ospd-openvas: init.d script

2026-04-20 05:41:12 +02:00 · 2019-10-14 22:36:59 +08:00 · 2019-10-14 22:36:59 +08:00 · 5076044f24
commit 5076044f24
parent 396e909e47
16 changed files with 141 additions and 162 deletions
--- a/net-analyzer/greenbone-security-assistant/greenbone-security-assistant-8.0.1-r2.ebuild
+++ b/net-analyzer/greenbone-security-assistant/greenbone-security-assistant-8.0.1-r2.ebuild
@ -30,7 +30,7 @@ DEPEND="
 RDEPEND="
 	${DEPEND}
 	!~net-analyzer/greenbone-security-assistant-7.0.3
-	>=net-analyzer/openvas-scanner-6.0.1
+	|| ( >=net-analyzer/openvas-scanner-6.0.1 >=net-analyzer/openvas-7.0.0 )
 	>=net-analyzer/gvmd-8.0.1"

 BDEPEND="
--- a/net-analyzer/gvm/gvm-11.0.0-r2.ebuild
+++ b/net-analyzer/gvm/gvm-11.0.0-r2.ebuild
@ -17,9 +17,8 @@ REQUIRED_USE="|| ( postgres sqlite )"
 RDEPEND="
 	>=net-analyzer/gvm-libs-11.0.0[extras?,ldap?,radius?]
 	>=net-analyzer/gvmd-9.0.0[extras?,postgres?,sqlite?]
-	>=net-analyzer/openvas-scanner-7.0.0[cron?,extras?]
+	>=net-analyzer/openvas-7.0.0
 	>=net-analyzer/ospd-openvas-1.0.0
-	!net-analyzer/openvas
 	cli? ( >=net-analyzer/gvm-tools-2.0.0 )
 	gsa? ( ~net-analyzer/greenbone-security-assistant-8.0.1[extras?] )
 	ospd? ( >=net-analyzer/ospd-2.0.0[extras?] )"
--- a/net-analyzer/gvmd/gvmd-9.0.0-r1.ebuild
+++ b/net-analyzer/gvmd/gvmd-9.0.0-r1.ebuild
@ -29,7 +29,7 @@ DEPEND="
 RDEPEND="
 	${DEPEND}
 	!net-analyzer/openvas-manager
-	>=net-analyzer/openvas-scanner-7.0.0"
+	>=net-analyzer/openvas-7.0.0"

 BDEPEND="
 	sys-devel/bison
--- a/net-analyzer/openvas-scanner/Manifest
+++ b/net-analyzer/openvas-scanner/Manifest
@ -1,2 +1 @@
 DIST openvas-scanner-6.0.1.tar.gz 522100 BLAKE2B af82b41736329bd90ba1ea73a0ace36d4115375f81a7aaff5d3bd50f21cfa3195cdf4012aa952da52c4103a31475de5c5790ef3e2e36180aa06737371fa0e5a0 SHA512 db4087fffe1d50e232fa1e51325cf7f142237e2bd3cc5dcaa1e7058a4871300f352f2c0e700eae72ea9412c347b072e9d1f2eca508b27cb30f36c6895ec95147
-DIST openvas-scanner-7.0.0.tar.gz 428304 BLAKE2B fa0a21127edd2223dbbf533b6c188729a1b6de4977e5667fbc1a45b2c426045cdc73eb58d05df24b8b39d0e47fb445fa704bd1b827bb5ea6403fdb83c6b01fd9 SHA512 ce3e78ce5e1575c5c37b6c2aa77ec8955754029832bafb3fcedd75b48dff309906a97bac052d206f6e93e9e72b8461a131558e849f70b3afce6280a7b06924d1
--- a/net-analyzer/openvas-scanner/files/openvas-scanner-7.0.0-sbin.patch
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-7.0.0-sbin.patch
@ -1,11 +0,0 @@
--- a/src/CMakeLists.txt.orig	2019-10-12 10:18:11.514510038 +0800
-+++ b/src/CMakeLists.txt	2019-10-12 10:20:41.147508674 +0800
-@@ -200,7 +200,7 @@
- ## Install
- 
- install (TARGETS openvas
-         RUNTIME DESTINATION ${SBINDIR}
-+         RUNTIME DESTINATION ${BINDIR}
-          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
-          GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
- 
