From 511272cb60c6fdea44268972c99fc7e5cebf554d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Hasan=20=C3=87ALI=C5=9EIR?= Date: Mon, 12 Aug 2019 18:14:47 +0300 Subject: [PATCH] net-analyzer/gvmd: new package. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit openvas-manager with version 8 has been renamed in Greenbone vulnerability manager (gvmd). Version bump to 8.0.1. This also fixes bug 684186 and introduces the new USE flags 'postgres','sqlite'. Closes: https://bugs.gentoo.org/684186 Closes: https://bugs.gentoo.org/692004 Reported-by: Anton Bolshakov Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Hasan ÇALIŞIR Signed-off-by: Joonas Niilola --- net-analyzer/gvmd/Manifest | 1 + .../gvmd/files/greenbone-certdata-sync.conf | 1 + .../gvmd/files/greenbone-nvt-sync.conf | 1 + .../gvmd/files/greenbone-scapdata-sync.conf | 1 + net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch | 56 ++++++++ .../gvmd/files/gvmd-8.0.1-tmplock.patch | 34 +++++ net-analyzer/gvmd/files/gvmd-daemon.conf | 29 +++++ net-analyzer/gvmd/files/gvmd-startpre.sh | 5 + net-analyzer/gvmd/files/gvmd.init | 24 ++++ net-analyzer/gvmd/files/gvmd.logrotate | 13 ++ net-analyzer/gvmd/files/gvmd.service | 21 +++ net-analyzer/gvmd/gvmd-8.0.1.ebuild | 120 ++++++++++++++++++ net-analyzer/gvmd/metadata.xml | 25 ++++ 13 files changed, 331 insertions(+) create mode 100644 net-analyzer/gvmd/Manifest create mode 100644 net-analyzer/gvmd/files/greenbone-certdata-sync.conf create mode 100644 net-analyzer/gvmd/files/greenbone-nvt-sync.conf create mode 100644 net-analyzer/gvmd/files/greenbone-scapdata-sync.conf create mode 100644 net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch create mode 100644 net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch create mode 100644 net-analyzer/gvmd/files/gvmd-daemon.conf create mode 100644 net-analyzer/gvmd/files/gvmd-startpre.sh create mode 100644 net-analyzer/gvmd/files/gvmd.init create mode 100644 net-analyzer/gvmd/files/gvmd.logrotate create mode 100644 net-analyzer/gvmd/files/gvmd.service create mode 100644 net-analyzer/gvmd/gvmd-8.0.1.ebuild create mode 100644 net-analyzer/gvmd/metadata.xml diff --git a/net-analyzer/gvmd/Manifest b/net-analyzer/gvmd/Manifest new file mode 100644 index 000000000000..328c523e0674 --- /dev/null +++ b/net-analyzer/gvmd/Manifest @@ -0,0 +1 @@ +DIST gvmd-8.0.1.tar.gz 1495311 BLAKE2B 17419f5fecf7cce07536a5e12f17a61a31d45add185e0e1635515834eca6abd8a6babeb89b8f879ff8cb90b60f3682a19a62403142f4901be3f932b8a44cac68 SHA512 5490b902ad42499657eca9031b396c70a82d3c523985601067e697758f2472d123c4e99b085b963e58888d99224fa2a441a140772c702d7cd60d6424b126bfc8 diff --git a/net-analyzer/gvmd/files/greenbone-certdata-sync.conf b/net-analyzer/gvmd/files/greenbone-certdata-sync.conf new file mode 100644 index 000000000000..d31a7331d341 --- /dev/null +++ b/net-analyzer/gvmd/files/greenbone-certdata-sync.conf @@ -0,0 +1 @@ +COMMUNITY_CERT_RSYNC_FEED="rsync://feed.openvas.org:/cert-data" diff --git a/net-analyzer/gvmd/files/greenbone-nvt-sync.conf b/net-analyzer/gvmd/files/greenbone-nvt-sync.conf new file mode 100644 index 000000000000..967c41dec2e3 --- /dev/null +++ b/net-analyzer/gvmd/files/greenbone-nvt-sync.conf @@ -0,0 +1 @@ +COMMUNITY_NVT_RSYNC_FEED="rsync://feed.openvas.org:/nvt-feed" diff --git a/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf b/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf new file mode 100644 index 000000000000..4a7426bc8057 --- /dev/null +++ b/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf @@ -0,0 +1 @@ +COMMUNITY_SCAP_RSYNC_FEED="rsync://feed.openvas.org:/scap-data" diff --git a/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch b/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch new file mode 100644 index 000000000000..bf21acb7b01f --- /dev/null +++ b/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch @@ -0,0 +1,56 @@ +--- a/src/CMakeLists.txt 2019-07-17 17:11:52.000000000 +0300 ++++ b/src/CMakeLists.txt 2019-07-21 22:43:17.299106863 +0300 +@@ -248,12 +248,12 @@ + ## Install + + install (TARGETS ${BINARY_NAME} +- RUNTIME DESTINATION ${SBINDIR} ++ RUNTIME DESTINATION ${BINDIR} + LIBRARY DESTINATION ${LIBDIR} + ARCHIVE DESTINATION ${LIBDIR}/static) + + install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd +- DESTINATION ${SBINDIR}) ++ DESTINATION ${BINDIR}) + + if (BACKEND STREQUAL POSTGRESQL) + install (TARGETS gvm-pg-server +--- a/CMakeLists.txt 2019-07-22 11:31:13.430827400 +0300 ++++ b/CMakeLists.txt 2019-07-22 11:32:29.034765809 +0300 +@@ -571,17 +571,17 @@ + PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) + + install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-portnames-update +- DESTINATION ${SBINDIR} ++ DESTINATION ${BINDIR} + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + + install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-scapdata-sync +- DESTINATION ${SBINDIR} ++ DESTINATION ${BINDIR} + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + + install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-certdata-sync +- DESTINATION ${SBINDIR} ++ DESTINATION ${BINDIR} + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +@@ -593,13 +593,13 @@ + WORLD_READ WORLD_EXECUTE) + + install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-migrate-to-postgres +- DESTINATION ${SBINDIR} ++ DESTINATION ${BINDIR} + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + + if (BACKEND STREQUAL SQLITE3) + install (FILES ${CMAKE_SOURCE_DIR}/tools/database-statistics-sqlite +- DESTINATION ${SBINDIR} ++ DESTINATION ${BINDIR} + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + endif (BACKEND STREQUAL SQLITE3) diff --git a/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch b/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch new file mode 100644 index 000000000000..40b1e0095578 --- /dev/null +++ b/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch @@ -0,0 +1,34 @@ +--- a/tools/greenbone-certdata-sync.in 2019-07-17 17:11:52.000000000 +0300 ++++ b/tools/greenbone-certdata-sync.in 2019-07-22 21:11:36.173099530 +0300 +@@ -494,13 +494,11 @@ + fi + ( + flock -n 9 +- date > $LOCK_FILE + if [ $? -eq 1 ] ; then + log_notice "Sync in progress, exiting." + exit 1 + fi + sync_certdata +- echo -n > $LOCK_FILE +-) 9>$LOCK_FILE ++) + + exit 0 +--- a/tools/greenbone-scapdata-sync.in 2019-07-17 17:11:52.000000000 +0300 ++++ b/tools/greenbone-scapdata-sync.in 2019-07-22 21:12:49.193161531 +0300 +@@ -517,13 +517,11 @@ + fi + ( + flock -n 9 +- date > $LOCK_FILE + if [ $? -eq 1 ] ; then + log_notice "Sync in progress, exiting." + exit 1 + fi + sync_scapdata +- echo -n > $LOCK_FILE +-) 9>$LOCK_FILE ++) + + exit 0 diff --git a/net-analyzer/gvmd/files/gvmd-daemon.conf b/net-analyzer/gvmd/files/gvmd-daemon.conf new file mode 100644 index 000000000000..d97da00c7688 --- /dev/null +++ b/net-analyzer/gvmd/files/gvmd-daemon.conf @@ -0,0 +1,29 @@ +# GVMD command args + +# e.g --foreground +GVMD_OPTIONS="" + +# Manager listen address unix socket +# Failing under non-root user (looking for