Add a default audit-packages configuration file for audit-packages

(part of pkg_install-20070714)
2007-07-14 19:53:52 +00:00 · 2007-07-14 19:53:52 +00:00 · 3e46582d49
commit 3e46582d49
parent 00531e457b
2 changed files with 85 additions and 7 deletions
--- a/etc/Makefile
+++ b/etc/Makefile
@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.344 2007/07/01 11:04:31 xtraeme Exp $
+#	$NetBSD: Makefile,v 1.345 2007/07/14 19:53:52 adrianp Exp $
 #	from: @(#)Makefile	8.7 (Berkeley) 5/25/95

 # Environment variables without default values:
@ -88,12 +88,12 @@ INSTALLATION_DIRS=	binary binary/sets binary/kernel installation
 BINOWN= root
 BINGRP= wheel
 UTMPGRP= utmp
-BIN1+=	bootptab changelist csh.cshrc csh.login csh.logout daily \
-	daily.conf dm.conf envsys.conf floppytab ftpchroot ftpusers \
-	gettytab group hosts hosts.lpd inetd.conf lkm.conf locate.conf \
-	login.conf mailer.conf man.conf monthly monthly.conf mrouted.conf \
-	named.conf netconfig networks newsyslog.conf nsswitch.conf ntp.conf \
-	passwd.conf phones printcap profile protocols \
+BIN1+=	audit-packages.conf bootptab changelist csh.cshrc csh.login \
+	csh.logout daily daily.conf dm.conf envsys.conf floppytab ftpchroot \
+	ftpusers gettytab group hosts hosts.lpd inetd.conf lkm.conf \
+	locate.conf login.conf mailer.conf man.conf monthly monthly.conf \
+	mrouted.conf named.conf netconfig networks newsyslog.conf \
+	nsswitch.conf ntp.conf passwd.conf phones printcap profile protocols \
 	rbootd.conf rc rc.conf rc.lkm rc.local rc.subr rc.shutdown remote rpc \
 	security security.conf services shells shrc sysctl.conf syslog.conf \
 	weekly weekly.conf wscons.conf
--- a/etc/audit-packages.conf
+++ b/etc/audit-packages.conf
@ -0,0 +1,78 @@
+# $NetBSD: audit-packages.conf,v 1.1 2007/07/14 19:53:52 adrianp Exp $
+
+#
+# sample configuration file for audit-packages(8) and 
+# download-vulnerability-list(8)
+#
+
+# GPG
+#
+# Specifies the full path to the gpg tool that will be used for verifying
+# the signature on the downloaded pkg-vulnerabilities file.
+#
+# Used by:	audit-packages download-vulnerability-list
+# Supported: 	/path/to/gpg
+# Default: 	GPG="/usr/pkg/bin/gpg"
+
+# PKGVULNDIR
+#
+# Specifies the directory the pkg-vulnerabilities file is located in.
+#
+# Used by:	audit-packages download-vulnerability-list
+# Supported:	/path/to/pkg-vulnerabilities/
+# Default: 	PKGVULNDIR="/var/db/pkg"
+
+# COMPRESS_TYPE
+#
+# Specifies which type of compressed pkg-vulnerabilities file to
+# download.  You can also specify COMPRESS_TYPE="" to use
+# and uncompressed version of the file.
+#
+# If you change this from the default you must specify a COMPRESS_TOOL.
+#
+# Used by:	download-vulnerability-list
+# Supported: 	gzip bzip2 (none)
+# Default: 	COMPRESS_TYPE="gzip"
+
+# COMPRESS_TOOL
+#
+# Specifies which tool will be used when dealing with the compressed
+# pkg-vulnerabilities file.
+#
+# Used by:	download-vulnerability-list
+# Supported: 	Any local binary that can decompress the
+#		pkg-vulnerabilities file to stdout
+# Default: 	COMPRESS_TOOL="/usr/bin/gzcat"
+
+# FETCH_CMD
+#
+# Specifies the tool that will be used to fetch the pkg-vulnerabilities
+# file.
+#
+# Used by:	download-vulnerability-list
+# Supported: 	/path/to/curl /path/to/ftp /path/to/wget /path/to/fetch 
+# Default: 	FETCH_CMD="/usr/bin/ftp"
+
+# FETCH_ARGS
+#
+# Specifies optional arguments for the download-vulnerability-list client.
+#
+# Used by:	download-vulnerability-list
+# Supported:	Any valid arguments for FETCH_CMD
+# Default: 	FETCH_ARGS=
+
+# FETCH_PROTO
+#
+# Specifies the protocol to use when fetching the pkg-vulnerabilities file.
+#
+# Used by:	download-vulnerability-list
+# Supported: 	ftp http
+# Default: 	FETCH_PROTO="ftp"
+
+# IGNORE_URLS
+#
+# A list of vulnerability URLs to be ignored.
+#
+# Used by:	audit-packages
+# Supported:	Valid URL(s) from pkg-vulnerabilities
+# Default: 	IGNORE_URLS=