On Monday 06 October 2008 14:22:13 Eygene Ryabinkin wrote: > Mel, > > Mon, Oct 06, 2008 at 01:07:51PM +0200, Mel wrote: > > On Monday 06 October 2008 12:28:48 Eygene Ryabinkin wrote: > > Once you have the origin of the port, you can: > > - make -C $PORTSDIR/$origin -V PKGNAME > > - get the matching origin(s) out of ${INDEXDIR}/${INDEXFILE} > > - get the matching origin(s) out of a downloaded INDEX.bz2 > > > > This covers the majority of cases. > > > > What portaudit lacks, is providing the origin along with the installed > > package name in easily parseable format. So, a central server wanting to > > query all the machines for vulnerable packages, now has to do an extra > > step of going into $PKG_DBDIR/$pkgname/+CONTENTS and getting the @comment > > ORIGIN: line, while (port|pkg_)audit has just been there. > > > > This would be something I'd expect: > > ssh clientmachine "/usr/sbin/pkg_audit -l" > > foo-1.2,3:misc/foo > > bar-4.5_6:devel/bar > > ... > > OK, got it. There is one neat: pkg_audit should be feeded with the > contents of the auditfile and the latter is located in the tar archive. > So, if you wouldn't mind about the following sequence > ----- > tar xf /var/db/portaudit/auditfile.tbz > pkg_audit < auditfile | portaudit-checknew -o | cut -d '|' -f1,4,5 > ----- > then I can add the flag '-o' to the portaudit-checknew: it will > additionally output the port origin along with the new version. > > Is that what you meant?
What I meant is the '-o' flag in pkg_audit, so I can figure out myself whether it's new or not and my buildserver can prioritize it's builds based on vulnerable packages it's clients have installed. The origin is the unique key that identifies any port, so that's vital information in a pipeline. -- Mel _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"