Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits c178d43
audit: add option to ignore deprecation and expiration
Baptiste Daroussin committed 4 years ago
commit c178d437f9f7abd361f0ac657de4c0e73dbb0154
parent 270501e
1 file changed +25 -11
modified scripts/periodic/410.pkg-audit.in
@@ -44,6 +44,8 @@ fi
: ${security_status_pkgaudit_jails=$pkg_jails}

: ${security_status_pkgaudit_jails_ignore+=""}

: ${security_status_pkgaudit_expiry:=2}
+ 
: ${security_status_pkgaudit_expiration:=YES}
+ 
: ${security_status_pkgaudit_deprecation:=YES}



security_daily_compat_var security_status_pkgaudit_enable

security_daily_compat_var security_status_pkgaudit_quiet
@@ -84,23 +86,35 @@ audit_pkgs() {
expiration_pkgs() {

	local pkgargs="$1"
- 
	output=$(${pkgcmd} ${pkgargs} annotate -a -S expiration_date)
+ 
	case "$security_status_pkgaudit_expiration" in
+ 
	[Yy][Ee][Ss])
- 
	if [ -n "${output}" ]; then
- 
		echo "${output}"
- 
		return 3
- 
	fi
+ 
		output=$(${pkgcmd} ${pkgargs} annotate -a -S expiration_date)
+
+ 
		if [ -n "${output}" ]; then
+ 
			echo "${output}"
+ 
			return 3
+ 
		fi
+ 
		;;
+ 
	*)
+ 
		return 0;;
+ 
	esac

}



deprecation_pkgs() {

	local pkgargs="$1"
- 
	output=$(${pkgcmd} ${pkgargs} annotate -a -S deprecated)
-
- 
	if [ -n "${output}" ]; then
- 
		echo "${output}"
- 
		return 3
- 
	fi
+ 
	case "$security_status_pkgaudit_deprecation" in
+ 
	[Yy][Ee][Ss])
+ 
		output=$(${pkgcmd} ${pkgargs} annotate -a -S deprecated)
+ 
		if [ -n "${output}" ]; then
+ 
			echo "${output}"
+ 
			return 3
+ 
		fi
+ 
		;;
+ 
	*)
+ 
		return 0;;
+ 
	esac

}



# Use $pkg_chroots to provide a default list of chroots, and