gentoo resync : 03.11.2019

10 files changed, 185 insertions, 0 deletions

diff --git a/net-analyzer/gvmd/files/greenbone-certdata-sync.conf b/net-analyzer/gvmd/files/greenbone-certdata-sync.conf
new file mode 100644
index 000000000000..d31a7331d341
--- /dev/null
+++ b/net-analyzer/gvmd/files/greenbone-certdata-sync.conf
@@ -0,0 +1 @@
+COMMUNITY_CERT_RSYNC_FEED="rsync://feed.openvas.org:/cert-data"
diff --git a/net-analyzer/gvmd/files/greenbone-nvt-sync.conf b/net-analyzer/gvmd/files/greenbone-nvt-sync.conf
new file mode 100644
index 000000000000..967c41dec2e3
--- /dev/null
+++ b/net-analyzer/gvmd/files/greenbone-nvt-sync.conf
@@ -0,0 +1 @@
+COMMUNITY_NVT_RSYNC_FEED="rsync://feed.openvas.org:/nvt-feed"
diff --git a/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf b/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf
new file mode 100644
index 000000000000..4a7426bc8057
--- /dev/null
+++ b/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf
@@ -0,0 +1 @@
+COMMUNITY_SCAP_RSYNC_FEED="rsync://feed.openvas.org:/scap-data"
diff --git a/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch b/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch
new file mode 100644
index 000000000000..bf21acb7b01f
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch
@@ -0,0 +1,56 @@
+--- a/src/CMakeLists.txt	2019-07-17 17:11:52.000000000 +0300
++++ b/src/CMakeLists.txt	2019-07-21 22:43:17.299106863 +0300
+@@ -248,12 +248,12 @@
+ ## Install
+ 
+ install (TARGETS ${BINARY_NAME}
+-         RUNTIME DESTINATION ${SBINDIR}
++         RUNTIME DESTINATION ${BINDIR}
+          LIBRARY DESTINATION ${LIBDIR}
+          ARCHIVE DESTINATION ${LIBDIR}/static)
+ 
+ install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd
+-         DESTINATION ${SBINDIR})
++         DESTINATION ${BINDIR})
+ 
+ if (BACKEND STREQUAL POSTGRESQL)
+   install (TARGETS gvm-pg-server
+--- a/CMakeLists.txt	2019-07-22 11:31:13.430827400 +0300
++++ b/CMakeLists.txt	2019-07-22 11:32:29.034765809 +0300
+@@ -571,17 +571,17 @@
+          PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-portnames-update
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-scapdata-sync
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-certdata-sync
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+@@ -593,13 +593,13 @@
+                      WORLD_READ WORLD_EXECUTE)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-migrate-to-postgres
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+ if (BACKEND STREQUAL SQLITE3)
+   install (FILES ${CMAKE_SOURCE_DIR}/tools/database-statistics-sqlite
+-           DESTINATION ${SBINDIR}
++           DESTINATION ${BINDIR}
+            PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                        GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ endif (BACKEND STREQUAL SQLITE3)
diff --git a/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch b/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch
new file mode 100644
index 000000000000..40b1e0095578
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch
@@ -0,0 +1,34 @@
+--- a/tools/greenbone-certdata-sync.in	2019-07-17 17:11:52.000000000 +0300
++++ b/tools/greenbone-certdata-sync.in	2019-07-22 21:11:36.173099530 +0300
+@@ -494,13 +494,11 @@
+ fi
+ (
+   flock -n 9
+-  date > $LOCK_FILE
+   if [ $? -eq 1 ] ; then
+     log_notice "Sync in progress, exiting."
+     exit 1
+   fi
+   sync_certdata
+-  echo -n > $LOCK_FILE
+-) 9>$LOCK_FILE
++)
+ 
+ exit 0
+--- a/tools/greenbone-scapdata-sync.in	2019-07-17 17:11:52.000000000 +0300
++++ b/tools/greenbone-scapdata-sync.in	2019-07-22 21:12:49.193161531 +0300
+@@ -517,13 +517,11 @@
+ fi
+ (
+   flock -n 9
+-  date > $LOCK_FILE
+   if [ $? -eq 1 ] ; then
+     log_notice "Sync in progress, exiting."
