1 |
commit: 0a333bcfaacbad0dad5757cb0de488b952d694cc |
2 |
Author: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit <DOT> com> |
3 |
AuthorDate: Mon Aug 12 15:01:24 2019 +0000 |
4 |
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Oct 28 04:01:56 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a333bcf |
7 |
|
8 |
net-analyzer/openvas-scanner: bump to 6.0.1 & update metadata. |
9 |
|
10 |
Bump to 6.0.1. Update metadata. |
11 |
This also fixes bug 684220 and |
12 |
introduces the new USE flag 'cron'. |
13 |
|
14 |
Closes: https://bugs.gentoo.org/684220 |
15 |
Reported-by: aleck <rickrick <AT> stachelkaktus.net> |
16 |
Package-Manager: Portage-2.3.69, Repoman-2.3.16 |
17 |
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com> |
18 |
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org> |
19 |
|
20 |
net-analyzer/openvas-scanner/Manifest | 1 + |
21 |
.../openvas-scanner/files/gvm-feed-sync.cron | 1 + |
22 |
.../openvas-scanner/files/gvm-feed-sync.sh | 45 +++++++ |
23 |
.../files/openvas-scanner-6.0.1-sbin.patch | 21 ++++ |
24 |
.../openvas-scanner/files/openvassd-daemon.conf | 17 +++ |
25 |
.../openvas-scanner/files/openvassd.gvm.conf | 124 ++++++++++++++++++ |
26 |
net-analyzer/openvas-scanner/files/openvassd.init | 14 +++ |
27 |
.../openvas-scanner/files/openvassd.logrotate | 13 ++ |
28 |
.../openvas-scanner/files/openvassd.service | 16 +++ |
29 |
net-analyzer/openvas-scanner/metadata.xml | 9 ++ |
30 |
.../openvas-scanner/openvas-scanner-6.0.1.ebuild | 138 +++++++++++++++++++++ |
31 |
11 files changed, 399 insertions(+) |
32 |
|
33 |
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest |
34 |
index 12763409b46..7d55d149a97 100644 |
35 |
--- a/net-analyzer/openvas-scanner/Manifest |
36 |
+++ b/net-analyzer/openvas-scanner/Manifest |
37 |
@@ -1 +1,2 @@ |
38 |
DIST openvas-scanner-5.1.3.tar.gz 254159 BLAKE2B d90fa15e143ead53abce66f933a3a4cac327176cca0f23bd88fe771ed7726b1891784ae980644c8335e560d348753115e43cfae83af9704e2d1d02827163563f SHA512 5712ab275058877cfd656e268ed09c81db6617ae247c17092f1fcd037f692f2018daf21b09b82401f99a7361bb485f0e0f7d63f8ff2387839cfdd5a3aaf8424e |
39 |
+DIST openvas-scanner-6.0.1.tar.gz 522100 BLAKE2B af82b41736329bd90ba1ea73a0ace36d4115375f81a7aaff5d3bd50f21cfa3195cdf4012aa952da52c4103a31475de5c5790ef3e2e36180aa06737371fa0e5a0 SHA512 db4087fffe1d50e232fa1e51325cf7f142237e2bd3cc5dcaa1e7058a4871300f352f2c0e700eae72ea9412c347b072e9d1f2eca508b27cb30f36c6895ec95147 |
40 |
|
41 |
diff --git a/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron b/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron |
42 |
new file mode 100644 |
43 |
index 00000000000..5563b92929b |
44 |
--- /dev/null |
45 |
+++ b/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron |
46 |
@@ -0,0 +1 @@ |
47 |
+0 2 * * * gvm [ -x /etc/gvm/gvm-feed-sync.sh ] && /bin/bash /etc/gvm/gvm-feed-sync.sh > /dev/null |
48 |
|
49 |
diff --git a/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh b/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh |
50 |
new file mode 100644 |
51 |
index 00000000000..ba21632a4d6 |
52 |
--- /dev/null |
53 |
+++ b/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh |
54 |
@@ -0,0 +1,45 @@ |
55 |
+#!/bin/sh |
56 |
+# Copyright 1999-2019 Gentoo Authors |
57 |
