1 |
commit: e97b0eba18f103b7bbf5867abf1b182bcc8c4a70 |
2 |
Author: Florian Schmaus <flow <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon May 9 12:21:50 2022 +0000 |
4 |
Commit: Florian Schmaus <flow <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon May 9 12:22:24 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e97b0eba |
7 |
|
8 |
net-analyzer/gsad: new package, add 21.4.4 |
9 |
|
10 |
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org> |
11 |
|
12 |
net-analyzer/gsad/Manifest | 1 + |
13 |
.../gsad/files/gsa.nginx.reverse.proxy.example | 78 ++++++++++++++++ |
14 |
net-analyzer/gsad/files/gsad-daemon.conf | 19 ++++ |
15 |
net-analyzer/gsad/files/gsad.init | 20 ++++ |
16 |
net-analyzer/gsad/gsad-21.4.4.ebuild | 101 +++++++++++++++++++++ |
17 |
net-analyzer/gsad/metadata.xml | 15 +++ |
18 |
6 files changed, 234 insertions(+) |
19 |
|
20 |
diff --git a/net-analyzer/gsad/Manifest b/net-analyzer/gsad/Manifest |
21 |
new file mode 100644 |
22 |
index 000000000000..7b657dda3b1f |
23 |
--- /dev/null |
24 |
+++ b/net-analyzer/gsad/Manifest |
25 |
@@ -0,0 +1 @@ |
26 |
+DIST gsad-21.4.4.tar.gz 220618 BLAKE2B 276164ce1e03a6ed211d3bdf24c7f9b5ac832c07891b34b467f61ec02c5670d5368ea3219b3cc445e4ef83fef0aee7375c89ce8008746ea7e08abf50da8fb9fd SHA512 092c8187754b3f0503e4ae6fd9c41dbd6917264668a5f8f831d40e88c7b8db6772acd354db62ac66b4af13b7c27e78516d4975f5bfede0d28001007a46c39f75 |
27 |
|
28 |
diff --git a/net-analyzer/gsad/files/gsa.nginx.reverse.proxy.example b/net-analyzer/gsad/files/gsa.nginx.reverse.proxy.example |
29 |
new file mode 100644 |
30 |
index 000000000000..b233911a2f1d |
31 |
--- /dev/null |
32 |
+++ b/net-analyzer/gsad/files/gsa.nginx.reverse.proxy.example |
33 |
@@ -0,0 +1,78 @@ |
34 |
+upstream backend { |
35 |
+ server 127.0.0.1:9392; |
36 |
+ keepalive 64; |
37 |
+} |
38 |
+ |
39 |
+server { |
40 |
+ listen IP:80; |
41 |
+ server_name openvas.domain.tdl; |
42 |
+ return 301 https://openvas.domain.tdl$request_uri; |
43 |
+} |
44 |
+ |
45 |
+server { |
46 |
+ listen IP:443 ssl http2; |
47 |
+ server_name openvas.domain.tdl; |
48 |
+ access_log /var/log/nginx/openvas.domain.tdl.access.log; |
49 |
+ error_log /var/log/nginx/openvas.domain.tdl.error.log; |
50 |
+ # Not sourcing directly from file |
51 |
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
52 |
+ fastcgi_param QUERY_STRING $query_string; |
53 |
+ fastcgi_param REQUEST_METHOD $request_method; |
54 |
+ fastcgi_param CONTENT_TYPE $content_type; |
55 |
+ fastcgi_param CONTENT_LENGTH $content_length; |
56 |
+ fastcgi_param SCRIPT_NAME $fastcgi_script_name; |
57 |
+ fastcgi_param REQUEST_URI $request_uri; |
58 |
+ fastcgi_param DOCUMENT_URI $document_uri; |
59 |
+ fastcgi_param SERVER_PROTOCOL $server_protocol; |
60 |
+ fastcgi_param REQUEST_SCHEME $scheme; |
61 |
