1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00
freebsd-ports/Mk/Scripts/check-vulnerable.sh
Baptiste Daroussin 127e896f23 Improve vulnerability checking
Use the return value of the pkg audit command instead of parsing its output
The output will change in the next version of pkg

Approved by:	mat (portmgr)
Reviewed by:	mat (portmgr)
Differential Revision:	https://reviews.freebsd.org/D20376
2019-05-27 13:02:05 +00:00

35 lines
919 B
Bash

#!/bin/sh
# $FreeBSD$
#
# MAINTAINER: portmgr@FreeBSD.org
set -e
. "${dp_SCRIPTSDIR}/functions.sh"
validate_env dp_ECHO_MSG dp_PKG_BIN dp_PORTNAME dp_PKGNAME
[ -n "${DEBUG_MK_SCRIPTS}" -o -n "${DEBUG_MK_SCRIPTS_CHECK_VULNERABLE}" ] && set -x
set -u
# If the package is pkg, disable these checks, it fails while
# upgrading when pkg is not there.
# FIXME: check is this is still true
if [ "${dp_PORTNAME}" = "pkg" ]; then
exit 0
fi
if [ ! -x "${dp_PKG_BIN}" ]; then
exit 0
fi
if ! vlist=$(${dp_PKG_BIN} audit "${dp_PKGNAME}"); then
${dp_ECHO_MSG} "===> ${dp_PKGNAME} has known vulnerabilities:"
${dp_ECHO_MSG} "$vlist"
${dp_ECHO_MSG} "=> Please update your ports tree and try again."
${dp_ECHO_MSG} "=> Note: Vulnerable ports are marked as such even if there is no update available."
${dp_ECHO_MSG} "=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'"
exit 1
fi