+# Distributed under the terms of the GNU General Public License v2 |
58 |
+# GVM cron script that updates feed. |
59 |
+ |
60 |
+# Start to update FEED & First NVT. |
61 |
+try=0 |
62 |
+until [ $try -ge 5 ]; do |
63 |
+ greenbone-nvt-sync --curl &>/dev/null && break |
64 |
+ try=$[$try+1] |
65 |
+ sleep 30 |
66 |
+done |
67 |
+ |
68 |
+# Check status |
69 |
+if [ $? -eq 0 ]; then |
70 |
+ # Avoid your IP temporary banned because of multiple connection |
71 |
+ sleep 5 |
72 |
+ # Try to update scapdata. |
73 |
+ try=0 |
74 |
+ until [ $try -ge 5 ]; do |
75 |
+ greenbone-scapdata-sync &>/dev/null && break |
76 |
+ try=$[$try+1] |
77 |
+ sleep 30 |
78 |
+ done |
79 |
+ |
80 |
+ # Check status |
81 |
+ if [ $? -eq 0 ]; then |
82 |
+ # Avoid your IP temporary banned because of multiple connection |
83 |
+ sleep 5 |
84 |
+ # Try to update certdata |
85 |
+ try=0 |
86 |
+ until [ $try -ge 5 ]; do |
87 |
+ greenbone-certdata-sync &>/dev/null && break |
88 |
+ try=$[$try+1] |
89 |
+ sleep 30 |
90 |
+ done |
91 |
+ |
92 |
+ # Check status |
93 |
+ if [ $? -eq 0 ]; then |
94 |
+ exit 0 |
95 |
+ else |
96 |
+ exit 1 |
97 |
+ fi |
98 |
+ fi |
99 |
+fi |
100 |
|
101 |
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch |
102 |
new file mode 100644 |
103 |
index 00000000000..d5b8a2a6b62 |
104 |
--- /dev/null |
105 |
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch |
106 |
@@ -0,0 +1,21 @@ |
107 |
+--- a/src/CMakeLists.txt 2019-07-21 23:16:18.608251465 +0300 |
108 |
++++ b/src/CMakeLists.txt 2019-07-21 23:17:08.434210058 +0300 |
109 |
+@@ -175,7 +175,7 @@ |
110 |
+ ## Install |
111 |
+ |
112 |
+ install (TARGETS openvassd |
113 |
+- RUNTIME DESTINATION ${SBINDIR} |
114 |
++ RUNTIME DESTINATION ${BINDIR} |
115 |
+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE |
116 |
+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) |
117 |
+ |
118 |
+@@ -183,7 +183,7 @@ |
119 |
+ DESTINATION ${OPENVAS_SYSCONF_DIR}) |
120 |
+ |
121 |
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync |
122 |
+- DESTINATION ${SBINDIR} |
123 |
++ DESTINATION ${BINDIR} |
124 |
+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE |
125 |
+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) |
126 |
+ |
127 |
+ |
128 |
|
129 |
diff --git a/net-analyzer/openvas-scanner/files/openvassd-daemon.conf b/net-analyzer/openvas-scanner/files/openvassd-daemon.conf |
130 |
new file mode 100644 |
131 |
index 00000000000..6bb70d16535 |
132 |
--- /dev/null |
133 |
+++ b/net-analyzer/openvas-scanner/files/openvassd-daemon.conf |
134 |
@@ -0,0 +1,17 @@ |
135 |
+# OpenVAS Scanner command args |
136 |
+ |
137 |
+# e.g --foreground |
138 |
+OPENVAS_SCANNER_OPTIONS="" |
139 |
+ |
140 |
+# Scanner listen socket |
141 |
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" |
142 |
+ |
143 |
+# Scanner listen owner |
144 |
+OPENVAS_SCANNER_LISTEN_OWNER="--listen-owner=gvm" |
145 |
+ |
146 |
+# Scanner listen group |
147 |
+OPENVAS_SCANNER_LISTEN_GROUP="--listen-group=gvm" |
148 |
+ |
149 |
+# Scanner listen mode |
150 |
+OPENVAS_SCANNER_LISTEN_MODE="--listen-mode=755" |
151 |
+ |
152 |
|
153 |
diff --git a/net-analyzer/openvas-scanner/files/openvassd.gvm.conf b/net-analyzer/openvas-scanner/files/openvassd.gvm.conf |
154 |
new file mode 100644 |
155 |
index 00000000000..5dfb8b52745 |
156 |
--- /dev/null |
157 |
