Minix/pkgsrc-ng
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Import of pkgsrc-2013Q2

Browse Source
This commit is contained in:
Lionel Sambuc
2013-09-26 17:14:40 +02:00
commit 785076ae39
74991 changed files with 4380255 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
pkgtools/pkg_install/files/admin/Makefile.in Normal file
View File

@@ -0,0 +1,79 @@
# $NetBSD: Makefile.in,v 1.25 2012/10/21 09:08:56 joerg Exp $
srcdir= @srcdir@
prefix= @prefix@
exec_prefix= @exec_prefix@
sbindir= @sbindir@
mandir= @mandir@
datarootdir= @datarootdir@
man1dir= $(mandir)/man1
cat1dir= $(mandir)/cat1
man8dir= $(mandir)/man8
cat8dir= $(mandir)/cat8
BOOTSTRAP= @bootstrap@
SSL_SUPPORT= @ssl_support@
CC= @CC@
CCLD= $(CC)
DEFS= @DEFS@
CFLAGS= @CFLAGS@
LDFLAGS= @LDFLAGS@ -L../lib
INSTALL= @INSTALL@
PROG= pkg_admin
SCRIPTS= audit-packages download-vulnerability-list
.if empty(BOOTSTRAP)
LIBS= -linstall -lfetch
.if !empty(SSL_SUPPORT)
LIBS+= -lssl -lcrypto
CFLAGS+= -DHAVE_SSL
.endif
LIBS+= @LIBS@
OBJS= audit.o check.o main.o
CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I../lib
.else
LIBS= -linstall @LIBS@
OBJS= check.o main.o
CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I../lib -DBOOTSTRAP
.endif
all: $(PROG) $(SCRIPTS)
.c.o:
$(CC) $(DEFS) $(CPPFLAGS) $(CFLAGS) -c $<
$(PROG): $(OBJS)
$(CCLD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
clean:
rm -f $(OBJS) $(PROG)
install:
$(INSTALL) -m 755 -d ${DESTDIR}$(sbindir)
$(INSTALL) -m 755 -d ${DESTDIR}$(man1dir)
$(INSTALL) -m 755 -d ${DESTDIR}$(man8dir)
$(INSTALL) $(PROG) ${DESTDIR}$(sbindir)/$(PROG)
$(INSTALL) -m 555 $(SCRIPTS) ${DESTDIR}$(sbindir)
$(INSTALL) -m 444 $(PROG).1 ${DESTDIR}$(man1dir)/$(PROG).1
$(INSTALL) -m 444 audit-packages.8 ${DESTDIR}$(man8dir)/
$(INSTALL) -m 444 download-vulnerability-list.8 ${DESTDIR}$(man8dir)/
.if defined(MANINSTALL) && !empty(MANINSTALL:Mcatinstall)
$(INSTALL) -m 755 -d ${DESTDIR}$(cat1dir)
$(INSTALL) -m 755 -d ${DESTDIR}$(cat8dir)
$(INSTALL) -m 444 $(PROG).cat ${DESTDIR}$(cat1dir)/$(PROG).0
$(INSTALL) -m 444 audit-packages.cat ${DESTDIR}$(cat8dir)/audit-packages.0
$(INSTALL) -m 444 download-vulnerability-list.cat ${DESTDIR}$(cat8dir)/download-vulnerability-list.0
.endif
audit-packages: audit-packages.sh.in
sed -e 's|@PKG_ADMIN@|${sbindir}/pkg_admin|' \
${.CURDIR}/audit-packages.sh.in > $@
download-vulnerability-list: download-vulnerability-list.sh.in
sed -e 's|@PKG_ADMIN@|${sbindir}/pkg_admin|' \
${.CURDIR}/download-vulnerability-list.sh.in > $@

39
pkgtools/pkg_install/files/admin/admin.h Normal file
View File

@@ -0,0 +1,39 @@
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
extern int quiet;
extern int verbose;
void check(char **);
void audit_pkgdb(int, char **);
void audit_pkg(int, char **);
void audit_batch(int, char **);
void audit_history(int, char **);
void check_pkg_vulnerabilities(int, char **);
void fetch_pkg_vulnerabilities(int, char **);
void usage(void);

66
pkgtools/pkg_install/files/admin/audit-packages.8 Normal file
View File

@@ -0,0 +1,66 @@
.\" $NetBSD: audit-packages.8,v 1.1 2010/03/19 12:49:53 wiz Exp $
.\"
.\" Copyright (c) 2010 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Thomas Klausner.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd March 18, 2010
.Dt AUDIT-PACKAGES 8
.Os
.Sh NAME
.Nm audit-packages
.Nd report vulnerabilities for the installed packages
.Sh SYNOPSIS
.Nm
.Op Fl deqsVv
.Op Fl c Ar config_file
.Op Fl F Ar file
.Op Fl g Ar file
.Op Fl h Ar file
.Op Fl K Ar pkg_dbdir
.Op Fl n Ar package
.Op Fl p Ar package
.Op Fl Q Ar varname
.Op Fl t Ar type
.Sh DESCRIPTION
.Nm
is deprecated.
Please use the
.Cm audit ,
.Cm audit-pkg ,
.Cm audit-batch ,
and
.Cm fetch-pkg-vulnerabilities
commands of
.Xr pkg_admin 1
instead.
.Pp
The
.Nm
script is installed for backwards compatibility only and will
eventually be removed.
.Sh SEE ALSO
.Xr pkg_admin 1

22
pkgtools/pkg_install/files/admin/audit-packages.cat Normal file
View File

@@ -0,0 +1,22 @@
AUDIT-PACKAGES(8) NetBSD System Manager's Manual AUDIT-PACKAGES(8)
NNAAMMEE
aauuddiitt--ppaacckkaaggeess -- report vulnerabilities for the installed packages
SSYYNNOOPPSSIISS
aauuddiitt--ppaacckkaaggeess [--ddeeqqssVVvv] [--cc _c_o_n_f_i_g___f_i_l_e] [--FF _f_i_l_e] [--gg _f_i_l_e] [--hh _f_i_l_e]
[--KK _p_k_g___d_b_d_i_r] [--nn _p_a_c_k_a_g_e] [--pp _p_a_c_k_a_g_e] [--QQ _v_a_r_n_a_m_e]
[--tt _t_y_p_e]
DDEESSCCRRIIPPTTIIOONN
aauuddiitt--ppaacckkaaggeess is deprecated. Please use the aauuddiitt, aauuddiitt--ppkkgg,
aauuddiitt--bbaattcchh, and ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess commands of pkg_admin(1)
instead.
The aauuddiitt--ppaacckkaaggeess script is installed for backwards compatibility only
and will eventually be removed.
SSEEEE AALLSSOO
pkg_admin(1)
NetBSD 5.0 March 18, 2010 NetBSD 5.0

130
pkgtools/pkg_install/files/admin/audit-packages.sh.in Normal file
View File

@@ -0,0 +1,130 @@
#!/bin/sh
pkg_admin=@PKG_ADMIN@
usage() {
echo 'Usage: audit-packages [-deqsVv] [-c config_file] [-F file]' >& $2
echo ' [-g file] [-h file]' >& $2
echo ' [-K pkg_dbdir] [-n package] [-p package]' >& $2
echo ' [-Q varname] [-t type]' >& $2
echo "Please use the audit, audit-pkg, audit-batch and fetch-pkg-vulnerabilities" >& $2
echo "commands of pkg_admin instead." >& $2
exit $1
}
do_pkgdb=
do_eol=
do_fetch=
do_quiet=
do_sign=
do_verbose=
do_check_file=
do_check_pattern=
do_check_installed=
do_check_vul_file=
do_limit_type=
do_print_var=
args=`getopt F:K:Q:Vc:deg:h:n:p:qst:v $*`
if [ $? -ne 0 ]; then
usage 1 2
fi
set -- $args
while [ $# -gt 0 ]; do
case "$1" in
-F)
do_check_file=$2
shift
;;
-K)
do_pkgdb="$1 $2"
shift
;;
-Q)
do_print_var="$2"
shift
;;
-V)
exec ${pkg_admin} -V
;;
-c)
echo "The audit-packages wrapper does not support -c" >&2
echo "Please use the audit, audit-pkg, audit-batch and fetch-pkg-vulnerabilities" >& 2
echo "commands of pkg_admin instead." >& 2
exit 1
;;
-d)
do_fetch=1
;;
-e)
do_eol=-e
;;
-g)
echo "The audit-packages wrapper does not support -g" >&2
echo "Please switch to \`\`pkg_admin fetch-pkg-vulnerabilities''." >&2
exit 1
;;
-h)
do_check_vul_file=$2
shift
;;
-n)
do_check_pattern=$2
shift
;;
-p)
do_check_installed=$2
shift
;;
-q)
do_quiet=-q
;;
-s)
do_sign=-s
;;
-t)
do_limit_type="-t $2"
shift
;;
-v)
do_verbose="$do_verbose -v"
;;
esac
shift
done
if [ -n "${do_fetch}" ]; then
exec ${pkg_admin} ${do_pkgdb} fetch-pkg-vulnerabilities ${do_sign}
fi
if [ -n "${do_check_vul_file}" ]; then
exec ${pkg_admin} ${do_pkgdb} check-pkg-vulnerabilities ${do_sign} "${do_check_vul_file}"
fi
if [ -n "${do_print_var}" ]; then
exec ${pkg_admin} ${do_pkgdb} config-var "${do_print_var}"
fi
if [ -n "${do_check_file}" ]; then
if [ -n "${do_check_pattern}" -o -n "${do_check_installed}" ]; then
echo "Only one of -F, -n or -p is interpreted at a time." >& 2
usage 1 2
fi
exec ${pkg_admin} ${do_pkgdb} ${do_verbose} ${do_quiet} audit-pkg \
${do_eol} ${do_limit_type} ${do_check_file}
fi
if [ -n "${do_check_pattern}" ]; then
if [ -n "${do_check_installed}" ]; then
echo "Only one of -F, -n or -p is interpreted at a time." >& 2
usage 1 2
fi
exec ${pkg_admin} ${do_pkgdb} ${do_verbose} ${do_quiet} audit-pkg \
${do_eol} ${do_limit_type} ${do_check_pattern}
fi
# If do_check_installed is empty, all packages are checked.
exec ${pkg_admin} ${do_pkgdb} ${do_verbose} ${do_quiet} audit \
${do_eol} ${do_limit_type} ${do_check_installed}

