aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--testing/openvas-scanner/001-cmakelist-fortify.patch21
-rw-r--r--testing/openvas-scanner/002-execinfo-musl-fix.patch40
-rw-r--r--testing/openvas-scanner/APKBUILD88
-rw-r--r--testing/openvas-scanner/openvas-scanner.post-install3
-rw-r--r--testing/openvas-scanner/openvassd.confd5
-rw-r--r--testing/openvas-scanner/openvassd.initd37
-rw-r--r--testing/openvas-scanner/openvassd.logrotate11
7 files changed, 205 insertions, 0 deletions
diff --git a/testing/openvas-scanner/001-cmakelist-fortify.patch b/testing/openvas-scanner/001-cmakelist-fortify.patch
new file mode 100644
index 0000000000..e77214f945
--- /dev/null
+++ b/testing/openvas-scanner/001-cmakelist-fortify.patch
@@ -0,0 +1,21 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 588f5d8..a98929f 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -34,6 +34,7 @@ if (POLICY CMP0005)
+ endif (POLICY CMP0005)
+
+ include (FindPkgConfig)
++include(CheckIncludeFile)
+
+ if (NOT PKG_CONFIG_FOUND)
+ message(FATAL_ERROR "pkg-config executable not found. Aborting.")
+@@ -225,7 +226,7 @@ configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY)
+
+ ## Program
+
+-set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
++set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
+
+ set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror")
+ set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE")
diff --git a/testing/openvas-scanner/002-execinfo-musl-fix.patch b/testing/openvas-scanner/002-execinfo-musl-fix.patch
new file mode 100644
index 0000000000..8fd2164221
--- /dev/null
+++ b/testing/openvas-scanner/002-execinfo-musl-fix.patch
@@ -0,0 +1,40 @@
+diff --git a/src/sighand.c b/src/sighand.c
+index 1ebf206..985e470 100644
+--- a/src/sighand.c
++++ b/src/sighand.c
+@@ -30,7 +30,10 @@
+ #include <errno.h> /* for errno() */
+ #include <sys/wait.h> /* for wait() */
+ #include <sys/socket.h> /* for shutdown() */
++
++#ifdef HAVE_EXECINFO_H
+ #include <execinfo.h>
++#endif
+
+ #include "log.h"
+ #include "sighand.h"
+@@ -112,6 +115,7 @@ sighand_chld (pid_t pid)
+ waitpid (pid, &status, WNOHANG);
+ }
+
++#ifdef HAVE_EXECINFO_H
+ static void
+ print_trace ()
+ {
+@@ -126,13 +130,16 @@ print_trace ()
+ log_write ("%s\n", symbols[i]);
+ g_free (symbols);
+ }
++#endif
+
+ void
+ sighand_segv ()
+ {
+ signal (SIGSEGV, _exit);
+ log_write ("SIGSEGV occured !");
++ #ifdef HAVE_EXECINFO_H
+ print_trace ();
++ #endif
+ make_em_die (SIGTERM);
+ log_close ();
+ _exit (0);
diff --git a/testing/openvas-scanner/APKBUILD b/testing/openvas-scanner/APKBUILD
new file mode 100644
index 0000000000..32c1349d23
--- /dev/null
+++ b/testing/openvas-scanner/APKBUILD
@@ -0,0 +1,88 @@
+# Contributor: Francesco Colista <fcolista@alpinelinux.org>
+# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
+pkgname=openvas-scanner
+_pkgname=openvassd
+pkgver=5.0.4
+_pkgid=2129
+pkgrel=0
+pkgdesc="The OpenVAS scanning Daemon"
+url="http://www.openvas.org/"
+arch="all"
+license="GPL"
+depends="redis nmap"
+depends_dev=""
+makedepends="$depends_dev cmake openvas-libraries-dev glib-dev
+ doxygen xmltoman"
+install=""
+subpackages="$pkgname-doc"
+source="http://wald.intevation.org/frs/download.php/$_pkgid/$pkgname-$pkgver.tar.gz
+ $_pkgname.initd
+ $_pkgname.confd
+ $_pkgname.logrotate
+ 001-cmakelist-fortify.patch
+ 002-execinfo-musl-fix.patch"
+
+_builddir="$srcdir"/$pkgname-$pkgver
+prepare() {
+ local i
+ cd "$_builddir"
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
+}
+
+build() {
+ cd "$_builddir"
+ cmake -DCMAKE_BUILD_TYPE=Release \
+ -DSBINDIR=/usr/bin \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DSYSCONFDIR=/etc \
+ -DLOCALSTATEDIR=/var .