+++ b/net-analyzer/openvas-scanner/files/openvassd.gvm.conf |
158 |
@@ -0,0 +1,124 @@ |
159 |
+# You can get detailed informations from https://linux.die.net/man/8/openvassd |
160 |
+# Configuration file of the OpenVAS Security Scanner |
161 |
+# Every line starting with a '#' is a comment |
162 |
+ |
163 |
+[Misc] |
164 |
+ |
165 |
+# Path to the security checks folder: |
166 |
+plugins_folder = /var/lib/openvas/plugins |
167 |
+ |
168 |
+# Path to OpenVAS caching folder: |
169 |
+cache_folder = /var/cache/openvas |
170 |
+ |
171 |
+# Path to OpenVAS include directories: |
172 |
+# (multiple entries are separated with colon ':') |
173 |
+include_folders = /var/lib/openvas/plugins |
174 |
+ |
175 |
+# Config File |
176 |
+config_file = /etc/openvas/openvassd.conf |
177 |
+ |
178 |
+# Maximum number of simultaneous hosts tested : |
179 |
+max_hosts = 30 |
180 |
+ |
181 |
+# Maximum number of simultaneous checks against each host tested : |
182 |
+max_checks = 10 |
183 |
+ |
184 |
+# Niceness. If set to 'yes', openvassd will renice itself to 10. |
185 |
+be_nice = no |
186 |
+ |
187 |
+# Log file (or 'syslog') : |
188 |
+logfile = /var/log/gvm/openvassd.log |
189 |
+ |
190 |
+# Shall we log every details of the attack ? (disk intensive) |
191 |
+log_whole_attack = no |
192 |
+ |
193 |
+# Log the name of the plugins that are loaded by the server ? |
194 |
+log_plugins_name_at_load = no |
195 |
+ |
196 |
+# Dump file for debugging output, use `-' for stdout |
197 |
+dumpfile = /var/log/gvm/openvassd.dump |
198 |
+ |
199 |
+# Rules file : |
200 |
+rules = /etc/openvas/openvassd.rules |
201 |
+ |
202 |
+# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) |
203 |
+cgi_path = /cgi-bin:/scripts |
204 |
+ |
205 |
+# Range of the ports the port scanners will scan : |
206 |
+# 'default' means that OpenVAS will scan ports found in its |
207 |
+# services file. |
208 |
+port_range = default |
209 |
+ |
210 |
+# Optimize the test (recommended) : |
211 |
+# Turn off for push hard but increase false positive and slow down scans |
212 |
+optimize_test = yes |
213 |
+ |
214 |
+# Optimization : |
215 |
+# Read timeout for the sockets of the tests : |
216 |
+checks_read_timeout = 5 |
217 |
+ |
218 |
+# Ports against which two plugins should not be run simultaneously : |
219 |
+# non_simult_ports = Services/www, 139, Services/finger |
220 |
+non_simult_ports = 139, 445 |
221 |
+ |
222 |
+# Maximum lifetime of a plugin (in seconds) : |
223 |
+plugins_timeout = 320 |
224 |
+ |
225 |
+# Safe checks rely on banner grabbing & If enabled push harder to target: |
226 |
+safe_checks = yes |
227 |
+ |
228 |
+# Automatically activate the plugins that are depended on |
229 |
+auto_enable_dependencies = yes |
230 |
+ |
231 |
+# Do not echo data from plugins which have been automatically enabled |
232 |
+silent_dependencies = no |
233 |
+ |
234 |
+# Designate hosts by MAC address, not IP address (useful for DHCP networks) |
235 |
+use_mac_addr = no |
236 |
+ |
237 |
+ |
238 |
+#--- Knowledge base saving (can be configured by the client) : |
239 |
+# Save the knowledge base on disk : |
240 |
+save_knowledge_base = no |
241 |
+ |
242 |
+# Restore the KB for each test : |
243 |
+kb_restore = no |
244 |
+ |
245 |
+# Only test hosts whose KB we do not have : |
246 |
