summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHasan ÇALIŞIR <hasan.calisir@psauxit.com>2019-08-12 18:14:47 +0300
committerJoonas Niilola <juippis@gentoo.org>2019-10-28 06:02:18 +0200
commit511272cb60c6fdea44268972c99fc7e5cebf554d (patch)
treeb239d21a38840950bc31baa30d3beb5124d3b0cc /net-analyzer/gvmd
parentnet-analyzer/openvas-scanner: bump to 6.0.1 & update metadata. (diff)
downloadgentoo-511272cb60c6fdea44268972c99fc7e5cebf554d.tar.gz
gentoo-511272cb60c6fdea44268972c99fc7e5cebf554d.tar.bz2
gentoo-511272cb60c6fdea44268972c99fc7e5cebf554d.zip
net-analyzer/gvmd: new package.
openvas-manager with version 8 has been renamed in Greenbone vulnerability manager (gvmd). Version bump to 8.0.1. This also fixes bug 684186 and introduces the new USE flags 'postgres','sqlite'. Closes: https://bugs.gentoo.org/684186 Closes: https://bugs.gentoo.org/692004 Reported-by: Anton Bolshakov <blshkv@pentoo.ch> Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Hasan ÇALIŞIR <hasan.calisir@psauxit.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Diffstat (limited to 'net-analyzer/gvmd')
-rw-r--r--net-analyzer/gvmd/Manifest1
-rw-r--r--net-analyzer/gvmd/files/greenbone-certdata-sync.conf1
-rw-r--r--net-analyzer/gvmd/files/greenbone-nvt-sync.conf1
-rw-r--r--net-analyzer/gvmd/files/greenbone-scapdata-sync.conf1
-rw-r--r--net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch56
-rw-r--r--net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch34
-rw-r--r--net-analyzer/gvmd/files/gvmd-daemon.conf29
-rw-r--r--net-analyzer/gvmd/files/gvmd-startpre.sh5
-rw-r--r--net-analyzer/gvmd/files/gvmd.init24
-rw-r--r--net-analyzer/gvmd/files/gvmd.logrotate13
-rw-r--r--net-analyzer/gvmd/files/gvmd.service21
-rw-r--r--net-analyzer/gvmd/gvmd-8.0.1.ebuild120
-rw-r--r--net-analyzer/gvmd/metadata.xml25
13 files changed, 331 insertions, 0 deletions
diff --git a/net-analyzer/gvmd/Manifest b/net-analyzer/gvmd/Manifest
new file mode 100644
index 000000000000..328c523e0674
--- /dev/null
+++ b/net-analyzer/gvmd/Manifest
@@ -0,0 +1 @@
+DIST gvmd-8.0.1.tar.gz 1495311 BLAKE2B 17419f5fecf7cce07536a5e12f17a61a31d45add185e0e1635515834eca6abd8a6babeb89b8f879ff8cb90b60f3682a19a62403142f4901be3f932b8a44cac68 SHA512 5490b902ad42499657eca9031b396c70a82d3c523985601067e697758f2472d123c4e99b085b963e58888d99224fa2a441a140772c702d7cd60d6424b126bfc8
diff --git a/net-analyzer/gvmd/files/greenbone-certdata-sync.conf b/net-analyzer/gvmd/files/greenbone-certdata-sync.conf
new file mode 100644
index 000000000000..d31a7331d341
--- /dev/null
+++ b/net-analyzer/gvmd/files/greenbone-certdata-sync.conf
@@ -0,0 +1 @@
+COMMUNITY_CERT_RSYNC_FEED="rsync://feed.openvas.org:/cert-data"
diff --git a/net-analyzer/gvmd/files/greenbone-nvt-sync.conf b/net-analyzer/gvmd/files/greenbone-nvt-sync.conf
new file mode 100644
index 000000000000..967c41dec2e3
--- /dev/null
+++ b/net-analyzer/gvmd/files/greenbone-nvt-sync.conf
@@ -0,0 +1 @@
+COMMUNITY_NVT_RSYNC_FEED="rsync://feed.openvas.org:/nvt-feed"
diff --git a/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf b/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf
