Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Joonas Niilola <juippis@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/, net-analyzer/openvas-scanner/files/
Date: Mon, 28 Oct 2019 04:05:41
Message-Id: 1572235316.0a333bcfaacbad0dad5757cb0de488b952d694cc.juippis@gentoo
1 commit: 0a333bcfaacbad0dad5757cb0de488b952d694cc
2 Author: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit <DOT> com>
3 AuthorDate: Mon Aug 12 15:01:24 2019 +0000
4 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
5 CommitDate: Mon Oct 28 04:01:56 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a333bcf
7
8 net-analyzer/openvas-scanner: bump to 6.0.1 & update metadata.
9
10 Bump to 6.0.1. Update metadata.
11 This also fixes bug 684220 and
12 introduces the new USE flag 'cron'.
13
14 Closes: https://bugs.gentoo.org/684220
15 Reported-by: aleck <rickrick <AT> stachelkaktus.net>
16 Package-Manager: Portage-2.3.69, Repoman-2.3.16
17 Signed-off-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
18 Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
19
20 net-analyzer/openvas-scanner/Manifest | 1 +
21 .../openvas-scanner/files/gvm-feed-sync.cron | 1 +
22 .../openvas-scanner/files/gvm-feed-sync.sh | 45 +++++++
23 .../files/openvas-scanner-6.0.1-sbin.patch | 21 ++++
24 .../openvas-scanner/files/openvassd-daemon.conf | 17 +++
25 .../openvas-scanner/files/openvassd.gvm.conf | 124 ++++++++++++++++++
26 net-analyzer/openvas-scanner/files/openvassd.init | 14 +++
27 .../openvas-scanner/files/openvassd.logrotate | 13 ++
28 .../openvas-scanner/files/openvassd.service | 16 +++
29 net-analyzer/openvas-scanner/metadata.xml | 9 ++
30 .../openvas-scanner/openvas-scanner-6.0.1.ebuild | 138 +++++++++++++++++++++
31 11 files changed, 399 insertions(+)
32
33 diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest
34 index 12763409b46..7d55d149a97 100644
35 --- a/net-analyzer/openvas-scanner/Manifest
36 +++ b/net-analyzer/openvas-scanner/Manifest
37 @@ -1 +1,2 @@
38 DIST openvas-scanner-5.1.3.tar.gz 254159 BLAKE2B d90fa15e143ead53abce66f933a3a4cac327176cca0f23bd88fe771ed7726b1891784ae980644c8335e560d348753115e43cfae83af9704e2d1d02827163563f SHA512 5712ab275058877cfd656e268ed09c81db6617ae247c17092f1fcd037f692f2018daf21b09b82401f99a7361bb485f0e0f7d63f8ff2387839cfdd5a3aaf8424e
39 +DIST openvas-scanner-6.0.1.tar.gz 522100 BLAKE2B af82b41736329bd90ba1ea73a0ace36d4115375f81a7aaff5d3bd50f21cfa3195cdf4012aa952da52c4103a31475de5c5790ef3e2e36180aa06737371fa0e5a0 SHA512 db4087fffe1d50e232fa1e51325cf7f142237e2bd3cc5dcaa1e7058a4871300f352f2c0e700eae72ea9412c347b072e9d1f2eca508b27cb30f36c6895ec95147
40
41 diff --git a/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron b/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron
42 new file mode 100644
43 index 00000000000..5563b92929b
44 --- /dev/null
45 +++ b/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron
46 @@ -0,0 +1 @@
47 +0 2 * * * gvm [ -x /etc/gvm/gvm-feed-sync.sh ] && /bin/bash /etc/gvm/gvm-feed-sync.sh > /dev/null
48
49 diff --git a/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh b/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh
50 new file mode 100644
51 index 00000000000..ba21632a4d6
52 --- /dev/null
53 +++ b/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh
54 @@ -0,0 +1,45 @@
55 +#!/bin/sh
56 +# Copyright 1999-2019 Gentoo Authors
57 +# Distributed under the terms of the GNU General Public License v2
58 +# GVM cron script that updates feed.
59 +
60 +# Start to update FEED & First NVT.
61 +try=0
62 +until [ $try -ge 5 ]; do
63 + greenbone-nvt-sync --curl &>/dev/null && break
64 + try=$[$try+1]
65 + sleep 30
66 +done
67 +
68 +# Check status
69 +if [ $? -eq 0 ]; then
70 + # Avoid your IP temporary banned because of multiple connection
71 + sleep 5
72 + # Try to update scapdata.