+ make || return 1
+}
+
+package() {
+ cd "$_builddir"
+ make DESTDIR="$pkgdir/" install
+ install -Dm644 "$srcdir/$_pkgname.logrotate" "$pkgdir/etc/logrotate.d/$_pkgname"
+ install -m755 -D "$srcdir"/$_pkgname.initd "$pkgdir"/etc/init.d/$_pkgname
+ install -m755 -D "$srcdir"/$_pkgname.confd "$pkgdir"/etc/conf.d/$_pkgname
+ mkdir -p "$pkgdir"/usr/share/doc/$_pkgname
+ cat >"$pkgdir"/usr/share/doc/$_pkgname/README.alpine <<EOF
+ ** In order to make openvas-scanner daemon start, redis server needs to run and listen to a socket.
+ ** This is a part of redis.conf that should be adjusted:
+
+ unixsocket /tmp/redis.sock
+ unixsocketperm 700
+ port 0 # prevent redis from listening on a TCP socket
+ timeout 0
+ #DB = 1 + (#of parallel tasks) * (#of parallel hosts)
+ databases 128
+ #CLI = 1 + (#of parallel tasks) * (#of parallel hosts) * (#of concurrent NVTs)
+ maxclients 512
+ ** Further info can be found to:
+ https://svn.wald.intevation.org/svn/openvas/tags/openvas-scanner-release-$pkgver/doc/redis_config.txt
+
+EOF
+}
+
+md5sums="22f9a2fe4e030319ac37b1cee4a5b65e openvas-scanner-5.0.4.tar.gz
+d6b82094df510d6b4eb6c752e4234a49 openvassd.initd
+c07496f90bd607accb2f8dd851e86f9f openvassd.confd
+a9e8ef884da6a0b33d3b29867d2ffcea openvassd.logrotate
+4ccb1c805294a2ceff8c73bceaa8c064 001-cmakelist-fortify.patch
+12dc0fb6e1c1410ade5762744afaab71 002-execinfo-musl-fix.patch"
+sha256sums="f35bc66fe8590e3875e224a123dc110b7d32093a96887288d9e4fd18c547b14c openvas-scanner-5.0.4.tar.gz
+eca7ad3def89eaf59d7e22eac876c7316f7410c0448c65d86af2505957be8f65 openvassd.initd
+07474a6c6a5e1f0425f025c9293999572ddfa25f638a7d6ff4bc775399cbb667 openvassd.confd
+c4623fe22f777e722915b6a4cf19030fa54a1fb18fe2ee074e3fb2a2fe6b81ed openvassd.logrotate
+11bf3922c6ae25a5ed9fbc0b5c567c8106058ed424ba2c4c50959c44fee8dfd9 001-cmakelist-fortify.patch
+b5583f364f5b538634759c1df8f3bcd6b4218adcab2e9d18bdfd1904605ecf6d 002-execinfo-musl-fix.patch"
+sha512sums="51267f832a104897a497b5dc71d1b804de4db77742e2234d111a00b1e0e01536613b16ff48d23a37013178b016b39408a25d18a694980c7e6fc600824e05e149 openvas-scanner-5.0.4.tar.gz
+bad540e053cfcf46f39026d2468a6e03bf40ed9ad5c89e9b09ff56511e9e94544b354ad5fd1aa6fa2be806167bdbf0bf5d5690e3da2c540b49aadf7010037cbf openvassd.initd
+7752e97ead538177d597815844cda200411eee2048afa8f978ccd09c7b8c6c53c4b83fa769ddb7ae19d1d1b28779c8ef047dde5a4dc6e8109a8dd8fd1068e883 openvassd.confd
+5934a31ef4b7267fd741c41bb97fe2e1e42735d2324cce07145de1942efae3f5e42e8652ec0c3482dd53477be420a58124eae943f254105547abf065febb9046 openvassd.logrotate