+ fastcgi_param HTTPS $https; |
62 |
+ fastcgi_param GATEWAY_INTERFACE CGI/1.1; |
63 |
+ fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; |
64 |
+ fastcgi_param REMOTE_ADDR $remote_addr; |
65 |
+ fastcgi_param REMOTE_PORT $remote_port; |
66 |
+ fastcgi_param SERVER_ADDR $server_addr; |
67 |
+ fastcgi_param SERVER_PORT $server_port; |
68 |
+ fastcgi_param SERVER_NAME $server_name; |
69 |
+ fastcgi_param REDIRECT_STATUS 200; |
70 |
+ fastcgi_param HTTP_PROXY ""; |
71 |
+ fastcgi_param PATH_INFO $fastcgi_path_info; |
72 |
+ fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; |
73 |
+ fastcgi_param DOCUMENT_ROOT $document_root; |
74 |
+ |
75 |
+ location / { |
76 |
+ proxy_set_header Host $http_host; |
77 |
+ proxy_set_header X-Real-IP $remote_addr; |
78 |
+ proxy_set_header REMOTE_HOST $remote_addr; |
79 |
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
80 |
+ proxy_set_header X-FORWARDED-PROTOCOL $scheme; |
81 |
+ proxy_pass https://backend; |
82 |
+ proxy_http_version 1.1; |
83 |
+ proxy_pass_request_headers on; |
84 |
+ proxy_set_header Connection "keep-alive"; |
85 |
+ proxy_store off; |
86 |
+ gzip on; |
87 |
+ gzip_proxied any; |
88 |
+ gzip_types *; |
89 |
+ } |
90 |
+ |
91 |
+ resolver 127.0.0.1; |
92 |
+ resolver_timeout 6s; |
93 |
+ ssl_certificate /openvas.domain.tdl/fullchain.pem; |
94 |
+ ssl_certificate_key /openvas.domain.tdl/privkey.pem; |
95 |
+ ssl_trusted_certificate /openvas.domain.tdl/chain.pem; |
96 |
+ ssl_dhparam /openvas.domain.tdl/dhparam.pem; |
97 |
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
98 |
+ ssl_prefer_server_ciphers on; |
99 |
+ ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; |
100 |
+ ssl_ecdh_curve secp384r1; |
101 |
+ ssl_stapling on; |
102 |
+ ssl_stapling_verify on; |
103 |
+ ssl_session_cache shared:SSL:40m; |
104 |
+ ssl_session_timeout 21h; |
105 |
+ ssl_session_tickets off; |
106 |
+ ssl_buffer_size 4k; |
107 |
+ add_header Referrer-Policy no-referrer-when-downgrade; |
108 |
+ add_header X-Frame-Options "SAMEORIGIN"; |
109 |
+ add_header X-Content-Type-Options "nosniff"; |
110 |
+ add_header X-XSS-Protection "1; mode=block"; |
111 |
+} |
112 |
|
113 |
diff --git a/net-analyzer/gsad/files/gsad-daemon.conf b/net-analyzer/gsad/files/gsad-daemon.conf |
114 |
new file mode 100644 |
115 |
index 000000000000..f7c7ee514e50 |
116 |
--- /dev/null |
117 |
+++ b/net-analyzer/gsad/files/gsad-daemon.conf |
118 |
@@ -0,0 +1,19 @@ |
119 |
+# Greenbone Security Assistant command args |
120 |
+ |
121 |
+# e.g. --foreground | e.g. --no-redirect |
122 |
+GSAD_OPTIONS="--no-redirect" |
123 |
+ |
124 |
+# GSAD listen adress |
125 |
+GSAD_LISTEN_ADDRESS="--listen=127.0.0.1" |
126 |
+ |
127 |
+# GSAD listen port |
128 |
+GSAD_LISTEN_PORT="--port=9392" |
129 |
+ |
130 |
+# GVMD listen address |
131 |
