security/base-audit: Add the ability to specify ignored jails

security_status_baseaudit_jails_ignore is a space delimited list of jails
to ignore.

If non-empty, the code iterates over security_status_baseaudit_jails_ignore
to avoid partial matches (i.e. ignore foo.bar, but not foo). If there is a
better way to do that without looping, please let me know.

Example use case: I have jails which purposely are older vulnerable versions
for testing.

PR:		257685
Approved by:	000.fbsd@quip.cz (maintainer)

security/base-audit/Makefile

@@ -1,7 +1,7 @@
 # Created by: Miroslav Lachman
 
 PORTNAME=	base-audit
-PORTVERSION=	0.4
+PORTVERSION=	0.5
 CATEGORIES=	security
 MASTER_SITES=	# none
 DISTFILES=	# none

security/base-audit/files/405.pkg-base-audit.in

@@ -40,6 +40,7 @@ fi
 : ${security_status_baseaudit_quiet:=NO}
 : ${security_status_baseaudit_chroots=$pkg_chroots}
 : ${security_status_baseaudit_jails=$pkg_jails}
+: ${security_status_baseaudit_jails_ignore=""}
 : ${security_status_baseaudit_expiry:=2}
 
 # Compute PKG_DBDIR from the config file.
@@ -166,6 +167,19 @@ audit_base_all() {
 	esac
 
 	for j in $jails ; do
+		# ignore some jails
+		if [ -n "$security_status_baseaudit_jails_ignore" ]; then
+			# we iterate to get exact matches because we want substring matches
+			# foo should not match foo.bar
+			for ignore in $security_status_baseaudit_jails_ignore ; do
+				if [ "${j%|*}" == "$ignore" ]; then
+					echo
+					echo "ignoring jail: ${j%|*}"
+					# continue with the main loop
+					continue 2
+				fi
+			done
+		fi
 		echo
 		echo "jail: ${j%|*}"
 		audit_base "-j ${j%|*}" ${j##*|}