head	1.5;
access;
symbols
	pkgsrc-2013Q2:1.5.0.10
	pkgsrc-2013Q2-base:1.5
	pkgsrc-2012Q4:1.5.0.8
	pkgsrc-2012Q4-base:1.5
	pkgsrc-2011Q4:1.5.0.6
	pkgsrc-2011Q4-base:1.5
	pkgsrc-2011Q2:1.5.0.4
	pkgsrc-2011Q2-base:1.5
	pkgsrc-2009Q4:1.5.0.2
	pkgsrc-2009Q4-base:1.5
	pkgsrc-2008Q4:1.4.0.18
	pkgsrc-2008Q4-base:1.4
	pkgsrc-2008Q3:1.4.0.16
	pkgsrc-2008Q3-base:1.4
	cube-native-xorg:1.4.0.14
	cube-native-xorg-base:1.4
	pkgsrc-2008Q2:1.4.0.12
	pkgsrc-2008Q2-base:1.4
	cwrapper-base:1.4
	cwrapper:1.4.0.10
	pkg_install-renovation:1.4.0.8
	pkg_install-renovation-base:1.4
	pkgsrc-2008Q1:1.4.0.6
	pkgsrc-2008Q1-base:1.4
	pkgsrc-2007Q4:1.4.0.4
	pkgsrc-2007Q4-base:1.4
	pkgsrc-2007Q3:1.4.0.2
	pkgsrc-2007Q3-base:1.4;
locks; strict;
comment	@# @;


1.5
date	2009.02.02.12.35.00;	author joerg;	state dead;
branches;
next	1.4;

1.4
date	2007.09.17.22.40.27;	author adrianp;	state Exp;
branches;
next	1.3;

1.3
date	2007.07.21.10.21.04;	author adrianp;	state Exp;
branches;
next	1.2;

1.2
date	2007.07.16.09.57.57;	author joerg;	state Exp;
branches;
next	1.1;

1.1
date	2007.07.14.20.17.09;	author adrianp;	state Exp;
branches;
next	;


desc
@@


1.5
log
@Merge pkg_install-20090201 from pkg_install-renovation branch.

- DB support is always included from libnbcompat if needed
- pkg_view and linkfarm are not installed any more; they are not moved
into the attic yet, so they can easily be installed as separte package
- common configuration file to customise the behavior of various
components; this supersedes the old audit-packages.conf
- support for PKSC7 signatures (using X509 certs) and GPG signatures for
packages in a secure way. See pkg_admin(8) for how to create them and
pkg_install.conf(5) for the options to use them
- audit-packages and download-vulnerability-list are wrapper scripts
  around pkg_admin. They try to mimic the classic options if used sanely.
  "pkg_admin audit" is now an order of magnitude faster than before
- pkg_add uses libarchive and libfetch instead of external ftp and tar:
  - progress bar is currently missing for downloads
  - "pkg_add -" is no longer supported
  - no adhoc check for conficts between dependencies and already
    installed packages
  - "pkg_add -s" has been replaced with an option in pkg_install.conf,
    verification of plain detached GPG signatures is no longer supported
  - optional check for vulnerabilities before adding a package
  - if /var and /usr/pkg are on different fileystems it is twice as fast
    now
  - conflicts due to overlapping plists are checked before installation
  - pkg_add no longer plays with the process limits
- pkg_add and pkg_delete have a new destdir option; scripts have to
  either be modified to use PKG_DESTDIR or should be disabled
- pkg_add -u for now can't be used to update to the exact same version
- internal "rm -rf" and "mkdir_p" code
- all memory allocation failures are not explicitly fatal
- if a file is not removed due to a failed checksum, still remove the
  entry from pkgdb
@
text
@.\" $NetBSD: audit-packages.conf.5.in,v 1.4 2007/09/17 22:40:27 adrianp Exp $
.\"
.\" Copyright (c) 2007 Adrian Portelli.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"      This product includes software developed by Adrian Portelli
.\"      for the NetBSD project.
.\" 4. The name of the author may not be used to endorse or promote
.\"    products derived from this software without specific prior written
.\"    permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
.\" GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd July 07, 2007
.Os
.Dt audit-packages.conf 5
.Sh NAME
.Nm audit-packages.conf
.Nd audit-packages and download-vulnerability-list configuration file.
.Sh DESCRIPTION
The
.Nm
file contains the configuration information for
.Xr download-vulnerability-list 8
and
.Xr audit-packages 8 .
.Pp
These variables can be defined in the
.Xr audit-packages.conf 8
file.
.Pp
.Bl -tag -width COMPRESS_TYPE
.It Ev GPG
The full path to the location of the binary used to verify the signature
on the downloaded 
.Pa pkg-vulnerabilities 
file.  Currently only GnuPG is supported.  
.Pp
The default is "@@prefix@@/bin/gpg".
.It Ev PKGVULNDIR
Specifies the directory containing the
.Pa pkg-vulnerabilities
file.  
.Pp
The default is "@@pkgdbdir@@".
.It Ev COMPRESS_TYPE
Specifies which type of compressed
.Pa pkg-vulnerabilities 
file to download.  You can also specify COMPRESS_TYPE="" to use
and uncompressed version of the file.  If you change this from the 
default you must specify a COMPRESS_TOOL.  The 
currently accepted options are gzip and bzip2.
.It Ev COMPRESS_TOOL
The full path to the location of the binary used to 
decompress the downloaded 
.Pa pkg-vulnerabilities 
file.  
.Pp
The default is "@@gzcat@@".
.It Ev FETCH_CMD
Specifies the client used to download the
.Pa pkg-vulnerabilities 
file.  Currently known tools include curl, ftp, wget and fetch.
.Pp
The default is @@ftp@@. 
.It Ev FETCH_PRE_ARGS
Specifies optional arguments for the
.Pa download-vulnerability-list 
client. These options appear before FETCH_CMD.
.It Ev FETCH_ARGS
Specifies optional arguments for the client used to download the
.Pa pkg-vulnerabilities 
file.
.It Ev FETCH_PROTO
Specifies the protocol to use when fetching the
.Pa pkg-vulnerabilities
file.
Currently supports only http and ftp.
.Pp
The default is "ftp".
.It Ev IGNORE_URLS
A list of vulnerability URLs to be ignored.
This allows for ignoring certain URLs that are attached to a
vulnerability.
.El
.Sh FILES
@@sysconfdir@@/audit-packages.conf
.Sh SEE ALSO
.Xr pkg_info 1 ,
.Xr mk.conf 5 ,
.Xr pkgsrc 7 ,
.Xr audit-packages 8 and
.%T "Documentation on the NetBSD Package System"
.Sh HISTORY
The
.Nm audit-packages
and
.Nm download-vulnerability-list
commands were originally implemented and added to
.Nx Ap s
pkgsrc by
.An Alistair Crooks
on September 19, 2000.  During April 2007 
.Nm audit-packages 
was re-written by Adrian Portelli and support was added for compressed 
files and checking signatures on downloaded files.  The original idea 
came from Roland Dowdeswell and Bill Sommerfeld.
@