solution) +GVMD_LISTEN_ADDRESS_UNIX="--unix-socket=/var/run/gvmd.sock" + +# Manager listen address TCP +GVMD_LISTEN_ADDRESS_TCP="--listen=127.0.0.1" + +# Manager listen port +GVMD_PORT="--port=9390" + +# Manager unix socket listen owner +GVMD_LISTEN_OWNER="--listen-owner=gvm" + +# Manager unix socket listen group +GVMD_LISTEN_GROUP="--listen-group=gvm" + +# Manager unix socket listen mode +GVMD_LISTEN_MODE="--listen-mode=755" + +# Scanner listen address unix socket +GVMD_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" + +# TLS settings +GVMD_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0" diff --git a/net-analyzer/gvmd/files/gvmd-startpre.sh b/net-analyzer/gvmd/files/gvmd-startpre.sh new file mode 100644 index 000000000000..d04daa09b0a2 --- /dev/null +++ b/net-analyzer/gvmd/files/gvmd-startpre.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +# Greenbone Vulnerability Manager Systemd ExecStartPre +touch /var/run/gvm-{checking,create-functions,helping,migrating,serving} +chown -R gvm:gvm /var/run/gvm-{checking,create-functions,helping,migrating,serving} diff --git a/net-analyzer/gvmd/files/gvmd.init b/net-analyzer/gvmd/files/gvmd.init new file mode 100644 index 000000000000..9686c9b5398e --- /dev/null +++ b/net-analyzer/gvmd/files/gvmd.init @@ -0,0 +1,24 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +: ${GVMD_USER:=gvm} +: ${GVMD_GROUP:=gvm} +: ${GVMD_TIMEOUT:=30} + +name="Greenbone Vulnerability Manager" +command=/usr/bin/gvmd +command_args="${GVMD_OPTIONS} ${GVMD_LISTEN_ADDRESS_TCP} ${GVMD_PORT} ${GVMD_SCANNER_HOST} ${GVMD_GNUTLS_PRIORITIES}" +command_background="true" +command_user="${GVMD_USER}:${GVMD_GROUP}" +pidfile="/run/gvmd.pid" +retry="${GVMD_TIMEOUT}" + +depend() { + after bootmisc + need localmount net openvassd +} + +start_pre() { + /bin/bash /etc/gvm/gvmd-startpre.sh +} diff --git a/net-analyzer/gvmd/files/gvmd.logrotate b/net-analyzer/gvmd/files/gvmd.logrotate new file mode 100644 index 000000000000..453462575f8b --- /dev/null +++ b/net-analyzer/gvmd/files/gvmd.logrotate @@ -0,0 +1,13 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 +# Daemon ignore HUP so we use 'copytruncate' instead of 'create' +# with safe file size to prevent losing log entries. + +/var/log/gvm/gvmd.log { + compress + missingok + notifempty + sharedscripts + copytruncate + maxsize 10M +} diff --git a/net-analyzer/gvmd/files/gvmd.service b/net-analyzer/gvmd/files/gvmd.service new file mode 100644 index 000000000000..2e3ad84c85a5 --- /dev/null +++ b/net-analyzer/gvmd/files/gvmd.service @@ -0,0 +1,21 @@ +[Unit] +Description=Greenbone Vulnerability Manager +After=network.target +After=openvassd.service +Wants=openvassd.service +Before=gsad.service + +[Service] +Type=forking +PrivateTmp=yes +User=gvm +Group=gvm +PermissionsStartOnly=true +EnvironmentFile=-/etc/gvm/sysconfig/gvmd-daemon.conf +ExecStartPre=-/etc/gvm/gvmd-startpre.sh +ExecStart=/usr/bin/gvmd $GVMD_OPTIONS $GVMD_LISTEN_ADDRESS_TCP $GVMD_PORT $GVMD_SCANNER_HOST $GVMD_GNUTLS_PRIORITIES +Restart=on-failure +RestartSec=10 + +[Install] +WantedBy=multi-user.target diff --git a/net-analyzer/gvmd/gvmd-8.0.1.ebuild b/net-analyzer/gvmd/gvmd-8.0.1.ebuild new file mode 100644 index 000000000000..2c6da5d39c1e --- /dev/null +++ b/net-analyzer/gvmd/gvmd-8.0.1.