--- a/net-analyzer/openvas-scanner/openvas-scanner-7.0.0.ebuild
+++ b/net-analyzer/openvas-scanner/openvas-scanner-7.0.0.ebuild
@ -1,138 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-CMAKE_MAKEFILE_GENERATOR="emake"
-inherit cmake-utils flag-o-matic systemd toolchain-funcs
-
-MY_PN="openvas"
-MY_DN="openvassd"
-
-DESCRIPTION="Open Vulnerability Assessment Scanner"
-HOMEPAGE="https://www.greenbone.net/en/"
-SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2 GPL-2+"
-KEYWORDS="~amd64 ~x86"
-IUSE="cron extras"
-
-DEPEND="
-	app-crypt/gpgme:=
-	dev-db/redis
-	dev-libs/libgcrypt:=
-	dev-libs/libksba
-	>=net-analyzer/gvm-libs-11.0.0
-	net-analyzer/net-snmp
-	net-libs/gnutls:=
-	net-libs/libpcap
-	net-libs/libssh:=
-"
-
-RDEPEND="
-	${DEPEND}
-	!~net-analyzer/openvas-scanner-5.1.3
-	!net-analyzer/openvas-tools"
-
-BDEPEND="
-	sys-devel/bison
-	sys-devel/flex
-	virtual/pkgconfig
-	extras? ( app-doc/doxygen[dot]
-		  app-doc/xmltoman
-		  app-text/htmldoc
-		  dev-perl/CGI
-		  dev-perl/SQL-Translator
-	)"
-
-BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build"
-S="${WORKDIR}/${MY_PN}-${PV}"
-
-PATCHES=(
-	# Install exec. to /usr/bin instead of /usr/sbin
-	"${FILESDIR}/${P}-sbin.patch"
-)
-
-src_prepare() {
-	cmake-utils_src_prepare
-	# QA-Fix | Correct FHS/Gentoo policy paths for 6.0.1
-	sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/src/CMakeLists.txt || die
-	# QA-Fix | Remove !CLANG doxygen warnings for 6.0.1
-	if use extras; then
-		if ! tc-is-clang; then
-		   local f
-		   for f in doc/*.in
-		   do
-			sed -i \
-				-e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
-				-e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
-				"${f}" || die "couldn't disable CLANG parsing"
-		   done
-		fi
-	fi
-}
-
-src_configure() {
-	local mycmakeargs=(
-		"-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
-		"-DLOCALSTATEDIR=${EPREFIX}/var"
-		"-DSYSCONFDIR=${EPREFIX}/etc"
-	)
-	# Add release hardening flags for 6.0.1
-	append-cflags -Wno-format-truncation -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
-	append-ldflags -Wl,-z,relro -Wl,-z,now
-	cmake-utils_src_configure
-}
-
-src_compile() {
-	cmake-utils_src_compile
-	if use extras; then
-		cmake-utils_src_make -C "${BUILD_DIR}" doc
-		cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
-		HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
-	fi
-	cmake-utils_src_make rebuild_cache
-}
-
-src_install() {
-	cmake-utils_src_install
-
-	dodir /etc/openvas
-	insinto /etc/openvas
-	newins "${FILESDIR}/${MY_DN}.gvm.conf" openvassd.conf
-
-	insinto /etc/openvas
-	doins "${FILESDIR}"/redis.conf.example
-
-	dodir /etc/openvas/sysconfig
-	insinto /etc/openvas/sysconfig
-	doins "${FILESDIR}/${MY_DN}-daemon.conf"
-
-	if use cron; then
-		# Install the cron job if they want it.