73 + try=0
74 + until [ $try -ge 5 ]; do
75 + greenbone-scapdata-sync &>/dev/null && break
76 + try=$[$try+1]
77 + sleep 30
78 + done
79 +
80 + # Check status
81 + if [ $? -eq 0 ]; then
82 + # Avoid your IP temporary banned because of multiple connection
83 + sleep 5
84 + # Try to update certdata
85 + try=0
86 + until [ $try -ge 5 ]; do
87 + greenbone-certdata-sync &>/dev/null && break
88 + try=$[$try+1]
89 + sleep 30
90 + done
91 +
92 + # Check status
93 + if [ $? -eq 0 ]; then
94 + exit 0
95 + else
96 + exit 1
97 + fi
98 + fi
99 +fi
100
101 diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch
102 new file mode 100644
103 index 00000000000..d5b8a2a6b62
104 --- /dev/null
105 +++ b/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch
106 @@ -0,0 +1,21 @@
107 +--- a/src/CMakeLists.txt 2019-07-21 23:16:18.608251465 +0300
108 ++++ b/src/CMakeLists.txt 2019-07-21 23:17:08.434210058 +0300
109 +@@ -175,7 +175,7 @@
110 + ## Install
111 +
112 + install (TARGETS openvassd
113 +- RUNTIME DESTINATION ${SBINDIR}
114 ++ RUNTIME DESTINATION ${BINDIR}
115 + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
116 + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
117 +
118 +@@ -183,7 +183,7 @@
119 + DESTINATION ${OPENVAS_SYSCONF_DIR})
120 +
121 + install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync
122 +- DESTINATION ${SBINDIR}
123 ++ DESTINATION ${BINDIR}
124 + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
125 + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
126 +
127 +
128
129 diff --git a/net-analyzer/openvas-scanner/files/openvassd-daemon.conf b/net-analyzer/openvas-scanner/files/openvassd-daemon.conf
130 new file mode 100644
131 index 00000000000..6bb70d16535
132 --- /dev/null
133 +++ b/net-analyzer/openvas-scanner/files/openvassd-daemon.conf
134 @@ -0,0 +1,17 @@
135 +# OpenVAS Scanner command args
136 +
137 +# e.g --foreground
138 +OPENVAS_SCANNER_OPTIONS=""
139 +
140 +# Scanner listen socket
141 +OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock"
142 +
143 +# Scanner listen owner
144 +OPENVAS_SCANNER_LISTEN_OWNER="--listen-owner=gvm"
145 +
146 +# Scanner listen group
147 +OPENVAS_SCANNER_LISTEN_GROUP="--listen-group=gvm"
148 +
149 +# Scanner listen mode
150 +OPENVAS_SCANNER_LISTEN_MODE="--listen-mode=755"
151 +
152
153 diff --git a/net-analyzer/openvas-scanner/files/openvassd.gvm.conf b/net-analyzer/openvas-scanner/files/openvassd.gvm.conf
154 new file mode 100644
155 index 00000000000..5dfb8b52745
156 --- /dev/null
157 +++ b/net-analyzer/openvas-scanner/files/openvassd.gvm.conf
158 @@ -0,0 +1,124 @@
159 +# You can get detailed informations from https://linux.die.net/man/8/openvassd
160 +# Configuration file of the OpenVAS Security Scanner
161 +# Every line starting with a '#' is a comment
162 +
163 +[Misc]
164 +
165 +# Path to the security checks folder:
166 +plugins_folder = /var/lib/openvas/plugins
167 +
168 +# Path to OpenVAS caching folder:
169 +cache_folder = /var/cache/openvas
170 +
171 +# Path to OpenVAS include directories:
172 +# (multiple entries are separated with colon ':')
173 +include_folders = /var/lib/openvas/plugins
174 +
175 +# Config File
176 +config_file = /etc/openvas/openvassd.conf
177 +
178 +# Maximum number of simultaneous hosts tested :
179 +max_hosts = 30
180 +
181 +# Maximum number of simultaneous checks against each host tested :
182 +max_checks = 10
183 +
184 +# Niceness. If set to 'yes', openvassd will renice itself to 10.
