Update to 0.3.

Since we are using the official VuXML database
the auditing should be pretty complete.

- mention web page
- add more mirrors, disabling .ru mirror (too much lag)
- allow combined options in portaudit shell script
- add sample configuration file
- use absolute paths for binaries, to ease use in crontab scripts [1]
- correct type in man page [2]

PR:		64005 [2]
Submitted by:	Tomasz Pilat <poncki@axelspringer.com.pl> [1]
		Nathan Dove <njdove@wafer.sandia.gov> [2]

9 files changed, 145 insertions, 86 deletions

diff --git a/ports-mgmt/portaudit/Makefile b/ports-mgmt/portaudit/Makefile
index 8b186c098bf3..c574bff71052 100644
--- a/ports-mgmt/portaudit/Makefile
+++ b/ports-mgmt/portaudit/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	portaudit
-PORTVERSION=	0.2.1
+PORTVERSION=	0.3
 CATEGORIES=	security
 DISTFILES=
 
@@ -36,17 +36,18 @@ RUN_DEPENDS=	${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
 
 .include <bsd.port.pre.mk>
 
-.if ${OSVERSION} < 420001 || ${OSVERSION} >= 500000 && ${OSVERSION} < 500014
-IGNORE=		"You need tar with bzip support to run portaudit"
+.if defined(BZIP2DEPENDS)
+RUN_DEPENDS+=	bzip2:${PORTSDIR}/archivers/bzip2
 .endif
 
 do-build:
-.for f in portaudit-cmd.sh portaudit.sh fetchaudit.sh portaudit.functions portaudit.1
+.for f in portaudit-cmd.sh portaudit.sh fetchaudit.sh portaudit.functions portaudit.1 portaudit.conf
 	@${SED} -e "s|%%DATADIR%%|${DATADIR}|g" \
 		-e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \
 		-e "s|%%PREFIX%%|${PREFIX}|g" \
 		-e "s|%%LOCALBASE%%|${LOCALBASE}|g" \
 		-e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
+		-e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \
 		${FILESDIR}/${f} > ${WRKDIR}/${f}
 .endfor
 
@@ -66,6 +67,7 @@ do-install:
 	@${INSTALL_SCRIPT} ${WRKDIR}/fetchaudit.sh ${PERIODICDIR}/daily/330.fetchaudit
 	@${MKDIR} ${DATADIR}
 	@${INSTALL_DATA} ${WRKDIR}/portaudit.functions ${DATADIR}
+	@${INSTALL_DATA} ${WRKDIR}/portaudit.conf ${PREFIX}/etc/portaudit.conf.sample
 	@${MKDIR} ${DATABASEDIR}
 
 post-install:
diff --git a/ports-mgmt/portaudit/files/portaudit-cmd.sh b/ports-mgmt/portaudit/files/portaudit-cmd.sh
index 76b43ec458ae..7b48e0be3888 100644
--- a/ports-mgmt/portaudit/files/portaudit-cmd.sh
+++ b/ports-mgmt/portaudit/files/portaudit-cmd.sh
@@ -34,34 +34,57 @@
 . %%DATADIR%%/portaudit.functions
 portaudit_confs
 
+opt_audit=false
+opt_version=false
+opt_dbversion=false
+opt_fetch=false
+opt_quiet=false
+
 if [ $# -eq 0 ] ; then
-	portaudit_prerequisites
-	audit_installed || true
+	opt_audit=true
 fi
 