new file mode 100644
index 000000000000..4a7426bc8057
--- /dev/null
+++ b/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf
@@ -0,0 +1 @@
+COMMUNITY_SCAP_RSYNC_FEED="rsync://feed.openvas.org:/scap-data"
diff --git a/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch b/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch
new file mode 100644
index 000000000000..bf21acb7b01f
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch
@@ -0,0 +1,56 @@
+--- a/src/CMakeLists.txt 2019-07-17 17:11:52.000000000 +0300
++++ b/src/CMakeLists.txt 2019-07-21 22:43:17.299106863 +0300
+@@ -248,12 +248,12 @@
+ ## Install
+
+ install (TARGETS ${BINARY_NAME}
+- RUNTIME DESTINATION ${SBINDIR}
++ RUNTIME DESTINATION ${BINDIR}
+ LIBRARY DESTINATION ${LIBDIR}
+ ARCHIVE DESTINATION ${LIBDIR}/static)
+
+ install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd
+- DESTINATION ${SBINDIR})
++ DESTINATION ${BINDIR})
+
+ if (BACKEND STREQUAL POSTGRESQL)
+ install (TARGETS gvm-pg-server
+--- a/CMakeLists.txt 2019-07-22 11:31:13.430827400 +0300
++++ b/CMakeLists.txt 2019-07-22 11:32:29.034765809 +0300
+@@ -571,17 +571,17 @@
+ PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+
+ install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-portnames-update
+- DESTINATION ${SBINDIR}
++ DESTINATION ${BINDIR}
+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-scapdata-sync
+- DESTINATION ${SBINDIR}
++ DESTINATION ${BINDIR}
+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-certdata-sync
+- DESTINATION ${SBINDIR}
++ DESTINATION ${BINDIR}
+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
+@@ -593,13 +593,13 @@
+ WORLD_READ WORLD_EXECUTE)
+
+ install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-migrate-to-postgres
+- DESTINATION ${SBINDIR}
++ DESTINATION ${BINDIR}
+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
+ if (BACKEND STREQUAL SQLITE3)
+ install (FILES ${CMAKE_SOURCE_DIR}/tools/database-statistics-sqlite
+- DESTINATION ${SBINDIR}
++ DESTINATION ${BINDIR}
+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ endif (BACKEND STREQUAL SQLITE3)
diff --git a/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch b/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch
new file mode 100644
index 000000000000..40b1e0095578
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch
@@ -0,0 +1,34 @@
+--- a/tools/greenbone-certdata-sync.in 2019-07-17 17:11:52.000000000 +0300
++++ b/tools/greenbone-certdata-sync.in 2019-07-22 21:11:36.173099530 +0300
+@@ -494,13 +494,11 @@
+ fi
+ (
+ flock -n 9
+- date > $LOCK_FILE
+ if [ $? -eq 1 ] ; then
+ log_notice "Sync in progress, exiting."
+ exit 1
+ fi
+ sync_certdata
+- echo -n > $LOCK_FILE
+-) 9>$LOCK_FILE
++)
+
+ exit 0
+--- a/tools/greenbone-scapdata-sync.in 2019-07-17 17:11:52.000000000 +0300
++++ b/tools/greenbone-scapdata-sync.in 2019-07-22 21:12:49.193161531 +0300
+@@ -517,13 +517,11 @@
+ fi
+ (
+ flock -n 9
+- date > $LOCK_FILE
+ if [ $? -eq 1 ] ; then
+ log_notice "Sync in progress, exiting."
