diff options
| author | Francesco Colista <fcolista@alpinelinux.org> | 2019-10-21 16:32:35 +0000 |
|---|---|---|
| committer | Francesco Colista <fcolista@alpinelinux.org> | 2019-10-21 20:01:23 +0000 |
| commit | 70c3390d501495201a01fac9f671f389afbc78aa (patch) | |
| tree | be4b96103d5bf1a53f36a3295c1e1b9ccbf175cb | |
| parent | 359d30ae8a1c64704634045f8bc27ef4b348a143 (diff) | |
| download | aports-70c3390d501495201a01fac9f671f389afbc78aa.tar.bz2 aports-70c3390d501495201a01fac9f671f389afbc78aa.tar.xz | |
community/openvas: renamed from openvas-scanner
| -rw-r--r-- | community/openvas-scanner/001-cmakelist-fortify.patch | 21 | ||||
| -rw-r--r-- | community/openvas-scanner/002-execinfo-musl-fix.patch | 38 | ||||
| -rw-r--r-- | community/openvas-scanner/APKBUILD | 74 | ||||
| -rw-r--r-- | community/openvas-scanner/openvassd.logrotate | 11 | ||||
| -rw-r--r-- | community/openvas/APKBUILD | 65 | ||||
| -rw-r--r-- | community/openvas/execinfo-musl-fix.patch (renamed from community/openvas-scanner/execinfo-musl-fix.patch) | 0 | ||||
| -rw-r--r-- | community/openvas/greenbone-nvt-sync.cron (renamed from community/openvas-scanner/greenbone-nvt-sync.cron) | 0 | ||||
| -rw-r--r-- | community/openvas/malloc-trim.patch (renamed from community/openvas-scanner/malloc-trim.patch) | 0 | ||||
| -rw-r--r-- | community/openvas/openvas-sysctl.conf | 2 | ||||
| -rwxr-xr-x | community/openvas/openvas.post-install | 4 |
10 files changed, 71 insertions, 144 deletions
diff --git a/community/openvas-scanner/001-cmakelist-fortify.patch b/community/openvas-scanner/001-cmakelist-fortify.patch deleted file mode 100644 index e77214f945..0000000000 --- a/community/openvas-scanner/001-cmakelist-fortify.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 588f5d8..a98929f 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -34,6 +34,7 @@ if (POLICY CMP0005) - endif (POLICY CMP0005) - - include (FindPkgConfig) -+include(CheckIncludeFile) - - if (NOT PKG_CONFIG_FOUND) - message(FATAL_ERROR "pkg-config executable not found. Aborting.") -@@ -225,7 +226,7 @@ configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY) - - ## Program - --set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now") -+set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now") - - set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror") - set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE") diff --git a/community/openvas-scanner/002-execinfo-musl-fix.patch b/community/openvas-scanner/002-execinfo-musl-fix.patch deleted file mode 100644 index e52522a633..0000000000 --- a/community/openvas-scanner/002-execinfo-musl-fix.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff --git a/src/sighand.c b/src/sighand.c -index 5b6ba2a..04a1ade 100644 ---- a/src/sighand.c -+++ b/src/sighand.c -@@ -30,7 +30,9 @@ - #include <errno.h> /* for errno() */ - #include <sys/wait.h> /* for wait() */ - #include <sys/socket.h> /* for shutdown() */ -+#ifdef HAVE_EXECINFO_H - #include <execinfo.h> -+#endif - - #include "log.h" - #include "sighand.h" -@@ -113,6 +115,7 @@ sighand_chld (pid_t pid) - waitpid (pid, &status, WNOHANG); - } - -+#ifdef HAVE_EXECINFO_H - static void - print_trace () - { -@@ -140,12 +143,15 @@ print_trace () - ret = backtrace (array, 10); - backtrace_symbols_fd (array, ret, fd); - } -+#endif - - void - sighand_segv (int given_signal) - { - signal (SIGSEGV, _exit); -+#ifdef HAVE_EXECINFO_H - print_trace (); -+#endif - make_em_die (SIGTERM); - /* Raise signal again, to exit with the correct return value, - * and to enable core dumping. */ diff --git a/community/openvas-scanner/APKBUILD b/community/openvas-scanner/APKBUILD deleted file mode 100644 index f6902b4d22..0000000000 --- a/community/openvas-scanner/APKBUILD +++ /dev/null @@ -1,74 +0,0 @@ -# Contributor: Francesco Colista <fcolista@alpinelinux.org> -# Maintainer: Francesco Colista <fcolista@alpinelinux.org> -pkgname=openvas-scanner -_pkgname=openvassd -pkgver=7.0.0 -pkgrel=0 -pkgdesc="OpenVAS remote network security scanner" -url="http://www.openvas.org/" -arch="all" -license="GPL-2.0" -depends="redis nmap coreutils openssl util-linux" -checkdepends="cppcheck" -makedepends="cmake bison gvm-libs-dev glib-dev libgcrypt-dev - doxygen xmltoman graphviz libpcap-dev gpgme-dev - clang-dev libssh-dev libksba-dev net-snmp-dev" -subpackages="$pkgname-doc $pkgname-openrc" -source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/$pkgname/archive/v$pkgver.tar.gz - $_pkgname.initd - $_pkgname.confd - $_pkgname.conf - $_pkgname.logrotate - greenbone-nvt-sync.cron - execinfo-musl-fix.patch - malloc-trim.patch" -builddir="$srcdir"/${pkgname/-scanner/}-$pkgver - -build() { - cmake -DCMAKE_BUILD_TYPE=Release \ - -DSBINDIR=/usr/bin \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DSYSCONFDIR=/etc \ - -DLOCALSTATEDIR=/var . - make -} - -check() { - make check -} - -package() { - make DESTDIR="$pkgdir" install - install -Dm644 "$srcdir/$_pkgname.logrotate" "$pkgdir/etc/logrotate.d/$_pkgname" - install -m755 -D "$srcdir"/$_pkgname.initd "$pkgdir"/etc/init.d/$_pkgname - install -m755 -D "$srcdir"/$_pkgname.confd "$pkgdir"/etc/conf.d/$_pkgname - install -m755 -D "$srcdir"/$_pkgname.conf "$pkgdir"/etc/openvas/$_pkgname.conf - install -Dm744 "$srcdir"/greenbone-nvt-sync.cron \ - "$pkgdir"/etc/periodic/daily/greenbone-nvt-sync - - mkdir -p "$pkgdir"/usr/share/doc/$_pkgname - cat >"$pkgdir"/usr/share/doc/$_pkgname/README.alpine <<EOF - ** In order to make openvas-scanner daemon start, redis server needs to run and listen to a socket. - ** This is a part of redis.conf that should be adjusted: - - unixsocket /tmp/redis.sock - unixsocketperm 700 - port 0 # prevent redis from listening on a TCP socket - timeout 0 - #DB = 1 + (#of parallel tasks) * (#of parallel hosts) - databases 128 - #CLI = 1 + (#of parallel tasks) * (#of parallel hosts) * (#of concurrent NVTs) - maxclients 512 - ** Further info can be found to: - https://svn.wald.intevation.org/svn/openvas/tags/openvas-scanner-release-$pkgver/doc/redis_config.txt - -EOF -} -sha512sums="ce3e78ce5e1575c5c37b6c2aa77ec8955754029832bafb3fcedd75b48dff309906a97bac052d206f6e93e9e72b8461a131558e849f70b3afce6280a7b06924d1 openvas-scanner-7.0.0.tar.gz -fe8f81ac4d326611d077dc2c81d74f8e1e2c7b9e10eaaf3d30b2dcd8d2ede40ec060ff70678bda7445b5c1d8d758e164ab8bb9c06258afde2b10a0c241927cc3 openvassd.initd -47304976c18f1a561aec8e21406864d086898153b307dcc8e92117c400c9379e448920c2bbebc4b0b18fbb65c19a3d00d4d3e24a1a9a81d788a59fdc40bc0154 openvassd.confd -2d0d2321412fc87d1479494de9ed947c905df9e022a90f95b5d52e4c2838dc254e968aa61eb6660dd5543d4f681b9d165915570d5e5c6cd39b623ec88234807d openvassd.conf -5934a31ef4b7267fd741c41bb97fe2e1e42735d2324cce07145de1942efae3f5e42e8652ec0c3482dd53477be420a58124eae943f254105547abf065febb9046 openvassd.logrotate -da53e5c5e3ab70749249c2bf6c4fe0e0d17a2afb39d4519eb7fdf873c3fedf925183db050ab5395a3fe7f1ce79d95bf4f55c69611205d00dc519ce15418bd915 greenbone-nvt-sync.cron -ffb2b6798eec54f39727e71ddc8e709c06b4dc8be37f05a87676233be3f0dd6701bdea6f61367af56b9d4342ec5e80489830d611ebe85861d7dda625941e785b execinfo-musl-fix.patch -ae4f35ba0705eb16e98765f370a3225bbca6de4bcffeff20cde1d6d1a3487036ff5f683d9e38f0df3308770656876e240fc75c62ba9e2bb1d2e4998ac80e6395 malloc-trim.patch" diff --git a/community/openvas-scanner/openvassd.logrotate b/community/openvas-scanner/openvassd.logrotate deleted file mode 100644 index 9316ba8d96..0000000000 --- a/community/openvas-scanner/openvassd.logrotate +++ /dev/null @@ -1,11 +0,0 @@ -# logrotate for openvas -/var/log/openvas/openvassd.log { - rotate 4 - weekly - compress - delaycompress - missingok - postrotate - /bin/kill -HUP `pidof openvassd` - endscript -} diff --git a/community/openvas/APKBUILD b/community/openvas/APKBUILD new file mode 100644 index 