-while [ $# -gt 0 ]; do
-	case "$1" in
-	-a)
-		portaudit_prerequisites
-		audit_installed || true
-		;;
-	-V)
-		echo "portaudit version %%PORTVERSION%%"
-		;;
-	-d)
-		if [ ! -f "${portaudit_dir}/${portaudit_filename}" ]; then
-			echo "portaudit: database missing. run \`portaudit -F' to update."
-			exit 2
-		fi
-		if ! checksum_auditfile; then
-			echo "portaudit: database corrupt."
-			exit 2
-		fi
-		echo "database created: `getcreated_auditfile`"
-		;;
-	-F)
-		fetch_auditfile || echo "failed."
-		;;
+while getopts aVdFq opt; do
+	case "$opt" in
+	a)
+		opt_audit=true;;
+	d)
+		opt_dbversion=true;;
+	F)
+		opt_fetch=true;;
+	q)
+		opt_quiet=true;;
+	V)
+		opt_version=true;;
+	?)
+		echo "Usage: $0 -adFqV"
+		exit 2;;
 	esac
-	shift
 done
+
+shift $(($OPTIND - 1))
+
+if $opt_version; then
+	echo "portaudit version %%PORTVERSION%%"
+fi
+
+if $opt_fetch; then
+	fetch_auditfile || echo "failed."
+fi
+
+if $opt_dbversion; then
+	if [ ! -f "${portaudit_dir}/${portaudit_filename}" ]; then
+		echo "portaudit: database missing. run \`portaudit -F' to update."
+		exit 2
+	fi
+	if ! checksum_auditfile; then
+		echo "portaudit: database corrupt."
+		exit 2
+	fi
+	echo "database created: `getcreated_auditfile`"
+fi
+
+if $opt_audit; then
+	portaudit_prerequisites
+	audit_installed || true
+fi
diff --git a/ports-mgmt/portaudit/files/portaudit.1 b/ports-mgmt/portaudit/files/portaudit.1
index c5e6e949d18b..4950ff868b2f 100644
--- a/ports-mgmt/portaudit/files/portaudit.1
+++ b/ports-mgmt/portaudit/files/portaudit.1
@@ -28,7 +28,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd February 21, 2004
+.Dd March 11, 2004
 .Os FreeBSD
 .Dt PORTAUDIT \&1 "FreeBSD ports collection"
 .
@@ -60,12 +60,12 @@ to check if security advisories for any installed packages exist. Note that a
 current ports tree (or any local copy of the ports tree) is not required for
 operation.
 .Pp
-This package also installs two scripts into %%PREFIX%%/periodic that regularly
-update this database and include the report of vulnerable packages in the
-daily security report.
+This package also installs two scripts into %%PREFIX%%/etc/periodic that
+regularly update this database and include the report of vulnerable packages
+in the daily security report.
 .Pp
 If you have a vulnerable package installed, you are advised to update or
-deinstalled it immediately.
+deinstall it immediately.
 .
 .
 .Sh OPTIONS
@@ -110,15 +110,16 @@ Print a vulnerability report for all installed packages:
 .Xr ports 7 ,
 .Xr periodic 8 ,
 .Xr periodic.conf 5 ,
-.Li Aq http://www.freebsd.org/security/#adv .
+.Li Aq http://people.freebsd.org/~eik/portaudit/ ,
+.Li Aq http://www.freebsd.org/security/#adv ,
 .Li Aq http://www.vuxml.org/ .
 .
 .
 .Sh CAVEATS
 .
-.Nm
-is in develpoment and should currently not be relied upon
-as an extensive security auditing tool.
+The format of
+.Pa %%DATABASEDIR%%/auditfile.tbz
+might change.
 .
 .
 .Sh BUGS
diff --git a/ports-mgmt/portaudit/files/portaudit.conf b/ports-mgmt/portaudit/files/portaudit.conf
new file mode 100644
index 000000000000..612d86357bd7
--- /dev/null
+++ b/ports-mgmt/portaudit/files/portaudit.conf
@@ -0,0 +1,24 @@
+#
+# Sample configuration file for portaudit(1)
+#
+# copy to %%PREFIX%%/etc/portaudit.conf
+#
+# $FreeBSD$
+#
+
+# specify a proxy if needed, see fetch(3)
+#FETCH_ENV="FTP_PROXY=http://ftp.proxy.sample/ HTTP_PROXY=http://http.proxy.sample:80/"
+
+# default fetch command
+#FETCH_CMD="/usr/bin/fetch -1am"
+
+# uncoment to use passive ftp, see fetch(1)
+#FETCH_BEFORE_ARGS="-p"
+
+#FETCH_AFTER_ARGS=
+
+# specify a local mirror here
+#MASTER_SITES="http://my.mirror.sample/path/portaudit/"
+
+# uncomment to prefer the UK mirror, jp, se, tw and uk are available
+#MASTER_SORT_REGEX="\.uk[.\/]"
diff --git a/ports-mgmt/portaudit/files/portaudit.functions b/ports-mgmt/portaudit/files/portaudit.functions
index 36f10289dd1b..93437a259130 100644
--- a/ports-mgmt/portaudit/files/portaudit.functions
+++ b/ports-mgmt/portaudit/files/portaudit.functions
@@ -36,25 +36,29 @@ portaudit_confs()
 	portaudit_dir=${portaudit_dir:-"%%DATABASEDIR%%"}
 	portaudit_filename=${portaudit_filename:-"auditfile.tbz"}
 