507
pkgtools/pkg_install/files/admin/audit.c Normal file
View File

@@ -0,0 +1,507 @@
/* $NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <nbcompat.h>
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
__RCSID("$NetBSD: audit.c,v 1.17 2011/02/18 15:59:52 aymeric Exp $");
/*-
* Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#if HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#if HAVE_ERR_H
#include <err.h>
#endif
#if HAVE_ERRNO_H
#include <errno.h>
#endif
#if HAVE_FCNTL_H
#include <fcntl.h>
#endif
#if HAVE_SIGNAL_H
#include <signal.h>
#endif
#if HAVE_STDIO_H
#include <stdio.h>
#endif
#if HAVE_STRING_H
#include <string.h>
#endif
#ifdef NETBSD
#include <unistd.h>
#else
#include <nbcompat/unistd.h>
#endif
#include <fetch.h>
#include "admin.h"
#include "lib.h"
static int check_signature = 0;
static const char *limit_vul_types = NULL;
static int update_pkg_vuln = 0;
static struct pkg_vulnerabilities *pv;
static const char audit_options[] = "est:";
static void
parse_options(int argc, char **argv, const char *options)
{
int ch;
optreset = 1;
/*
* optind == 0 is interpreted as partial reset request
* by GNU getopt, so compensate against this and cleanup
* at the end.
*/
optind = 1;
++argc;
--argv;
while ((ch = getopt(argc, argv, options)) != -1) {
switch (ch) {
case 'e':
check_eol = "yes";
break;
case 's':
check_signature = 1;
break;
case 't':
limit_vul_types = optarg;
break;
case 'u':
update_pkg_vuln = 1;
break;
default:
usage();
/* NOTREACHED */
}
}
--optind; /* See above comment. */
}
static int
check_exact_pkg(const char *pkg)
{
return audit_package(pv, pkg, limit_vul_types, quiet ? 0 : 1);
}
static int
check_batch_exact_pkgs(const char *fname)
{
FILE *f;
char buf[4096], *line, *eol;
int ret;
ret = 0;
if (strcmp(fname, "-") == 0)
f = stdin;
else {
f = fopen(fname, "r");
if (f == NULL)
err(EXIT_FAILURE, "Failed to open input file %s",
fname);
}
while ((line = fgets(buf, sizeof(buf), f)) != NULL) {
eol = line + strlen(line);
if (eol == line)
continue;
--eol;
if (*eol == '\n') {
if (eol == line)
continue;
*eol = '\0';
}
ret |= check_exact_pkg(line);
}
if (f != stdin)
fclose(f);
return ret;
}
static int
check_one_installed_pkg(const char *pkg, void *cookie)
{
int *ret = cookie;
*ret |= check_exact_pkg(pkg);
return 0;
}
static int
check_installed_pattern(const char *pattern)
{
int ret = 0;
match_installed_pkgs(pattern, check_one_installed_pkg, &ret);
return ret;
}
static void
check_and_read_pkg_vulnerabilities(void)
{
struct stat st;
time_t now;
if (pkg_vulnerabilities_file == NULL)
errx(EXIT_FAILURE, "PKG_VULNERABILITIES is not set");
if (verbose >= 1) {
if (stat(pkg_vulnerabilities_file, &st) == -1) {
if (errno == ENOENT)
errx(EXIT_FAILURE,
"pkg-vulnerabilities not found, run %s -d",
getprogname());
errx(EXIT_FAILURE, "pkg-vulnerabilities not readable");
}
now = time(NULL);
now -= st.st_mtime;
if (now < 0)
warnx("pkg-vulnerabilities is from the future");
else if (now > 86400 * 7)
warnx("pkg-vulnerabilities is out of date (%ld days old)",
(long)(now / 86400));
else if (verbose >= 2)
warnx("pkg-vulnerabilities is %ld day%s old",
(long)(now / 86400), now / 86400 == 1 ? "" : "s");
}
pv = read_pkg_vulnerabilities_file(pkg_vulnerabilities_file, 0, check_signature);
}
void
audit_pkgdb(int argc, char **argv)
{
int rv;
parse_options(argc, argv, audit_options);
argv += optind;
check_and_read_pkg_vulnerabilities();
rv = 0;
if (*argv == NULL)
rv |= check_installed_pattern("*");
else {
for (; *argv != NULL; ++argv)
rv |= check_installed_pattern(*argv);
}
free_pkg_vulnerabilities(pv);
if (rv == 0 && verbose >= 1)
fputs("No vulnerabilities found\n", stderr);
exit(rv ? EXIT_FAILURE : EXIT_SUCCESS);
}
void
audit_pkg(int argc, char **argv)
{
int rv;
parse_options(argc, argv, audit_options);
argv += optind;
check_and_read_pkg_vulnerabilities();
rv = 0;
for (; *argv != NULL; ++argv)
rv |= check_exact_pkg(*argv);
free_pkg_vulnerabilities(pv);
if (rv == 0 && verbose >= 1)
fputs("No vulnerabilities found\n", stderr);
exit(rv ? EXIT_FAILURE : EXIT_SUCCESS);
}
void
audit_batch(int argc, char **argv)
{
int rv;
parse_options(argc, argv, audit_options);
argv += optind;
check_and_read_pkg_vulnerabilities();
rv = 0;
for (; *argv != NULL; ++argv)
rv |= check_batch_exact_pkgs(*argv);
free_pkg_vulnerabilities(pv);
if (rv == 0 && verbose >= 1)
fputs("No vulnerabilities found\n", stderr);
exit(rv ? EXIT_FAILURE : EXIT_SUCCESS);
}
void
check_pkg_vulnerabilities(int argc, char **argv)
{
parse_options(argc, argv, "s");
if (argc != optind + 1)
usage();
pv = read_pkg_vulnerabilities_file(argv[optind], 0, check_signature);
free_pkg_vulnerabilities(pv);
}
void
fetch_pkg_vulnerabilities(int argc, char **argv)
{
struct pkg_vulnerabilities *pv_check;
char *buf;
size_t buf_len, buf_fetched;
ssize_t cur_fetched;
struct url *url;
struct url_stat st;
fetchIO *f;
int fd;
struct stat sb;
char my_flags[20];
const char *flags;