+only_test_hosts_whose_kb_we_dont_have = no |
247 |
+ |
248 |
+# Only test hosts whose KB we already have : |
249 |
+only_test_hosts_whose_kb_we_have = no |
250 |
+ |
251 |
+# KB test replay : |
252 |
+kb_dont_replay_scanners = no |
253 |
+kb_dont_replay_info_gathering = no |
254 |
+kb_dont_replay_attacks = no |
255 |
+kb_dont_replay_denials = no |
256 |
+kb_max_age = 864000 |
257 |
+#--- end of the KB section |
258 |
+ |
259 |
+# Redis socket default setting |
260 |
+db_address = /tmp/redis.sock |
261 |
+ |
262 |
+# If this option is set, OpenVAS will not scan a network incrementally |
263 |
+# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to |
264 |
+# slice the workload throughout the whole network (ie: it will scan |
265 |
+# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... |
266 |
+slice_network_addresses = no |
267 |
+ |
268 |
+# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') |
269 |
+nasl_no_signature_check = yes |
270 |
+ |
271 |
+#Certificates |
272 |
+cert_file=/var/lib/gvm/CA/servercert.pem |
273 |
+key_file=/var/lib/gvm/private/CA/serverkey.pem |
274 |
+ca_file=/var/lib/gvm/CA/cacert.pem |
275 |
+ |
276 |
+# If you decide to protect your private key with a password, |
277 |
+# uncomment and change next line |
278 |
+# pem_password=password |
279 |
+# If you want to force the use of a client certificate, uncomment next line |
280 |
+# force_pubkey_auth = yes |
281 |
+ |
282 |
+#end. |
283 |
|
284 |
diff --git a/net-analyzer/openvas-scanner/files/openvassd.init b/net-analyzer/openvas-scanner/files/openvassd.init |
285 |
new file mode 100644 |
286 |
index 00000000000..9bd7332134f |
287 |
--- /dev/null |
288 |
+++ b/net-analyzer/openvas-scanner/files/openvassd.init |
289 |
@@ -0,0 +1,14 @@ |
290 |
+#!/sbin/openrc-run |
291 |
+# Copyright 1999-2019 Gentoo Authors |
292 |
+# Distributed under the terms of the GNU General Public License v2 |
293 |
+ |
294 |
+name="Open Vulnerability Assessment Scanner" |
295 |
+command="/usr/bin/openvassd" |
296 |
+command_args="${OPENVAS_SCANNER_OPTIONS} ${OPENVAS_SCANNER_LISTEN_SOCKET} ${OPENVAS_SCANNER_LISTEN_OWNER} ${OPENVAS_SCANNER_LISTEN_GROUP} ${OPENVAS_SCANNER_LISTEN_MODE}" |
297 |
+pidfile="/run/openvassd.pid" |
298 |
+command_background="true" |
299 |
+ |
300 |
+depend() { |
301 |
+ after bootmisc |
302 |
+ need localmount net redis |
303 |
+} |
304 |
|
305 |
diff --git a/net-analyzer/openvas-scanner/files/openvassd.logrotate b/net-analyzer/openvas-scanner/files/openvassd.logrotate |
306 |
new file mode 100644 |
307 |
index 00000000000..9cf47d54763 |
308 |
--- /dev/null |
309 |
+++ b/net-analyzer/openvas-scanner/files/openvassd.logrotate |
310 |
@@ -0,0 +1,13 @@ |
311 |
+# Copyright 1999-2019 Gentoo Authors |
312 |
+# Distributed under the terms of the GNU General Public License v2 |
313 |
+# Daemon ignore HUP so we use 'copytruncate' instead of 'create' |
314 |
+# with safe file size to prevent losing log entries. |
315 |
+ |
316 |
+/var/log/gvm/openvassd.log { |
317 |
+ compress |
318 |
+ missingok |
319 |
+ notifempty |
320 |
+ sharedscripts |
321 |
+ copytruncate |
322 |
+ maxsize 10M |
323 |
+} |
324 |
|
325 |
diff --git a/net-analyzer/openvas-scanner/files/openvassd.service b/net-analyzer/openvas-scanner/files/openvassd.service |
326 |
new file mode 100644 |
327 |
