From 23ea12524fbace868f5843a3dd4eac1240859512 Mon Sep 17 00:00:00 2001
From: Francesco Colista <fcolista@alpinelinux.org>
Date: Mon, 30 Nov 2015 14:13:44 +0000
Subject: testign/openvas-scanner: new aport

---
 .../openvas-scanner/001-cmakelist-fortify.patch    | 21 ++++++
 .../openvas-scanner/002-execinfo-musl-fix.patch    | 40 ++++++++++
 testing/openvas-scanner/APKBUILD                   | 88 ++++++++++++++++++++++
 .../openvas-scanner/openvas-scanner.post-install   |  3 +
 testing/openvas-scanner/openvassd.confd            |  5 ++
 testing/openvas-scanner/openvassd.initd            | 37 +++++++++
 testing/openvas-scanner/openvassd.logrotate        | 11 +++
 7 files changed, 205 insertions(+)
 create mode 100644 testing/openvas-scanner/001-cmakelist-fortify.patch
 create mode 100644 testing/openvas-scanner/002-execinfo-musl-fix.patch
 create mode 100644 testing/openvas-scanner/APKBUILD
 create mode 100644 testing/openvas-scanner/openvas-scanner.post-install
 create mode 100644 testing/openvas-scanner/openvassd.confd
 create mode 100644 testing/openvas-scanner/openvassd.initd
 create mode 100644 testing/openvas-scanner/openvassd.logrotate

diff --git a/testing/openvas-scanner/001-cmakelist-fortify.patch b/testing/openvas-scanner/001-cmakelist-fortify.patch
new file mode 100644
index 0000000000..e77214f945
--- /dev/null
+++ b/testing/openvas-scanner/001-cmakelist-fortify.patch
@@ -0,0 +1,21 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 588f5d8..a98929f 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -34,6 +34,7 @@ if (POLICY CMP0005)
+ endif (POLICY CMP0005)
+ 
+ include (FindPkgConfig)
++include(CheckIncludeFile)
+ 
+ if (NOT PKG_CONFIG_FOUND)
+   message(FATAL_ERROR "pkg-config executable not found. Aborting.")
+@@ -225,7 +226,7 @@ configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY)
+ 
+ ## Program
+ 
+-set (HARDENING_FLAGS            "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
++set (HARDENING_FLAGS            "-Wformat -Wformat-security -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
+ 
+ set (CMAKE_C_FLAGS_DEBUG        "${CMAKE_C_FLAGS_DEBUG} -Werror")
+ set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE")
diff --git a/testing/openvas-scanner/002-execinfo-musl-fix.patch b/testing/openvas-scanner/002-execinfo-musl-fix.patch
new file mode 100644
index 0000000000..8fd2164221
--- /dev/null
+++ b/testing/openvas-scanner/002-execinfo-musl-fix.patch
@@ -0,0 +1,40 @@
+diff --git a/src/sighand.c b/src/sighand.c
+index 1ebf206..985e470 100644
+--- a/src/sighand.c
++++ b/src/sighand.c
+@@ -30,7 +30,10 @@
+ #include <errno.h>      /* for errno() */
+ #include <sys/wait.h>   /* for wait() */
+ #include <sys/socket.h> /* for shutdown() */
++
++#ifdef HAVE_EXECINFO_H
+ #include <execinfo.h>
++#endif
+ 
+ #include "log.h"
+ #include "sighand.h"
+@@ -112,6 +115,7 @@ sighand_chld (pid_t pid)
+   waitpid (pid, &status, WNOHANG);
+ }
+ 
++#ifdef HAVE_EXECINFO_H
+ static void
+ print_trace ()
+ {
+@@ -126,13 +130,16 @@ print_trace ()
+      log_write ("%s\n", symbols[i]);
+   g_free (symbols);
+ }
++#endif
+ 
+ void
+ sighand_segv ()
+ {
+   signal (SIGSEGV, _exit);
+   log_write ("SIGSEGV occured !");
++  #ifdef HAVE_EXECINFO_H
+   print_trace ();