+     exit 1
+   fi
+   sync_scapdata
+-  echo -n > $LOCK_FILE
+-) 9>$LOCK_FILE
++)
+ 
+ exit 0
diff --git a/net-analyzer/gvmd/files/gvmd-daemon.conf b/net-analyzer/gvmd/files/gvmd-daemon.conf
new file mode 100644
index 000000000000..d97da00c7688
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-daemon.conf
@@ -0,0 +1,29 @@
+# GVMD command args
+
+# e.g --foreground
+GVMD_OPTIONS=""
+
+# Manager listen address unix socket
+# Failing under non-root user (looking for solution)
+GVMD_LISTEN_ADDRESS_UNIX="--unix-socket=/var/run/gvmd.sock"
+
+# Manager listen address TCP
+GVMD_LISTEN_ADDRESS_TCP="--listen=127.0.0.1"
+
+# Manager listen port
+GVMD_PORT="--port=9390"
+
+# Manager unix socket listen owner
+GVMD_LISTEN_OWNER="--listen-owner=gvm"
+
+# Manager unix socket listen group
+GVMD_LISTEN_GROUP="--listen-group=gvm"
+
+# Manager unix socket listen mode
+GVMD_LISTEN_MODE="--listen-mode=755"
+
+# Scanner listen address unix socket
+GVMD_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock"
+
+# TLS settings
+GVMD_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
diff --git a/net-analyzer/gvmd/files/gvmd-startpre.sh b/net-analyzer/gvmd/files/gvmd-startpre.sh
new file mode 100644
index 000000000000..d04daa09b0a2
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd-startpre.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# Greenbone Vulnerability Manager Systemd ExecStartPre
+touch /var/run/gvm-{checking,create-functions,helping,migrating,serving}
+chown -R gvm:gvm /var/run/gvm-{checking,create-functions,helping,migrating,serving}
diff --git a/net-analyzer/gvmd/files/gvmd.init b/net-analyzer/gvmd/files/gvmd.init
new file mode 100644
index 000000000000..9686c9b5398e
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd.init
@@ -0,0 +1,24 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${GVMD_USER:=gvm}
+: ${GVMD_GROUP:=gvm}
+: ${GVMD_TIMEOUT:=30}
+
+name="Greenbone Vulnerability Manager"
+command=/usr/bin/gvmd
+command_args="${GVMD_OPTIONS} ${GVMD_LISTEN_ADDRESS_TCP} ${GVMD_PORT} ${GVMD_SCANNER_HOST} ${GVMD_GNUTLS_PRIORITIES}"
+command_background="true"
+command_user="${GVMD_USER}:${GVMD_GROUP}"
+pidfile="/run/gvmd.pid"
+retry="${GVMD_TIMEOUT}"
+
+depend() {
+	after bootmisc
+	need localmount net openvassd
+}
+
+start_pre() {
+	/bin/bash /etc/gvm/gvmd-startpre.sh
+}
diff --git a/net-analyzer/gvmd/files/gvmd.logrotate b/net-analyzer/gvmd/files/gvmd.logrotate
new file mode 100644
index 000000000000..453462575f8b
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd.logrotate
@@ -0,0 +1,13 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# Daemon ignore HUP so we use 'copytruncate' instead of 'create' 
+# with safe file size to prevent losing log entries.
+
+/var/log/gvm/gvmd.log {
+	compress
+	missingok
+	notifempty
+	sharedscripts
+	copytruncate
+	maxsize 10M
+}
diff --git a/net-analyzer/gvmd/files/gvmd.service b/net-analyzer/gvmd/files/gvmd.service
new file mode 100644
index 000000000000..2e3ad84c85a5
--- /dev/null
+++ b/net-analyzer/gvmd/files/gvmd.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Greenbone Vulnerability Manager
+After=network.target
+After=openvassd.service
+Wants=openvassd.service
+Before=gsad.service
+
+[Service]
+Type=forking
+PrivateTmp=yes
+User=gvm
+Group=gvm
+PermissionsStartOnly=true
+EnvironmentFile=-/etc/gvm/sysconfig/gvmd-daemon.conf
+ExecStartPre=-/etc/gvm/gvmd-startpre.sh
+ExecStart=/usr/bin/gvmd $GVMD_OPTIONS $GVMD_LISTEN_ADDRESS_TCP $GVMD_PORT $GVMD_SCANNER_HOST $GVMD_GNUTLS_PRIORITIES
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target