commit: e97b0eba18f103b7bbf5867abf1b182bcc8c4a70
Author: Florian Schmaus <flow <AT> gentoo <DOT> org>
AuthorDate: Mon May 9 12:21:50 2022 +0000
Commit: Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Mon May 9 12:22:24 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e97b0eba
net-analyzer/gsad: new package, add 21.4.4
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>
net-analyzer/gsad/Manifest | 1 +
.../gsad/files/gsa.nginx.reverse.proxy.example | 78 ++++++++++++++++
net-analyzer/gsad/files/gsad-daemon.conf | 19 ++++
net-analyzer/gsad/files/gsad.init | 20 ++++
net-analyzer/gsad/gsad-21.4.4.ebuild | 101 +++++++++++++++++++++
net-analyzer/gsad/metadata.xml | 15 +++
6 files changed, 234 insertions(+)
diff --git a/net-analyzer/gsad/Manifest b/net-analyzer/gsad/Manifest
new file mode 100644
index 000000000000..7b657dda3b1f
--- /dev/null
+++ b/net-analyzer/gsad/Manifest
@@ -0,0 +1 @@
+DIST gsad-21.4.4.tar.gz 220618 BLAKE2B
276164ce1e03a6ed211d3bdf24c7f9b5ac832c07891b34b467f61ec02c5670d5368ea3219b3cc445e4ef83fef0aee7375c89ce8008746ea7e08abf50da8fb9fd
SHA512
092c8187754b3f0503e4ae6fd9c41dbd6917264668a5f8f831d40e88c7b8db6772acd354db62ac66b4af13b7c27e78516d4975f5bfede0d28001007a46c39f75
diff --git a/net-analyzer/gsad/files/gsa.nginx.reverse.proxy.example
b/net-analyzer/gsad/files/gsa.nginx.reverse.proxy.example
new file mode 100644
index 000000000000..b233911a2f1d
--- /dev/null
+++ b/net-analyzer/gsad/files/gsa.nginx.reverse.proxy.example
@@ -0,0 +1,78 @@
+upstream backend {
+ server 127.0.0.1:9392;
+ keepalive 64;
+}
+
+server {
+ listen IP:80;
+ server_name openvas.domain.tdl;
+ return 301 https://openvas.domain.tdl$request_uri;
+}
+
+server {
+ listen IP:443 ssl http2;
+ server_name openvas.domain.tdl;
+ access_log /var/log/nginx/openvas.domain.tdl.access.log;
+ error_log /var/log/nginx/openvas.domain.tdl.error.log;
+ # Not sourcing directly from file
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param QUERY_STRING $query_string;
+ fastcgi_param REQUEST_METHOD $request_method;
+ fastcgi_param CONTENT_TYPE $content_type;
+ fastcgi_param CONTENT_LENGTH $content_length;
+ fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+ fastcgi_param REQUEST_URI $request_uri;
+ fastcgi_param DOCUMENT_URI $document_uri;
+ fastcgi_param SERVER_PROTOCOL $server_protocol;
+ fastcgi_param REQUEST_SCHEME $scheme;
+ fastcgi_param HTTPS $https;
+ fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+ fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+ fastcgi_param REMOTE_ADDR $remote_addr;
+ fastcgi_param REMOTE_PORT $remote_port;
+ fastcgi_param SERVER_ADDR $server_addr;
+ fastcgi_param SERVER_PORT $server_port;
+ fastcgi_param SERVER_NAME $server_name;
+ fastcgi_param REDIRECT_STATUS 200;
+ fastcgi_param HTTP_PROXY "";
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
+ fastcgi_param DOCUMENT_ROOT $document_root;
+
+ location / {
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header REMOTE_HOST $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-FORWARDED-PROTOCOL $scheme;
+ proxy_pass https://backend;
+ proxy_http_version 1.1;
+ proxy_pass_request_headers on;
+ proxy_set_header Connection "keep-alive";
+ proxy_store off;
+ gzip on;
+ gzip_proxied any;
+ gzip_types *;
+ }
+
+ resolver 127.0.0.1;
+ resolver_timeout 6s;
+ ssl_certificate /openvas.domain.tdl/fullchain.pem;
+ ssl_certificate_key /openvas.domain.tdl/privkey.pem;
+ ssl_trusted_certificate /openvas.domain.tdl/chain.pem;
+ ssl_dhparam /openvas.domain.tdl/dhparam.pem;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_prefer_server_ciphers on;
+ ssl_ciphers
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
+ ssl_ecdh_curve secp384r1;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ ssl_session_cache shared:SSL:40m;
+ ssl_session_timeout 21h;
+ ssl_session_tickets off;
+ ssl_buffer_size 4k;
+ add_header Referrer-Policy no-referrer-when-downgrade;
+ add_header X-Frame-Options "SAMEORIGIN";
+ add_header X-Content-Type-Options "nosniff";
+ add_header X-XSS-Protection "1; mode=block";
+}
diff --git a/net-analyzer/gsad/files/gsad-daemon.conf
b/net-analyzer/gsad/files/gsad-daemon.conf
new file mode 100644
index 000000000000..f7c7ee514e50
--- /dev/null
+++ b/net-analyzer/gsad/files/gsad-daemon.conf
@@ -0,0 +1,19 @@