-	FETCH_ENV=
-	FETCH_CMD="fetch -1am"
-	FETCH_BEFORE_ARGS=
-	FETCH_AFTER_ARGS=
+	FETCH_ENV=${FETCH_ENV:-}
+	FETCH_CMD=${FETCH_CMD:-"/usr/bin/fetch -1am"}
+	FETCH_BEFORE_ARGS=${FETCH_BEFORE_ARGS:-}
+	FETCH_AFTER_ARGS=${FETCH_AFTER_ARGS:-}
 
-	MASTER_SITE_LOCAL="
-		${MASTER_SITE_LOCAL}
+	MASTER_SITES=${MASTER_SITES:-"
 		ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
 		ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.dk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.cz.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp1.ro.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
 		ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
-		ftp://ftp.ru.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+		ftp://ftp.at.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
 		ftp://ftp.jp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
 		ftp://ftp.tw.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
-		"
+		http://public.planetmirror.com/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+	"}
+	MASTER_SITE_SUBDIR=${MASTER_SITE_SUBDIR:-"eik"}
 
-	MASTER_SITE_SUBDIR=eik
+	MASTER_SITE_BACKUP=${MASTER_SITE_BACKUP:-"http://people.freebsd.org/~eik/portaudit/"}
 
 	#MASTER_SORT_REGEX="\.uk[.\/]"
-	MASTER_SORT_REGEX="#"
+	MASTER_SORT_REGEX=${MASTER_SORT_REGEX:-"#"}
 
 	if [ -r %%PREFIX%%/etc/portaudit.conf ]; then
 		. %%PREFIX%%/etc/portaudit.conf
@@ -63,27 +67,28 @@ portaudit_confs()
 
 extract_auditfile()
 {
-	tar -jxOf "${portaudit_dir}/${portaudit_filename}" auditfile
+	%%BZIP2_CMD%% -dc -- "${portaudit_dir}/${portaudit_filename}" | \
+		/usr/bin/tar -xOf - auditfile
 }
 
 checksum_auditfile()
 {
 	chksum1=`extract_auditfile |
-		sed -nEe '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p'`
-	chksum2=`extract_auditfile | sed -e '$d' | md5`
+		/usr/bin/sed -nEe '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p'`
+	chksum2=`extract_auditfile | /usr/bin/sed -e '$d' | /sbin/md5`
 	[ "${chksum1}" = "${chksum2}" ];
 }
 
 getcreated_auditfile()
 {
 	extract_auditfile |
-		sed -nEe '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p'
+		/usr/bin/sed -nEe '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p'
 }
 
 checkexpiry_auditfile()
 {
 	created=`getcreated_auditfile`
-	expiry=`date -u -v-$1d '+%Y%m%d'`
+	expiry=`/bin/date -u -v-$1d '+%Y%m%d'`
 	[ "${created}" -ge "${expiry}" ];
 }
 