index 00000000000..b7d7df8bbab |
328 |
--- /dev/null |
329 |
+++ b/net-analyzer/openvas-scanner/files/openvassd.service |
330 |
@@ -0,0 +1,16 @@ |
331 |
+[Unit] |
332 |
+Description=Open Vulnerability Assessment Scanner |
333 |
+After=network.target |
334 |
+After=redis.service |
335 |
+Before=gvmd.service |
336 |
+Requires=redis.service |
337 |
+ |
338 |
+[Service] |
339 |
+Type=forking |
340 |
+EnvironmentFile=-/etc/openvas/sysconfig/openvassd-daemon.conf |
341 |
+ExecStart=/usr/bin/openvassd $OPENVAS_SCANNER_OPTIONS $OPENVAS_SCANNER_LISTEN_SOCKET $OPENVAS_SCANNER_LISTEN_OWNER $OPENVAS_SCANNER_LISTEN_GROUP $OPENVAS_SCANNER_LISTEN_MODE |
342 |
+Restart=on-failure |
343 |
+RestartSec=10 |
344 |
+ |
345 |
+[Install] |
346 |
+WantedBy=multi-user.target |
347 |
|
348 |
diff --git a/net-analyzer/openvas-scanner/metadata.xml b/net-analyzer/openvas-scanner/metadata.xml |
349 |
index fa26aa942e1..50c99b9436c 100644 |
350 |
--- a/net-analyzer/openvas-scanner/metadata.xml |
351 |
+++ b/net-analyzer/openvas-scanner/metadata.xml |
352 |
@@ -10,6 +10,15 @@ |
353 |
<name>Proxy Maintainers</name> |
354 |
</maintainer> |
355 |
<use> |
356 |
+ <flag name="cron">Install a cron job to update GVM's feed daily.</flag> |
357 |
<flag name="extras">Html docs support</flag> |
358 |
</use> |
359 |
+ <longdescription lang="en"> |
360 |
+ Open Vulnerability Assessment System (OpenVAS) Scanner is the Greenbone Vulnerability Management (GVM) Solution. |
361 |
+ It is used for the Greenbone Security Manager appliances and is a full-featured scan engine that executes a continuously |
362 |
+ updated and extended feed of Network Vulnerability Tests (NVTs). |
363 |
+ </longdescription> |
364 |
+ <upstream> |
365 |
+ <remote-id type="github">greenbone/openvas-scanner</remote-id> |
366 |
+ </upstream> |
367 |
</pkgmetadata> |
368 |
|
369 |
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild |
370 |
new file mode 100644 |
371 |
index 00000000000..1700d942181 |
372 |
--- /dev/null |
373 |
+++ b/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild |
374 |
@@ -0,0 +1,138 @@ |
375 |
+# Copyright 1999-2019 Gentoo Authors |
376 |
+# Distributed under the terms of the GNU General Public License v2 |
377 |
+ |
378 |
+EAPI=7 |
379 |
+ |
380 |
+CMAKE_MAKEFILE_GENERATOR="emake" |
381 |
+inherit cmake-utils flag-o-matic systemd toolchain-funcs |
382 |
+ |
383 |
+MY_PN="openvas" |
384 |
+MY_DN="openvassd" |
385 |
+ |
386 |
+DESCRIPTION="Open Vulnerability Assessment Scanner" |
387 |
+HOMEPAGE="https://www.greenbone.net/en/" |
388 |
+SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz" |
389 |
+ |
390 |
+SLOT="0" |
391 |
+LICENSE="GPL-2 GPL-2+" |
392 |
+KEYWORDS="~amd64 ~x86" |
393 |
+IUSE="cron extras" |
394 |
+ |
395 |
+DEPEND=" |
396 |
+ app-crypt/gpgme:= |
397 |
+ dev-db/redis |
398 |
+ dev-libs/libgcrypt:= |
399 |
+ dev-libs/libksba |
400 |
+ >=net-analyzer/gvm-libs-10.0.1 |
401 |
+ net-analyzer/net-snmp |
402 |
+ net-libs/gnutls:= |
403 |
+ net-libs/libpcap |
404 |
+ net-libs/libssh:= |
405 |
+" |
406 |
+ |
407 |
+RDEPEND=" |
408 |
+ ${DEPEND} |
409 |
+ !~net-analyzer/openvas-scanner-5.1.3 |
410 |
+ !net-analyzer/openvas-tools" |
411 |
+ |
412 |
+BDEPEND=" |
413 |
+ sys-devel/bison |
414 |
+ sys-devel/flex |
415 |
+ virtual/pkgconfig |
416 |
+ extras? ( app-doc/doxygen[dot] |