+GVMD_LISTEN_ADDRESS="--mlisten=127.0.0.1" |
132 |
+ |
133 |
+# GVMD listen port |
134 |
+GVMD_LISTEN_PORT="--mport=9390" |
135 |
+ |
136 |
+# TLS Settings |
137 |
+GSAD_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" |
138 |
|
139 |
diff --git a/net-analyzer/gsad/files/gsad.init b/net-analyzer/gsad/files/gsad.init |
140 |
new file mode 100644 |
141 |
index 000000000000..79004c8481c5 |
142 |
--- /dev/null |
143 |
+++ b/net-analyzer/gsad/files/gsad.init |
144 |
@@ -0,0 +1,20 @@ |
145 |
+#!/sbin/openrc-run |
146 |
+# Copyright 1999-2022 Gentoo Authors |
147 |
+# Distributed under the terms of the GNU General Public License v2 |
148 |
+ |
149 |
+: ${GSAD_USER:=gvm} |
150 |
+: ${GSAD_GROUP:=$(id -ng ${GSAD_USER})} |
151 |
+: ${GSAD_TIMEOUT:=30} |
152 |
+ |
153 |
+name="Greenbone Security Assistant (GSA)" |
154 |
+command="/usr/bin/gsad" |
155 |
+command_args="--foreground ${GSAD_OPTIONS} ${GSAD_LISTEN_ADDRESS} ${GSAD_LISTEN_PORT} ${GVMD_LISTEN_ADDRESS} ${GVMD_LISTEN_PORT} ${GSAD_GNUTLS_PRIORITIES}" |
156 |
+command_background="true" |
157 |
+command_user="${GSAD_USER}:${GSAD_GROUP}" |
158 |
+pidfile="/run/gsad.pid" |
159 |
+retry="${GSAD_TIMEOUT}" |
160 |
+ |
161 |
+depend() { |
162 |
+ after bootmisc |
163 |
+ need localmount net gvmd |
164 |
+} |
165 |
|
166 |
diff --git a/net-analyzer/gsad/gsad-21.4.4.ebuild b/net-analyzer/gsad/gsad-21.4.4.ebuild |
167 |
new file mode 100644 |
168 |
index 000000000000..24f235b07056 |
169 |
--- /dev/null |
170 |
+++ b/net-analyzer/gsad/gsad-21.4.4.ebuild |
171 |
@@ -0,0 +1,101 @@ |
172 |
+# Copyright 1999-2022 Gentoo Authors |
173 |
+# Distributed under the terms of the GNU General Public License v2 |
174 |
+ |
175 |
+EAPI=8 |
176 |
+ |
177 |
+inherit cmake systemd toolchain-funcs |
178 |
+ |
179 |
+DESCRIPTION="Greenbone Security Assistant" |
180 |
+HOMEPAGE="https://www.greenbone.net https://github.com/greenbone/gsad" |
181 |
+SRC_URI="https://github.com/greenbone/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" |
182 |
+ |
183 |
+SLOT="0" |
184 |
+LICENSE="AGPL-3+" |
185 |
+KEYWORDS="~amd64 ~x86" |
186 |
+IUSE="doc" |
187 |
+ |
188 |
+DEPEND=" |
189 |
+ acct-user/gvm |
190 |
+ dev-libs/glib:2 |
191 |
+ dev-libs/libgcrypt:0= |
192 |
+ dev-libs/libxml2 |
193 |
+ dev-libs/libxslt |
194 |
+ >=net-analyzer/gvm-libs-${PV} |
195 |
+ net-libs/gnutls:= |
196 |
+ net-libs/libmicrohttpd:= |
197 |
+" |
198 |
+RDEPEND=" |
199 |
+ ${DEPEND} |
200 |
+ >=net-analyzer/gvmd-${PV} |
201 |
+ >=net-analyzer/gsa-${PV} |
202 |
+ net-analyzer/ospd-openvas |
203 |
+" |
204 |
+BDEPEND=" |
205 |
+ dev-python/polib |
206 |
+ virtual/pkgconfig |
207 |
+ doc? ( |
208 |
+ app-doc/doxygen[dot] |
209 |
+ app-doc/xmltoman |
210 |
+ app-text/htmldoc |
211 |
+ sys-devel/gettext |
212 |
+ ) |
213 |
+" |
214 |
+ |
215 |
+src_prepare() { |