0000000000..33375afda0 --- /dev/null +++ b/community/openvas/APKBUILD @@ -0,0 +1,65 @@ +# Contributor: Francesco Colista <fcolista@alpinelinux.org> +# Maintainer: Francesco Colista <fcolista@alpinelinux.org> +pkgname=openvas +pkgver=7.0.0 +pkgrel=1 +pkgdesc="Open Vulnerability Assessment Scanner" +url="http://www.openvas.org/" +arch="all" +license="GPL-2.0" +depends="redis nmap coreutils openssl util-linux" +install="$pkgname.post-install" +pkgusers="gvm" +checkdepends="cppcheck" +makedepends="cmake bison gvm-libs-dev glib-dev libgcrypt-dev + doxygen xmltoman graphviz libpcap-dev gpgme-dev + clang-dev libssh-dev libksba-dev net-snmp-dev" +subpackages="$pkgname-doc $pkgname-config" +source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/$pkgname/archive/v$pkgver.tar.gz + greenbone-nvt-sync.cron + execinfo-musl-fix.patch + malloc-trim.patch + openvas-sysctl.conf" + +prepare() { + default_prepare + mkdir build +} + +build() { + cd $builddir/build + cmake -DCMAKE_BUILD_TYPE=Release \ + -DSBINDIR=/usr/bin \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DSYSCONFDIR=/etc \ + -DLOCALSTATEDIR=/var \ + .. + make +} + +check() { + cd $builddir/build + make check +} + +package() { + cd $builddir/build + make DESTDIR="$pkgdir" install + chown $pkgusers "$pkgdir"/etc/openvas + chown $pkgusers "$pkgdir"/var/log/gvm + chown $pkgusers "$pkgdir"/var/lib/openvas/plugins +} + +config() { + pkgdesc="Configuration files and scripts for openvas" + install -Dm744 "$srcdir"/greenbone-nvt-sync.cron \ + "$subpkgdir"/etc/periodic/daily/greenbone-nvt-sync + install -Dm644 "$builddir"/config/redis-openvas.conf "$subpkgdir"/etc/redis-openvas.conf + install -Dm644 "$srcdir"/openvas-sysctl.conf "$subpkgdir"/etc/sysctl.d/02-openvas.conf +} + +sha512sums="ce3e78ce5e1575c5c37b6c2aa77ec8955754029832bafb3fcedd75b48dff309906a97bac052d206f6e93e9e72b8461a131558e849f70b3afce6280a7b06924d1 openvas-7.0.0.tar.gz +da53e5c5e3ab70749249c2bf6c4fe0e0d17a2afb39d4519eb7fdf873c3fedf925183db050ab5395a3fe7f1ce79d95bf4f55c69611205d00dc519ce15418bd915 greenbone-nvt-sync.cron +ffb2b6798eec54f39727e71ddc8e709c06b4dc8be37f05a87676233be3f0dd6701bdea6f61367af56b9d4342ec5e80489830d611ebe85861d7dda625941e785b execinfo-musl-fix.patch +ae4f35ba0705eb16e98765f370a3225bbca6de4bcffeff20cde1d6d1a3487036ff5f683d9e38f0df3308770656876e240fc75c62ba9e2bb1d2e4998ac80e6395 malloc-trim.patch +1b85a5511e73a79bc2c9e11e773fee4d641a2f55760eb8e3f4a41cc0d73007e2f6300832c35dd2408838eb42efef54ba6e238a0ed551e34d21becc2aef499991 openvas-sysctl.conf" diff --git a/community/openvas-scanner/execinfo-musl-fix.patch b/community/openvas/execinfo-musl-fix.patch index a992f60a16..a992f60a16 100644 --- a/community/openvas-scanner/execinfo-musl-fix.patch +++ b/community/openvas/execinfo-musl-fix.patch diff --git a/community/openvas-scanner/greenbone-nvt-sync.cron b/community/openvas/greenbone-nvt-sync.cron index e3a5c40a03..e3a5c40a03 100644 --- a/community/openvas-scanner/greenbone-nvt-sync.cron +++ b/community/openvas/greenbone-nvt-sync.cron diff --git a/community/openvas-scanner/malloc-trim.patch b/community/openvas/malloc-trim.patch index 367f9c2871..367f9c2871 100644 --- a/community/openvas-scanner/malloc-trim.patch +++ b/community/openvas/malloc-trim.patch diff --git a/community/openvas/openvas-sysctl.conf b/community/openvas/openvas-sysctl.conf new file mode 100644 index 0000000000..28dab9aeda --- /dev/null +++ b/community/openvas/openvas-sysctl.conf @@ -0,0 +1,2 @@ +net.core.somaxconn=1024 +vm.overcommit_memory=1 diff --git a/community/openvas/openvas.post-install b/community/openvas/openvas.post-install new file mode 100755 index 0000000000..277549d54c --- /dev/null +++ b/community/openvas/openvas.post-install @@ -0,0 +1,4 @@ +#!/bin/sh +echo 'cfgfile="/etc/redis-openvas.conf"' >> /etc/conf.d/redis +echo 'db_address = /run/redis-openvas/redis.sock' > /etc/openvas/openvas.conf +exit 0 |