[gentoo-commits] repo/gentoo:master commit in: net-analyzer/ospd-openvas/, net-analyzer/ospd-openvas/files/

Mon, 03 Jul 2023 01:15:53 -0700 

commit:     b3880f8eca49b733579f558fa8874fd7a6c0065b
Author:     Giuseppe Foti <foti.giuseppe <AT> gmail <DOT> com>
AuthorDate: Sat May 20 17:31:02 2023 +0000
Commit:     Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Mon Jul  3 08:15:24 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3880f8e

net-analyzer/ospd-openvas: add 22.5.1

Signed-off-by: Giuseppe Foti <foti.giuseppe <AT> gmail.com>
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>

 net-analyzer/ospd-openvas/Manifest                 |  1 +
 .../ospd-openvas/files/ospd-openvas-22.initd       | 21 ++++++
 .../ospd-openvas/files/ospd-openvas.service.conf   |  7 ++
 .../files/ospd-openvas.service_notus.conf          |  9 +++
 net-analyzer/ospd-openvas/metadata.xml             | 10 +++
 .../ospd-openvas/ospd-openvas-22.5.1.ebuild        | 77 ++++++++++++++++++++++
 6 files changed, 125 insertions(+)

diff --git a/net-analyzer/ospd-openvas/Manifest 
b/net-analyzer/ospd-openvas/Manifest
index 62b5a8d2c3cc..b81230cc16a2 100644
--- a/net-analyzer/ospd-openvas/Manifest
+++ b/net-analyzer/ospd-openvas/Manifest
@@ -1 +1,2 @@
 DIST ospd-openvas-21.4.4.tar.gz 173368 BLAKE2B 
4568eb45bb999d0ff2cf91652dd56000bceb967f5c37c3061735322d1c72165f9b869c8b48694b37fd6d684679fa1bbff4a5550076bbcfcee5936b470cb04700
 SHA512 
3981b0a9044f90243fe06f15b0d8ee5a6b1a334556f6de76955aecda0404da2f8bd1d39bf547093a31c244f0aabae819f5e45e8c518984fc7d50764a267086e9
+DIST ospd-openvas-22.5.1.tar.gz 253605 BLAKE2B 
6f4ecc31f1c47941154973bfca92818fdfe6942b5091d84234d81e287c0871f91deefc25f16790015ab1c57366b92ae42e236673c44848fdaab491caa042693f
 SHA512 
2f92a09b4b9abced9f122eb2ac2dedf652b8c673e3d4ce5676a356da573816cd0f20769540a94919b35d6612ffb8a86b75dc704eae75c1e63150255e564e3349

diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas-22.initd 
b/net-analyzer/ospd-openvas/files/ospd-openvas-22.initd
new file mode 100644
index 000000000000..f43f75802729
--- /dev/null
+++ b/net-analyzer/ospd-openvas/files/ospd-openvas-22.initd
@@ -0,0 +1,21 @@
+#!/sbin/openrc-run
+# Copyright 2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="remotely control an OpenVAS Scanner"
+command=/usr/bin/ospd-openvas
+pidfile="/run/${RC_SVCNAME}.pid"
+command_args="${OSPD_OPENVAS_OPTIONS} \
+       ${OSPD_OPENVAS_UNIX_SOCKET} \
+       ${OSPD_OPENVAS_SOCKET_MODE} \
+       --pid-file ${pidfile} \
+       --config /etc/openvas/ospd.conf"
+
+depend() {
+       after bootmisc
+       need localmount redis-openvas
+}
+
+start_pre() {
+        checkpath -d /var/run/ospd
+}

diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.service.conf 
b/net-analyzer/ospd-openvas/files/ospd-openvas.service.conf
new file mode 100644
index 000000000000..976d81bc72bc
--- /dev/null
+++ b/net-analyzer/ospd-openvas/files/ospd-openvas.service.conf
@@ -0,0 +1,7 @@
+[Unit]
+After=network.target networking.service redis-openvas.service mosquitto.service
+Wants=redis-openvas.service
+PartOf=gvm.target
+
+[Service]
+ExecStartPre=+setfacl -m u:gvm:rw /run/redis-openvas/redis.sock

diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.service_notus.conf 
b/net-analyzer/ospd-openvas/files/ospd-openvas.service_notus.conf
new file mode 100644
index 000000000000..cd8b7d8d0e70
--- /dev/null
+++ b/net-analyzer/ospd-openvas/files/ospd-openvas.service_notus.conf
@@ -0,0 +1,9 @@
+[Unit]
+After=network.target networking.service redis-openvas.service mosquitto.service
+Wants=redis-openvas.service
+PartOf=gvm.target
+
+[Service]
+ExecStartPre=+setfacl -m u:gvm:rw /run/redis-openvas/redis.sock
+ExecStart=
+ExecStart=/usr/bin/ospd-openvas --config /etc/gvm/ospd-openvas.conf 
--log-config /etc/gvm/ospd-logging.conf --lock-file-dir /var/lib/openvas 
--socket-mode 0o770 --mqtt-broker-address localhost --mqtt-broker-port 1883 
--notus-feed-dir /var/lib/notus/advisories