parse_options(argc, argv, "su");
if (argc != optind)
usage();
if (verbose >= 2)
fprintf(stderr, "Fetching %s\n", pkg_vulnerabilities_url);
url = fetchParseURL(pkg_vulnerabilities_url);
if (url == NULL)
errx(EXIT_FAILURE,
"Could not parse location of pkg_vulnerabilities: %s",
fetchLastErrString);
flags = fetch_flags;
if (update_pkg_vuln) {
fd = open(pkg_vulnerabilities_file, O_RDONLY);
if (fd != -1 && fstat(fd, &sb) != -1) {
url->last_modified = sb.st_mtime;
snprintf(my_flags, sizeof(my_flags), "%si",
fetch_flags);
flags = my_flags;
} else
update_pkg_vuln = 0;
if (fd != -1)
close(fd);
}
f = fetchXGet(url, &st, flags);
if (f == NULL && update_pkg_vuln &&
fetchLastErrCode == FETCH_UNCHANGED) {
if (verbose >= 1)
fprintf(stderr, "%s is not newer\n",
pkg_vulnerabilities_url);
exit(EXIT_SUCCESS);
}
if (f == NULL)
errx(EXIT_FAILURE, "Could not fetch vulnerability file: %s",
fetchLastErrString);
if (st.size > SSIZE_MAX - 1)
errx(EXIT_FAILURE, "pkg-vulnerabilities is too large");
buf_len = st.size;
buf = xmalloc(buf_len + 1);
buf_fetched = 0;
while (buf_fetched < buf_len) {
cur_fetched = fetchIO_read(f, buf + buf_fetched,
buf_len - buf_fetched);
if (cur_fetched == 0)
errx(EXIT_FAILURE,
"Truncated pkg-vulnerabilities received");
else if (cur_fetched == -1)
errx(EXIT_FAILURE,
"IO error while fetching pkg-vulnerabilities: %s",
fetchLastErrString);
buf_fetched += cur_fetched;
}
buf[buf_len] = '\0';
pv_check = read_pkg_vulnerabilities_memory(buf, buf_len, check_signature);
free_pkg_vulnerabilities(pv_check);
fd = open(pkg_vulnerabilities_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1)
err(EXIT_FAILURE, "Cannot create pkg-vulnerability file %s",
pkg_vulnerabilities_file);
if (write(fd, buf, buf_len) != (ssize_t)buf_len)
err(EXIT_FAILURE, "Cannot write pkg-vulnerability file");
if (close(fd) == -1)
err(EXIT_FAILURE, "Cannot close pkg-vulnerability file after write");
free(buf);
exit(EXIT_SUCCESS);
}
static int
check_pkg_history_pattern(const char *pkg, const char *pattern)
{
const char *delim, *end_base;
if (strpbrk(pattern, "*[") != NULL) {
end_base = NULL;
for (delim = pattern;
*delim != '\0' && *delim != '['; delim++) {
if (*delim == '-')
end_base = delim;
}
if (end_base == NULL)
errx(EXIT_FAILURE, "Missing - in wildcard pattern %s",
pattern);
if ((delim = strchr(pattern, '>')) != NULL ||
(delim = strchr(pattern, '<')) != NULL)
errx(EXIT_FAILURE,
"Mixed relational and wildcard patterns in %s",
pattern);
} else if ((delim = strchr(pattern, '>')) != NULL) {
end_base = delim;
if ((delim = strchr(pattern, '<')) != NULL && delim < end_base)
errx(EXIT_FAILURE, "Inverted operators in %s",
pattern);
} else if ((delim = strchr(pattern, '<')) != NULL) {
end_base = delim;
} else if ((end_base = strrchr(pattern, '-')) == NULL) {
errx(EXIT_FAILURE, "Missing - in absolute pattern %s",
pattern);
}
if (strncmp(pkg, pattern, end_base - pattern) != 0)
return 0;
if (pkg[end_base - pattern] != '\0')
return 0;
return 1;
}
static int
check_pkg_history1(const char *pkg, const char *pattern)
{
const char *open_brace, *close_brace, *inner_brace, *suffix, *iter;
size_t prefix_len, suffix_len, middle_len;
char *expanded_pkg;
open_brace = strchr(pattern, '{');
if (open_brace == NULL) {
if ((close_brace = strchr(pattern, '}')) != NULL)
errx(EXIT_FAILURE, "Unbalanced {} in pattern %s",
pattern);
return check_pkg_history_pattern(pkg, pattern);
}
close_brace = strchr(open_brace, '}');
if (strchr(pattern, '}') != close_brace)
errx(EXIT_FAILURE, "Unbalanced {} in pattern %s",
pattern);
while ((inner_brace = strchr(open_brace + 1, '{')) != NULL) {
if (inner_brace >= close_brace)
break;
open_brace = inner_brace;
}
expanded_pkg = xmalloc(strlen(pattern)); /* {} are going away... */
prefix_len = open_brace - pattern;
suffix = close_brace + 1;
suffix_len = strlen(suffix) + 1;
memcpy(expanded_pkg, pattern, prefix_len);
++open_brace;
do {
iter = strchr(open_brace, ',');
if (iter == NULL || iter > close_brace)
iter = close_brace;
middle_len = iter - open_brace;
memcpy(expanded_pkg + prefix_len, open_brace, middle_len);
memcpy(expanded_pkg + prefix_len + middle_len, suffix,
suffix_len);
if (check_pkg_history1(pkg, expanded_pkg)) {
free(expanded_pkg);
return 1;
}
open_brace = iter + 1;
} while (iter < close_brace);
free(expanded_pkg);
return 0;
}
static void
check_pkg_history(const char *pkg)
{
size_t i;
for (i = 0; i < pv->entries; ++i) {
if (!quick_pkg_match(pv->vulnerability[i], pkg))
continue;
if (strcmp("eol", pv->classification[i]) == 0)
continue;
if (check_pkg_history1(pkg, pv->vulnerability[i]) == 0)
continue;
printf("%s %s %s\n", pv->vulnerability[i],
pv->classification[i], pv->advisory[i]);
}
}
void
audit_history(int argc, char **argv)
{
parse_options(argc, argv, "st:");
argv += optind;
check_and_read_pkg_vulnerabilities();
for (; *argv != NULL; ++argv)
check_pkg_history(*argv);
free_pkg_vulnerabilities(pv);
exit(EXIT_SUCCESS);
}

