net-analyzer/gvmd: new package.

openvas-manager with version 8 has been renamed in
Greenbone vulnerability manager (gvmd).
Version bump to 8.0.1. This also fixes bug 684186
and introduces the new USE flags 'postgres','sqlite'.

Closes: https://bugs.gentoo.org/684186
Closes: https://bugs.gentoo.org/692004
Reported-by: Anton Bolshakov <blshkv@pentoo.ch>
Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir@psauxit.com>
Signed-off-by: Joonas Niilola <juippis@gentoo.org>

13 files changed, 331 insertions, 0 deletions

diff --git a/net-analyzer/gvmd/Manifest b/net-analyzer/gvmd/Manifest
new file mode 100644
index 000000000000..328c523e0674
--- /dev/null
+++ b/net-analyzer/gvmd/Manifest
@@ -0,0 +1 @@
+DIST gvmd-8.0.1.tar.gz 1495311 BLAKE2B 17419f5fecf7cce07536a5e12f17a61a31d45add185e0e1635515834eca6abd8a6babeb89b8f879ff8cb90b60f3682a19a62403142f4901be3f932b8a44cac68 SHA512 5490b902ad42499657eca9031b396c70a82d3c523985601067e697758f2472d123c4e99b085b963e58888d99224fa2a441a140772c702d7cd60d6424b126bfc8
diff --git a/net-analyzer/gvmd/files/greenbone-certdata-sync.conf b/net-analyzer/gvmd/files/greenbone-certdata-sync.conf
new file mode 100644
index 000000000000..d31a7331d341
--- /dev/null
+++ b/net-analyzer/gvmd/files/greenbone-certdata-sync.conf
@@ -0,0 +1 @@
+COMMUNITY_CERT_RSYNC_FEED="rsync://feed.openvas.org:/cert-data"
diff --git a/net-analyzer/gvmd/files/greenbone-nvt-sync.conf b/net-analyzer/gvmd/files/greenbone-nvt-sync.conf
new file mode 100644
index 000000000000..967c41dec2e3
--- /dev/null
+++ b/net-analyzer/gvmd/files/greenbone-nvt-sync.conf
@@ -0,0 +1 @@
+COMMUNITY_NVT_RSYNC_FEED="rsync://feed.openvas.org:/nvt-feed"
diff --git a/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf b/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf
new file mode 100644
index 000000000000..4a7426bc8057
--- /dev/null
+++ b/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf
@@ -0,0 +1 @@
+COMMUNITY_SCAP_RSYNC_FEED="rsync://feed.openvas.org:/scap-data"
diff --git a/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch b/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch
new file mode 100644
index 000000000000..bf21acb7b01f
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch
@@ -0,0 +1,56 @@
+--- a/src/CMakeLists.txt	2019-07-17 17:11:52.000000000 +0300
++++ b/src/CMakeLists.txt	2019-07-21 22:43:17.299106863 +0300
+@@ -248,12 +248,12 @@
+ ## Install
+ 
+ install (TARGETS ${BINARY_NAME}
+-         RUNTIME DESTINATION ${SBINDIR}
++         RUNTIME DESTINATION ${BINDIR}
+          LIBRARY DESTINATION ${LIBDIR}
+          ARCHIVE DESTINATION ${LIBDIR}/static)
+ 
+ install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd
+-         DESTINATION ${SBINDIR})
++         DESTINATION ${BINDIR})
+ 
+ if (BACKEND STREQUAL POSTGRESQL)
+   install (TARGETS gvm-pg-server
+--- a/CMakeLists.txt	2019-07-22 11:31:13.430827400 +0300
++++ b/CMakeLists.txt	2019-07-22 11:32:29.034765809 +0300
+@@ -571,17 +571,17 @@
+          PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-portnames-update
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-scapdata-sync
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-certdata-sync
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+@@ -593,13 +593,13 @@
+                      WORLD_READ WORLD_EXECUTE)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-migrate-to-postgres
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+ if (BACKEND STREQUAL SQLITE3)
+   install (FILES ${CMAKE_SOURCE_DIR}/tools/database-statistics-sqlite
+-           DESTINATION ${SBINDIR}
++           DESTINATION ${BINDIR}
+            PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                        GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ endif (BACKEND STREQUAL SQLITE3)
diff --git a/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch b/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch
new file mode 100644
index 000000000000..40b1e0095578
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch
@@ -0,0 +1,34 @@
+--- a/tools/greenbone-certdata-sync.in	2019-07-17 17:11:52.000000000 +0300
++++ b/tools/greenbone-certdata-sync.in	2019-07-22 21:11:36.173099530 +0300
+@@ -494,13 +494,11 @@
+ fi
+ (
+   flock -n 9
+-  date > $LOCK_FILE
+   if [ $? -eq 1 ] ; then
+     log_notice "Sync in progress, exiting."