diff --git a/net-analyzer/ospd-openvas/metadata.xml 
b/net-analyzer/ospd-openvas/metadata.xml
index 3f6d058084e3..18eb90f3e699 100644
--- a/net-analyzer/ospd-openvas/metadata.xml
+++ b/net-analyzer/ospd-openvas/metadata.xml
@@ -1,6 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";>
 <pkgmetadata>
+       <maintainer type="person" proxied="yes">
+               <email>[email protected]</email>
+               <name>Giuseppe Foti</name>
+       </maintainer>
        <maintainer type="person" proxied="yes">
                <email>[email protected]</email>
                <name>Jonas Licht</name>
@@ -13,4 +17,10 @@
                        This is an OSP server implementation to allow GVM to 
remotely control OpenVAS.
                        Once running, you need to configure OpenVAS for the 
Greenbone Vulnerability Manager, for example via the web interface Greenbone 
Security Assistant. Then you can create scan tasks to use OpenVAS.
        </longdescription>
+       <use>
+               <flag name="notus">Set systemd service file to use 
notus-scanner</flag>
+       </use>
+       <upstream>
+               <remote-id type="github">greenbone/ospd-openvas</remote-id>
+       </upstream>
 </pkgmetadata>

diff --git a/net-analyzer/ospd-openvas/ospd-openvas-22.5.1.ebuild 
b/net-analyzer/ospd-openvas/ospd-openvas-22.5.1.ebuild
new file mode 100644
index 000000000000..5aa80f75d415
--- /dev/null
+++ b/net-analyzer/ospd-openvas/ospd-openvas-22.5.1.ebuild
@@ -0,0 +1,77 @@
+# Copyright 2020-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+DISTUTILS_USE_PEP517=poetry
+inherit distutils-r1 systemd
+
+DESCRIPTION="This is an OSP server implementation to allow GVM to remotely 
control OpenVAS"
+HOMEPAGE="https://www.greenbone.net https://github.com/greenbone/ospd-openvas";
+SRC_URI="https://github.com/greenbone/ospd-openvas/archive/v${PV}.tar.gz -> 
${P}.tar.gz"
+
+LICENSE="AGPL-3+ GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="doc +notus"
+
+DEPEND="
+       acct-user/gvm
+       dev-python/defusedxml[${PYTHON_USEDEP}]
+       dev-python/deprecated[${PYTHON_USEDEP}]
+       dev-python/lxml[${PYTHON_USEDEP}]
+       >=dev-python/packaging-20.4[${PYTHON_USEDEP}]
+       dev-python/paramiko[${PYTHON_USEDEP}]
+       >=dev-python/psutil-5.7.0[${PYTHON_USEDEP}]
+       >=dev-python/redis-3.5.3[${PYTHON_USEDEP}]
+       >=dev-python/python-gnupg-0.5.0[${PYTHON_USEDEP}]
+       dev-libs/paho-mqtt-c
+       app-misc/mosquitto
+"
+RDEPEND="
+       ${DEPEND}
+       app-admin/sudo
+       >=net-analyzer/openvas-scanner-${PV}
+       notus? ( >=net-analyzer/notus-scanner-22.4 )
+"
+
+distutils_enable_tests unittest
+
+python_compile() {
+       if use doc; then
+               bash "${S}"/docs/generate || die
+               HTML_DOCS=( "${S}"/docs/. )
+       fi
+       distutils-r1_python_compile
+}
+
+python_install() {
+       distutils-r1_python_install
+
+       insinto /etc/gvm
+       doins config/${PN}.conf
+       if ! use prefix; then
+               fowners -R gvm:gvm /etc/gvm
+       fi
+
+       newinitd "${FILESDIR}/${PN}-22.initd" "${PN}"
+       newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+
+       systemd_dounit config/${PN}.service
+
+       if use notus; then
+               systemd_install_serviced 
"${FILESDIR}/ospd-openvas.service_notus.conf" \
+                       ${PN}.service
+       else
+               systemd_install_serviced 
"${FILESDIR}/ospd-openvas.service.conf" \
+                       ${PN}.service
+       fi
+
+       # OSPD OpenVAS attempts to call openvas via sudo as network security
+       # scanning often requires priviliged operations.
+       insinto /etc/sudoers.d
+       newins - openvas <<-EOF
+       gvm  ALL = NOPASSWD: /usr/bin/openvas
+EOF
+}

Reply via email to