Fix for problematic paths in /etc/daily and /etc/security reported in

PR/47645. Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf). Thanks also to Edgar Fuss for the sanity check.
2013-05-01 05:36:25 +00:00 · 2013-05-01 05:36:25 +00:00 · 1410cf30c2
parent 8f0edf9e8a
commit 1410cf30c2
7 changed files with 42 additions and 12 deletions
--- a/distrib/sets/lists/etc/mi
+++ b/distrib/sets/lists/etc/mi
@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.230 2013/04/25 17:10:50 christos Exp $
+# $NetBSD: mi,v 1.231 2013/05/01 05:36:25 agc Exp $
 #
 # Note: end-user configuration files that are moved to another location
 #	should not be marked "obsolete"; they should just be removed from
@ -40,6 +40,7 @@
 ./etc/defaults/daily.conf			etc-sys-defaults
 ./etc/defaults/monthly.conf			etc-sys-defaults
 ./etc/defaults/pf.boot.conf			etc-pf-defaults		pf
+./etc/defaults/pkgpath.conf			etc-sys-defaults
 ./etc/defaults/rc.conf				etc-sys-defaults
 ./etc/defaults/security.conf			etc-sys-defaults
 ./etc/defaults/weekly.conf			etc-sys-defaults
@ -133,6 +134,7 @@
 ./etc/pf.conf					etc-pf-etc		pf
 ./etc/pf.os					etc-pf-etc		pf
 ./etc/phones					etc-sys-etc
+./etc/pkgpath.conf				etc-sys-etc
 ./etc/postfix/README				etc-postfix-etc		postfix
 ./etc/postfix/main.cf				etc-postfix-etc		postfix
 ./etc/postfix/master.cf				etc-postfix-etc		postfix
--- a/etc/daily
+++ b/etc/daily
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$NetBSD: daily,v 1.88 2013/03/08 14:32:12 christos Exp $
+#	$NetBSD: daily,v 1.89 2013/05/01 05:36:25 agc Exp $
 #	@(#)daily	8.2 (Berkeley) 1/25/94
 #

@ -10,6 +10,9 @@ umask 077
 if [ -s /etc/daily.conf ]; then
 	. /etc/daily.conf
 fi
+if [ -s /etc/pkgpath.conf ]; then
+	. /etc/pkgpath.conf
+fi

 host="$(hostname)"
 date="$(date)"
@ -257,7 +260,7 @@ if checkyesno run_rdist && [ -f /etc/Distfile ]; then
 	fi
 fi

-if pkg_info ${_compat_K_flag} -q -E '*'; then
+if ${pkg_info} ${_compat_K_flag} -q -E '*'; then
 	if [ -z "$fetch_pkg_vulnerabilities" ]; then
 		echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)."
 		echo "You should set it to YES to enable vulnerability checks"
@ -265,7 +268,7 @@ if pkg_info ${_compat_K_flag} -q -E '*'; then
 	elif checkyesno fetch_pkg_vulnerabilities; then
 		echo ""
 		echo "Fetching package vulnerabilities database:"
-		( umask 022 && pkg_admin ${_compat_K_flag} \
+		( umask 022 && ${pkg_admin} ${_compat_K_flag} \
 		    fetch-pkg-vulnerabilities -u )
 	fi
 fi
--- a/etc/defaults/Makefile
+++ b/etc/defaults/Makefile
@ -1,8 +1,8 @@
-#	$NetBSD: Makefile,v 1.5 2011/08/22 20:48:38 jym Exp $
+#	$NetBSD: Makefile,v 1.6 2013/05/01 05:36:25 agc Exp $

 .include <bsd.own.mk>

-CONFIGFILES=	daily.conf monthly.conf security.conf weekly.conf
+CONFIGFILES=	daily.conf monthly.conf pkgpath.conf security.conf weekly.conf
 FILESDIR=	/etc/defaults
 FILESMODE=	${NONBINMODE}

--- a/etc/defaults/pkgpath.conf
+++ b/etc/defaults/pkgpath.conf
@ -0,0 +1,13 @@
+#	$NetBSD: pkgpath.conf,v 1.1 2013/05/01 05:36:25 agc Exp $
+#
+# /etc/defaults/pkgpath.conf --
+#	default configuration of /etc/pkgpath.conf
+#
+# packaging tools configuration
+#
+# DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
+# EDIT /etc/pkgpath.conf INSTEAD.
+#
+
+pkg_admin=/usr/sbin/pkg_admin
+pkg_info=/usr/sbin/pkg_info
--- a/etc/defaults/security.conf
+++ b/etc/defaults/security.conf
@ -1,4 +1,4 @@
-#	$NetBSD: security.conf,v 1.24 2012/04/05 09:09:27 spz Exp $
+#	$NetBSD: security.conf,v 1.25 2013/05/01 05:36:25 agc Exp $
 #
 # /etc/defaults/security.conf --
 #	default configuration of /etc/security.conf
@ -30,7 +30,6 @@ check_pkg_signatures=YES
 backup_dir=/var/backups
 backup_uses_rcs=YES
 diff_options=-u
-pkg_info=/usr/sbin/pkg_info

 check_homes_permit_usergroups=NO

--- a/etc/pkgpath.conf
+++ b/etc/pkgpath.conf
@ -0,0 +1,10 @@
+#	$NetBSD: pkgpath.conf,v 1.1 2013/05/01 05:36:25 agc Exp $
+#
+# packaging tools configuration
+
+if [ -r /etc/defaults/pkgpath.conf ]; then
+	. /etc/defaults/pkgpath.conf
+fi
+
+# Add local overrides below
+#
--- a/etc/security
+++ b/etc/security
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$NetBSD: security,v 1.111 2012/04/05 09:09:27 spz Exp $
+#	$NetBSD: security,v 1.112 2013/05/01 05:36:25 agc Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #

@ -21,6 +21,9 @@ TZ=UTC; export TZ
 if [ -s /etc/security.conf ]; then
 	. /etc/security.conf
 fi
+if [ -s /etc/pkgpath.conf ]; then
+	. /etc/pkgpath.conf
+fi

 # Set reasonable defaults (if they're not set in security.conf)
 #
@ -926,7 +929,7 @@ fi
 if checkyesno check_pkgs && have_pkgs; then
 	pkgs=$work_dir/pkgs
 	migrate_file "$backup_dir/pkgs" "$pkgs"
-	pkg_dbdir=$(pkg_admin config-var PKG_DBDIR)
+	pkg_dbdir=$(${pkg_admin} config-var PKG_DBDIR)
 	: ${pkg_dbdir:=/var/db/pkg}
 	(	cd $pkg_dbdir
 		$pkg_info | sort
@ -1009,7 +1012,7 @@ fi

 if have_pkgs; then
 	if checkyesno check_pkg_vulnerabilities; then
-		pkg_admin ${_compat_K_flag} audit >${OUTPUT} 2>&1
+		${pkg_admin} ${_compat_K_flag} audit >${OUTPUT} 2>&1
 		if [ -s ${OUTPUT} ]; then
 			printf "\nInstalled vulnerable packages:\n"
 			cat ${OUTPUT}
@ -1017,7 +1020,7 @@ if have_pkgs; then
 	fi

 	if checkyesno check_pkg_signatures; then
-		pkg_admin ${_compat_K_flag} check >${OUTPUT} 2>&1
+		${pkg_admin} ${_compat_K_flag} check >${OUTPUT} 2>&1
 		if [ $? -ne 0 ]; then
 			printf "\nFiles with invalid signatures:\n"
 			cat ${OUTPUT}