7 files changed, 138 insertions, 0 deletions

diff --git a/net-analyzer/notus-scanner/Manifest b/net-analyzer/notus-scanner/Manifest
new file mode 100644
index 000000000000..925dab0ceaa7
--- /dev/null
+++ b/net-analyzer/notus-scanner/Manifest
@@ -0,0 +1,7 @@
+AUX notus-scanner.confd 379 BLAKE2B 23aec44c8b7f20246bfb407fe5b79c0a229ea58c2a9965390db6ddb4dff9a8097b37599ac6cf4730aa32214d9b009970ccf1ca39d988b182421f0fb30a4985a2 SHA512 3fe1a15fa6ba6ac926a9449f88d632267dccef4099e0f1b66d06674518cdaea6ed624199afbe6558e3cb97c5ad912ea29d81de02d9e38d5a5e67f43caf966d03
+AUX notus-scanner.initd 607 BLAKE2B 230e0e6e6abb3e52a4af52e71a793d73537342d0583e28a1ac53c91c3ed13b250092e47e50b114d991209249a8281ff3cf80c753225ae7e0c1dfb912ad8613ab SHA512 680838ce4a0590448b5518d430c22e67305d9eea85cda18175303df5524b1b20ba95f7156502dd5b20afb0c070a7f3fb1f5c28094b5246ad7efa01a1092a4798
+AUX notus-scanner.service.conf 93 BLAKE2B 17030f4836aa96f45fdc9be67fb1b1924680ec29193bfc03d470bc45bf973542ca1b2bbb13253eb20c1618132b4b07c3fcaadd39451cb583d4c8f6fcd6e26c65 SHA512 36d5fbe95cd02b728d048a0baeed03448899696d0b3344a166afc9eecd6620e8af347ecc86c014ec9211ce72cc55a202a84b9ea68a7662c268378c37a734b08f
+AUX notus-scanner.toml 273 BLAKE2B 742fd2f07418e020f37313fc275cf3ba44b3b3a701de7982eff3d5ebc74cdfe6618104799221d842bb2b7088b3444ecc4ce98aa28175da4a57876ea0c33e311a SHA512 bfa21bd4ee4c0cbcf8613a0fe5bcf31507aed94a74ddc139a6c1a5b1858f417ac40d00d0f8f1e849802632430b0a52c05231585237fbc397ffff03d1f013e5b6
+DIST notus-scanner-22.5.0.tar.gz 320894 BLAKE2B 3bf0cb633ad2636d9430705459d841b717139b162bd39f30a6bf06dafe1647b94c0e791b05390d340f97a4ff83351cbd71be6d5b1793dda82c6cad9250ce18c2 SHA512 48576d26a65c439fb00b345d97ba9917c3c2bf99ab5c94ed4488e4638c0442fdcd721ed8a08be147481a01bffc3eadec25029c0d6cd1aed2381221250b16c19d
+EBUILD notus-scanner-22.5.0.ebuild 1597 BLAKE2B 54afbd677c4e8f8ef3df2ab383dfd458548eb0357ff56dbc0c9b8f1cdd62fde563bde3e20293be11614d4e62c7d1dc3f85e5cfab5a33720b643b376be7b76c29 SHA512 a0ee11cc90ff7e129cebef3b51cc5b8d30493857288d9e3dd56d647cab5f3c95b4499e74bdc958fd42c12ecb9e488462e280f6f342f9e020fd59ddb4e38afeb7
+MISC metadata.xml 735 BLAKE2B 78af413540fe6af7214b65b50b50aaf9cf59280037ada5228d38e529d90752b0516bf1d7514e7d9436edd93b50cd8a9dadc1e9fbf84a5c57a0ff0cb45b712cc8 SHA512 fdb4ce92c1eede58fe267ed2a4832dd1d4e7a1694591efb3d2ff372a621320275c4090317cb57c50724ceb7e386fa28965e45b724b311127ecd8665e2908cf92
diff --git a/net-analyzer/notus-scanner/files/notus-scanner.confd b/net-analyzer/notus-scanner/files/notus-scanner.confd
new file mode 100644
index 000000000000..5000145abaeb
--- /dev/null
+++ b/net-analyzer/notus-scanner/files/notus-scanner.confd
@@ -0,0 +1,11 @@
+# Notus Scanner command args
+
+NOTUS_SCANNER_OPTIONS="--log-file=/var/log/gvm/notus-scanner.log"
+
+NOTUS_SCANNER_MQTT_BROKER_ADDRESS="--mqtt-broker-address localhost"
+
+NOTUS_SCANNER_MQTT_BROKER_PORT="--mqtt-broker-port 1883"
+
+NOTUS_SCANNER_PRODUCTS_DIRECTORY="--products-directory /var/lib/notus/products"
+
+NOTUS_DISABLE_HASHSUM_VERIFICATION="--disable-hashsum-verification false"
diff --git a/net-analyzer/notus-scanner/files/notus-scanner.initd b/net-analyzer/notus-scanner/files/notus-scanner.initd
new file mode 100644
index 000000000000..e00e9118e32e
--- /dev/null
+++ b/net-analyzer/notus-scanner/files/notus-scanner.initd
@@ -0,0 +1,23 @@
+#!/sbin/openrc-run
+# Copyright 2023Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="Greenbone Notus Scanner"
+command=/usr/bin/notus-scanner
+pidfile="/run/notus-scanner/${RC_SVCNAME}.pid"
+command_args="${NOTUS_SCANNER_OPTIONS} \
+	${NOTUS_SCANNER_MQTT_BROKER_ADDRESS} \
+	${NOTUS_SCANNER_MQTT_BROKER_PORT} \
+	${NOTUS_SCANNER_PRODUCTS_DIRECTORY} \
+	${NOTUS_DISABLE_HASHSUM_VERIFICATION} \
