head 1.5; access; symbols pkgsrc-2013Q2:1.5.0.10 pkgsrc-2013Q2-base:1.5 pkgsrc-2012Q4:1.5.0.8 pkgsrc-2012Q4-base:1.5 pkgsrc-2011Q4:1.5.0.6 pkgsrc-2011Q4-base:1.5 pkgsrc-2011Q2:1.5.0.4 pkgsrc-2011Q2-base:1.5 pkgsrc-2009Q4:1.5.0.2 pkgsrc-2009Q4-base:1.5 pkgsrc-2008Q4:1.4.0.18 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.16 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.14 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.12 pkgsrc-2008Q2-base:1.4 cwrapper-base:1.4 cwrapper:1.4.0.10 pkg_install-renovation:1.4.0.8 pkg_install-renovation-base:1.4 pkgsrc-2008Q1:1.4.0.6 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.4 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.2 pkgsrc-2007Q3-base:1.4; locks; strict; comment @# @; 1.5 date 2009.02.02.12.35.00; author joerg; state dead; branches; next 1.4; 1.4 date 2007.09.17.22.40.27; author adrianp; state Exp; branches; next 1.3; 1.3 date 2007.07.21.10.21.04; author adrianp; state Exp; branches; next 1.2; 1.2 date 2007.07.16.09.57.57; author joerg; state Exp; branches; next 1.1; 1.1 date 2007.07.14.20.17.09; author adrianp; state Exp; branches; next ; desc @@ 1.5 log @Merge pkg_install-20090201 from pkg_install-renovation branch. - DB support is always included from libnbcompat if needed - pkg_view and linkfarm are not installed any more; they are not moved into the attic yet, so they can easily be installed as separte package - common configuration file to customise the behavior of various components; this supersedes the old audit-packages.conf - support for PKSC7 signatures (using X509 certs) and GPG signatures for packages in a secure way. See pkg_admin(8) for how to create them and pkg_install.conf(5) for the options to use them - audit-packages and download-vulnerability-list are wrapper scripts around pkg_admin. They try to mimic the classic options if used sanely. "pkg_admin audit" is now an order of magnitude faster than before - pkg_add uses libarchive and libfetch instead of external ftp and tar: - progress bar is currently missing for downloads - "pkg_add -" is no longer supported - no adhoc check for conficts between dependencies and already installed packages - "pkg_add -s" has been replaced with an option in pkg_install.conf, verification of plain detached GPG signatures is no longer supported - optional check for vulnerabilities before adding a package - if /var and /usr/pkg are on different fileystems it is twice as fast now - conflicts due to overlapping plists are checked before installation - pkg_add no longer plays with the process limits - pkg_add and pkg_delete have a new destdir option; scripts have to either be modified to use PKG_DESTDIR or should be disabled - pkg_add -u for now can't be used to update to the exact same version - internal "rm -rf" and "mkdir_p" code - all memory allocation failures are not explicitly fatal - if a file is not removed due to a failed checksum, still remove the entry from pkgdb @ text @audit-packages.conf(5) NetBSD File Formats Manual audit-packages.conf(5) NNAAMMEE aauuddiitt--ppaacckkaaggeess..ccoonnff -- audit-packages and download-vulnerability-list configuration file. DDEESSCCRRIIPPTTIIOONN The aauuddiitt--ppaacckkaaggeess..ccoonnff file contains the configuration information for download-vulnerability-list(8) and audit-packages(8). These variables can be defined in the audit-packages.conf(8) file. GPG The full path to the location of the binary used to verify the signature on the downloaded _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. Currently only GnuPG is supported. The default is "@@prefix@@/bin/gpg". PKGVULNDIR Specifies the directory containing the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. The default is "@@pkgdbdir@@". COMPRESS_TYPE Specifies which type of compressed _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file to download. You can also specify COMPRESS_TYPE="" to use and uncompressed version of the file. If you change this from the default you must specify a COM- PRESS_TOOL. The currently accepted options are gzip and bzip2. COMPRESS_TOOL The full path to the location of the binary used to decom- press the downloaded _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. The default is "@@gzcat@@". FETCH_CMD Specifies the client used to download the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. Currently known tools include curl, ftp, wget and fetch. The default is @@ftp@@. FETCH_PRE_ARGS Specifies optional arguments for the _d_o_w_n_l_o_a_d_-_v_u_l_n_e_r_a_b_i_l_i_t_y_-_l_i_s_t client. These options appear before FETCH_CMD. FETCH_ARGS Specifies optional arguments for the client used to down- load the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. FETCH_PROTO Specifies the protocol to use when fetching the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file. Currently supports only http and ftp. The default is "ftp". IGNORE_URLS A list of vulnerability URLs to be ignored. This allows for ignoring certain URLs that are attached to a vulnera- bility. FFIILLEESS @@sysconfdir@@/audit-packages.conf SSEEEE AALLSSOO pkg_info(1), mk.conf(5), pkgsrc(7), audit-packages(8) and _D_o_c_u_m_e_n_t_a_t_i_o_n _o_n _t_h_e _N_e_t_B_S_D _P_a_c_k_a_g_e _S_y_s_t_e_m HHIISSTTOORRYY The aauuddiitt--ppaacckkaaggeess and ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt commands were origi- nally implemented and added to NetBSD's pkgsrc by Alistair Crooks on September 19, 2000. During April 2007 aauuddiitt--ppaacckkaaggeess was re-written by Adrian Portelli and support was added for compressed files and checking signatures on downloaded files. The original idea came from Roland Dowdeswell and Bill Sommerfeld. NetBSD 3.1 July 07, 2007 NetBSD 3.1 @ 1.4 log @Add and document FETCH_PRE_ARGS, idea from David Sainty in PR #23899. This allows such settings as the following in audit-packages.conf: FETCH_PRE_ARGS="env ftp_proxy://ftp.myproxy.com" Which will be set before FETCH_CMD is run. @ text @@ 1.3 log @Misc man page fixes Update to autoconf 2.61 Add checks for AC_TYPE_UINT{8,16,32,64}_T Add checks for stdint.h Change how config file notification works If no IGNORE_URLS directive is found then just say that Check that pkg-vulnerabilities exists before we try any operations on it Use st_ctime as opposed to st_ctimespec.tv_sec as the former is SUSv3 This update should fix PR #36655 and go part way to fixing PR #36662 Thanks to tnn@@ and joerg@@ for suggested fixes and Yakovetsky Vladimir and Stuart Shelton for testing and patches. @ text @d42 5 @ 1.2 log @Merge remaining small changes from NetBSD, most of all the pkgsrc.7 man page. Fix build on !NetBSD. Rebuild man pages with nroff -mandoc on NetBSD current for consistency. Make it DESTDIR safe. Remove the note that src/usr.sbin/pkg_install is the authoritive version, it won't be any longer. @ text @d63 5 a67 5 The aauuddiitt--ppaacckkaaggeess..ccoonnff and ddoowwnnllooaadd--vvuullnneerraabbiilliittyy--lliisstt commands were originally implemented and added to NetBSD's pkgsrc by Alistair Crooks on September 19, 2000. During April 2007 aauuddiitt--ppaacckkaaggeess..ccoonnff was re-written by Adrian Portelli and support was added for compressed files and check- ing signatures on downloaded files. The original idea came from Roland d70 1 a70 1 NetBSD 4.0 July 07, 2007 NetBSD 4.0 @ 1.1 log @Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@@, jschauma@@, agc@@, joerg@@ and pkgsrc-security@@ for feedback and testing. @ text @d59 1 a59 1 pkg_info(1), mk.conf(5), packages(7), audit-packages(8) and _D_o_c_u_m_e_n_t_a_t_i_o_n d70 1 a70 1 NetBSD 3.1 July 07, 2007 NetBSD 3.1 @