259
pkgtools/pkg_install/files/admin/check.c Normal file
View File

@@ -0,0 +1,259 @@
/* $NetBSD: check.c,v 1.10 2010/01/22 13:30:41 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <nbcompat.h>
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
__RCSID("$NetBSD: check.c,v 1.10 2010/01/22 13:30:41 joerg Exp $");
/*-
* Copyright (c) 1999-2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Hubert Feyrer <hubert@feyrer.de>.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#if HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#if HAVE_DIRENT_H
#include <dirent.h>
#endif
#if HAVE_ERR_H
#include <err.h>
#endif
#if HAVE_ERRNO_H
#include <errno.h>
#endif
#if HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifndef NETBSD
#include <nbcompat/md5.h>
#else
#include <md5.h>
#endif
#if HAVE_LIMITS_H
#include <limits.h>
#endif
#if HAVE_STDIO_H
#include <stdio.h>
#endif
#if HAVE_STRING_H
#include <string.h>
#endif
#include "admin.h"
#include "lib.h"
static int checkpattern_fn(const char *, void *);
/*
* Assumes CWD is in /var/db/pkg/<pkg>!
*/
static void
check1pkg(const char *pkgdir, int *filecnt, int *pkgcnt)
{
FILE *f;
plist_t *p;
package_t Plist;
char *PkgName, *dirp = NULL, *md5file;
char file[MaxPathSize];
char *content;
content = pkgdb_pkg_file(pkgdir, CONTENTS_FNAME);
f = fopen(content, "r");
if (f == NULL)
err(EXIT_FAILURE, "can't open %s", content);
free(content);
read_plist(&Plist, f);
p = find_plist(&Plist, PLIST_NAME);
if (p == NULL)
errx(EXIT_FAILURE, "Package %s has no @name, aborting.",
pkgdir);
PkgName = p->name;
for (p = Plist.head; p; p = p->next) {
switch (p->type) {
case PLIST_FILE:
if (dirp == NULL) {
warnx("dirp not initialized, please send-pr!");
abort();
}
(void) snprintf(file, sizeof(file), "%s/%s", dirp, p->name);
if (isfile(file) || islinktodir(file)) {
if (p->next && p->next->type == PLIST_COMMENT) {
if (strncmp(p->next->name, CHECKSUM_HEADER, ChecksumHeaderLen) == 0) {
if ((md5file = MD5File(file, NULL)) != NULL) {
/* Mismatch? */
if (strcmp(md5file, p->next->name + ChecksumHeaderLen) != 0)
printf("%s fails MD5 checksum\n", file);
free(md5file);
}
} else if (strncmp(p->next->name, SYMLINK_HEADER, SymlinkHeaderLen) == 0) {
char buf[MaxPathSize + SymlinkHeaderLen];
int cc;
(void) strlcpy(buf, SYMLINK_HEADER, sizeof(buf));
if ((cc = readlink(file, &buf[SymlinkHeaderLen],
sizeof(buf) - SymlinkHeaderLen - 1)) < 0) {
warnx("can't readlink `%s'", file);
} else {
buf[SymlinkHeaderLen + cc] = 0x0;
if (strcmp(buf, p->next->name) != 0) {
printf("symlink (%s) is not same as recorded value, %s: %s\n",
file, buf, p->next->name);
}
}
}
}
(*filecnt)++;
} else if (isbrokenlink(file)) {
warnx("%s: Symlink `%s' exists and is in %s but target does not exist!", PkgName, file, CONTENTS_FNAME);
} else {
warnx("%s: File `%s' is in %s but not on filesystem!", PkgName, file, CONTENTS_FNAME);
}
break;
case PLIST_CWD:
if (strcmp(p->name, ".") != 0)
dirp = p->name;
else
dirp = pkgdb_pkg_dir(pkgdir);
break;
case PLIST_IGNORE:
p = p->next;
break;
case PLIST_SHOW_ALL:
case PLIST_SRC:
case PLIST_CMD:
case PLIST_CHMOD:
case PLIST_CHOWN:
case PLIST_CHGRP:
case PLIST_COMMENT:
case PLIST_NAME:
case PLIST_UNEXEC:
case PLIST_DISPLAY:
case PLIST_PKGDEP:
case PLIST_DIR_RM:
case PLIST_OPTION:
case PLIST_PKGCFL:
case PLIST_BLDDEP:
case PLIST_PKGDIR:
break;
}
}
free_plist(&Plist);
fclose(f);
(*pkgcnt)++;
}
struct checkpattern_arg {
int filecnt;
int pkgcnt;
int got_match;
};
static int
checkpattern_fn(const char *pkg, void *vp)
{
struct checkpattern_arg *arg = vp;
check1pkg(pkg, &arg->filecnt, &arg->pkgcnt);
if (!quiet)
printf(".");
arg->got_match = 1;
return 0;
}
static void
check_pkg(const char *pkg, int *filecnt, int *pkgcnt, int allow_unmatched)
{
struct checkpattern_arg arg;
char *pattern;
arg.filecnt = *filecnt;
arg.pkgcnt = *pkgcnt;
arg.got_match = 0;
if (match_installed_pkgs(pkg, checkpattern_fn, &arg) == -1)
errx(EXIT_FAILURE, "Cannot process pkdbdb");
if (arg.got_match != 0) {
*filecnt = arg.filecnt;
*pkgcnt = arg.pkgcnt;
return;
}
if (ispkgpattern(pkg)) {
if (allow_unmatched)
return;
errx(EXIT_FAILURE, "No matching pkg for %s.", pkg);
}
pattern = xasprintf("%s-[0-9]*", pkg);
if (match_installed_pkgs(pattern, checkpattern_fn, &arg) == -1)
errx(EXIT_FAILURE, "Cannot process pkdbdb");
if (arg.got_match == 0)
errx(EXIT_FAILURE, "cannot find package %s", pkg);
free(pattern);
*filecnt = arg.filecnt;
*pkgcnt = arg.pkgcnt;
}
void
check(char **argv)
{
int filecnt, pkgcnt;
filecnt = 0;
pkgcnt = 0;
setbuf(stdout, NULL);
if (*argv == NULL) {
check_pkg("*", &filecnt, &pkgcnt, 1);
} else {
for (; *argv != NULL; ++argv)
check_pkg(*argv, &filecnt, &pkgcnt, 0);
}
printf("\n");
printf("Checked %d file%s from %d package%s.\n",
filecnt, (filecnt == 1) ? "" : "s",
pkgcnt, (pkgcnt == 1) ? "" : "s");
}

54
pkgtools/pkg_install/files/admin/download-vulnerability-list.8 Normal file
View File

@@ -0,0 +1,54 @@
.\" $NetBSD: download-vulnerability-list.8,v 1.1 2010/03/19 12:49:53 wiz Exp $
.\"
.\" Copyright (c) 2010 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Thomas Klausner.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd March 18, 2010
.Dt DOWNLOAD-VULNERABILITY-LIST 8
.Os
.Sh NAME
.Nm download-vulnerability-list
.Nd download vulnerability list used for checking installed packages
.Sh SYNOPSIS
.Nm
.Op Fl hs
.Op Fl c Ar config_file
.Sh DESCRIPTION
.Nm
is deprecated.
Please use the
.Cm fetch-pkg-vulnerabilities
command of
.Xr pkg_admin 1
instead.
.Pp
The
.Nm
script is installed for backwards compatibility only and will
eventually be removed.
.Sh SEE ALSO
.Xr pkg_admin 1

20
pkgtools/pkg_install/files/admin/download-vulnerability-list.cat Normal file
View File

@@ -0,0 +1,20 @@
DOWNLOAD-VULNERABILI... NetBSD System Manager's Manual DOWNLOAD-VULNERABILI...
NNAAMMEE
ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt -- download vulnerability list used for
checking installed packages
SSYYNNOOPPSSIISS
ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt [--hhss] [--cc _c_o_n_f_i_g___f_i_l_e]
DDEESSCCRRIIPPTTIIOONN
ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt is deprecated. Please use the
ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess command of pkg_admin(1) instead.
The ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt script is installed for backwards compat-
ibility only and will eventually be removed.
SSEEEE AALLSSOO
pkg_admin(1)
NetBSD 5.0 March 18, 2010 NetBSD 5.0

37
pkgtools/pkg_install/files/admin/download-vulnerability-list.sh.in Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/sh
pkg_admin=@PKG_ADMIN@
usage() {
echo 'Usage: download-vulnerability-list [-hs] [-c config_file]' >& $2
echo "Please use \`\`pkg_admin fetch-pkg-vulnerabilities'' instead." >& $2
exit $1
}
do_sign=
args=`getopt c:hs $*`
if [ $? -ne 0 ]; then
usage 1 2
fi
set -- $args
while [ $# -gt 0 ]; do
case "$1" in
-c)
echo "The download-vulnerability-list wrapper does not support -c" >&2
echo "Please switch to \`\`pkg_admin fetch-pkg-vulnerabilities''." >&2
exit 1
;;
-h)
usage 0 1
;;
-s)
do_sign=-s
;;
esac
shift
done
exec ${pkg_admin} fetch-pkg-vulnerabilities ${do_sign}