+ exit 1
+ fi
+ sync_scapdata
+- echo -n > $LOCK_FILE
+-) 9>$LOCK_FILE
++)
+
+ exit 0
diff --git a/net-analyzer/gvmd/files/gvmd-daemon.conf b/net-analyzer/gvmd/files/gvmd-daemon.conf
new file mode 100644
index 000000000000..d97da00c7688
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-daemon.conf
@@ -0,0 +1,29 @@
+# GVMD command args
+
+# e.g --foreground
+GVMD_OPTIONS=""
+
+# Manager listen address unix socket
+# Failing under non-root user (looking for solution)
+GVMD_LISTEN_ADDRESS_UNIX="--unix-socket=/var/run/gvmd.sock"
+
+# Manager listen address TCP
+GVMD_LISTEN_ADDRESS_TCP="--listen=127.0.0.1"
+
+# Manager listen port
+GVMD_PORT="--port=9390"
+
+# Manager unix socket listen owner
+GVMD_LISTEN_OWNER="--listen-owner=gvm"
+
+# Manager unix socket listen group
+GVMD_LISTEN_GROUP="--listen-group=gvm"
+
+# Manager unix socket listen mode
+GVMD_LISTEN_MODE="--listen-mode=755"
+
+# Scanner listen address unix socket
+GVMD_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock"
+
+# TLS settings
+GVMD_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
diff --git a/net-analyzer/gvmd/files/gvmd-startpre.sh b/net-analyzer/gvmd/files/gvmd-startpre.sh
new file mode 100644
index 000000000000..d04daa09b0a2
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-startpre.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# Greenbone Vulnerability Manager Systemd ExecStartPre
+touch /var/run/gvm-{checking,create-functions,helping,migrating,serving}
+chown -R gvm:gvm /var/run/gvm-{checking,create-functions,helping,migrating,serving}
diff --git a/net-analyzer/gvmd/files/gvmd.init b/net-analyzer/gvmd/files/gvmd.init
new file mode 100644
index 000000000000..9686c9b5398e
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd.init
@@ -0,0 +1,24 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${GVMD_USER:=gvm}
+: ${GVMD_GROUP:=gvm}
+: ${GVMD_TIMEOUT:=30}
+
+name="Greenbone Vulnerability Manager"
+command=/usr/bin/gvmd
+command_args="${GVMD_OPTIONS} ${GVMD_LISTEN_ADDRESS_TCP} ${GVMD_PORT} ${GVMD_SCANNER_HOST} ${GVMD_GNUTLS_PRIORITIES}"
+command_background="true"
+command_user="${GVMD_USER}:${GVMD_GROUP}"
+pidfile="/run/gvmd.pid"
+retry="${GVMD_TIMEOUT}"
+
+depend() {
+ after bootmisc
+ need localmount net openvassd
+}
+
+start_pre() {
+ /bin/bash /etc/gvm/gvmd-startpre.sh
+}
diff --git a/net-analyzer/gvmd/files/gvmd.logrotate b/net-analyzer/gvmd/files/gvmd.logrotate
new file mode 100644
index 000000000000..453462575f8b
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd.logrotate
@@ -0,0 +1,13 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# Daemon ignore HUP so we use 'copytruncate' instead of 'create'
+# with safe file size to prevent losing log entries.
+
+/var/log/gvm/gvmd.log {
+ compress
+ missingok
+ notifempty
+ sharedscripts
+ copytruncate
+ maxsize 10M
+}
diff --git a/net-analyzer/gvmd/files/gvmd.service b/net-analyzer/gvmd/files/gvmd.service
new file mode 100644
index 000000000000..2e3ad84c85a5
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Greenbone Vulnerability Manager
+After=network.target
+After=openvassd.service
+Wants=openvassd.service
+Before=gsad.service
+
+[Service]
+Type=forking
+PrivateTmp=yes
+User=gvm
+Group=gvm
+PermissionsStartOnly=true
+EnvironmentFile=-/etc/gvm/sysconfig/gvmd-daemon.conf
+ExecStartPre=-/etc/gvm/gvmd-startpre.sh
+ExecStart=/usr/bin/gvmd $GVMD_OPTIONS $GVMD_LISTEN_ADDRESS_TCP $GVMD_PORT $GVMD_SCANNER_HOST $GVMD_GNUTLS_PRIORITIES
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-analyzer/gvmd/gvmd-8.0.1.ebuild b/net-analyzer/gvmd/gvmd-8.0.1.ebuild
new file mode 100644
index 000000000000..2c6da5d39c1e
--- /dev/null
+++ b/net-analyzer/gvmd/gvmd-8.0.1.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake-utils flag-o-matic systemd toolchain-funcs
+
+DESCRIPTION="Greenbone vulnerability manager, previously named openvas-manager"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/gvmd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE="extras postgres sqlite"
+REQUIRED_USE="|| ( postgres sqlite )"
+
+DEPEND="
+ dev-libs/libgcrypt:0=
+ dev-libs/libical
+ >=net-analyzer/gvm-libs-10.0.1
+ net-libs/gnutls:=[tools]
+ extras? ( app-text/xmlstarlet
+ dev-texlive/texlive-latexextra )
+ postgres? ( dev-db/postgresql:* )
+ sqlite? ( dev-db/sqlite:3 )"
+
+RDEPEND="
+ ${DEPEND}
+ !net-analyzer/openvas-manager
+ ~net-analyzer/openvas-scanner-6.0.1"
+
+BDEPEND="
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig
+ extras? ( app-doc/doxygen[dot]
+ app-doc/xmltoman
+ app-text/htmldoc
+ dev-libs/libxslt
+ )"
+
+PATCHES=(
+ # Install exec. to /usr/bin instead of /usr/sbin
+ "${FILESDIR}/${P}-sbin.patch"
+ # Fix permissions for user gvm.