++  #endif  
+   make_em_die (SIGTERM);
+   log_close ();
+   _exit (0);
diff --git a/testing/openvas-scanner/APKBUILD b/testing/openvas-scanner/APKBUILD
new file mode 100644
index 0000000000..32c1349d23
--- /dev/null
+++ b/testing/openvas-scanner/APKBUILD
@@ -0,0 +1,88 @@
+# Contributor: Francesco Colista <fcolista@alpinelinux.org>
+# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
+pkgname=openvas-scanner
+_pkgname=openvassd
+pkgver=5.0.4
+_pkgid=2129
+pkgrel=0
+pkgdesc="The OpenVAS scanning Daemon"
+url="http://www.openvas.org/"
+arch="all"
+license="GPL"
+depends="redis nmap"
+depends_dev=""
+makedepends="$depends_dev cmake openvas-libraries-dev glib-dev
+	doxygen xmltoman"
+install=""
+subpackages="$pkgname-doc"
+source="http://wald.intevation.org/frs/download.php/$_pkgid/$pkgname-$pkgver.tar.gz
+	$_pkgname.initd
+	$_pkgname.confd
+	$_pkgname.logrotate
+	001-cmakelist-fortify.patch
+	002-execinfo-musl-fix.patch"
+
+_builddir="$srcdir"/$pkgname-$pkgver
+prepare() {
+	local i
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
+build() {
+	cd "$_builddir"
+	cmake -DCMAKE_BUILD_TYPE=Release \
+		-DSBINDIR=/usr/bin \
+		-DCMAKE_INSTALL_PREFIX=/usr \
+		-DSYSCONFDIR=/etc \
+		-DLOCALSTATEDIR=/var .
+	make || return 1
+}
+
+package() {
+	cd "$_builddir"
+	make DESTDIR="$pkgdir/" install
+	install -Dm644 "$srcdir/$_pkgname.logrotate" "$pkgdir/etc/logrotate.d/$_pkgname"
+	install -m755 -D "$srcdir"/$_pkgname.initd "$pkgdir"/etc/init.d/$_pkgname
+	install -m755 -D "$srcdir"/$_pkgname.confd "$pkgdir"/etc/conf.d/$_pkgname
+	mkdir -p "$pkgdir"/usr/share/doc/$_pkgname
+	cat >"$pkgdir"/usr/share/doc/$_pkgname/README.alpine <<EOF
+	** In order to make openvas-scanner daemon start, redis server needs to run and  listen to a socket.
+	** This is a part of redis.conf that should be adjusted:
+
+		unixsocket /tmp/redis.sock
+		unixsocketperm 700
+		port 0 # prevent redis from listening on a TCP socket
+		timeout 0 
+		#DB = 1 + (#of parallel tasks) * (#of parallel hosts)
+		databases 128
+		#CLI = 1 + (#of parallel tasks) * (#of parallel hosts) * (#of concurrent NVTs)
+		maxclients 512
+	** Further info can be found to:
+		https://svn.wald.intevation.org/svn/openvas/tags/openvas-scanner-release-$pkgver/doc/redis_config.txt
+
+EOF
+} 
+
+md5sums="22f9a2fe4e030319ac37b1cee4a5b65e  openvas-scanner-5.0.4.tar.gz
+d6b82094df510d6b4eb6c752e4234a49  openvassd.initd
+c07496f90bd607accb2f8dd851e86f9f  openvassd.confd
+a9e8ef884da6a0b33d3b29867d2ffcea  openvassd.logrotate
+4ccb1c805294a2ceff8c73bceaa8c064  001-cmakelist-fortify.patch
+12dc0fb6e1c1410ade5762744afaab71  002-execinfo-musl-fix.patch"
+sha256sums="f35bc66fe8590e3875e224a123dc110b7d32093a96887288d9e4fd18c547b14c  openvas-scanner-5.0.4.tar.gz
+eca7ad3def89eaf59d7e22eac876c7316f7410c0448c65d86af2505957be8f65  openvassd.initd
+07474a6c6a5e1f0425f025c9293999572ddfa25f638a7d6ff4bc775399cbb667  openvassd.confd
+c4623fe22f777e722915b6a4cf19030fa54a1fb18fe2ee074e3fb2a2fe6b81ed  openvassd.logrotate
+11bf3922c6ae25a5ed9fbc0b5c567c8106058ed424ba2c4c50959c44fee8dfd9  001-cmakelist-fortify.patch
+b5583f364f5b538634759c1df8f3bcd6b4218adcab2e9d18bdfd1904605ecf6d  002-execinfo-musl-fix.patch"
