diff --git a/Makefile.am b/Makefile.am index d8b928d072..0ef5c6527e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -62,6 +62,7 @@ dist_hook_DATA= src/etc/poudriere.d/hooks/bulk.sh.sample \ dist_pkgdata_DATA= \ src/share/poudriere/api.sh \ + src/share/poudriere/audit.sh \ src/share/poudriere/bulk.sh \ src/share/poudriere/common.sh \ src/share/poudriere/daemon.sh \ diff --git a/Makefile.in b/Makefile.in index 17771bac5e..be4c43b2da 100644 --- a/Makefile.in +++ b/Makefile.in @@ -722,6 +722,7 @@ dist_hook_DATA = src/etc/poudriere.d/hooks/bulk.sh.sample \ dist_pkgdata_DATA = \ src/share/poudriere/api.sh \ + src/share/poudriere/audit.sh \ src/share/poudriere/bulk.sh \ src/share/poudriere/common.sh \ src/share/poudriere/daemon.sh \ diff --git a/src/bin/poudriere.in b/src/bin/poudriere.in index 60c3fd26fd..540c2ff011 100644 --- a/src/bin/poudriere.in +++ b/src/bin/poudriere.in @@ -58,6 +58,7 @@ Options: -v -- Be verbose; show more information. Use twice to enable debug output Commands: + audit -- Audit the packages in the repository bulk -- Generate packages for given ports distclean -- Remove old distfiles daemon -- Launch the poudriere daemon @@ -124,7 +125,7 @@ shift # Valid command list. case "${CMD}" in -api|bulk|distclean|daemon|image|jail|foreachport|logclean|ports|options|pkgclean|queue|status|testport) +api|audit|bulk|distclean|daemon|image|jail|foreachport|logclean|ports|options|pkgclean|queue|status|testport) ;; jails) CMD="jail" diff --git a/src/share/poudriere/audit.sh b/src/share/poudriere/audit.sh new file mode 100755 index 0000000000..3762118a2e --- /dev/null +++ b/src/share/poudriere/audit.sh @@ -0,0 +1,83 @@ +#!/bin/sh +# +# Copyright (c) 2023 Brad Davis +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +. ${SCRIPTPREFIX}/common.sh + +usage() { + cat <] [-p ] -j + +Options: + -j name -- Run on the given jail + -p tree -- Specify which ports tree to use for comparing to distfiles. + Can be specified multiple times. (Defaults to the 'default' + tree) + -z set -- Specify which SET to use +EOF + exit ${EX_USAGE} +} + +[ $# -eq 0 ] && usage + +: ${PTNAME:=default} +SETNAME="" + + +while getopts "j:p:z:" FLAG; do + case "${FLAG}" in + j) + jail_exists ${OPTARG} || err 1 "No such jail: ${OPTARG}" + JAILNAME=${OPTARG} + ;; + p) + porttree_exists ${OPTARG} || \ + err 1 "No such ports tree: ${OPTARG}" + PTNAME="${OPTARG}" + ;; + z) + [ -n "${OPTARG}" ] || err 1 "Empty set name" + SETNAME="${OPTARG}" + ;; + *) + usage + ;; + esac +done + +[ -z "${JAILNAME}" ] && \ + err 1 "Don't know on which jail to run please specify -j" + +MASTERNAME=${JAILNAME}-${PTNAME}${SETNAME:+-${SETNAME}} +PACKAGES="${POUDRIERE_DATA:?}/packages/${MASTERNAME}" +_mastermnt MASTERMNT + +PKG_EXT='*' package_dir_exists_and_has_packages || \ + err 0 "No packages exist for ${MASTERNAME}" + +msg "Auditing for jail '${JAILNAME}'" +if ! ${PKG_BIN} audit -d "${PACKAGES}"; then + exit 1 +fi