+ "${FILESDIR}/${P}-tmplock.patch"
+)
+
+src_prepare() {
+ cmake-utils_src_prepare
+ # QA-Fix | Use correct FHS/Gentoo policy paths for 8.0.1
+ sed -i -e "s*share/doc/gvm/html/*share/doc/gvmd-${PV}/html/*g" "$S"/doc/CMakeLists.txt || die
+ sed -i -e "s*/doc/gvm/*/doc/gvmd-${PV}/*g" "$S"/CMakeLists.txt || die
+ # QA-Fix | Remove !CLANG Doxygen warnings for 8.0.1
+ if use extras; then
+ if ! tc-is-clang; then
+ local f
+ for f in doc/*.in
+ do
+ sed -i \
+ -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
+ -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
+ "${f}" || die "couldn't disable CLANG parsing"
+ done
+ fi
+ fi
+}
+
+src_configure() {
+ local mycmakeargs=(
+ "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+ "-DLOCALSTATEDIR=${EPREFIX}/var"
+ "-DSYSCONFDIR=${EPREFIX}/etc"
+ )
+ # Add release hardening flags for 8.0.1
+ append-cflags -Wno-nonnull -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
+ append-ldflags -Wl,-z,relro -Wl,-z,now
+ cmake-utils_src_configure
+}
+
+src_compile() {
+ cmake-utils_src_compile
+ if use extras; then
+ cmake-utils_src_make -C "${BUILD_DIR}" doc
+ cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
+ HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
+ fi
+ cmake-utils_src_make rebuild_cache
+}
+
+src_install() {
+ cmake-utils_src_install
+
+ dodir /etc/gvm
+ insinto /etc/gvm
+ doins -r "${FILESDIR}"/*sync*
+
+ dodir /etc/gvm/sysconfig
+ insinto /etc/gvm/sysconfig
+ doins "${FILESDIR}/${PN}-daemon.conf"
+
+ exeinto /etc/gvm
+ doexe "${FILESDIR}"/gvmd-startpre.sh
+
+ fowners -R gvm:gvm /etc/gvm
+
+ newinitd "${FILESDIR}/${PN}.init" "${PN}"
+ newconfd "${FILESDIR}/${PN}-daemon.conf" "${PN}"
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/${PN}.logrotate" "${PN}"
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+
+ # Set proper permissions on required files/directories
+ keepdir /var/lib/gvm/gvmd
+ fowners -R gvm:gvm /var/lib/gvm
+}
diff --git a/net-analyzer/gvmd/metadata.xml b/net-analyzer/gvmd/metadata.xml
new file mode 100644
index 000000000000..36ce32a69a9f
--- /dev/null
+++ b/net-analyzer/gvmd/metadata.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>hasan.calisir@psauxit.com</email>
+ <name>Hasan ÇALIŞIR</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <use>
+ <flag name="extras">Html docs support</flag>
+ </use>
+ <longdescription lang="en">
+ The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients.
+ It manages the storage of any vulnerability management configurations and of the scan results.
+ Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP).
+ The primary scanner OpenVAS Scanner is controlled directly via protocol OTP while any other
+ remote scanner is coupled with the Open Scanner Protocol (OSP).
+ </longdescription>
+ <upstream>
+ <remote-id type="github">greenbone/gvmd</remote-id>
+ </upstream>
+</pkgmetadata>