Index: head/Mk/Scripts/check-vulnerable.sh =================================================================== --- head/Mk/Scripts/check-vulnerable.sh (revision 417110) +++ head/Mk/Scripts/check-vulnerable.sh (revision 417111) @@ -1,35 +1,36 @@ #!/bin/sh # $FreeBSD$ # # MAINTAINER: portmgr@FreeBSD.org set -e . "${dp_SCRIPTSDIR}/functions.sh" validate_env dp_ECHO_MSG dp_PKG_BIN dp_PORTNAME dp_PKGNAME [ -n "${DEBUG_MK_SCRIPTS}" -o -n "${DEBUG_MK_SCRIPTS_CHECK_VULNERABLE}" ] && set -x set -u # If the package is pkg, disable these checks, it fails while # upgrading when pkg is not there. # FIXME: check is this is still true if [ "${dp_PORTNAME}" = "pkg" ]; then exit 0 fi -if [ -x "${dp_PKG_BIN}" ]; then - vlist=$(${dp_PKG_BIN} audit "${dp_PKGNAME}" || :) - if [ "${vlist}" = "0 problem(s) in the installed packages found." ]; then - vlist="" - else - ${dp_ECHO_MSG} "===> ${dp_PKGNAME} has known vulnerabilities:" - ${dp_ECHO_MSG} "$vlist" - ${dp_ECHO_MSG} "=> Please update your ports tree and try again." - ${dp_ECHO_MSG} "=> Note: Vulnerable ports are marked as such even if there is no update available." - ${dp_ECHO_MSG} "=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'" - exit 1 - fi +if [ ! -x "${dp_PKG_BIN}" ]; then + exit 0 +fi + +vlist=$(${dp_PKG_BIN} audit "${dp_PKGNAME}" || :) + +if [ "${vlist}" != "0 problem(s) in the installed packages found." ]; then + ${dp_ECHO_MSG} "===> ${dp_PKGNAME} has known vulnerabilities:" + ${dp_ECHO_MSG} "$vlist" + ${dp_ECHO_MSG} "=> Please update your ports tree and try again." + ${dp_ECHO_MSG} "=> Note: Vulnerable ports are marked as such even if there is no update available." + ${dp_ECHO_MSG} "=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'" + exit 1 fi Index: head/Mk/Scripts/checksum.sh =================================================================== --- head/Mk/Scripts/checksum.sh (revision 417110) +++ head/Mk/Scripts/checksum.sh (revision 417111) @@ -1,91 +1,93 @@ #!/bin/sh # $FreeBSD$ # # MAINTAINER: portmgr@FreeBSD.org set -e . "${dp_SCRIPTSDIR}/functions.sh" validate_env dp_CHECKSUM_ALGORITHMS dp_CURDIR dp_DISTDIR dp_DISTINFO_FILE \ dp_DIST_SUBDIR dp_ECHO_MSG dp_FETCH_REGET dp_MAKE dp_MAKEFLAGS \ dp_DISABLE_SIZE dp_NO_CHECKSUM [ -n "${DEBUG_MK_SCRIPTS}" -o -n "${DEBUG_MK_SCRIPTS_CHECKSUM}" ] && set -x set -u check_checksum_algorithms if [ -f "${dp_DISTINFO_FILE}" ]; then cd "${dp_DISTDIR}" OK= refetchlist= for file in "${@}"; do ignored="true" for alg in ${dp_CHECKSUM_ALGORITHMS}; do ignore="false" eval "alg_executable=\$dp_${alg}" if [ "$alg_executable" != "NO" ]; then MKSUM=$($alg_executable < "${file}") CKSUM=$(distinfo_data "${alg}" "${file}") else ignore="true" fi if [ $ignore = "false" -a -z "$CKSUM" ]; then ${dp_ECHO_MSG} "=> No $alg checksum recorded for $file." ignore="true" fi - if [ $ignore = "false" ]; then - match="false" - for chksum in $CKSUM; do - if [ "$chksum" = "$MKSUM" ]; then - match="true" - break - fi - done - if [ $match = "true" ]; then - ${dp_ECHO_MSG} "=> $alg Checksum OK for $file." - ignored="false" - else - ${dp_ECHO_MSG} "=> $alg Checksum mismatch for $file." - refetchlist="$refetchlist $file " - OK="${OK:-retry}" - [ "${OK}" = "retry" -a "${dp_FETCH_REGET}" -gt 0 ] && rm -f "${file}" - ignored="false" + if [ $ignore != "false" ]; then + continue + fi + + match="false" + for chksum in $CKSUM; do + if [ "$chksum" = "$MKSUM" ]; then + match="true" + break fi + done + if [ $match = "true" ]; then + ${dp_ECHO_MSG} "=> $alg Checksum OK for $file." + ignored="false" + else + ${dp_ECHO_MSG} "=> $alg Checksum mismatch for $file." + refetchlist="$refetchlist $file " + OK="${OK:-retry}" + [ "${OK}" = "retry" -a "${dp_FETCH_REGET}" -gt 0 ] && rm -f "${file}" + ignored="false" fi done if [ $ignored = "true" ]; then ${dp_ECHO_MSG} "=> No suitable checksum found for $file." OK=false fi done if [ "${OK:=true}" = "retry" ] && [ "${dp_FETCH_REGET}" -gt 0 ]; then ${dp_ECHO_MSG} "===> Refetch for ${dp_FETCH_REGET} more times files: $refetchlist" if ${dp_MAKE} -C "${dp_CURDIR}" ${dp_MAKEFLAGS} FORCE_FETCH_LIST="$refetchlist" FETCH_REGET="$((dp_FETCH_REGET - 1))" fetch; then if ${dp_MAKE} -C "${dp_CURDIR}" ${dp_MAKEFLAGS} FETCH_REGET="$((dp_FETCH_REGET - 1))" checksum ; then OK="true" fi fi fi if [ "$OK" != "true" -a "${dp_FETCH_REGET}" -eq 0 ]; then ${dp_ECHO_MSG} "===> Giving up on fetching files: $refetchlist" ${dp_ECHO_MSG} "Make sure the Makefile and distinfo file (${dp_DISTINFO_FILE})" ${dp_ECHO_MSG} "are up to date. If you are absolutely sure you want to override this" ${dp_ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"." exit 1 fi if [ "$OK" != "true" ]; then exit 1 fi elif [ -n "${@}" ]; then ${dp_ECHO_MSG} "=> No checksum file (${DISTINFO_FILE})." exit 1 fi Index: head/Mk/Scripts/do-fetch.sh =================================================================== --- head/Mk/Scripts/do-fetch.sh (revision 417110) +++ head/Mk/Scripts/do-fetch.sh (revision 417111) @@ -1,165 +1,166 @@ #!/bin/sh # $FreeBSD$ # # MAINTAINER: portmgr@FreeBSD.org set -e . "${dp_SCRIPTSDIR}/functions.sh" validate_env dp_DEVELOPER dp_DISABLE_SIZE dp_DISTDIR dp_DISTINFO_FILE \ dp_DIST_SUBDIR dp_ECHO_MSG dp_FETCH_AFTER_ARGS dp_FETCH_BEFORE_ARGS \ dp_FETCH_CMD dp_FETCH_ENV dp_FORCE_FETCH_ALL dp_FORCE_FETCH_LIST \ dp_MASTER_SITE_BACKUP dp_MASTER_SITE_OVERRIDE dp_MASTER_SORT_AWK \ dp_NO_CHECKSUM dp_RANDOMIZE_SITES dp_SITE_FLAVOR dp_TARGET [ -n "${DEBUG_MK_SCRIPTS}" -o -n "${DEBUG_MK_SCRIPTS_DO_FETCH}" ] && set -x set -u mkdir -p "${dp_DISTDIR}" cd "${dp_DISTDIR}" for _file in "${@}"; do file=${_file%%:*} # If this files has groups if [ "$_file" = "$file" ]; then select=DEFAULT else select=$(echo "${_file##*:}" | sed -e 's/,/ /g') fi filebasename=${file##*/} if [ -n "${dp_FORCE_FETCH_ALL}" ]; then force_fetch=true else force_fetch=false for afile in ${dp_FORCE_FETCH_LIST}; do afile=${afile##*/} if [ "x$afile" = "x$filebasename" ]; then force_fetch=true fi done fi - if [ ! -f "${file}" -a ! -f "$filebasename" -o "$force_fetch" = "true" ]; then - full_file="${dp_DIST_SUBDIR:+${dp_DIST_SUBDIR}/}${file}" - if [ -L "$file" -o -L "$filebasename" ]; then - ${dp_ECHO_MSG} "=> ${dp_DISTDIR}/$file is a broken symlink." - ${dp_ECHO_MSG} "=> Perhaps a filesystem (most likely a CD) isn't mounted?" - ${dp_ECHO_MSG} "=> Please correct this problem and try again." + if [ '(' -f "${file}" -o -f "$filebasename" ')' -a "$force_fetch" != "true" ]; then + continue + fi + full_file="${dp_DIST_SUBDIR:+${dp_DIST_SUBDIR}/}${file}" + if [ -L "$file" -o -L "$filebasename" ]; then + ${dp_ECHO_MSG} "=> ${dp_DISTDIR}/$file is a broken symlink." + ${dp_ECHO_MSG} "=> Perhaps a filesystem (most likely a CD) isn't mounted?" + ${dp_ECHO_MSG} "=> Please correct this problem and try again." + exit 1 + fi + if [ -f "${dp_DISTINFO_FILE}" -a -z "${dp_NO_CHECKSUM}" ]; then + _sha256sum=$(distinfo_data SHA256 "${full_file}") + if [ -z "$_sha256sum" ]; then + ${dp_ECHO_MSG} "=> ${dp_DIST_SUBDIR:+$dp_DIST_SUBDIR/}$file is not in ${dp_DISTINFO_FILE}." + ${dp_ECHO_MSG} "=> Either ${dp_DISTINFO_FILE} is out of date, or" + ${dp_ECHO_MSG} "=> ${dp_DIST_SUBDIR:+$dp_DIST_SUBDIR/}$file is spelled incorrectly." exit 1 fi - if [ -f "${dp_DISTINFO_FILE}" -a -z "${dp_NO_CHECKSUM}" ]; then - _sha256sum=$(distinfo_data SHA256 "${full_file}") - if [ -z "$_sha256sum" ]; then - ${dp_ECHO_MSG} "=> ${dp_DIST_SUBDIR:+$dp_DIST_SUBDIR/}$file is not in ${dp_DISTINFO_FILE}." - ${dp_ECHO_MSG} "=> Either ${dp_DISTINFO_FILE} is out of date, or" - ${dp_ECHO_MSG} "=> ${dp_DIST_SUBDIR:+$dp_DIST_SUBDIR/}$file is spelled incorrectly." - exit 1 - fi - fi - case ${dp_TARGET} in + fi + case ${dp_TARGET} in do-fetch|makesum) ${dp_ECHO_MSG} "=> $file doesn't seem to exist in ${dp_DISTDIR}." if [ ! -w "${dp_DISTDIR}" ]; then ${dp_ECHO_MSG} "=> ${dp_DISTDIR} is not writable by you; cannot fetch." exit 1 fi ;; - esac - __MASTER_SITES_TMP= - for group in $select; do - # Disable nounset for this, it may come up empty, but - # we don't want to fail with a strange error here. - set +u - eval ___MASTER_SITES_TMP="\${_${dp_SITE_FLAVOR}_SITES_${group}}" - set -u - if [ -n "${___MASTER_SITES_TMP}" ] ; then - __MASTER_SITES_TMP="${__MASTER_SITES_TMP} ${___MASTER_SITES_TMP}" - else - case ${dp_TARGET} in + esac + __MASTER_SITES_TMP= + for group in $select; do + # Disable nounset for this, it may come up empty, but + # we don't want to fail with a strange error here. + set +u + eval ___MASTER_SITES_TMP="\${_${dp_SITE_FLAVOR}_SITES_${group}}" + set -u + if [ -n "${___MASTER_SITES_TMP}" ] ; then + __MASTER_SITES_TMP="${__MASTER_SITES_TMP} ${___MASTER_SITES_TMP}" + else + case ${dp_TARGET} in do-fetch|makesum) if [ -n "${dp_DEVELOPER}" ]; then ${dp_ECHO_MSG} "===> /!\\ Error /!\\" else ${dp_ECHO_MSG} "===> /!\\ Warning /!