1.4
log
@Add and document FETCH_PRE_ARGS, idea from David Sainty in PR #23899.
This allows such settings as the following in audit-packages.conf:
FETCH_PRE_ARGS="env ftp_proxy://ftp.myproxy.com"
Which will be set before FETCH_CMD is run.
@
text
@d1 1
a1 1
.\" $NetBSD: audit-packages.conf.5.in,v 1.3 2007/07/21 10:21:04 adrianp Exp $
@


1.3
log
@Misc man page fixes
Update to autoconf 2.61
Add checks for AC_TYPE_UINT{8,16,32,64}_T
Add checks for stdint.h
Change how config file notification works
If no IGNORE_URLS directive is found then just say that
Check that pkg-vulnerabilities exists before we try any operations on it
Use st_ctime as opposed to st_ctimespec.tv_sec as the former is SUSv3
This update should fix PR #36655 and go part way to fixing PR #36662

Thanks to tnn@@ and joerg@@ for suggested fixes and Yakovetsky Vladimir and
 Stuart Shelton for testing and patches.
@
text
@d1 1
a1 1
.\" $NetBSD: audit-packages.conf.5.in,v 1.2 2007/07/16 09:57:57 joerg Exp $
d85 4
@


1.2
log
@Merge remaining small changes from NetBSD, most of all the pkgsrc.7 man
page. Fix build on !NetBSD. Rebuild man pages with nroff -mandoc on
NetBSD current for consistency. Make it DESTDIR safe. Remove the note
that src/usr.sbin/pkg_install is the authoritive version, it won't be
any longer.
@
text
@d1 1
a1 1
.\" $NetBSD: audit-packages.conf.5.in,v 1.1 2007/07/14 20:17:09 adrianp Exp $
d111 1
a111 1
.Nm
d119 4
a122 5
.Nm 
was re-written by Adrian Portelli
and support was added for compressed files and checking signatures on downloaded
files.
The original idea came from Roland Dowdeswell and Bill Sommerfeld.
@


1.1
log
@Update to pkg_install-20070714
Merge of audit-packages with various improvements:
* Version 20070714
	Initial release of re-write in C
	Add support for notfication of eol packages (-e)
	Multiple levels of verbosity (e.g. -v -v)
	Specify a custom config file to use (-c)
	Query running config values (-Q)
	Default to download .gz compress pkg-vulnerabilities file
	Support for .bz2 compress pkg-vulnerabilities file
	Verify signature on downloaded files (-s)

Thanks to tron@@, jschauma@@, agc@@, joerg@@ and pkgsrc-security@@ for feedback
and testing.
@
text
@d1 1
a1 1
.\" $NetBSD$
d106 1
a106 1
.Xr packages 7 ,
@