+	--pid-file ${pidfile} \
+	--config /etc/gvm/notus-scanner.toml"
+
+depend() {
+	after bootmisc
+	need localmount mosquitto
+}
+
+start_pre() {
+        checkpath -d /var/run/notus-scanner
+}
diff --git a/net-analyzer/notus-scanner/files/notus-scanner.service.conf b/net-analyzer/notus-scanner/files/notus-scanner.service.conf
new file mode 100644
index 000000000000..aea5c10e8fad
--- /dev/null
+++ b/net-analyzer/notus-scanner/files/notus-scanner.service.conf
@@ -0,0 +1,7 @@
+[Unit]
+PartOf=gvm.target
+
+[Service]
+Type=forking
+ExecStart=
+ExecStart=/usr/bin/notus-scanner
diff --git a/net-analyzer/notus-scanner/files/notus-scanner.toml b/net-analyzer/notus-scanner/files/notus-scanner.toml
new file mode 100644
index 000000000000..cff33c77afc8
--- /dev/null
+++ b/net-analyzer/notus-scanner/files/notus-scanner.toml
@@ -0,0 +1,8 @@
+[notus-scanner]
+mqtt-broker-address = "localhost"
+mqtt-broker-port = "1883"
+products-directory = "/var/lib/notus/products"
+pid-file = "/run/notus-scanner/notus-scanner.pid"
+log-file = "/var/log/gvm/notus-scanner.log"
+log-level = "INFO"
+disable-hashsum-verification = false
diff --git a/net-analyzer/notus-scanner/metadata.xml b/net-analyzer/notus-scanner/metadata.xml
new file mode 100644
index 000000000000..06038ba8d06e
--- /dev/null
+++ b/net-analyzer/notus-scanner/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person" proxied="yes">
+		<email>foti.giuseppe@gmail.com</email>
+		<name>Giuseppe Foti</name>
+	</maintainer>
+	<maintainer type="project" proxied="proxy">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<longdescription lang="en">
+			This is a new scanner that scans after every regular scan, so no user interaction is necessary.
+			It offers better performance due to less system resource consumption and thus, faster scanning.
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone/notus-scanner</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/net-analyzer/notus-scanner/notus-scanner-22.5.0.ebuild b/net-analyzer/notus-scanner/notus-scanner-22.5.0.ebuild
new file mode 100644
index 000000000000..3d2b52bf6bee
--- /dev/null
+++ b/net-analyzer/notus-scanner/notus-scanner-22.5.0.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+DISTUTILS_USE_PEP517=poetry
+inherit distutils-r1 systemd
+
+DESCRIPTION="Notus is a vulnerability scanner for creating results from local security checks"
+HOMEPAGE="https://github.com/greenbone/notus-scanner"
+SRC_URI="https://github.com/greenbone/notus-scanner/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="AGPL-3 AGPL-3+"
+KEYWORDS="~amd64 ~x86"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	acct-user/gvm
+	dev-libs/paho-mqtt-c
+	dev-python/psutil[${PYTHON_USEDEP}]
+	>=dev-python/python-gnupg-0.5.0[${PYTHON_USEDEP}]
+	<dev-python/packaging-23.2[${PYTHON_USEDEP}]
+	>=dev-python/sentry-sdk-1.22.2[${PYTHON_USEDEP}]
+	>=dev-python/rope-1.8.0[${PYTHON_USEDEP}]
+	>=dev-python/paho-mqtt-1.5.1[${PYTHON_USEDEP}]
+	<dev-python/tomli-3[${PYTHON_USEDEP}]
+"
+
+RDEPEND="
+	${DEPEND}
+	app-misc/mosquitto
+"
+
+distutils_enable_tests unittest
+
+python_compile() {
+	distutils-r1_python_compile
+}
+
+python_install() {
+	distutils-r1_python_install
+	insinto /etc/gvm
+	doins "${FILESDIR}/${PN}.toml"
+	fowners gvm:gvm "/etc/gvm/${PN}.toml"
+
+	# Set proper permissions on required files/directories
+	keepdir /var/lib/notus
+	keepdir /var/lib/notus/products
+	keepdir /var/lib/notus/advisories
+	if ! use prefix; then
+		fowners -R gvm:gvm /var/lib/notus
+	fi
+
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+
+	systemd_dounit config/${PN}.service
+
+	systemd_install_serviced "${FILESDIR}/notus-scanner.service.conf" \
+			${PN}.service
+}