+     exit 1
+   fi
+   sync_certdata
+-  echo -n > $LOCK_FILE
+-) 9>$LOCK_FILE
++)
+ 
+ exit 0
+--- a/tools/greenbone-scapdata-sync.in	2019-07-17 17:11:52.000000000 +0300
++++ b/tools/greenbone-scapdata-sync.in	2019-07-22 21:12:49.193161531 +0300
+@@ -517,13 +517,11 @@
+ fi
+ (
+   flock -n 9
+-  date > $LOCK_FILE
+   if [ $? -eq 1 ] ; then
+     log_notice "Sync in progress, exiting."
+     exit 1
+   fi
+   sync_scapdata
+-  echo -n > $LOCK_FILE
+-) 9>$LOCK_FILE
++)
+ 
+ exit 0
diff --git a/net-analyzer/gvmd/files/gvmd-daemon.conf b/net-analyzer/gvmd/files/gvmd-daemon.conf
new file mode 100644
index 000000000000..d97da00c7688
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-daemon.conf
@@ -0,0 +1,29 @@
+# GVMD command args
+
+# e.g --foreground
+GVMD_OPTIONS=""
+
+# Manager listen address unix socket
+# Failing under non-root user (looking for solution)
+GVMD_LISTEN_ADDRESS_UNIX="--unix-socket=/var/run/gvmd.sock"
+
+# Manager listen address TCP
+GVMD_LISTEN_ADDRESS_TCP="--listen=127.0.0.1"
+
+# Manager listen port
+GVMD_PORT="--port=9390"
+
+# Manager unix socket listen owner
+GVMD_LISTEN_OWNER="--listen-owner=gvm"
+
+# Manager unix socket listen group
+GVMD_LISTEN_GROUP="--listen-group=gvm"
+
+# Manager unix socket listen mode
+GVMD_LISTEN_MODE="--listen-mode=755"
+
+# Scanner listen address unix socket
+GVMD_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock"
+
+# TLS settings
+GVMD_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
diff --git a/net-analyzer/gvmd/files/gvmd-startpre.sh b/net-analyzer/gvmd/files/gvmd-startpre.sh
new file mode 100644
index 000000000000..d04daa09b0a2
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-startpre.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# Greenbone Vulnerability Manager Systemd ExecStartPre
+touch /var/run/gvm-{checking,create-functions,helping,migrating,serving}
+chown -R gvm:gvm /var/run/gvm-{checking,create-functions,helping,migrating,serving}
diff --git a/net-analyzer/gvmd/files/gvmd.init b/net-analyzer/gvmd/files/gvmd.init
new file mode 100644
index 000000000000..9686c9b5398e
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd.init
@@ -0,0 +1,24 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${GVMD_USER:=gvm}
+: ${GVMD_GROUP:=gvm}
+: ${GVMD_TIMEOUT:=30}
+
+name="Greenbone Vulnerability Manager"
+command=/usr/bin/gvmd
+command_args="${GVMD_OPTIONS} ${GVMD_LISTEN_ADDRESS_TCP} ${GVMD_PORT} ${GVMD_SCANNER_HOST} ${GVMD_GNUTLS_PRIORITIES}"
+command_background="true"
+command_user="${GVMD_USER}:${GVMD_GROUP}"
+pidfile="/run/gvmd.pid"
+retry="${GVMD_TIMEOUT}"
+
+depend() {
+	after bootmisc
+	need localmount net openvassd
+}
+
+start_pre() {
+	/bin/bash /etc/gvm/gvmd-startpre.sh
+}
diff --git a/net-analyzer/gvmd/files/gvmd.logrotate b/net-analyzer/gvmd/files/gvmd.logrotate
new file mode 100644
index 000000000000..453462575f8b
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd.logrotate
@@ -0,0 +1,13 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# Daemon ignore HUP so we use 'copytruncate' instead of 'create' 
+# with safe file size to prevent losing log entries.
