Summary: | New port: net-mgmt/checkson simple tool for checking system states | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Florian Bauer <florian> | ||||
Component: | Individual Port(s) | Assignee: | Matthias Fechner <mfechner> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | CC: | diizzy, florian, mfechner, ruby | ||||
Priority: | --- | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Hey there. Any update about this new Port? Try to get this moving by adding ruby@ team to CC Could you please fix some security related problems upstream: ===> SECURITY REPORT: This port has installed the following world-writable files/directories. /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/checks/shell.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/checks/base.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/apiclient.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/context.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/checks/certificate.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/ui.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/checks/dns.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/config.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/checks/packages.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/checks/packagemanagers/abstractpkgmgr.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/lib/checkson/checks/process.rb /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/README.md /usr/local/lib/ruby/gems/2.7/gems/checkson-1.0/bin/checkson Just release a new version, that fixes this. Let me know if a new version is available, then I will update and commit the port. I already applied some modification and fixes to it: https://gitlab.fechner.net/mfechner/Gitlab/-/commit/6754d28beda7328473673030395d0cefd26e0400 (In reply to Matthias Fechner from comment #3) Thank you for your answer. How did you made the security report of the port? I will release a new release with this report evaluated inside my test pipeline. poudriere is doing this, while you make a testbuild of the port. You have to setup poudriere for this. The command I executed then was: poudriere testport -p gitlab -j 122amd64 net-mgmt/rubygem-checkson But the parameters must be adapted to match your build environment. (In reply to Matthias Fechner from comment #3) The permission issue was caused by the build pipeline. It should be fixed in version 1.3 of the gem. A commit references this bug: Author: mfechner Date: Sat Dec 12 18:50:58 UTC 2020 New revision: 557857 URL: https://svnweb.freebsd.org/changeset/ports/557857 Log: Added new port net-mgmt/rubygem-checkson. PR: 247843 Submitted by: florian@fsrv.xyz Changes: head/net-mgmt/Makefile head/net-mgmt/rubygem-checkson/ head/net-mgmt/rubygem-checkson/Makefile head/net-mgmt/rubygem-checkson/distinfo head/net-mgmt/rubygem-checkson/pkg-descr Thanks, committed. |
Created attachment 216317 [details] checkson diff file Checkson is a simple status utility written in ruby.