@@ -126,7 +131,7 @@ portaudit_prerequisites()
 
 audit_installed()
 {
-	extract_auditfile | awk -F\| "
+	extract_auditfile | /usr/bin/awk -F\| "
 		BEGIN { vul=0 }
 		/^(#|\$)/ { next }
 		{
@@ -153,15 +158,18 @@ audit_installed()
 fetch_locations()
 {
 	# site sort order is not overly smart
-	echo "${MASTER_SITE_LOCAL}" | sed -e 'y/ 	/\n\n/' | awk "
+	echo ${MASTER_SITES} | /usr/bin/tr -s ' \t' '\n' | /usr/bin/awk "
 		BEGIN { IGNORECASE=1; srand() }
 		/^$/ { next }
 		{
 			if (\$0 ~ /${MASTER_SORT_REGEX}/ ) rank=0; else rank=rand()
 			gsub(/%SUBDIR%/, \"${MASTER_SITE_SUBDIR}\")
-			print rank \"\\t\" \$0
+			print \$0 \"\\t\" rank
 		}
-	" | sort -n | cut -f 2
+	" | /usr/bin/sort -n -k 2 | /usr/bin/cut -f 1
+	if [ -n "${MASTER_SITE_BACKUP}" ]; then
+		echo "${MASTER_SITE_BACKUP}"
+	fi
 }
 
 fetch_auditfile()
@@ -169,22 +177,25 @@ fetch_auditfile()
 	rc=1
 
 	if [ ! -d "${portaudit_dir}" ]; then
-		mkdir -p "${portaudit_dir}"
+		if ! /bin/mkdir -p "${portaudit_dir}"; then
+			echo "Couldn't create ${portaudit_dir}, try running portaudit -F as root"
+			return 1
+		fi
 	fi
 	if [ ! -w "${portaudit_dir}" ]; then
-		echo "Couldn't write to ${portaudit_dir}"
+		echo "Couldn't write to ${portaudit_dir}, try running portaudit -F as root"
 		return 1
 
 	fi
 	cd "${portaudit_dir}"
 	if [ -r "${portaudit_filename}" ]; then
-		cp "${portaudit_filename}" "${portaudit_filename}.old"
+		/bin/cp "${portaudit_filename}" "${portaudit_filename}.old"
 	fi
 
 	for site in `fetch_locations`; do
 		echo ">> Attempting to fetch from ${site}."
-		args="${site}/${portaudit_filename}"
-		env ${FETCH_ENV} ${FETCH_CMD} ${FETCH_BEFORE_ARGS} ${args} ${FETCH_AFTER_ARGS}
+		args="${site}${portaudit_filename}"
+		/usr/bin/env ${FETCH_ENV} ${FETCH_CMD} ${FETCH_BEFORE_ARGS} ${args} ${FETCH_AFTER_ARGS}
 		if [ $? -ne 0 ]; then
 			echo "Couldn't fetch database."
 		elif [ ! -f "${portaudit_dir}/${portaudit_filename}" ] ; then
@@ -193,6 +204,7 @@ fetch_auditfile()
 			echo "fetched database corrupt."
 		elif ! checkexpiry_auditfile 7; then
 			echo "fetched database too old."
+			rc=0
 		else
 			echo "new database installed."
 			rc=0
@@ -201,12 +213,14 @@ fetch_auditfile()
         done
         if [ -f "${portaudit_filename}.old" ]; then
         	if [ ${rc} -eq 0 ]; then
-			rm -f "${portaudit_filename}.old"
+			/bin/rm -f "${portaudit_filename}.old"
 		else
-			mv -f "${portaudit_filename}.old" "${portaudit_filename}"
+			/bin/mv -f "${portaudit_filename}.old" "${portaudit_filename}"
 			echo "old database restored."
 		fi
 	fi
-	chmod a=r "${portaudit_filename}"
+	if [ -f "${portaudit_filename}" ]; then
+		/bin/chmod a=r "${portaudit_filename}"
+	fi
 	return ${rc}
 }
diff --git a/ports-mgmt/portaudit/pkg-deinstall b/ports-mgmt/portaudit/pkg-deinstall
index 8aebe9994cb0..7e4ebf7c68c4 100644
--- a/ports-mgmt/portaudit/pkg-deinstall
+++ b/ports-mgmt/portaudit/pkg-deinstall
@@ -3,16 +3,15 @@
 # $FreeBSD$
 #
 