216 |
+ cmake_src_prepare |
217 |
+ |
218 |
+ # QA-Fix | Remove !CLANG doxygen warnings for 9.0.0 |
219 |
+ if use doc; then |
220 |
+ if ! tc-is-clang; then |
221 |
+ local f |
222 |
+ for f in doc/*.in |
223 |
+ do |
224 |
+ sed -i \ |
225 |
+ -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \ |
226 |
+ -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \ |
227 |
+ "${f}" || die "couldn't disable CLANG parsing" |
228 |
+ done |
229 |
+ fi |
230 |
+ fi |
231 |
+ |
232 |
+ # Do not install the empty /run/gsad run dir. https://github.com/greenbone/gsad/pull/54 |
233 |
+ sed -i "/^install.*GSAD_RUN_DIR/d" CMakeLists.txt || die |
234 |
+ |
235 |
+ # Drop Group= directive. https://github.com/greenbone/gsad/pull/55 |
236 |
+ sed -i "/^Group=/d" config/gsad.service.in || die |
237 |
+} |
238 |
+ |
239 |
+src_configure() { |
240 |
+ local mycmakeargs=( |
241 |
+ "-DLOCALSTATEDIR=${EPREFIX}/var" |
242 |
+ "-DSYSCONFDIR=${EPREFIX}/etc" |
243 |
+ "-DSBINDIR=${EPREFIX}/usr/bin" |
244 |
+ "-DGSAD_PID_DIR=/run/gsad" |
245 |
+ "-DSYSTEMD_SERVICE_DIR=$(systemd_get_systemunitdir)" |
246 |
+ "-DLOGROTATE_DIR=${EPREFIX}/etc/logrotate.d" |
247 |
+ ) |
248 |
+ cmake_src_configure |
249 |
+} |
250 |
+ |
251 |
+src_compile() { |
252 |
+ # setting correct PATH for finding react-js |
253 |
+ NODE_ENV=production PATH="$PATH:${S}/gsa/node_modules/.bin/" cmake_src_compile |
254 |
+ if use doc; then |
255 |
+ cmake_build -C "${BUILD_DIR}" doc |
256 |
+ cmake_build doc-full -C "${BUILD_DIR}" doc |
257 |
+ fi |
258 |
+ cmake_build rebuild_cache |
259 |
+} |
260 |
+ |
261 |
+src_install() { |
262 |
+ if use doc; then |
263 |
+ local HTML_DOCS=( "${BUILD_DIR}/doc/generated/html/." ) |
264 |
+ fi |
265 |
+ cmake_src_install |
266 |
+ |
267 |
+ insinto /etc/gvm/sysconfig |
268 |
+ doins "${FILESDIR}/${PN}-daemon.conf" |
269 |
+ |
270 |
+ newinitd "${FILESDIR}/${PN}.init" "${PN}" |
271 |
+ newconfd "${FILESDIR}/${PN}-daemon.conf" "${PN}" |
272 |
+} |
273 |
|
274 |
diff --git a/net-analyzer/gsad/metadata.xml b/net-analyzer/gsad/metadata.xml |
275 |
new file mode 100644 |
276 |
index 000000000000..c68ff94a68fa |
277 |
--- /dev/null |
278 |
+++ b/net-analyzer/gsad/metadata.xml |
279 |
@@ -0,0 +1,15 @@ |
280 |
+<?xml version="1.0" encoding="UTF-8"?> |
281 |
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> |
282 |
+<pkgmetadata> |
283 |
+ <maintainer type="person" proxied="yes"> |
284 |
+ <email>jonas.licht@×××××.com</email> |
285 |
+ <name>Jonas Licht</name> |
286 |
+ </maintainer> |
287 |
+ <maintainer type="project" proxied="proxy"> |
288 |
+ <email>proxy-maint@g.o</email> |
289 |
+ <name>Proxy Maintainers</name> |
290 |
+ </maintainer> |
291 |
+ <upstream> |
292 |
+ <remote-id type="github">greenbone/gsad</remote-id> |
293 |
+ </upstream> |
294 |
+</pkgmetadata> |