754
pkgtools/pkg_install/files/admin/main.c Normal file
View File

@@ -0,0 +1,754 @@
/* $NetBSD: main.c,v 1.61 2010/04/20 00:39:13 joerg Exp $ */
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <nbcompat.h>
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
__RCSID("$NetBSD: main.c,v 1.61 2010/04/20 00:39:13 joerg Exp $");
/*-
* Copyright (c) 1999-2009 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Hubert Feyrer <hubert@feyrer.de> and
* by Joerg Sonnenberger <joerg@NetBSD.org>.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#if HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#if HAVE_DIRENT_H
#include <dirent.h>
#endif
#if HAVE_ERR_H
#include <err.h>
#endif
#if HAVE_ERRNO_H
#include <errno.h>
#endif
#if HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifndef NETBSD
#include <nbcompat/md5.h>
#else
#include <md5.h>
#endif
#if HAVE_LIMITS_H
#include <limits.h>
#endif
#if HAVE_STDIO_H
#include <stdio.h>
#endif
#if HAVE_STRING_H
#include <string.h>
#endif
#ifndef BOOTSTRAP
#include <archive.h>
#include <fetch.h>
#endif
#include "admin.h"
#include "lib.h"
#define DEFAULT_SFX ".t[bg]z" /* default suffix for ls{all,best} */
struct pkgdb_count {
size_t files;
size_t directories;
size_t packages;
};
static const char Options[] = "C:K:SVbd:qs:v";
int quiet, verbose;
static void set_unset_variable(char **, Boolean);
/* print usage message and exit */
void
usage(void)
{
(void) fprintf(stderr, "usage: %s [-bqSVv] [-C config] [-d lsdir] [-K pkg_dbdir] [-s sfx] command [args ...]\n"
"Where 'commands' and 'args' are:\n"
" rebuild - rebuild pkgdb from +CONTENTS files\n"
" rebuild-tree - rebuild +REQUIRED_BY files from forward deps\n"
" check [pkg ...] - check md5 checksum of installed files\n"
" add pkg ... - add pkg files to database\n"
" delete pkg ... - delete file entries for pkg in database\n"
" set variable=value pkg ... - set installation variable for package\n"
" unset variable pkg ... - unset installation variable for package\n"
" lsall /path/to/pkgpattern - list all pkgs matching the pattern\n"
" lsbest /path/to/pkgpattern - list pkgs matching the pattern best\n"
" dump - dump database\n"
" pmatch pattern pkg - returns true if pkg matches pattern, otherwise false\n"
" fetch-pkg-vulnerabilities [-s] - fetch new vulnerability file\n"
" check-pkg-vulnerabilities [-s] <file> - check syntax and checksums of the vulnerability file\n"
" audit [-es] [-t type] ... - check installed packages for vulnerabilities\n"
" audit-pkg [-es] [-t type] ... - check listed packages for vulnerabilities\n"
" audit-batch [-es] [-t type] ... - check packages in listed files for vulnerabilities\n"
" audit-history [-t type] ... - print all advisories for package names\n"
" check-license <condition> - check if condition is acceptable\n"
" check-single-license <license> - check if license is acceptable\n"
" config-var name - print current value of the configuration variable\n"
" check-signature ... - verify the signature of packages\n"
" x509-sign-package pkg spkg key cert - create X509 signature\n"
" gpg-sign-package pkg spkg - create GPG signature\n",
getprogname());
exit(EXIT_FAILURE);
}
/*
* add1pkg(<pkg>)
* adds the files listed in the +CONTENTS of <pkg> into the
* pkgdb.byfile.db database file in the current package dbdir. It
* returns the number of files added to the database file.
*/
static int
add_pkg(const char *pkgdir, void *vp)
{
FILE *f;
plist_t *p;
package_t Plist;
char *contents;
char *PkgName, *dirp;
char file[MaxPathSize];
struct pkgdb_count *count;
if (!pkgdb_open(ReadWrite))
err(EXIT_FAILURE, "cannot open pkgdb");
count = vp;
++count->packages;
contents = pkgdb_pkg_file(pkgdir, CONTENTS_FNAME);
if ((f = fopen(contents, "r")) == NULL)
errx(EXIT_FAILURE, "%s: can't open `%s'", pkgdir, CONTENTS_FNAME);
free(contents);
read_plist(&Plist, f);
if ((p = find_plist(&Plist, PLIST_NAME)) == NULL) {
errx(EXIT_FAILURE, "Package `%s' has no @name, aborting.", pkgdir);
}
PkgName = p->name;
dirp = NULL;
for (p = Plist.head; p; p = p->next) {
switch(p->type) {
case PLIST_FILE:
if (dirp == NULL) {
errx(EXIT_FAILURE, "@cwd not yet found, please send-pr!");
}
(void) snprintf(file, sizeof(file), "%s/%s", dirp, p->name);
if (!(isfile(file) || islinktodir(file))) {
if (isbrokenlink(file)) {
warnx("%s: Symlink `%s' exists and is in %s but target does not exist!",
PkgName, file, CONTENTS_FNAME);
} else {
warnx("%s: File `%s' is in %s but not on filesystem!",
PkgName, file, CONTENTS_FNAME);
}
} else {
pkgdb_store(file, PkgName);
++count->files;
}
break;
case PLIST_PKGDIR:
add_pkgdir(PkgName, dirp, p->name);
++count->directories;
break;
case PLIST_CWD:
if (strcmp(p->name, ".") != 0)
dirp = p->name;
else
dirp = pkgdb_pkg_dir(pkgdir);
break;
case PLIST_IGNORE:
p = p->next;
break;
case PLIST_SHOW_ALL:
case PLIST_SRC:
case PLIST_CMD:
case PLIST_CHMOD:
case PLIST_CHOWN:
case PLIST_CHGRP:
case PLIST_COMMENT:
case PLIST_NAME:
case PLIST_UNEXEC:
case PLIST_DISPLAY:
case PLIST_PKGDEP:
case PLIST_DIR_RM:
case PLIST_OPTION:
case PLIST_PKGCFL:
case PLIST_BLDDEP:
break;
}
}
free_plist(&Plist);
fclose(f);
pkgdb_close();
return 0;
}
static void
delete1pkg(const char *pkgdir)
{
if (!pkgdb_open(ReadWrite))
err(EXIT_FAILURE, "cannot open pkgdb");
(void) pkgdb_remove_pkg(pkgdir);
pkgdb_close();
}
static void
rebuild(void)
{
char *cachename;
struct pkgdb_count count;
count.files = 0;
count.directories = 0;
count.packages = 0;
cachename = pkgdb_get_database();
if (unlink(cachename) != 0 && errno != ENOENT)
err(EXIT_FAILURE, "unlink %s", cachename);
setbuf(stdout, NULL);
iterate_pkg_db(add_pkg, &count);
printf("\n");
printf("Stored %" PRIzu " file%s and %zu explicit director%s"
" from %"PRIzu " package%s in %s.\n",
count.files, count.files == 1 ? "" : "s",
count.directories, count.directories == 1 ? "y" : "ies",
count.packages, count.packages == 1 ? "" : "s",
cachename);
}
static int
lspattern(const char *pkg, void *vp)
{
const char *dir = vp;
printf("%s/%s\n", dir, pkg);
return 0;
}
static int
lsbasepattern(const char *pkg, void *vp)
{
puts(pkg);
return 0;
}
static int
remove_required_by(const char *pkgname, void *cookie)
{
char *path;
path = pkgdb_pkg_file(pkgname, REQUIRED_BY_FNAME);
if (unlink(path) == -1 && errno != ENOENT)
err(EXIT_FAILURE, "Cannot remove %s", path);
free(path);
return 0;
}
static void
add_required_by(const char *pattern, const char *required_by)
{
char *best_installed, *path;
int fd;
size_t len;
best_installed = find_best_matching_installed_pkg(pattern);
if (best_installed == NULL) {
warnx("Dependency %s of %s unresolved", pattern, required_by);
return;
}
path = pkgdb_pkg_file(best_installed, REQUIRED_BY_FNAME);
free(best_installed);
if ((fd = open(path, O_WRONLY | O_APPEND | O_CREAT, 0644)) == -1)
errx(EXIT_FAILURE, "Cannot write to %s", path);
free(path);
len = strlen(required_by);
if (write(fd, required_by, len) != (ssize_t)len ||
write(fd, "\n", 1) != 1 ||
close(fd) == -1)
errx(EXIT_FAILURE, "Cannot write to %s", path);
}
static int
add_depends_of(const char *pkgname, void *cookie)
{
FILE *fp;
plist_t *p;
package_t plist;
char *path;
path = pkgdb_pkg_file(pkgname, CONTENTS_FNAME);
if ((fp = fopen(path, "r")) == NULL)
errx(EXIT_FAILURE, "Cannot read %s of package %s",
CONTENTS_FNAME, pkgname);
free(path);
read_plist(&plist, fp);
fclose(fp);
for (p = plist.head; p; p = p->next) {
if (p->type == PLIST_PKGDEP)
add_required_by(p->name, pkgname);
}
free_plist(&plist);
return 0;
}
static void
rebuild_tree(void)
{
if (iterate_pkg_db(remove_required_by, NULL) == -1)
errx(EXIT_FAILURE, "cannot iterate pkgdb");
if (iterate_pkg_db(add_depends_of, NULL) == -1)