+
+/var/log/gvm/gvmd.log {
+	compress
+	missingok
+	notifempty
+	sharedscripts
+	copytruncate
+	maxsize 10M
+}
diff --git a/net-analyzer/gvmd/files/gvmd.service b/net-analyzer/gvmd/files/gvmd.service
new file mode 100644
index 000000000000..2e3ad84c85a5
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Greenbone Vulnerability Manager
+After=network.target
+After=openvassd.service
+Wants=openvassd.service
+Before=gsad.service
+
+[Service]
+Type=forking
+PrivateTmp=yes
+User=gvm
+Group=gvm
+PermissionsStartOnly=true
+EnvironmentFile=-/etc/gvm/sysconfig/gvmd-daemon.conf
+ExecStartPre=-/etc/gvm/gvmd-startpre.sh
+ExecStart=/usr/bin/gvmd $GVMD_OPTIONS $GVMD_LISTEN_ADDRESS_TCP $GVMD_PORT $GVMD_SCANNER_HOST $GVMD_GNUTLS_PRIORITIES
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-analyzer/gvmd/gvmd-8.0.1.ebuild b/net-analyzer/gvmd/gvmd-8.0.1.ebuild
new file mode 100644
index 000000000000..2c6da5d39c1e
--- /dev/null
+++ b/net-analyzer/gvmd/gvmd-8.0.1.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake-utils flag-o-matic systemd toolchain-funcs
+
+DESCRIPTION="Greenbone vulnerability manager, previously named openvas-manager"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/gvmd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE="extras postgres sqlite"
+REQUIRED_USE="|| ( postgres sqlite )"
+
+DEPEND="
+	dev-libs/libgcrypt:0=
+	dev-libs/libical
+	>=net-analyzer/gvm-libs-10.0.1
+	net-libs/gnutls:=[tools]
+	extras?   ( app-text/xmlstarlet
+		    dev-texlive/texlive-latexextra )
+	postgres? ( dev-db/postgresql:* )
+	sqlite?   ( dev-db/sqlite:3 )"
+
+RDEPEND="
+	${DEPEND}
+	!net-analyzer/openvas-manager
+	~net-analyzer/openvas-scanner-6.0.1"
+
+BDEPEND="
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig
+	extras? ( app-doc/doxygen[dot]
+		  app-doc/xmltoman
+		  app-text/htmldoc
+		  dev-libs/libxslt
+	)"
+
+PATCHES=(
+	# Install exec. to /usr/bin instead of /usr/sbin
+	"${FILESDIR}/${P}-sbin.patch"
+	# Fix permissions for user gvm.
+	"${FILESDIR}/${P}-tmplock.patch"
+)
+
+src_prepare() {
+	cmake-utils_src_prepare
+	# QA-Fix | Use correct FHS/Gentoo policy paths for 8.0.1
+	sed -i -e "s*share/doc/gvm/html/*share/doc/gvmd-${PV}/html/*g" "$S"/doc/CMakeLists.txt || die
+	sed -i -e "s*/doc/gvm/*/doc/gvmd-${PV}/*g" "$S"/CMakeLists.txt || die
+	# QA-Fix | Remove !CLANG Doxygen warnings for 8.0.1
+	if use extras; then
+		if ! tc-is-clang; then
+		   local f
+		   for f in doc/*.in
+		   do
+			sed -i \
+				-e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
+				-e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
+				"${f}" || die "couldn't disable CLANG parsing"
+		   done
+		fi
+	fi
+}
+
+src_configure() {
+	local mycmakeargs=(
+		"-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+		"-DLOCALSTATEDIR=${EPREFIX}/var"
+		"-DSYSCONFDIR=${EPREFIX}/etc"
+	)
+	# Add release hardening flags for 8.0.1
+	append-cflags -Wno-nonnull -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
+	append-ldflags -Wl,-z,relro -Wl,-z,now
+	cmake-utils_src_configure
+}
+
+src_compile() {
+	cmake-utils_src_compile
+	if use extras; then
+		cmake-utils_src_make -C "${BUILD_DIR}" doc
+		cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
+		HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
+	fi
+	cmake-utils_src_make rebuild_cache
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	dodir /etc/gvm
+	insinto /etc/gvm
+	doins -r "${FILESDIR}"/*sync*
+
+	dodir /etc/gvm/sysconfig
+	insinto /etc/gvm/sysconfig
+	doins "${FILESDIR}/${PN}-daemon.conf"
+
+	exeinto /etc/gvm
+	doexe "${FILESDIR}"/gvmd-startpre.sh
+
+	fowners -R gvm:gvm /etc/gvm
+
+	newinitd "${FILESDIR}/${PN}.init" "${PN}"
+	newconfd "${FILESDIR}/${PN}-daemon.conf" "${PN}"
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${PN}.logrotate" "${PN}"
+
+	systemd_dounit "${FILESDIR}/${PN}.service"
+
+	# Set proper permissions on required files/directories
+	keepdir /var/lib/gvm/gvmd
+	fowners -R gvm:gvm /var/lib/gvm
+}
diff --git a/net-analyzer/gvmd/metadata.xml b/net-analyzer/gvmd/metadata.xml
new file mode 100644
index 000000000000..36ce32a69a9f
--- /dev/null
+++ b/net-analyzer/gvmd/metadata.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="extras">Html docs support</flag>
+	</use>
+	<longdescription lang="en">
+	The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients.
+	It manages the storage of any vulnerability management configurations and of the scan results.
+	Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP).
+	The primary scanner OpenVAS Scanner is controlled directly via protocol OTP while any other 
+	remote scanner is coupled with the Open Scanner Protocol (OSP).
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone/gvmd</remote-id>
+	</upstream>
+</pkgmetadata>