+0e0087477ec313709c1d84480e9f2896628807010d039eb066627229e7f694434b66ae7f7cd44d379e714bd7ff23458bc46f721e953c2603d568fc350d2f0572 001-cmakelist-fortify.patch
+5e63b56fc64867c5973eb3593afcf677dc4da900b20d0f82fa24659010da290c0cfc00fe1e67cd2fadd4c58af3df2059120edeef344eedf213ab8a87a0376e49 002-execinfo-musl-fix.patch"
diff --git a/testing/openvas-scanner/openvas-scanner.post-install b/testing/openvas-scanner/openvas-scanner.post-install
new file mode 100644
index 0000000000..1c27c059da
--- /dev/null
+++ b/testing/openvas-scanner/openvas-scanner.post-install
@@ -0,0 +1,3 @@
+#!/bin/sh
+echo "Remember to modify redis server in order to listen to a socket"
+exit 0
diff --git a/testing/openvas-scanner/openvassd.confd b/testing/openvas-scanner/openvassd.confd
new file mode 100644
index 0000000000..0d27b1511b
--- /dev/null
+++ b/testing/openvas-scanner/openvassd.confd
@@ -0,0 +1,5 @@
+# /etc/conf.d/openvassd: config file for /etc/init.d/openvassd
+
+OPENVAS_USER="root"
+OPENVAS_GROUP="root"
+OPENVAS_STRICT_RIGHT="yes"
diff --git a/testing/openvas-scanner/openvassd.initd b/testing/openvas-scanner/openvassd.initd
new file mode 100644
index 0000000000..560141d74f
--- /dev/null
+++ b/testing/openvas-scanner/openvassd.initd
@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header:
+
+depend() {
+ need net
+}
+
+sanity_test() {
+ if [ -z "${OPENVAS_USER}" ] ; then
+ eerror "OPENVAS_USER is empty"
+ return 1
+ fi
+ if [ $OPENVAS_USER != 'root' ] ; then
+ chown -R $OPENVAS_USER:$OPENVAS_GROUP /var/cache/openvas/ /var/lib/openvas/ /var/log/openvas/
+ chgrp -R $OPENVAS_USER /etc/openvas/ /var/lib/openvas/ /usr/share/openvas/openvasmd/global_report_formats/
+ chmod -R g+rX /etc/openvas/ /var/lib/openvas/
+ fi
+}
+
+start() {
+ ebegin "Starting openvassd (scanner) as user ${OPENVAS_USER}"
+ sanity_test || return 1
+ #for using sbin tools when running as non root
+ export PATH="$PATH:/sbin:/usr/sbin"
+ start-stop-daemon --start --name openvassd --user "${OPENVAS_USER}" --exec /usr/bin/openvassd \
+ --pidfile /var/run/openvassd.pid
+ eend $?
+}
+
+stop() {
+ ebegin "Stop openvassd (scanner)"
+ start-stop-daemon --stop --name openvassd \
+ --pidfile /var/run/openvassd.pid
+ eend $?
+}
diff --git a/testing/openvas-scanner/openvassd.logrotate b/testing/openvas-scanner/openvassd.logrotate
new file mode 100644
index 0000000000..9316ba8d96
--- /dev/null
+++ b/testing/openvas-scanner/openvassd.logrotate
@@ -0,0 +1,11 @@
+# logrotate for openvas
+/var/log/openvas/openvassd.log {
+ rotate 4
+ weekly
+ compress
+ delaycompress
+ missingok
+ postrotate
+ /bin/kill -HUP `pidof openvassd`
+ endscript
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-01 19:30:50 +0000