-ECHO_CMD=echo
-
 case $2 in
 POST-DEINSTALL)
-  ${ECHO_CMD}
-  ${ECHO_CMD} "The portaudit package has been deleted."
-  ${ECHO_CMD} "If you're *not* upgrading and won't be using"
-  ${ECHO_CMD} "it any longer, you may want to remove the"
-  ${ECHO_CMD} "portaudit database:"
-  ${ECHO_CMD}
-  ${ECHO_CMD} "  rm -Rf %%DATABASEDIR%%"
+  echo
+  echo "The portaudit package has been deleted."
+  echo "If you're *not* upgrading and won't be using"
+  echo "it any longer, you may want to remove the"
+  echo "portaudit database:"
+  echo
+  echo "  rm -Rf %%DATABASEDIR%%"
+  echo
   ;;
 esac
diff --git a/ports-mgmt/portaudit/pkg-descr b/ports-mgmt/portaudit/pkg-descr
index cab77aaf3fbd..9dd30dd115f6 100644
--- a/ports-mgmt/portaudit/pkg-descr
+++ b/ports-mgmt/portaudit/pkg-descr
@@ -4,9 +4,6 @@ database of published security vulnerabilities.
 After installation it will update this security database automatically and 
 include its reports in the output of the daily security run.
 
-Since this system is in development it can currently not be relied upon as an 
-extensive security auditing tool.
-
 If you have found a vulnerability not listed in the database, please contact 
 the FreeBSD Security Officer <security-officer@FreeBSD.org>. Refer to
 
@@ -14,6 +11,6 @@ the FreeBSD Security Officer <security-officer@FreeBSD.org>. Refer to
 
 for more information.
 
-WWW: http://sourceforge.net/projects/portaudit/
+WWW: http://people.freebsd.org/~eik/portaudit/
 
 Oliver Eikemeier <eik@FreeBSD.org>
diff --git a/ports-mgmt/portaudit/pkg-install b/ports-mgmt/portaudit/pkg-install
index 56b66fd5592d..485fe2c991cb 100644
--- a/ports-mgmt/portaudit/pkg-install
+++ b/ports-mgmt/portaudit/pkg-install
@@ -3,16 +3,14 @@
 # $FreeBSD$
 #
 
-ECHO_CMD=echo
-
 case $2 in
 POST-INSTALL)
   if [ ! -f "%%DATABASEDIR%%/auditfile.tbz" ]; then
-    ${ECHO_CMD}
-    ${ECHO_CMD} "===>  To check your installed ports for known vulnerabilities now do:"
-    ${ECHO_CMD}
-    ${ECHO_CMD} "      %%PREFIX%%/bin/portaudit -F -a"
-    ${ECHO_CMD}
+    echo
+    echo "===>  To check your installed ports for known vulnerabilities now do:"
+    echo
+    echo "      %%PREFIX%%/bin/portaudit -F -a"
+    echo
   fi
   ;;
 esac
diff --git a/ports-mgmt/portaudit/pkg-plist b/ports-mgmt/portaudit/pkg-plist
index 4262caf1153c..901547d3196e 100644
--- a/ports-mgmt/portaudit/pkg-plist
+++ b/ports-mgmt/portaudit/pkg-plist
@@ -1,4 +1,5 @@
 bin/portaudit
+etc/portaudit.conf.sample
 %%PERIODICDIR%%/security/910.portaudit
 %%PERIODICDIR%%/daily/330.fetchaudit
 %%DATADIR%%/portaudit.functions