Changeset View
Changeset View
Standalone View
Standalone View
Mk/Scripts/check-vulnerable.sh
- This file was added.
#!/bin/sh | |||||
# $FreeBSD$ | |||||
# | |||||
# MAINTAINER: portmgr@FreeBSD.org | |||||
set -e | |||||
. "${dp_SCRIPTSDIR}/functions.sh" | |||||
validate_env dp_ECHO_MSG dp_PKG_BIN dp_PORTNAME | |||||
[ -n "${DEBUG_MK_SCRIPTS}" -o -n "${DEBUG_MK_SCRIPTS_CHECK_VULNERABLE}" ] && set -x | |||||
set -u | |||||
# If the package is pkg, disable these checks, it fails while | |||||
# upgrading when pkg is not there. | |||||
# FIXME: check is this is still true | |||||
if [ "${dp_PORTNAME}" = "pkg" ]; then | |||||
exit 0 | |||||
fi | |||||
if [ -x "${dp_PKG_BIN}" ]; then | |||||
vlist=$(${dp_PKG_BIN} audit "${dp_PKGNAME}" || :) | |||||
if [ "${vlist}" = "0 problem(s) in the installed packages found." ]; then | |||||
vlist="" | |||||
fi | |||||
fi | |||||
if [ -n "$vlist" ]; then | |||||
${dp_ECHO_MSG} "===> ${dp_PKGNAME} has known vulnerabilities:" | |||||
${dp_ECHO_MSG} "$vlist" | |||||
${dp_ECHO_MSG} "=> Please update your ports tree and try again." | |||||
${dp_ECHO_MSG} "=> Note: Vulnerable ports are marked as such even if there is no update available." | |||||
${dp_ECHO_MSG} "=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'" | |||||
exit 1 | |||||
fi |