Can portaudit trigger poudriere automatically?

[blazingice]

I would like to trigger Poudriere automatically every time portaudit or pkg audit finds vulnerabilities in my installed packages. I understand that Poudriere can be run as a cron job, which will build any new updates. However I would like to automate on daily basis only the building and the installing of packages with vulnerabilities, leaving the other updates when I have more time, so that I can do them manually. So basically I am trying to imitate an automatic security only update for the packages.

Is this advisable?

Is there a script where pkg audit triggers Poudriere? I am a complete newbie when it comes to writing scripts.

Or is there a more elegant way doing this by just using Poudriere?

Thanks

 

[kpa]

It's possible since you can queue up jobs into ports-mgmt/poudriere that are executed by Poudriere daemon. You don't want to queue up a job automatically based on just pkg audit. You also need to check if there's an update available for the vulnerable port. That would be done with pkg version once you have updated the ports tree.

 

[blazingice]

Thanks. I have to read a bit more about the queue command. I haven't used that before. All I have at the moment is a short list of ports that I pass to Poudriere during the build process. I guess queue command is different. Need to do more reading.

Maybe another way to achieve the same outcome would be to let Poudriere build all the ports, but then tell PKGNG to upgrade only the packages that come up from pkg audit. Again I am not sure if pkg upgrade can be used to upgrade only a specific package. All the examples that I have seen so far show a global upgrade. If this is possible, it might be a better solution. Has anyone tried to do a similar thing?