-		exeinto /etc/gvm
-		doexe "${FILESDIR}/gvm-feed-sync.sh"
-		fowners gvm:gvm /etc/gvm/gvm-feed-sync.sh
-
-		insinto /etc/cron.d
-		newins "${FILESDIR}"/gvm-feed-sync.cron gvm
-	fi
-
-	fowners -R gvm:gvm /etc/openvas
-
-	newinitd "${FILESDIR}/${MY_DN}.init" "${MY_DN}"
-	newconfd "${FILESDIR}/${MY_DN}-daemon.conf" "${MY_DN}"
-
-	dodir /etc/logrotate.d
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
-
-	systemd_dounit "${FILESDIR}/${MY_DN}.service"
-
-	# Set proper permissions on required files/directories
-	keepdir /var/log/gvm
-	fowners gvm:gvm /var/log/gvm
-	keepdir /var/lib/openvas/{gnupg,plugins}
-	fowners -R gvm:gvm /var/lib/openvas
-}
--- a/net-analyzer/openvas/Manifest
+++ b/net-analyzer/openvas/Manifest
@ -0,0 +1 @@
+DIST openvas-7.0.0.tar.gz 428304 BLAKE2B fa0a21127edd2223dbbf533b6c188729a1b6de4977e5667fbc1a45b2c426045cdc73eb58d05df24b8b39d0e47fb445fa704bd1b827bb5ea6403fdb83c6b01fd9 SHA512 ce3e78ce5e1575c5c37b6c2aa77ec8955754029832bafb3fcedd75b48dff309906a97bac052d206f6e93e9e72b8461a131558e849f70b3afce6280a7b06924d1
--- a/net-analyzer/openvas/files/openvas.conf
+++ b/net-analyzer/openvas/files/openvas.conf
@ -0,0 +1 @@
+db_address = /tmp/redis.sock
--- a/net-analyzer/openvas/openvas-7.0.0.ebuild
+++ b/net-analyzer/openvas/openvas-7.0.0.ebuild
@ -0,0 +1,58 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit cmake-utils
+
+DESCRIPTION="Open Vulnerability Assessment Scanner"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/openvas/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2 GPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="
+	app-crypt/gpgme:=
+	dev-db/redis
+	dev-libs/libgcrypt:=
+	dev-libs/libksba
+	>=net-analyzer/gvm-libs-11.0.0
+	net-analyzer/net-snmp
+	net-libs/gnutls:=
+	net-libs/libpcap
+	net-libs/libssh:=
+"
+
+RDEPEND="
+	${DEPEND}
+	!net-analyzer/openvas-scanner
+	!net-analyzer/openvas-tools"
+
+BDEPEND="
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig
+"
+
+src_configure() {
+	local mycmakeargs=(
+		"-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+		"-DLOCALSTATEDIR=${EPREFIX}/var"
+		"-DSYSCONFDIR=${EPREFIX}/etc"
+	)
+	# Add release hardening flags for 6.0.1
+#	append-cflags -Wno-format-truncation -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
+#	append-ldflags -Wl,-z,relro -Wl,-z,now
+	cmake-utils_src_configure
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	dodir /etc/openvas
+	insinto /etc/openvas
+	doins "${FILESDIR}/${PN}.conf"
+}
--- a/net-analyzer/ospd-openvas/files/ospd-openvas.confd
+++ b/net-analyzer/ospd-openvas/files/ospd-openvas.confd
@ -0,0 +1,10 @@
+# OpenVAS Scanner command args
+
+# e.g --foreground
+OSPD_OPENVAS_OPTIONS=""
+
+# Scanner listen socket
+OSPD_OPENVAS_UNIX_SOCKET="--unix-socket=/tmp/ospd.sock"
+
+# Scanner listen mode
+OSPD_OPENVAS_SOCKET_MODE="--socket-mode=0o777"
--- a/net-analyzer/ospd-openvas/files/ospd-openvas.default
+++ b/net-analyzer/ospd-openvas/files/ospd-openvas.default
@ -0,0 +1,3 @@
+# The installation prefix to find the ospd-openvas binary.
