[BACK]Return to download-vulnerability-list CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / security / audit-packages / files

File: [cvs.NetBSD.org] / pkgsrc / security / audit-packages / files / Attic / download-vulnerability-list (download)

Revision 1.29, Fri Jul 14 22:41:58 2006 UTC (8 years, 5 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1, pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3
Changes since 1.28: +2 -2 lines

Minor typo fix.

#! @SH@

# $NetBSD: download-vulnerability-list,v 1.29 2006/07/14 22:41:58 adrianp Exp $
#
# Copyright (c) 2000-2003 Alistair Crooks.  All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
#    must display the following acknowledgement:
#	This product includes software developed by Alistair Crooks
#	for the NetBSD project.
# 4. The name of the author may not be used to endorse or promote
#    products derived from this software without specific prior written
#    permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

: ${PKGVULNDIR=@PKGVULNDIR@}
: ${FETCH_PROTO=ftp}

NEW_VUL_LIST=pkg-vulnerabilities.$$
EXIST_VUL_LIST=pkg-vulnerabilities

# pick up any settings in audit-packages.conf
if [ -r @PKG_SYSCONFDIR@/audit-packages.conf ]; then
	echo "Reading settings from @PKG_SYSCONFDIR@/audit-packages.conf"
	. @PKG_SYSCONFDIR@/audit-packages.conf
fi

VUL_SOURCE="${FETCH_PROTO}://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/pkg-vulnerabilities"

if [ ! -d ${PKGVULNDIR}/. ]; then
	echo "Creating ${PKGVULNDIR}"
	@MKDIR@ ${PKGVULNDIR} || (echo "Can't create ${PKGVULNDIR}" 1>&2; exit 1)
fi

case ${FETCH_PROTO} in
http) 	;;
ftp)	;;
*)	echo "Unknown FETCH_PROTO specified - Only http and ftp are currently supported."
	exit 1
	;;
esac

cd ${PKGVULNDIR}
utility=`echo "@FETCH_CMD@" | @AWK@ '{ print $1 }'`
case "$utility" in
*curl)	@FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
*ftp)	@FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
*wget)	@FETCH_CMD@ ${FETCH_ARGS} -O ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
*fetch)	@FETCH_CMD@ ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
*)	echo "Unknown fetch command - please use send-pr to send in support for your fetch command" 1>&2
	exit 1
	;;
esac

# see if we got a file
if [ ! -f "${NEW_VUL_LIST}" ]; then
	echo "***WARNING*** Download of vulnerabilities file failed" 1>&2
	exit 1
fi

# see if the file got damaged while it was being downloaded
errmsg=""
recordedsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' ${NEW_VUL_LIST}`
recordedalg=`@AWK@ '$1 == "#CHECKSUM" { print $2 }' ${NEW_VUL_LIST}`
case "$recordedsum" in
"")	errmsg="***WARNING*** No checksum found in the downloaded vulnerabilities file"
	;;
*)	case "$recordedalg" in
	"")	errmsg="***WARNING*** No checksum algorithm found in the downloaded vulnerabilities file"
		;;
	*)	calcsum=`@AWK@ '$1 == "#CHECKSUM" || /\$NetBSD.*/ { next } { print }' ${NEW_VUL_LIST} | @DIGEST@ $recordedalg`
		if [ "$recordedsum" != "$calcsum" ]; then
			errmsg="***WARNING*** Checksum mismatch - recorded $recordedalg checksum \"$recordedsum\", calculated checksum \"$calcsum\""
		fi
		;;
	esac
	;;
esac
case "$errmsg" in
"")	;;
*)	echo "$errmsg" 1>&2
	@RM@ -f ${NEW_VUL_LIST}
	exit 1
	;;
esac

# test to see if file has been changed
neednew=false
if [ -f ${EXIST_VUL_LIST} ]; then
	oldsum=`@AWK@ '$1 == "#CHECKSUM" { print $3 }' ${EXIST_VUL_LIST}`
	if [ "$oldsum" != "$calcsum" ]; then
		neednew=true
	fi
else
	neednew=true
fi

# if we need the new file, move it into position
if $neednew; then
	echo "Package vulnerabilities file has been updated"
	@CHMOD@ a+r ${NEW_VUL_LIST}
	@MV@ -f ${NEW_VUL_LIST} ${EXIST_VUL_LIST}
else
	echo "No change from existing package vulnerabilities file"
	@RM@ -f ${NEW_VUL_LIST}
fi

exit 0