185 +be_nice = no
186 +
187 +# Log file (or 'syslog') :
188 +logfile = /var/log/gvm/openvassd.log
189 +
190 +# Shall we log every details of the attack ? (disk intensive)
191 +log_whole_attack = no
192 +
193 +# Log the name of the plugins that are loaded by the server ?
194 +log_plugins_name_at_load = no
195 +
196 +# Dump file for debugging output, use `-' for stdout
197 +dumpfile = /var/log/gvm/openvassd.dump
198 +
199 +# Rules file :
200 +rules = /etc/openvas/openvassd.rules
201 +
202 +# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
203 +cgi_path = /cgi-bin:/scripts
204 +
205 +# Range of the ports the port scanners will scan :
206 +# 'default' means that OpenVAS will scan ports found in its
207 +# services file.
208 +port_range = default
209 +
210 +# Optimize the test (recommended) :
211 +# Turn off for push hard but increase false positive and slow down scans
212 +optimize_test = yes
213 +
214 +# Optimization :
215 +# Read timeout for the sockets of the tests :
216 +checks_read_timeout = 5
217 +
218 +# Ports against which two plugins should not be run simultaneously :
219 +# non_simult_ports = Services/www, 139, Services/finger
220 +non_simult_ports = 139, 445
221 +
222 +# Maximum lifetime of a plugin (in seconds) :
223 +plugins_timeout = 320
224 +
225 +# Safe checks rely on banner grabbing & If enabled push harder to target:
226 +safe_checks = yes
227 +
228 +# Automatically activate the plugins that are depended on
229 +auto_enable_dependencies = yes
230 +
231 +# Do not echo data from plugins which have been automatically enabled
232 +silent_dependencies = no
233 +
234 +# Designate hosts by MAC address, not IP address (useful for DHCP networks)
235 +use_mac_addr = no
236 +
237 +
238 +#--- Knowledge base saving (can be configured by the client) :
239 +# Save the knowledge base on disk :
240 +save_knowledge_base = no
241 +
242 +# Restore the KB for each test :
243 +kb_restore = no
244 +
245 +# Only test hosts whose KB we do not have :
246 +only_test_hosts_whose_kb_we_dont_have = no
247 +
248 +# Only test hosts whose KB we already have :
249 +only_test_hosts_whose_kb_we_have = no
250 +
251 +# KB test replay :
252 +kb_dont_replay_scanners = no
253 +kb_dont_replay_info_gathering = no
254 +kb_dont_replay_attacks = no
255 +kb_dont_replay_denials = no
256 +kb_max_age = 864000
257 +#--- end of the KB section
258 +
259 +# Redis socket default setting
260 +db_address = /tmp/redis.sock
261 +
262 +# If this option is set, OpenVAS will not scan a network incrementally
263 +# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
264 +# slice the workload throughout the whole network (ie: it will scan
265 +# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
266 +slice_network_addresses = no
267 +
268 +# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
269 +nasl_no_signature_check = yes
270 +
271 +#Certificates
272 +cert_file=/var/lib/gvm/CA/servercert.pem
273 +key_file=/var/lib/gvm/private/CA/serverkey.pem
274 +ca_file=/var/lib/gvm/CA/cacert.pem
275 +
276 +# If you decide to protect your private key with a password,
277 +# uncomment and change next line
278 +# pem_password=password
279 +# If you want to force the use of a client certificate, uncomment next line
280 +# force_pubkey_auth = yes
281 +
282 +#end.
283
284 diff --git a/net-analyzer/openvas-scanner/files/openvassd.init b/net-analyzer/openvas-scanner/files/openvassd.init
285 new file mode 100644
286 index 00000000000..9bd7332134f
287 --- /dev/null
288 +++ b/net-analyzer/openvas-scanner/files/openvassd.init
289 @@ -0,0 +1,14 @@
290 +#!/sbin/openrc-run
291 +# Copyright 1999-2019 Gentoo Authors
292 +# Distributed under the terms of the GNU General Public License v2
293 +
294 +name="Open Vulnerability Assessment Scanner"
295 +command="/usr/bin/openvassd"
296 +command_args="${OPENVAS_SCANNER_OPTIONS} ${OPENVAS_SCANNER_LISTEN_SOCKET} ${OPENVAS_SCANNER_LISTEN_OWNER} ${OPENVAS_SCANNER_LISTEN_GROUP} ${OPENVAS_SCANNER_LISTEN_MODE}"
297 +pidfile="/run/openvassd.pid"
298 +command_background="true"
299 +
300 +depend() {
301 + after bootmisc
302 + need localmount net redis
303 +}
304
305 diff --git a/net-analyzer/openvas-scanner/files/openvassd.logrotate b/net-analyzer/openvas-scanner/files/openvassd.logrotate
306 new file mode 100644
307 index 00000000000..9cf47d54763
308 --- /dev/null
309 +++ b/net-analyzer/openvas-scanner/files/openvassd.logrotate
310 @@ -0,0 +1,13 @@
311 +# Copyright 1999-2019 Gentoo Authors
312 +# Distributed under the terms of the GNU General Public License v2
313 +# Daemon ignore HUP so we use 'copytruncate' instead of 'create'
314 +# with safe file size to prevent losing log entries.