errx(EXIT_FAILURE, "cannot iterate pkgdb");
}
int
main(int argc, char *argv[])
{
Boolean use_default_sfx = TRUE;
Boolean show_basename_only = FALSE;
char lsdir[MaxPathSize];
char sfx[MaxPathSize];
char *lsdirp = NULL;
int ch;
setprogname(argv[0]);
if (argc < 2)
usage();
while ((ch = getopt(argc, argv, Options)) != -1)
switch (ch) {
case 'C':
config_file = optarg;
break;
case 'K':
pkgdb_set_dir(optarg, 3);
break;
case 'S':
sfx[0] = 0x0;
use_default_sfx = FALSE;
break;
case 'V':
show_version();
/* NOTREACHED */
case 'b':
show_basename_only = TRUE;
break;
case 'd':
(void) strlcpy(lsdir, optarg, sizeof(lsdir));
lsdirp = lsdir;
break;
case 'q':
quiet = 1;
break;
case 's':
(void) strlcpy(sfx, optarg, sizeof(sfx));
use_default_sfx = FALSE;
break;
case 'v':
++verbose;
break;
default:
usage();
/* NOTREACHED */
}
argc -= optind;
argv += optind;
if (argc <= 0) {
usage();
}
/*
* config-var is reading the config file implicitly,
* so skip it here.
*/
if (strcasecmp(argv[0], "config-var") != 0)
pkg_install_config();
if (use_default_sfx)
(void) strlcpy(sfx, DEFAULT_SFX, sizeof(sfx));
if (strcasecmp(argv[0], "pmatch") == 0) {
char *pattern, *pkg;
argv++; /* "pmatch" */
if (argv[0] == NULL || argv[1] == NULL) {
usage();
}
pattern = argv[0];
pkg = argv[1];
if (pkg_match(pattern, pkg)){
return 0;
} else {
return 1;
}
} else if (strcasecmp(argv[0], "rebuild") == 0) {
rebuild();
printf("Done.\n");
} else if (strcasecmp(argv[0], "rebuild-tree") == 0) {
rebuild_tree();
printf("Done.\n");
} else if (strcasecmp(argv[0], "check") == 0) {
argv++; /* "check" */
check(argv);
if (!quiet) {
printf("Done.\n");
}
} else if (strcasecmp(argv[0], "lsall") == 0) {
argv++; /* "lsall" */
while (*argv != NULL) {
/* args specified */
int rc;
const char *basep, *dir;
dir = lsdirp ? lsdirp : dirname_of(*argv);
basep = basename_of(*argv);
if (show_basename_only)
rc = match_local_files(dir, use_default_sfx, 1, basep, lsbasepattern, NULL);
else
rc = match_local_files(dir, use_default_sfx, 1, basep, lspattern, __UNCONST(dir));
if (rc == -1)
errx(EXIT_FAILURE, "Error from match_local_files(\"%s\", \"%s\", ...)",
dir, basep);
argv++;
}
} else if (strcasecmp(argv[0], "lsbest") == 0) {
argv++; /* "lsbest" */
while (*argv != NULL) {
/* args specified */
const char *basep, *dir;
char *p;
dir = lsdirp ? lsdirp : dirname_of(*argv);
basep = basename_of(*argv);
p = find_best_matching_file(dir, basep, use_default_sfx, 1);
if (p) {
if (show_basename_only)
printf("%s\n", p);
else
printf("%s/%s\n", dir, p);
free(p);
}
argv++;
}
} else if (strcasecmp(argv[0], "list") == 0 ||
strcasecmp(argv[0], "dump") == 0) {
pkgdb_dump();
} else if (strcasecmp(argv[0], "add") == 0) {
struct pkgdb_count count;
count.files = 0;
count.directories = 0;
count.packages = 0;
for (++argv; *argv != NULL; ++argv)
add_pkg(*argv, &count);
} else if (strcasecmp(argv[0], "delete") == 0) {
argv++; /* "delete" */
while (*argv != NULL) {
delete1pkg(*argv);
argv++;
}
} else if (strcasecmp(argv[0], "set") == 0) {
argv++; /* "set" */
set_unset_variable(argv, FALSE);
} else if (strcasecmp(argv[0], "unset") == 0) {
argv++; /* "unset" */
set_unset_variable(argv, TRUE);
} else if (strcasecmp(argv[0], "config-var") == 0) {
argv++;
if (argv == NULL || argv[1] != NULL)
errx(EXIT_FAILURE, "config-var takes exactly one argument");
pkg_install_show_variable(argv[0]);
} else if (strcasecmp(argv[0], "check-license") == 0) {
if (argv[1] == NULL)
errx(EXIT_FAILURE, "check-license takes exactly one argument");
load_license_lists();
switch (acceptable_pkg_license(argv[1])) {
case 0:
puts("no");
return 0;
case 1:
puts("yes");
return 0;
case -1:
errx(EXIT_FAILURE, "invalid license condition");
}
} else if (strcasecmp(argv[0], "check-single-license") == 0) {
if (argv[1] == NULL)
errx(EXIT_FAILURE, "check-license takes exactly one argument");
load_license_lists();
switch (acceptable_license(argv[1])) {
case 0:
puts("no");
return 0;
case 1:
puts("yes");
return 0;
case -1:
errx(EXIT_FAILURE, "invalid license");
}
}
#ifndef BOOTSTRAP
else if (strcasecmp(argv[0], "findbest") == 0) {
struct url *url;
char *output;
int rc;
process_pkg_path();
rc = 0;
for (++argv; *argv != NULL; ++argv) {
url = find_best_package(NULL, *argv, 1);
if (url == NULL) {
rc = 1;
continue;
}
output = fetchStringifyURL(url);
puts(output);
fetchFreeURL(url);
free(output);
}
return rc;
} else if (strcasecmp(argv[0], "fetch-pkg-vulnerabilities") == 0) {
fetch_pkg_vulnerabilities(--argc, ++argv);
} else if (strcasecmp(argv[0], "check-pkg-vulnerabilities") == 0) {
check_pkg_vulnerabilities(--argc, ++argv);
} else if (strcasecmp(argv[0], "audit") == 0) {
audit_pkgdb(--argc, ++argv);
} else if (strcasecmp(argv[0], "audit-pkg") == 0) {
audit_pkg(--argc, ++argv);
} else if (strcasecmp(argv[0], "audit-batch") == 0) {
audit_batch(--argc, ++argv);
} else if (strcasecmp(argv[0], "audit-history") == 0) {
audit_history(--argc, ++argv);
} else if (strcasecmp(argv[0], "check-signature") == 0) {
struct archive *pkg;
int rc;
rc = 0;
for (--argc, ++argv; argc > 0; --argc, ++argv) {
char *archive_name;
pkg = open_archive(*argv, &archive_name);
if (pkg == NULL) {
warnx("%s could not be opened", *argv);
continue;
}
if (pkg_full_signature_check(archive_name, &pkg))
rc = 1;
free(archive_name);
if (!pkg)
archive_read_finish(pkg);
}
return rc;
} else if (strcasecmp(argv[0], "x509-sign-package") == 0) {
#ifdef HAVE_SSL
--argc;
++argv;
if (argc != 4)
errx(EXIT_FAILURE, "x509-sign-package takes exactly four arguments");
pkg_sign_x509(argv[0], argv[1], argv[2], argv[3]);
#else
errx(EXIT_FAILURE, "OpenSSL support is not included");
#endif
} else if (strcasecmp(argv[0], "gpg-sign-package") == 0) {
--argc;
++argv;
if (argc != 2)
errx(EXIT_FAILURE, "gpg-sign-package takes exactly two arguments");
pkg_sign_gpg(argv[0], argv[1]);
}
#endif
else {
usage();
}
return 0;
}
struct set_installed_info_arg {
char *variable;
char *value;
int got_match;
};
static int
set_installed_info_var(const char *name, void *cookie)
{
struct set_installed_info_arg *arg = cookie;
char *filename;
int retval;
filename = pkgdb_pkg_file(name, INSTALLED_INFO_FNAME);
retval = var_set(filename, arg->variable, arg->value);
free(filename);
arg->got_match = 1;
return retval;
}
static void
set_unset_variable(char **argv, Boolean unset)
{
struct set_installed_info_arg arg;
char *eq;
char *variable;
int ret = 0;
if (argv[0] == NULL || argv[1] == NULL)
usage();
variable = NULL;
if (unset) {
arg.variable = argv[0];
arg.value = NULL;
} else {
eq = NULL;
if ((eq=strchr(argv[0], '=')) == NULL)
usage();
variable = xmalloc(eq-argv[0]+1);
strlcpy(variable, argv[0], eq-argv[0]+1);
arg.variable = variable;
arg.value = eq+1;
if (strcmp(variable, AUTOMATIC_VARNAME) == 0 &&
strcasecmp(arg.value, "yes") != 0 &&
strcasecmp(arg.value, "no") != 0) {
errx(EXIT_FAILURE,
"unknown value `%s' for " AUTOMATIC_VARNAME,
arg.value);
}
}
if (strpbrk(arg.variable, "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != NULL) {
free(variable);
errx(EXIT_FAILURE,
"variable name must not contain uppercase letters");
}
argv++;
while (*argv != NULL) {
arg.got_match = 0;
if (match_installed_pkgs(*argv, set_installed_info_var, &arg) == -1)
errx(EXIT_FAILURE, "Cannot process pkdbdb");
if (arg.got_match == 0) {
char *pattern;
if (ispkgpattern(*argv)) {
warnx("no matching pkg for `%s'", *argv);
ret++;
} else {
pattern = xasprintf("%s-[0-9]*", *argv);
if (match_installed_pkgs(pattern, set_installed_info_var, &arg) == -1)
errx(EXIT_FAILURE, "Cannot process pkdbdb");
if (arg.got_match == 0) {
warnx("cannot find package %s", *argv);
++ret;
}
free(pattern);
}
}
argv++;
}
if (ret > 0)
exit(EXIT_FAILURE);
free(variable);
return;
}

