mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-23 04:23:08 +00:00
127e896f23
Use the return value of the pkg audit command instead of parsing its output The output will change in the next version of pkg Approved by: mat (portmgr) Reviewed by: mat (portmgr) Differential Revision: https://reviews.freebsd.org/D20376
35 lines
919 B
Bash
35 lines
919 B
Bash
#!/bin/sh
|
|
# $FreeBSD$
|
|
#
|
|
# MAINTAINER: portmgr@FreeBSD.org
|
|
|
|
set -e
|
|
|
|
. "${dp_SCRIPTSDIR}/functions.sh"
|
|
|
|
validate_env dp_ECHO_MSG dp_PKG_BIN dp_PORTNAME dp_PKGNAME
|
|
|
|
[ -n "${DEBUG_MK_SCRIPTS}" -o -n "${DEBUG_MK_SCRIPTS_CHECK_VULNERABLE}" ] && set -x
|
|
|
|
set -u
|
|
|
|
# If the package is pkg, disable these checks, it fails while
|
|
# upgrading when pkg is not there.
|
|
# FIXME: check is this is still true
|
|
if [ "${dp_PORTNAME}" = "pkg" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
if [ ! -x "${dp_PKG_BIN}" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
if ! vlist=$(${dp_PKG_BIN} audit "${dp_PKGNAME}"); then
|
|
${dp_ECHO_MSG} "===> ${dp_PKGNAME} has known vulnerabilities:"
|
|
${dp_ECHO_MSG} "$vlist"
|
|
${dp_ECHO_MSG} "=> Please update your ports tree and try again."
|
|
${dp_ECHO_MSG} "=> Note: Vulnerable ports are marked as such even if there is no update available."
|
|
${dp_ECHO_MSG} "=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'"
|
|
exit 1
|
|
fi
|