+sha512sums="51267f832a104897a497b5dc71d1b804de4db77742e2234d111a00b1e0e01536613b16ff48d23a37013178b016b39408a25d18a694980c7e6fc600824e05e149  openvas-scanner-5.0.4.tar.gz
+bad540e053cfcf46f39026d2468a6e03bf40ed9ad5c89e9b09ff56511e9e94544b354ad5fd1aa6fa2be806167bdbf0bf5d5690e3da2c540b49aadf7010037cbf  openvassd.initd
+7752e97ead538177d597815844cda200411eee2048afa8f978ccd09c7b8c6c53c4b83fa769ddb7ae19d1d1b28779c8ef047dde5a4dc6e8109a8dd8fd1068e883  openvassd.confd
+5934a31ef4b7267fd741c41bb97fe2e1e42735d2324cce07145de1942efae3f5e42e8652ec0c3482dd53477be420a58124eae943f254105547abf065febb9046  openvassd.logrotate
+0e0087477ec313709c1d84480e9f2896628807010d039eb066627229e7f694434b66ae7f7cd44d379e714bd7ff23458bc46f721e953c2603d568fc350d2f0572  001-cmakelist-fortify.patch
+5e63b56fc64867c5973eb3593afcf677dc4da900b20d0f82fa24659010da290c0cfc00fe1e67cd2fadd4c58af3df2059120edeef344eedf213ab8a87a0376e49  002-execinfo-musl-fix.patch"
diff --git a/testing/openvas-scanner/openvas-scanner.post-install b/testing/openvas-scanner/openvas-scanner.post-install
new file mode 100644
index 0000000000..1c27c059da
--- /dev/null
+++ b/testing/openvas-scanner/openvas-scanner.post-install
@@ -0,0 +1,3 @@
+#!/bin/sh
+echo "Remember to modify redis server in order to listen to a socket"
+exit 0
diff --git a/testing/openvas-scanner/openvassd.confd b/testing/openvas-scanner/openvassd.confd
new file mode 100644
index 0000000000..0d27b1511b
--- /dev/null
+++ b/testing/openvas-scanner/openvassd.confd
@@ -0,0 +1,5 @@
+# /etc/conf.d/openvassd: config file for /etc/init.d/openvassd
+
+OPENVAS_USER="root"
+OPENVAS_GROUP="root"
+OPENVAS_STRICT_RIGHT="yes"
diff --git a/testing/openvas-scanner/openvassd.initd b/testing/openvas-scanner/openvassd.initd
new file mode 100644
index 0000000000..560141d74f
--- /dev/null
+++ b/testing/openvas-scanner/openvassd.initd
@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: 
+
+depend() {
+	need net
+}
+
+sanity_test() {
+	if [ -z "${OPENVAS_USER}" ] ; then
+		eerror "OPENVAS_USER is empty"
+		return 1
+	fi
+	if [ $OPENVAS_USER != 'root' ] ; then
+		chown -R $OPENVAS_USER:$OPENVAS_GROUP /var/cache/openvas/ /var/lib/openvas/ /var/log/openvas/
+		chgrp -R $OPENVAS_USER /etc/openvas/ /var/lib/openvas/ /usr/share/openvas/openvasmd/global_report_formats/
+		chmod -R g+rX /etc/openvas/ /var/lib/openvas/
+	fi
+}
+
+start() {
+	ebegin "Starting openvassd (scanner) as user ${OPENVAS_USER}"
+	sanity_test || return 1
+	#for using sbin tools when running as non root
+	export PATH="$PATH:/sbin:/usr/sbin"
+	start-stop-daemon --start --name openvassd --user "${OPENVAS_USER}" --exec /usr/bin/openvassd \
+		--pidfile /var/run/openvassd.pid
+	eend $? 
+}
+
+stop() {
+	ebegin "Stop openvassd (scanner)"
+	start-stop-daemon --stop --name openvassd \
+		--pidfile /var/run/openvassd.pid
+	eend $?
+}
diff --git a/testing/openvas-scanner/openvassd.logrotate b/testing/openvas-scanner/openvassd.logrotate
new file mode 100644
index 0000000000..9316ba8d96
--- /dev/null
+++ b/testing/openvas-scanner/openvassd.logrotate
@@ -0,0 +1,11 @@
+# logrotate for openvas
+/var/log/openvas/openvassd.log {
+        rotate 4
+        weekly
+        compress
+        delaycompress
+        missingok
+	postrotate
+	    /bin/kill -HUP `pidof openvassd`
+	endscript
+}
-- 
cgit v1.2.3