324
pkgtools/pkg_install/files/admin/pkg_admin.1 Normal file
View File

@@ -0,0 +1,324 @@
.\" $NetBSD: pkg_admin.1,v 1.33 2012/12/17 04:34:02 agc Exp $
.\"
.\" Copyright (c) 1999-2010 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Hubert Feyrer <hubert@feyrer.de>.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the NetBSD
.\" Foundation, Inc. and its contributors.
.\" 4. Neither the name of The NetBSD Foundation nor the names of its
.\" contributors may be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd December 14, 2012
.Dt PKG_ADMIN 1
.Os
.Sh NAME
.Nm pkg_admin
.Nd perform various administrative tasks to the pkg system
.Sh SYNOPSIS
.Nm
.Op Fl bqSVv
.Op Fl C Ar config
.Op Fl d Ar lsdir
.Op Fl K Ar pkg_dbdir
.Op Fl s Ar sfx_pattern
.Ar command Op args ...
.Sh DESCRIPTION
This command performs various administrative tasks around the
.Nx
Packages System.
.Sh OPTIONS
The following command-line options are supported:
.Bl -tag -width indent
.It Fl b
Print only the base names when matching package names for
.Cm lsall
and
.Cm lsbest .
.It Fl C Ar config
Read the configuration file from
.Ar config
instead of the system default.
.It Fl d Ar lsdir
Set
.Ar lsdir
as the path to the directory in which to find matching package names for
.Cm lsall
and
.Cm lsbest .
.It Fl K Ar pkg_dbdir
Override the value of the
.Dv PKG_DBDIR
configuration option with the value
.Ar pkg_dbdir .
.It Fl q
Perform checks in a quiet manner.
In normal operation,
.Nm
prints a
.Sq \&.
to standard output to indicate progress.
This option suppresses this progress indicator.
.It Fl S
Set the shell glob pattern for package suffixes when matching package
names for
.Cm lsall
and
.Cm lsbest
to be the null suffix.
.It Fl s Ar sfx_pattern
Set the shell glob pattern for package suffixes when matching package
names for
.Cm lsall
and
.Cm lsbest .
The default pattern is ".t[bg]z".
.It Fl V
Print version number and exit.
.It Fl v
Be more verbose.
.El
.Pp
The following commands are supported:
.Bl -tag -width indent
.It Cm add Ar pkg ...
For each listed package, write the absolute pathnames of the files listed in
its
.Pa +CONTENTS
file together with the package they belong to into the package database.
This should be used only by
.Xr pkg_view 1 .
.It Cm audit Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
Check the listed installed packages for vulnerabilities.
If no package is given, check all installed packages.
If
.Fl e
is given, override the
.Dv CHECK_END_OF_LIFE
option from
.Xr pkg_install.conf 5
with
.Qq Li yes .
If
.Fl s
is given, check the signature of the pkg-vulnerabilities file before using it.
.Fl t
restricts the reported vulnerabilities to type
.Ar type .
.It Cm audit-pkg Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg Oc ...
Like
.Cm audit ,
but check only the given package names or patterns.
.It Cm audit-batch Oo Fl es Oc Oo Fl t Ar type Oc Oo Ar pkg-list Oc ...
Like
.Cm audit-pkg ,
but read the package names or patterns one per line from the given files.
.It Cm audit-history Oo Fl s Oc Oo Fl t Ar type Oc Oo Ar pkgbase Oc ...
Print all vulnerabilities for the given base package names.
.It Cm check Op Ar pkg ...
Use this command to check the files belonging to some or all of the
packages installed on the local machine against the checksum
which was recorded in the
.Pa +CONTENTS
files at package installation time.
Symbolic links also have their integrity checked against the recorded
value at package installation time.
If no additional argument is given, the files of all installed packages
are checked, else only the named packages will be checked (wildcards can
be used here, see
.Xr pkg_info 1 ) .
.Pp
The packages'
.Pa +CONTENTS
files will be parsed and the
checksum will be checked for every file found.
A warning message is printed if the expected checksum differs from the
checksum of the file on disk.
Symbolic links are also checked, ensuring that the targets on disk are
the same as the contents recorded at package installation time.
.It Cm check-license Ar condition
Check if
.Ar condition
can be fulfilled with the currently set of accepted licenses.
Prints either yes or no to stdout if the condition can be parsed,
otherwise it exits with error.
.It Cm check-pkg-vulnerabilities Oo Fl s Oc Ar file
Check format and hashes in the pkg-vulnerabilities file
.Ar file .
If
.Fl s
is given, also check the embedded signature.
.It Cm check-signature Ar file ...
Reports if
.Ar file
is a correctly signed package.
.It Cm check-single-license Ar license
Check if
.Ar license
is a valid license name and if it is in the set of acceptable licenses.
Prints either yes or no to stdout if the condition can be parsed,
otherwise it exits with error.
.It Cm config-var Ar variable
Print the current value of
.Ar variable
as used after parsing the configuration file.
.It Cm delete Ar pkg ...
For each listed package, remove all file entries in the package database that
belong to the package.
This should be used only by
.Xr pkg_view 1 .
.It Cm dump
Dump the contents of the package database, similar to
.Cm pkg_info -F .
Columns are printed for the key field used in the pkgdb - the filename -,
and the data field - the package the file belongs to.
.It Cm fetch-pkg-vulnerabilities Oo Fl su Oc
Fetch a new pkg-vulnerabilities file, check the format and if
.Fl s
is given the signature.
If all checks are passed, write it to pkgdb.
If
.Fl u
is given, the fetch is conditional and the file transfer is only done if
the remote version is newer than the one in pkgdb.
.It Cm findbest Ar pattern ...
Search the entries of
.Dv PKG_PATH
for packages matching
.Ar pattern .
Print the URL of the best matching package to stdout for each pattern.
If a pattern is not matched, it is skipped and the command will return
a failure.
.It Cm lsall Ar /dir/pkgpattern
.It Cm lsbest Ar /dir/pkgpattern
List all/best package matching pattern in the given directory
.Pa /dir .
If the
.Fl d
flag is given, then that directory path overrides
.Pa /dir .
Can be used to work around limitations of /bin/sh and other
filename globbing mechanisms.
This option implements matching of
pkg-wildcards against arbitrary files and directories, useful mainly in
the build system itself.
See
.Xr pkg_info 1
for a description of the pattern.
.Pp
Example:
.Bd -literal
yui# cd /usr/pkgsrc/packages/i386ELF/All/
yui# ls unzip*
unzip-5.40.tgz unzip-5.41.tgz
yui# pkg_admin lsall 'unzip*'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.40.tgz
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsall 'unzip\*[Ge]5.40'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.40.tgz
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsall 'unzip\*[Ge]5.41'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsbest 'unzip\*[Ge]5.40'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsall /usr/pkgsrc/packages/i386ELF/All/'{mit,unproven}-pthread*'
/usr/pkgsrc/packages/i386ELF/All/mit-pthreads-1.60b6.tgz
/usr/pkgsrc/packages/i386ELF/All/unproven-pthreads-0.15.tgz
.Ed
.It Cm pmatch Ar pattern Ar pkg
Returns true if
.Ar pkg
matches
.Ar pattern ,
otherwise returns false.
.It Cm rebuild
Rebuild the package database mapping from scratch, using the
.Pa +CONTENTS
files of the installed packages.
This option is only intended for recovery after system crashes
during package installation and removal.
.It Cm rebuild-tree
Rebuild the +REQUIRED_BY files from scratch by reresolving all dependencies.
.Pp
This option is intended to be used for fixing inconsistencies between
the records of depending and depended-on packages, such as can arise
by the use of
.Cm pkg_delete -f .
.It Cm set Ar variable=value pkg ...
Set variable with information about the installed package.
Use
.Cm unset
to remove a variable.
.Pp
Packages that are not installed directly by the user but pulled in as
dependencies are marked by setting
.Dq automatic=YES .
.It Cm gpg-sign-package pkg spkg
Sign the binary package
.Ar pkg
using GPG and write the result to
.Ar spkg .
.It Cm x509-sign-package pkg spkg key cert
Sign the binary package
.Ar pkg
using the key
.Ar key
and the certificate
.Ar cert ,
using
.Ar spkg
as output file.
.It Cm unset Ar variable pkg ...
Remove an installation variable.
.El
.Sh ENVIRONMENT
See
.Xr pkg_install.conf 5
for options, that can also be specified using the environment.
.Sh FILES
.Bl -tag -width /var/db/pkg/pkgdb.byfile.db -compact
.It Pa /var/db/pkg/pkgdb.byfile.db
.It Pa /var/db/pkg/\*[Lt]pkg\*[Gt]/+CONTENTS
.El
.Sh SEE ALSO
.Xr pkg_add 1 ,
.Xr pkg_create 1 ,
.Xr pkg_delete 1 ,
.Xr pkg_info 1 ,
.Xr pkg_view 1 ,
.Xr pkg_install.conf 5 ,
.Xr pkgsrc 7
.Sh HISTORY
The
.Nm
command first appeared in
.Nx 1.4 .
.Sh AUTHORS
The
.Nm
command was written by Hubert Feyrer.