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +CMAKE_MAKEFILE_GENERATOR="emake" +inherit cmake-utils flag-o-matic systemd toolchain-funcs + +DESCRIPTION="Greenbone vulnerability manager, previously named openvas-manager" +HOMEPAGE="https://www.greenbone.net/en/" +SRC_URI="https://github.com/greenbone/gvmd/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2+" +KEYWORDS="~amd64 ~x86" +IUSE="extras postgres sqlite" +REQUIRED_USE="|| ( postgres sqlite )" + +DEPEND=" + dev-libs/libgcrypt:0= + dev-libs/libical + >=net-analyzer/gvm-libs-10.0.1 + net-libs/gnutls:=[tools] + extras? ( app-text/xmlstarlet + dev-texlive/texlive-latexextra ) + postgres? ( dev-db/postgresql:* ) + sqlite? ( dev-db/sqlite:3 )" + +RDEPEND=" + ${DEPEND} + !net-analyzer/openvas-manager + ~net-analyzer/openvas-scanner-6.0.1" + +BDEPEND=" + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + extras? ( app-doc/doxygen[dot] + app-doc/xmltoman + app-text/htmldoc + dev-libs/libxslt + )" + +PATCHES=( + # Install exec. to /usr/bin instead of /usr/sbin + "${FILESDIR}/${P}-sbin.patch" + # Fix permissions for user gvm. + "${FILESDIR}/${P}-tmplock.patch" +) + +src_prepare() { + cmake-utils_src_prepare + # QA-Fix | Use correct FHS/Gentoo policy paths for 8.0.1 + sed -i -e "s*share/doc/gvm/html/*share/doc/gvmd-${PV}/html/*g" "$S"/doc/CMakeLists.txt || die + sed -i -e "s*/doc/gvm/*/doc/gvmd-${PV}/*g" "$S"/CMakeLists.txt || die + # QA-Fix | Remove !CLANG Doxygen warnings for 8.0.1 + if use extras; then + if ! tc-is-clang; then + local f + for f in doc/*.in + do + sed -i \ + -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \ + -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \ + "${f}" || die "couldn't disable CLANG parsing" + done + fi + fi +} + +src_configure() { + local mycmakeargs=( + "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr" + "-DLOCALSTATEDIR=${EPREFIX}/var" + "-DSYSCONFDIR=${EPREFIX}/etc" + ) + # Add release hardening flags for 8.0.1 + append-cflags -Wno-nonnull -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector + append-ldflags -Wl,-z,relro -Wl,-z,now + cmake-utils_src_configure +} + +src_compile() { + cmake-utils_src_compile + if use extras; then + cmake-utils_src_make -C "${BUILD_DIR}" doc + cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc + HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. ) + fi + cmake-utils_src_make rebuild_cache +} + +src_install() { + cmake-utils_src_install + + dodir /etc/gvm + insinto /etc/gvm + doins -r "${FILESDIR}"/*sync* + + dodir /etc/gvm/sysconfig + insinto /etc/gvm/sysconfig + doins "${FILESDIR}/${PN}-daemon.conf" + + exeinto /etc/gvm + doexe "${FILESDIR}"/gvmd-startpre.sh + + fowners -R gvm:gvm /etc/gvm + + newinitd "${FILESDIR}/${PN}.init" "${PN}" + newconfd "${FILESDIR}/${PN}-daemon.conf" "${PN}" + + insinto /etc/logrotate.d + newins "${FILESDIR}/${PN}.logrotate" "${PN}" + + systemd_dounit "${FILESDIR}/${PN}.service" + + # Set proper permissions on required files/directories + keepdir /var/lib/gvm/gvmd + fowners -R gvm:gvm /var/lib/gvm +} diff --git a/net-analyzer/gvmd/metadata.xml b/net-analyzer/gvmd/metadata.xml new file mode 100644 index 000000000000..36ce32a69a9f --- /dev/null +++ b/net-analyzer/gvmd/metadata.xml @@ -0,0 +1,25 @@ + + + + + hasan.calisir@psauxit.com + Hasan ÇALIŞIR + + + proxy-maint@gentoo.org + Proxy Maintainers + + + Html docs support + + + The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients. + It manages the storage of any vulnerability management configurations and of the scan results. + Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP). + The primary scanner OpenVAS Scanner is controlled directly via protocol OTP while any other + remote scanner is coupled with the Open Scanner Protocol (OSP). + + + greenbone/gvmd + + -- 2.26.2