+# Greenbone Security Assistant command args
+
+# e.g. --foreground | e.g. --no-redirect
+GSAD_OPTIONS="--no-redirect"
+
+# GSAD listen adress
+GSAD_LISTEN_ADDRESS="--listen=127.0.0.1"
+
+# GSAD listen port
+GSAD_LISTEN_PORT="--port=9392"
+
+# GVMD listen address
+GVMD_LISTEN_ADDRESS="--mlisten=127.0.0.1"
+
+# GVMD listen port
+GVMD_LISTEN_PORT="--mport=9390"
+
+# TLS Settings
+GSAD_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL"
diff --git a/net-analyzer/gsad/files/gsad.init
b/net-analyzer/gsad/files/gsad.init
new file mode 100644
index 000000000000..79004c8481c5
--- /dev/null
+++ b/net-analyzer/gsad/files/gsad.init
@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${GSAD_USER:=gvm}
+: ${GSAD_GROUP:=$(id -ng ${GSAD_USER})}
+: ${GSAD_TIMEOUT:=30}
+
+name="Greenbone Security Assistant (GSA)"
+command="/usr/bin/gsad"
+command_args="--foreground ${GSAD_OPTIONS} ${GSAD_LISTEN_ADDRESS}
${GSAD_LISTEN_PORT} ${GVMD_LISTEN_ADDRESS} ${GVMD_LISTEN_PORT}
${GSAD_GNUTLS_PRIORITIES}"
+command_background="true"
+command_user="${GSAD_USER}:${GSAD_GROUP}"
+pidfile="/run/gsad.pid"
+retry="${GSAD_TIMEOUT}"
+
+depend() {
+ after bootmisc
+ need localmount net gvmd
+}
diff --git a/net-analyzer/gsad/gsad-21.4.4.ebuild
b/net-analyzer/gsad/gsad-21.4.4.ebuild
new file mode 100644
index 000000000000..24f235b07056
--- /dev/null
+++ b/net-analyzer/gsad/gsad-21.4.4.ebuild
@@ -0,0 +1,101 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake systemd toolchain-funcs
+
+DESCRIPTION="Greenbone Security Assistant"
+HOMEPAGE="https://www.greenbone.net https://github.com/greenbone/gsad";
+SRC_URI="https://github.com/greenbone/${PN}/archive/v${PV}.tar.gz ->
${P}.tar.gz"
+
+SLOT="0"
+LICENSE="AGPL-3+"
+KEYWORDS="~amd64 ~x86"
+IUSE="doc"
+
+DEPEND="
+ acct-user/gvm
+ dev-libs/glib:2
+ dev-libs/libgcrypt:0=
+ dev-libs/libxml2
+ dev-libs/libxslt
+ >=net-analyzer/gvm-libs-${PV}
+ net-libs/gnutls:=
+ net-libs/libmicrohttpd:=
+"
+RDEPEND="
+ ${DEPEND}
+ >=net-analyzer/gvmd-${PV}
+ >=net-analyzer/gsa-${PV}
+ net-analyzer/ospd-openvas
+"
+BDEPEND="
+ dev-python/polib
+ virtual/pkgconfig
+ doc? (
+ app-doc/doxygen[dot]
+ app-doc/xmltoman
+ app-text/htmldoc
+ sys-devel/gettext
+ )
+"
+
+src_prepare() {
+ cmake_src_prepare
+
+ # QA-Fix | Remove !CLANG doxygen warnings for 9.0.0
+ if use doc; then
+ if ! tc-is-clang; then
+ local f
+ for f in doc/*.in
+ do
+ sed -i \
+ -e "s*CLANG_ASSISTED_PARSING =
NO*#CLANG_ASSISTED_PARSING = NO*g" \
+ -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
+ "${f}" || die "couldn't disable CLANG parsing"
+ done
+ fi
+ fi
+
+ # Do not install the empty /run/gsad run dir.
https://github.com/greenbone/gsad/pull/54
+ sed -i "/^install.*GSAD_RUN_DIR/d" CMakeLists.txt || die
+
+ # Drop Group= directive. https://github.com/greenbone/gsad/pull/55
+ sed -i "/^Group=/d" config/gsad.service.in || die
+}
+
+src_configure() {
+ local mycmakeargs=(
+ "-DLOCALSTATEDIR=${EPREFIX}/var"
+ "-DSYSCONFDIR=${EPREFIX}/etc"
+ "-DSBINDIR=${EPREFIX}/usr/bin"
+ "-DGSAD_PID_DIR=/run/gsad"
+ "-DSYSTEMD_SERVICE_DIR=$(systemd_get_systemunitdir)"
+ "-DLOGROTATE_DIR=${EPREFIX}/etc/logrotate.d"
+ )
+ cmake_src_configure
+}
+
+src_compile() {
+ # setting correct PATH for finding react-js
+ NODE_ENV=production PATH="$PATH:${S}/gsa/node_modules/.bin/"
cmake_src_compile
+ if use doc; then
+ cmake_build -C "${BUILD_DIR}" doc
+ cmake_build doc-full -C "${BUILD_DIR}" doc
+ fi
+ cmake_build rebuild_cache
+}
+
+src_install() {
+ if use doc; then
+ local HTML_DOCS=( "${BUILD_DIR}/doc/generated/html/." )
+ fi
+ cmake_src_install
+
+ insinto /etc/gvm/sysconfig
+ doins "${FILESDIR}/${PN}-daemon.conf"
+
+ newinitd "${FILESDIR}/${PN}.init" "${PN}"
+ newconfd "${FILESDIR}/${PN}-daemon.conf" "${PN}"
+}
diff --git a/net-analyzer/gsad/metadata.xml b/net-analyzer/gsad/metadata.xml
new file mode 100644
index 000000000000..c68ff94a68fa
--- /dev/null
+++ b/net-analyzer/gsad/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+ <maintainer type="person" proxied="yes">
+ <email>[email protected]</email>
+ <name>Jonas Licht</name>
+ </maintainer>
+ <maintainer type="project" proxied="proxy">
+ <email>[email protected]</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="github">greenbone/gsad</remote-id>
+ </upstream>
+</pkgmetadata>