217
pkgtools/pkg_install/files/admin/pkg_admin.cat Normal file
View File

@@ -0,0 +1,217 @@
PKG_ADMIN(1) NetBSD General Commands Manual PKG_ADMIN(1)
NNAAMMEE
ppkkgg__aaddmmiinn -- perform various administrative tasks to the pkg system
SSYYNNOOPPSSIISS
ppkkgg__aaddmmiinn [--bbqqSSVVvv] [--CC _c_o_n_f_i_g] [--dd _l_s_d_i_r] [--KK _p_k_g___d_b_d_i_r] [--ss _s_f_x___p_a_t_t_e_r_n]
_c_o_m_m_a_n_d [args ...]
DDEESSCCRRIIPPTTIIOONN
This command performs various administrative tasks around the NetBSD
Packages System.
OOPPTTIIOONNSS
The following command-line options are supported:
--bb Print only the base names when matching package names for llssaallll
and llssbbeesstt.
--CC _c_o_n_f_i_g
Read the configuration file from _c_o_n_f_i_g instead of the system
default.
--dd _l_s_d_i_r
Set _l_s_d_i_r as the path to the directory in which to find matching
package names for llssaallll and llssbbeesstt.
--KK _p_k_g___d_b_d_i_r
Override the value of the PKG_DBDIR configuration option with the
value _p_k_g___d_b_d_i_r.
--qq Perform checks in a quiet manner. In normal operation, ppkkgg__aaddmmiinn
prints a `.' to standard output to indicate progress. This
option suppresses this progress indicator.
--SS Set the shell glob pattern for package suffixes when matching
package names for llssaallll and llssbbeesstt to be the null suffix.
--ss _s_f_x___p_a_t_t_e_r_n
Set the shell glob pattern for package suffixes when matching
package names for llssaallll and llssbbeesstt. The default pattern is
".t[bg]z".
--VV Print version number and exit.
--vv Be more verbose.
The following commands are supported:
aadddd _p_k_g _._._.
For each listed package, write the absolute pathnames of the
files listed in its _+_C_O_N_T_E_N_T_S file together with the package they
belong to into the package database. This should be used only by
pkg_view(1).
aauuddiitt [--eess] [--tt _t_y_p_e] [_p_k_g] ...
Check the listed installed packages for vulnerabilities. If no
package is given, check all installed packages. If --ee is given,
override the CHECK_END_OF_LIFE option from pkg_install.conf(5)
with "yes". If --ss is given, check the signature of the pkg-vul-
nerabilities file before using it. --tt restricts the reported
vulnerabilities to type _t_y_p_e.
aauuddiitt--ppkkgg [--eess] [--tt _t_y_p_e] [_p_k_g] ...
Like aauuddiitt, but check only the given package names or patterns.
aauuddiitt--bbaattcchh [--eess] [--tt _t_y_p_e] [_p_k_g_-_l_i_s_t] ...
Like aauuddiitt--ppkkgg, but read the package names or patterns one per
line from the given files.
aauuddiitt--hhiissttoorryy [--ss] [--tt _t_y_p_e] [_p_k_g_b_a_s_e] ...
Print all vulnerabilities for the given base package names.
cchheecckk [_p_k_g _._._.]
Use this command to check the files belonging to some or all of
the packages installed on the local machine against the checksum
which was recorded in the _+_C_O_N_T_E_N_T_S files at package installation
time. Symbolic links also have their integrity checked against
the recorded value at package installation time. If no addi-
tional argument is given, the files of all installed packages are
checked, else only the named packages will be checked (wildcards
can be used here, see pkg_info(1)).
The packages' _+_C_O_N_T_E_N_T_S files will be parsed and the checksum
will be checked for every file found. A warning message is
printed if the expected checksum differs from the checksum of the
file on disk. Symbolic links are also checked, ensuring that the
targets on disk are the same as the contents recorded at package
installation time.
cchheecckk--lliicceennssee _c_o_n_d_i_t_i_o_n
Check if _c_o_n_d_i_t_i_o_n can be fulfilled with the currently set of
accepted licenses. Prints either yes or no to stdout if the con-
dition can be parsed, otherwise it exits with error.
cchheecckk--ppkkgg--vvuullnneerraabbiilliittiieess [--ss] _f_i_l_e
Check format and hashes in the pkg-vulnerabilities file _f_i_l_e. If
--ss is given, also check the embedded signature.
cchheecckk--ssiiggnnaattuurree _f_i_l_e _._._.
Reports if _f_i_l_e is a correctly signed package.
cchheecckk--ssiinnggllee--lliicceennssee _l_i_c_e_n_s_e
Check if _l_i_c_e_n_s_e is a valid license name and if it is in the set
of acceptable licenses. Prints either yes or no to stdout if the
condition can be parsed, otherwise it exits with error.
ccoonnffiigg--vvaarr _v_a_r_i_a_b_l_e
Print the current value of _v_a_r_i_a_b_l_e as used after parsing the
configuration file.
ddeelleettee _p_k_g _._._.
For each listed package, remove all file entries in the package
database that belong to the package. This should be used only by
pkg_view(1).
dduummpp Dump the contents of the package database, similar to ppkkgg__iinnffoo
--FF. Columns are printed for the key field used in the pkgdb -
the filename -, and the data field - the package the file belongs
to.
ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess [--ssuu]
Fetch a new pkg-vulnerabilities file, check the format and if --ss
is given the signature. If all checks are passed, write it to
pkgdb. If --uu is given, the fetch is conditional and the file
transfer is only done if the remote version is newer than the one
in pkgdb.
ffiinnddbbeesstt _p_a_t_t_e_r_n _._._.
Search the entries of PKG_PATH for packages matching _p_a_t_t_e_r_n.
Print the URL of the best matching package to stdout for each
pattern. If a pattern is not matched, it is skipped and the com-
mand will return a failure.
llssaallll _/_d_i_r_/_p_k_g_p_a_t_t_e_r_n
llssbbeesstt _/_d_i_r_/_p_k_g_p_a_t_t_e_r_n
List all/best package matching pattern in the given directory
_/_d_i_r. If the --dd flag is given, then that directory path over-
rides _/_d_i_r. Can be used to work around limitations of /bin/sh
and other filename globbing mechanisms. This option implements
matching of pkg-wildcards against arbitrary files and directo-
ries, useful mainly in the build system itself. See pkg_info(1)
for a description of the pattern.
Example:
yui# cd /usr/pkgsrc/packages/i386ELF/All/
yui# ls unzip*
unzip-5.40.tgz unzip-5.41.tgz
yui# pkg_admin lsall 'unzip*'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.40.tgz
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsall 'unzip>=5.40'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.40.tgz
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsall 'unzip>=5.41'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsbest 'unzip>=5.40'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsall /usr/pkgsrc/packages/i386ELF/All/'{mit,unproven}-pthread*'
/usr/pkgsrc/packages/i386ELF/All/mit-pthreads-1.60b6.tgz
/usr/pkgsrc/packages/i386ELF/All/unproven-pthreads-0.15.tgz
ppmmaattcchh _p_a_t_t_e_r_n _p_k_g
Returns true if _p_k_g matches _p_a_t_t_e_r_n, otherwise returns false.
rreebbuuiilldd
Rebuild the package database mapping from scratch. This option
is only intended for recovery after system crashes during package
installation and removal.
rreebbuuiilldd--ttrreeee
Rebuild the +REQUIRED_BY files from scratch by reresolving all
dependencies.
This option is intended to be used for fixing inconsistencies
between the records of depending and depended-on packages, such
as can arise by the use of ppkkgg__ddeelleettee --ff.
sseett _v_a_r_i_a_b_l_e_=_v_a_l_u_e _p_k_g _._._.
Set variable with information about the installed package. Use
uunnsseett to remove a variable.
Packages that are not installed directly by the user but pulled
in as dependencies are marked by setting ``automatic=YES''.
ggppgg--ssiiggnn--ppaacckkaaggee ppkkgg ssppkkgg
Sign the binary package _p_k_g using GPG and write the result to
_s_p_k_g.
xx550099--ssiiggnn--ppaacckkaaggee ppkkgg ssppkkgg kkeeyy cceerrtt
Sign the binary package _p_k_g using the key _k_e_y and the certificate
_c_e_r_t, using _s_p_k_g as output file.
uunnsseett _v_a_r_i_a_b_l_e _p_k_g _._._.
Remove an installation variable.
EENNVVIIRROONNMMEENNTT
See pkg_install.conf(5) for options, that can also be specified using the
environment.
FFIILLEESS
/var/db/pkg/pkgdb.byfile.db
/var/db/pkg/<pkg>/+CONTENTS
SSEEEE AALLSSOO
pkg_add(1), pkg_create(1), pkg_delete(1), pkg_info(1), pkg_view(1),
pkg_install.conf(5), pkgsrc(7)
HHIISSTTOORRYY
The ppkkgg__aaddmmiinn command first appeared in NetBSD 1.4.
AAUUTTHHOORRSS
The ppkkgg__aaddmmiinn command was written by Hubert Feyrer.
NetBSD 5.0 January 22, 2010 NetBSD 5.0