NAME

audit-packages.conf - audit-packages and download-vulnerability-list configuration file.

DESCRIPTION

The audit-packages.conf file contains the configuration information for download-vulnerability-list(8) and audit-packages(8).

These variables can be defined in the audit-packages.conf(8) file.

GPG
The full path to the location of the binary used to verify the signature on the downloaded pkg-vulnerabilities file. Currently only GnuPG is supported.

The default is "/usr/pkg/bin/gpg".

PKGVULNDIR
Specifies the directory containing the pkg-vulnerabilities file.

The default is "/var/db/pkg".

COMPRESS_TYPE
Specifies which type of compressed pkg-vulnerabilities file to download. You can also specify COMPRESS_TYPE="" to use and uncompressed version of the file. If you change this from the default you must specify a COMPRESS_TOOL. The currently accepted options are gzip and bzip2.

COMPRESS_TOOL
The full path to the location of the binary used to decompress the downloaded pkg-vulnerabilities file.

The default is "/usr/bin/gzcat".

FETCH_CMD
Specifies the client used to download the pkg-vulnerabilities file. Currently known tools include curl, ftp, wget and fetch.

The default is /usr/bin/ftp.

FETCH_PRE_ARGS
Specifies optional arguments for the download-vulnerability-list client. These options appear before FETCH_CMD.

FETCH_ARGS
Specifies optional arguments for the client used to download the pkg-vulnerabilities file.

FETCH_PROTO
Specifies the protocol to use when fetching the pkg-vulnerabilities file. Currently supports only http and ftp.

The default is "ftp".

IGNORE_URLS
A list of vulnerability URLs to be ignored. This allows for ignoring certain URLs that are attached to a vulnerability.

FILES

/etc/audit-packages.conf

SEE ALSO

pkg_info(1), mk.conf(5), pkgsrc(7), audit-packages(8)and

HISTORY

The audit-packages and download-vulnerability-list commands were originally implemented and added to NetBSDAp s pkgsrc by Alistair Crooks
on September 19, 2000. During April 2007 audit-packages was re-written by Adrian Portelli and support was added for compressed files and checking signatures on downloaded files. The original idea came from Roland Dowdeswell and Bill Sommerfeld.