315 +
316 +/var/log/gvm/openvassd.log {
317 + compress
318 + missingok
319 + notifempty
320 + sharedscripts
321 + copytruncate
322 + maxsize 10M
323 +}
324
325 diff --git a/net-analyzer/openvas-scanner/files/openvassd.service b/net-analyzer/openvas-scanner/files/openvassd.service
326 new file mode 100644
327 index 00000000000..b7d7df8bbab
328 --- /dev/null
329 +++ b/net-analyzer/openvas-scanner/files/openvassd.service
330 @@ -0,0 +1,16 @@
331 +[Unit]
332 +Description=Open Vulnerability Assessment Scanner
333 +After=network.target
334 +After=redis.service
335 +Before=gvmd.service
336 +Requires=redis.service
337 +
338 +[Service]
339 +Type=forking
340 +EnvironmentFile=-/etc/openvas/sysconfig/openvassd-daemon.conf
341 +ExecStart=/usr/bin/openvassd $OPENVAS_SCANNER_OPTIONS $OPENVAS_SCANNER_LISTEN_SOCKET $OPENVAS_SCANNER_LISTEN_OWNER $OPENVAS_SCANNER_LISTEN_GROUP $OPENVAS_SCANNER_LISTEN_MODE
342 +Restart=on-failure
343 +RestartSec=10
344 +
345 +[Install]
346 +WantedBy=multi-user.target
347
348 diff --git a/net-analyzer/openvas-scanner/metadata.xml b/net-analyzer/openvas-scanner/metadata.xml
349 index fa26aa942e1..50c99b9436c 100644
350 --- a/net-analyzer/openvas-scanner/metadata.xml
351 +++ b/net-analyzer/openvas-scanner/metadata.xml
352 @@ -10,6 +10,15 @@
353 <name>Proxy Maintainers</name>
354 </maintainer>
355 <use>
356 + <flag name="cron">Install a cron job to update GVM's feed daily.</flag>
357 <flag name="extras">Html docs support</flag>
358 </use>
359 + <longdescription lang="en">
360 + Open Vulnerability Assessment System (OpenVAS) Scanner is the Greenbone Vulnerability Management (GVM) Solution.
361 + It is used for the Greenbone Security Manager appliances and is a full-featured scan engine that executes a continuously
362 + updated and extended feed of Network Vulnerability Tests (NVTs).