417 |
+ app-doc/xmltoman |
418 |
+ app-text/htmldoc |
419 |
+ dev-perl/CGI |
420 |
+ dev-perl/SQL-Translator |
421 |
+ )" |
422 |
+ |
423 |
+BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build" |
424 |
+S="${WORKDIR}/${MY_PN}-${PV}" |
425 |
+ |
426 |
+PATCHES=( |
427 |
+ # Install exec. to /usr/bin instead of /usr/sbin |
428 |
+ "${FILESDIR}/${P}-sbin.patch" |
429 |
+) |
430 |
+ |
431 |
+src_prepare() { |
432 |
+ cmake-utils_src_prepare |
433 |
+ # QA-Fix | Correct FHS/Gentoo policy paths for 6.0.1 |
434 |
+ sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/src/CMakeLists.txt || die |
435 |
+ # QA-Fix | Remove !CLANG doxygen warnings for 6.0.1 |
436 |
+ if use extras; then |
437 |
+ if ! tc-is-clang; then |
438 |
+ local f |
439 |
+ for f in doc/*.in |
440 |
+ do |
441 |
+ sed -i \ |
442 |
+ -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \ |
443 |
+ -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \ |
444 |
+ "${f}" || die "couldn't disable CLANG parsing" |
445 |
+ done |
446 |
+ fi |
447 |
+ fi |
448 |
+} |
449 |
+ |
450 |
+src_configure() { |
451 |
+ local mycmakeargs=( |
452 |
+ "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr" |
453 |
+ "-DLOCALSTATEDIR=${EPREFIX}/var" |
454 |
+ "-DSYSCONFDIR=${EPREFIX}/etc" |
455 |
+ ) |
456 |
+ # Add release hardening flags for 6.0.1 |
457 |
+ append-cflags -Wno-format-truncation -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector |
458 |
+ append-ldflags -Wl,-z,relro -Wl,-z,now |
459 |
+ cmake-utils_src_configure |
460 |
+} |
461 |
+ |
462 |
+src_compile() { |
463 |
+ cmake-utils_src_compile |
464 |
+ if use extras; then |
465 |
+ cmake-utils_src_make -C "${BUILD_DIR}" doc |
466 |
+ cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc |
467 |
+ HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. ) |
468 |
+ fi |
469 |
+ cmake-utils_src_make rebuild_cache |
470 |
+} |
471 |
+ |
472 |
+src_install() { |
473 |
+ cmake-utils_src_install |
474 |
+ |
475 |
+ dodir /etc/openvas |
476 |
+ insinto /etc/openvas |
477 |
+ newins "${FILESDIR}/${MY_DN}.gvm.conf" openvassd.conf |
478 |
+ |
479 |
+ insinto /etc/openvas |
480 |
+ doins "${FILESDIR}"/redis.conf.example |
481 |
+ |
482 |
+ dodir /etc/openvas/sysconfig |
483 |
+ insinto /etc/openvas/sysconfig |
484 |
+ doins "${FILESDIR}/${MY_DN}-daemon.conf" |
485 |
+ |
486 |
+ if use cron; then |
487 |
+ # Install the cron job if they want it. |
488 |
+ exeinto /etc/gvm |
489 |
+ doexe "${FILESDIR}/gvm-feed-sync.sh" |
490 |
+ fowners gvm:gvm /etc/gvm/gvm-feed-sync.sh |
491 |
+ |
492 |
+ insinto /etc/cron.d |
493 |
+ newins "${FILESDIR}"/gvm-feed-sync.cron gvm |
494 |
+ fi |
495 |
+ |
496 |
+ fowners -R gvm:gvm /etc/openvas |
497 |
+ |
498 |
+ newinitd "${FILESDIR}/${MY_DN}.init" "${MY_DN}" |
499 |
+ newconfd "${FILESDIR}/${MY_DN}-daemon.conf" "${MY_DN}" |
500 |
+ |
501 |
+ dodir /etc/logrotate.d |
502 |
+ insinto /etc/logrotate.d |
503 |
+ newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}" |
504 |
+ |
505 |
+ systemd_dounit "${FILESDIR}/${MY_DN}.service" |
506 |
+ |
507 |
+ # Set proper permissions on required files/directories |
508 |
+ keepdir /var/log/gvm |
509 |
+ fowners gvm:gvm /var/log/gvm |
510 |
+ keepdir /var/lib/openvas/{gnupg,plugins} |
511 |
+ fowners -R gvm:gvm /var/lib/openvas |
512 |
+} |