head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.10 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.8 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.6 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.4 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.2 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.2.0.18 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.16 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.14 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.12 pkgsrc-2008Q2-base:1.2 cwrapper-base:1.2 cwrapper:1.2.0.10 pkg_install-renovation:1.2.0.8 pkg_install-renovation-base:1.2 pkgsrc-2008Q1:1.2.0.6 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.4 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.2 pkgsrc-2007Q3-base:1.2; locks; strict; comment @# @; 1.3 date 2009.02.02.12.35.00; author joerg; state dead; branches; next 1.2; 1.2 date 2007.09.17.22.40.27; author adrianp; state Exp; branches; next 1.1; 1.1 date 2007.07.14.20.17.09; author adrianp; state Exp; branches; next ; desc @@ 1.3 log @Merge pkg_install-20090201 from pkg_install-renovation branch. - DB support is always included from libnbcompat if needed - pkg_view and linkfarm are not installed any more; they are not moved into the attic yet, so they can easily be installed as separte package - common configuration file to customise the behavior of various components; this supersedes the old audit-packages.conf - support for PKSC7 signatures (using X509 certs) and GPG signatures for packages in a secure way. See pkg_admin(8) for how to create them and pkg_install.conf(5) for the options to use them - audit-packages and download-vulnerability-list are wrapper scripts around pkg_admin. They try to mimic the classic options if used sanely. "pkg_admin audit" is now an order of magnitude faster than before - pkg_add uses libarchive and libfetch instead of external ftp and tar: - progress bar is currently missing for downloads - "pkg_add -" is no longer supported - no adhoc check for conficts between dependencies and already installed packages - "pkg_add -s" has been replaced with an option in pkg_install.conf, verification of plain detached GPG signatures is no longer supported - optional check for vulnerabilities before adding a package - if /var and /usr/pkg are on different fileystems it is twice as fast now - conflicts due to overlapping plists are checked before installation - pkg_add no longer plays with the process limits - pkg_add and pkg_delete have a new destdir option; scripts have to either be modified to use PKG_DESTDIR or should be disabled - pkg_add -u for now can't be used to update to the exact same version - internal "rm -rf" and "mkdir_p" code - all memory allocation failures are not explicitly fatal - if a file is not removed due to a failed checksum, still remove the entry from pkgdb @ text @# $NetBSD: audit-packages.conf.in,v 1.2 2007/09/17 22:40:27 adrianp Exp $ # # sample configuration file for audit-packages(8) and # download-vulnerability-list(8) # # GPG # # Specifies the full path to the gpg tool that will be used for verifying # the signature on the downloaded pkg-vulnerabilities file. # # Used by: audit-packages download-vulnerability-list # Supported: /path/to/gpg # Default: GPG="@@prefix@@/bin/gpg" # PKGVULNDIR # # Specifies the directory the pkg-vulnerabilities file is located in. # # Used by: audit-packages download-vulnerability-list # Supported: /path/to/pkg-vulnerabilities/ # Default: PKGVULNDIR="@@pkgdbdir@@" # COMPRESS_TYPE # # Specifies which type of compressed pkg-vulnerabilities file to # download. You can also specify COMPRESS_TYPE="" to use # and uncompressed version of the file. # # If you change this from the default you must specify a COMPRESS_TOOL. # # Used by: download-vulnerability-list # Supported: gzip bzip2 (none) # Default: COMPRESS_TYPE="gzip" # COMPRESS_TOOL # # Specifies which tool will be used when dealing with the compressed # pkg-vulnerabilities file. # # Used by: download-vulnerability-list # Supported: Any local binary that can decompress the # pkg-vulnerabilities file to stdout # Default: COMPRESS_TOOL="@@gzcat@@" # FETCH_CMD # # Specifies the tool that will be used to fetch the pkg-vulnerabilities # file. # # Used by: download-vulnerability-list # Supported: /path/to/curl /path/to/ftp /path/to/wget /path/to/fetch # Default: FETCH_CMD=@@ftp@@ # FETCH_PRE_ARGS # # Specifies optional arguments for the download-vulnerability-list client. # These options appear before ${FETCH_CMD}. # # Used by: download-vulnerability-list # Supported: Any valid arguments for FETCH_CMD # Default: FETCH_PRE_ARGS= # FETCH_ARGS # # Specifies optional arguments for the download-vulnerability-list client. # # Used by: download-vulnerability-list # Supported: Any valid arguments for FETCH_CMD # Default: FETCH_ARGS= # FETCH_PROTO # # Specifies the protocol to use when fetching the pkg-vulnerabilities file. # # Used by: download-vulnerability-list # Supported: ftp http # Default: FETCH_PROTO="ftp" # IGNORE_URLS # # A list of vulnerability URLs to be ignored. # # Used by: audit-packages # Supported: Valid URL(s) from pkg-vulnerabilities # Default: IGNORE_URLS= @ 1.2 log @Add and document FETCH_PRE_ARGS, idea from David Sainty in PR #23899. This allows such settings as the following in audit-packages.conf: FETCH_PRE_ARGS="env ftp_proxy://ftp.myproxy.com" Which will be set before FETCH_CMD is run. @ text @d1 1 a1 1 # $NetBSD: audit-packages.conf.in,v 1.1 2007/07/14 20:17:09 adrianp Exp $ @ 1.1 log @Update to pkg_install-20070714 Merge of audit-packages with various improvements: * Version 20070714 Initial release of re-write in C Add support for notfication of eol packages (-e) Multiple levels of verbosity (e.g. -v -v) Specify a custom config file to use (-c) Query running config values (-Q) Default to download .gz compress pkg-vulnerabilities file Support for .bz2 compress pkg-vulnerabilities file Verify signature on downloaded files (-s) Thanks to tron@@, jschauma@@, agc@@, joerg@@ and pkgsrc-security@@ for feedback and testing. @ text @d1 1 a1 1 # $NetBSD$ d56 9 @