363 + </longdescription>
364 + <upstream>
365 + <remote-id type="github">greenbone/openvas-scanner</remote-id>
366 + </upstream>
367 </pkgmetadata>
368
369 diff --git a/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild
370 new file mode 100644
371 index 00000000000..1700d942181
372 --- /dev/null
373 +++ b/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild
374 @@ -0,0 +1,138 @@
375 +# Copyright 1999-2019 Gentoo Authors
376 +# Distributed under the terms of the GNU General Public License v2
377 +
378 +EAPI=7
379 +
380 +CMAKE_MAKEFILE_GENERATOR="emake"
381 +inherit cmake-utils flag-o-matic systemd toolchain-funcs
382 +
383 +MY_PN="openvas"
384 +MY_DN="openvassd"
385 +
386 +DESCRIPTION="Open Vulnerability Assessment Scanner"
387 +HOMEPAGE="https://www.greenbone.net/en/"
388 +SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz"
389 +
390 +SLOT="0"
391 +LICENSE="GPL-2 GPL-2+"
392 +KEYWORDS="~amd64 ~x86"
393 +IUSE="cron extras"
394 +
395 +DEPEND="
396 + app-crypt/gpgme:=
397 + dev-db/redis
398 + dev-libs/libgcrypt:=
399 + dev-libs/libksba
400 + >=net-analyzer/gvm-libs-10.0.1
401 + net-analyzer/net-snmp
402 + net-libs/gnutls:=
403 + net-libs/libpcap
404 + net-libs/libssh:=
405 +"
406 +
407 +RDEPEND="
408 + ${DEPEND}
409 + !~net-analyzer/openvas-scanner-5.1.3
410 + !net-analyzer/openvas-tools"
411 +
412 +BDEPEND="
413 + sys-devel/bison
414 + sys-devel/flex
415 + virtual/pkgconfig
416 + extras? ( app-doc/doxygen[dot]
417 + app-doc/xmltoman
418 + app-text/htmldoc
419 + dev-perl/CGI
420 + dev-perl/SQL-Translator
421 + )"
422 +
423 +BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build"
424 +S="${WORKDIR}/${MY_PN}-${PV}"
425 +
426 +PATCHES=(
427 + # Install exec. to /usr/bin instead of /usr/sbin
428 + "${FILESDIR}/${P}-sbin.patch"
429 +)
430 +
431 +src_prepare() {
432 + cmake-utils_src_prepare
433 + # QA-Fix | Correct FHS/Gentoo policy paths for 6.0.1
434 + sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/src/CMakeLists.txt || die
435 + # QA-Fix | Remove !CLANG doxygen warnings for 6.0.1
436 + if use extras; then
437 + if ! tc-is-clang; then
438 + local f
439 + for f in doc/*.in
440 + do
441 + sed -i \
442 + -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
443 + -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
444 + "${f}" || die "couldn't disable CLANG parsing"
445 + done
446 + fi
447 + fi
448 +}
449 +
450 +src_configure() {
451 + local mycmakeargs=(
452 + "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
453 + "-DLOCALSTATEDIR=${EPREFIX}/var"
454 + "-DSYSCONFDIR=${EPREFIX}/etc"
455 + )
456 + # Add release hardening flags for 6.0.1
457 + append-cflags -Wno-format-truncation -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
458 + append-ldflags -Wl,-z,relro -Wl,-z,now
459 + cmake-utils_src_configure
460 +}
461 +
462 +src_compile() {
463 + cmake-utils_src_compile
464 + if use extras; then
465 + cmake-utils_src_make -C "${BUILD_DIR}" doc
466 + cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
467 + HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
468 + fi
469 + cmake-utils_src_make rebuild_cache
470 +}
471 +
472 +src_install() {
473 + cmake-utils_src_install
474 +
475 + dodir /etc/openvas
476 + insinto /etc/openvas
477 + newins "${FILESDIR}/${MY_DN}.gvm.conf" openvassd.conf
478 +
479 + insinto /etc/openvas
480 + doins "${FILESDIR}"/redis.conf.example
481 +
482 + dodir /etc/openvas/sysconfig
483 + insinto /etc/openvas/sysconfig
484 + doins "${FILESDIR}/${MY_DN}-daemon.conf"
485 +
486 + if use cron; then
487 + # Install the cron job if they want it.
488 + exeinto /etc/gvm
489 + doexe "${FILESDIR}/gvm-feed-sync.sh"
490 + fowners gvm:gvm /etc/gvm/gvm-feed-sync.sh
491 +
492 + insinto /etc/cron.d
493 + newins "${FILESDIR}"/gvm-feed-sync.cron gvm
494 + fi
495 +
496 + fowners -R gvm:gvm /etc/openvas
497 +
498 + newinitd "${FILESDIR}/${MY_DN}.init" "${MY_DN}"
499 + newconfd "${FILESDIR}/${MY_DN}-daemon.conf" "${MY_DN}"
500 +
501 + dodir /etc/logrotate.d
502 + insinto /etc/logrotate.d
503 + newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
504 +
505 + systemd_dounit "${FILESDIR}/${MY_DN}.service"
506 +
507 + # Set proper permissions on required files/directories
508 + keepdir /var/log/gvm
509 + fowners gvm:gvm /var/log/gvm
510 + keepdir /var/lib/openvas/{gnupg,plugins}
511 + fowners -R gvm:gvm /var/lib/openvas
512 +}
Report Message
Find on MARC Find on Google Groups