\\" fi ${dp_ECHO_MSG} " The :${group} group used for $file is missing" ${dp_ECHO_MSG} " from ${dp_SITE_FLAVOR}_SITES. Check for typos, or errors." if [ -n "${dp_DEVELOPER}" ]; then exit 1 fi ;; - esac + esac - fi - done - ___MASTER_SITES_TMP= - SORTED_MASTER_SITES_CMD_TMP="echo ${dp_MASTER_SITE_OVERRIDE} $(echo -n "${__MASTER_SITES_TMP}" | awk "${dp_MASTER_SORT_AWK}") ${dp_MASTER_SITE_BACKUP}" - case ${dp_TARGET} in - fetch-list) - echo -n "mkdir -p ${dp_DISTDIR} && " - echo -n "cd ${dp_DISTDIR} && { " + fi + done + ___MASTER_SITES_TMP= + SORTED_MASTER_SITES_CMD_TMP="echo ${dp_MASTER_SITE_OVERRIDE} $(echo -n "${__MASTER_SITES_TMP}" | awk "${dp_MASTER_SORT_AWK}") ${dp_MASTER_SITE_BACKUP}" + case ${dp_TARGET} in + fetch-list) + echo -n "mkdir -p ${dp_DISTDIR} && " + echo -n "cd ${dp_DISTDIR} && { " + ;; + esac + sites_remaining=0 + sites="$(${SORTED_MASTER_SITES_CMD_TMP} ${dp_RANDOMIZE_SITES})" + for site in ${sites}; do + sites_remaining=$((sites_remaining + 1)) + done + for site in ${sites}; do + sites_remaining=$((sites_remaining - 1)) + CKSIZE=$(distinfo_data SIZE "${full_file}") + # There is a lot of escaping, but the " needs to survive echo/eval. + case ${file} in + */*) + mkdir -p "${file%/*}" + args="-o ${file} ${site}${file}" ;; + *) + args="${site}${file}" + ;; esac - sites_remaining=0 - sites="$(${SORTED_MASTER_SITES_CMD_TMP} ${dp_RANDOMIZE_SITES})" - for site in ${sites}; do - sites_remaining=$((sites_remaining + 1)) - done - for site in ${sites}; do - sites_remaining=$((sites_remaining - 1)) - CKSIZE=$(distinfo_data SIZE "${full_file}") - # There is a lot of escaping, but the " needs to survive echo/eval. - case ${file} in - */*) - mkdir -p "${file%/*}" - args="-o ${file} ${site}${file}" - ;; - *) - args="${site}${file}" - ;; - esac - _fetch_cmd="${dp_FETCH_CMD} ${dp_FETCH_BEFORE_ARGS}" - if [ -z "${dp_DISABLE_SIZE}" -a -n "${CKSIZE}" ]; then - _fetch_cmd="${_fetch_cmd} -S ${CKSIZE}" - fi - _fetch_cmd="${_fetch_cmd} ${args} ${dp_FETCH_AFTER_ARGS}" - case ${dp_TARGET} in + _fetch_cmd="${dp_FETCH_CMD} ${dp_FETCH_BEFORE_ARGS}" + if [ -z "${dp_DISABLE_SIZE}" -a -n "${CKSIZE}" ]; then + _fetch_cmd="${_fetch_cmd} -S ${CKSIZE}" + fi + _fetch_cmd="${_fetch_cmd} ${args} ${dp_FETCH_AFTER_ARGS}" + case ${dp_TARGET} in do-fetch|makesum) ${dp_ECHO_MSG} "=> Attempting to fetch ${site}${file}" if env -S "${dp_FETCH_ENV}" ${_fetch_cmd}; then actual_size=$(stat -f %z "${file}") if [ -n "${dp_DISABLE_SIZE}" ] || [ -z "${CKSIZE}" ] || [ "${actual_size}" -eq "${CKSIZE}" ]; then continue 2 else ${dp_ECHO_MSG} "=> Fetched file size mismatch (expected ${CKSIZE}, actual ${actual_size})" if [ ${sites_remaining} -gt 0 ]; then ${dp_ECHO_MSG} "=> Trying next site" rm -f "${file}" fi fi fi ;; fetch-list) echo -n "env $(escape "${_fetch_cmd}") || " ;; fetch-url-list-int) echo ${args} ;; - esac - done - case ${dp_TARGET} in + esac + done + case ${dp_TARGET} in do-fetch|makesum) ${dp_ECHO_MSG} "=> Couldn't fetch it - please try to retrieve this" ${dp_ECHO_MSG} "=> port manually into ${dp_DISTDIR} and try again." exit 1 ;; fetch-list) - echo "echo \"${file}\" not fetched; }" ; \ + echo "echo \"${file}\" not fetched; }" ;; - esac - fi + esac done