ru> <o/JeKQBFxyWYOEj%2BysAVRhQK6g8@iXA9ZWPrtc2I2BMzBXoToMd7YdQ> <48DF6735.4030906@quip.cz> <4bESZpNwE3z/DdlE2fwK/BXzQSo@2MQ0uKCiT7mdMUuLeUzs8Nv3ToQ> <xIGBGzzNkgJfXK2hY3ABIqS4mko@Nv45r0f9gWT8HCu35qu0Xm2Zg98>
next in thread | previous in thread | raw e-mail | index | archive | help
Eygene Ryabinkin wrote: > Miroslav, good day. > > Sun, Sep 28, 2008 at 04:14:24PM +0400, Eygene Ryabinkin wrote: > >>>If I read nightly security e-mail with for example 4 vulnerable >>>packages, then I need to log in to server and manualy try, if newer >>>(fixed) packages are available. It seems not so hard to check output of >>>`pkg_version -vIL =` and compare both versions (installed and available) >>>with portaudit in some shellscript, I didn't start to write it yet ;). >> >>I think it won't be very hard: I'll try to see how to extend portaudit >>with such functionality -- it would be very handy, in my opinion. > > > OK, I extended portaudit with this -- flag '-n' will do it. Currently > this option requires network access, but I think that it is perfectly > fits into the security check -- it downloads auditfile anyway. > > I had greatly reworked the old part of patch and I have series of > 4 patches that implement both my pkg_audit stuff and the '-n' stuff. > I am also attaching the mega-patch, it can be applied to the current > port sources to give the port version that includes both mentioned > enchancements. If you have no pkg_audit -- this isn't a problem: > portaudit fill fall back to the awk script. > > I had also changed the output format for pkg_audit, so I am attaching > another version of the second patch for the pkg_install bundle. > > I had briefly tested my modifications -- they work for now, but I will > continue testing. Any bug reports or thoughts about these patches are > more that welcome. > > >>Hadn't you have a chance to test my patch? > > > Miroslav, still: had you tested the pkg_audit thingy? I am busy these days, but it is nice to read about your progress. I hope I will get some time to test all of these large patches in a few days and I will report back my experiences! One note before tests... do -n flag always download new INDEX file, or is it possible to use one already existing in /usr/ports? Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48E94281.8010300>