Re: ports security branch

Tue, 20 Dec 2005 00:40:30 -0800 

Quoth rihad on Tue, Dec 20, 2005 at 10:25:59 +0400
> Is there a security branch for the FreeBSD ports collection? Let's say,
> I installed FreeBSD 6.0 together with all needed -RELEASE ports/packages
> (i.e., those on the CD). Running security/portaudit after a while
> reveals that some of the installed packages have vulnerabilities. Am I
> on my own to go grab the fresh ports tree, and upgrade the affected
> software, suffering all the intricacies of the move by myself? Debian
> GNU/Linux has its security package updates, OpenBSD has a separately
> maintained "errata" ports branch (it's very likely you still get to
> download a newer release of the software, though).

Attached is a script I use to update my machines.  It works fine but
you need to understand what it does and not run it blindly.  DO NOT put
that in cron, there lies pain!

Otherwise, just run the script and it will update all your ports for
you.  It'll even mail you with the updated ports. 

-- 
[EMAIL PROTECTED]                  -=*=-                      www.kierun.org
    PGP:   009D 7287 C4A7 FD4F 1680  06E4 F751 7006 9DE2 6318

#!/bin/sh
# portupgrade script.

### variables.
day=`date +%d`
month=`date +%b`
year=`date +%Y`
host=`uname -n`
tmp=".upgrade.tmp"

### Does what it does...
#/usr/local/bin/cvsup -g -L 2 /usr/ports/CVSUP
make update
make fetchindex
less /usr/ports/UPDATING
echo 'Do you want to update the port tree? [yn]?'
read -p '[y]es or [n]o: ' -e val
case ${val} in
[yY])
  echo 'Updating the port collection now!!!...'
  ;;
[nN])
  echo 'Aborting NOW!!!...'
  exit;
  ;;
*)
  echo 'What the hell?... I am aborting now.'
  exit;
  ;;
esac
#/usr/local/sbin/portsdb -Uu
/usr/local/sbin/pkgdb -F
/usr/bin/tar ycf /var/db/$year-$month-$day-pkg.tbz2 /var/db/pkg
/usr/local/sbin/portupgrade -C -u -v -r -R -a -l /usr/ports/LATEST.update
/usr/local/sbin/portaudit -Fad > $tmp
echo ''>> $tmp
cat /usr/ports/LATEST.update | sort >> $tmp
cat $tmp | mail -s "Portupdate $host on $day $month $year" [EMAIL PROTECTED]
/usr/local/sbin/portsclean -C -L -P -D
/usr/home/yann/bin/aide.sh

### reporting.
echo ''
echo 'This is what has been updated today:'
/usr/bin/grep -v '^\-' /usr/ports/LATEST.update | sort 
echo ''
exit

Attachment: pgp0i8lbuChHX.pgp
Description: PGP signature

Reply via email to