+PATH=<install-prefix>/bin:<install-prefix>/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:$PATH
+PYTHONPATH=<install-prefix>/lib/python3.5/site-packages:$PYTHONPATH
--- a/net-analyzer/ospd-openvas/files/ospd-openvas.initd
+++ b/net-analyzer/ospd-openvas/files/ospd-openvas.initd
@ -0,0 +1,21 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="remotely control an OpenVAS Scanner"
+command="/usr/bin/ospd-openvas"
+
+command_args="${OSPD_OPENVAS_OPTIONS} \
+	${OSPD_OPENVAS_UNIX_SOCKET} \
+	${OSPD_OPENVAS_SOCKET_MODE} \
+	--config /etc/openvas/ospd.conf"
+
+pidfile="/run/ospd-openvas.pid"
+
+command_background="true"
+
+depend() {
+	after bootmisc
+	need localmount gvmd
+# net redis
+}
--- a/net-analyzer/ospd-openvas/files/ospd-openvas.service
+++ b/net-analyzer/ospd-openvas/files/ospd-openvas.service
@ -0,0 +1,21 @@
+[Unit]
+Description=OSPD OpenVAS
+After=network.target networking.service dnsmasq.service redis-server@openvas.service systemd-tmpfiles.service
+ConditionKernelCommandLine=!recovery
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/default/ospd-openvas.default
+Environment="PATH=$PATH"
+Environment="PYTHONPATH=$PYTHONPATH"
+User=<username>
+Group=<groupname>
+ExecStart=<install-prefix>/bin/ospd-openvas
+SuccessExitStatus=SIGKILL
+# This works asynchronously, but does not take the daemon down during the reload so it's ok.
+Restart=always
+RestartSec=60
+
+[Install]
+WantedBy=multi-user.target
+Alias=ospd-openvas.service
--- a/net-analyzer/ospd-openvas/files/ospd.conf
+++ b/net-analyzer/ospd-openvas/files/ospd.conf
@ -0,0 +1,10 @@
+[OSPD - openvas]
+
+#required by gvmd
+unix_socket = /tmp/ospd.sock
+
+#socket_mode = 0o770
+#unix_socket = /run/ospd/ospd-openvas.pid
+
+log_level = DEBUG
+log_file = /var/log/gvm/openvas.log
--- a/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild
+++ b/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild
@ -23,10 +23,14 @@ RDEPEND="
 DEPEND="
 	${RDEPEND}"

-#python_compile() {
-#	if use extras; then
-#		bash "${S}"/doc/generate || die
-#		HTML_DOCS=( "${S}"/doc/. )
-#	fi
-#	distutils-r1_python_compile
-#}
+python_install() {
+	distutils-r1_python_install
+
+	dodir /etc/openvas
+	insinto /etc/openvas
+	newins "${FILESDIR}/ospd.conf" ospd.conf
+
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+
+}
--- a/profiles/pentoo/base/package.accept_keywords/net-analyzer
+++ b/profiles/pentoo/base/package.accept_keywords/net-analyzer
@ -153,7 +153,8 @@ net-analyzer/sitadel
 ~net-analyzer/greenbone-security-assistant-8.0.1
 =net-analyzer/gvm-libs-11*
 =net-analyzer/gvmd-9*
-=net-analyzer/openvas-scanner-7*
+=net-analyzer/openvas-scanner-6*
+=net-analyzer/openvas-7*
 net-analyzer/ospd-openvas
 net-analyzer/ospd
 net-analyzer/gvm-tools
				`@ -0,0 +1 @@`
				`DIST openvas-7.0.0.tar.gz 428304 BLAKE2B fa0a21127edd2223dbbf533b6c188729a1b6de4977e5667fbc1a45b2c426045cdc73eb58d05df24b8b39d0e47fb445fa704bd1b827bb5ea6403fdb83c6b01fd9 SHA512 ce3e78ce5e1575c5c37b6c2aa77ec8955754029832bafb3fcedd75b48dff309906a97bac052d206f6e93e9e72b8461a131558e849f70b3afce6280a7b06924d1`