- New port: security/gvmd

The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients. It manages the storage of any vulnerability management configurations and of the scan results. Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP). Controlling scanners like OpenVAS is done via the Open Scanner Protocol (OSP). WWW: https://github.com/greenbone/gvmd
author: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> 2021-01-06 08:48:43 +0000
committer: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> 2021-01-06 08:48:43 +0000
commit: 19a685d678a085ebd46841c6948a578da61fd563 (patch)
tree: 155314ada8cb5de59c3966ca2a3b4559f29a5c5b /security/gvmd
parent: - Connect security/openvas (diff)
13 files changed, 354 insertions, 0 deletions
diff --git a/security/gvmd/Makefile b/security/gvmd/Makefile
new file mode 100644
index 000000000000..588813314d3a
--- /dev/null
+++ b/security/gvmd/Makefile
@@ -0,0 +1,46 @@
+# $FreeBSD$
+
+PORTNAME=	gvmd
+DISTVERSION=	20.8.0
+DISTVERSIONPREFIX=	v
+CATEGORIES=	security
+
+MAINTAINER=	acm@FreeBSD.org
+COMMENT=	Greenbone Vulnerability Manager central management service
+
+LICENSE=	AGPLv3+
+
+BUILD_DEPENDS=	doxygen>0:devel/doxygen
+LIB_DEPENDS=	libgvm_base.so:security/gvm-libs \
+		libgnutls.so:security/gnutls \
+		libgpgme.so:security/gpgme \
+		libical.so:devel/libical
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}lxml>0:devel/py-lxml@${PY_FLAVOR} \
+		doxygen>0:devel/doxygen \
+		p5-XML-Twig>=0:textproc/p5-XML-Twig \
+		snmpget:net-mgmt/net-snmp \
+		rsync:net/rsync \
+		wget:ftp/wget \
+		gpg:security/gnupg \
+		xml:textproc/xmlstarlet \
+		sshpass:security/sshpass \
+		socat:net/socat
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	greenbone
+
+USES=		cmake gnome pkgconfig pgsql python samba:run zip
+USE_GNOME=	glib20 libxslt:build
+USE_LDCONFIG=	yes
+
+USERS=		gvm
+GROUPS=		${USERS}
+
+USE_RC_SUBR=	gvmd
+
+post-install:
+	@${MKDIR} ${STAGEDIR}/var/lib/gvm/gvmd/gnupg
+	@${MKDIR} ${STAGEDIR}/var/log/gvm
+	@${MKDIR} ${STAGEDIR}/var/run/gvm
+
+.include <bsd.port.mk>
diff --git a/security/gvmd/distinfo b/security/gvmd/distinfo
new file mode 100644
index 000000000000..1ac013bff19d
--- /dev/null
+++ b/security/gvmd/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1609399929
+SHA256 (greenbone-gvmd-v20.8.0_GH0.tar.gz) = 2e09df899234fbb8e4e3593c63e94ed6ad0c984c59246a74c76f601499e2a40a
+SIZE (greenbone-gvmd-v20.8.0_GH0.tar.gz) = 1016622
diff --git a/security/gvmd/files/gvmd.in b/security/gvmd/files/gvmd.in
new file mode 100644
index 000000000000..0336e200a917
--- /dev/null
+++ b/security/gvmd/files/gvmd.in
@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: gvmd
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+#
+# Add the following to /etc/rc.conf[.local] to enable this service
+#
+# gvmd_enable  (bool):   Set to NO by default.
+#                Set it to YES to enable gvmd.
+# gvmd_flags (params):   Set params used to start gvmd.
+#
+
+. /etc/rc.subr
+
+name=gvmd
+rcvar=${name}_enable
+
+load_rc_config $name
+
+: ${gvmd_enable=NO}
+: ${gmvd_flags="--osp-vt-update=/var/run/ospd/ospd.sock --unix-socket=/var/run/gvm/gvmd.sock"}
+
+command="%%PREFIX%%/sbin/gvmd"
+command_args="${gmvd_flags}"
+gvmd_user="gvm"
+gvmd_group="gvm"
+pidfile=/var/run/gvm/gvmd.pid
+
+run_rc_command "$1"
diff --git a/security/gvmd/files/patch-CMakeLists.txt b/security/gvmd/files/patch-CMakeLists.txt
new file mode 100644
index 000000000000..10a249550366
--- /dev/null
+++ b/security/gvmd/files/patch-CMakeLists.txt
@@ -0,0 +1,52 @@
+--- CMakeLists.txt	2020-08-11 10:05:36.000000000 -0500
++++ CMakeLists.txt	2021-01-04 19:48:05.978938000 -0500
+@@ -132,7 +132,7 @@
+ endif (NOT LIBDIR)
+ 
+ if (NOT LOCALSTATEDIR)
+-  set (LOCALSTATEDIR "${CMAKE_INSTALL_PREFIX}/var")
++  set (LOCALSTATEDIR "/var")
+ endif (NOT LOCALSTATEDIR)
+ 
+ if (NOT DATADIR)
+@@ -183,7 +183,7 @@
+ set (GVM_CA_CERTIFICATE      "${GVM_STATE_DIR}/CA/cacert.pem")
+ 
+ if (NOT GVM_RUN_DIR)
+-  set (GVM_RUN_DIR      "${LOCALSTATEDIR}/run")
++  set (GVM_RUN_DIR      "${LOCALSTATEDIR}/run/gvm")
+ endif (NOT GVM_RUN_DIR)
+ 
+ if (NOT GVM_FEED_LOCK_PATH)
+@@ -240,7 +240,7 @@
+ configure_file (doc/Doxyfile_xml.in doc/Doxyfile_xml)
+ configure_file (doc/example-gvm-manage-certs.conf.in doc/example-gvm-manage-certs.conf @ONLY)
+ configure_file (VERSION.in VERSION)
+-configure_file (src/gvmd_log_conf.cmake_in src/gvmd_log.conf)
++configure_file (src/gvmd_log_conf.cmake_in src/gvmd_log.conf.sample)
+ configure_file (src/schema_formats/XML/GMP.xml.in src/schema_formats/XML/GMP.xml @ONLY)
+ configure_file (tools/greenbone-feed-sync.in tools/greenbone-feed-sync @ONLY)
+ configure_file (tools/greenbone-scapdata-sync.in tools/greenbone-scapdata-sync @ONLY)
+@@ -282,7 +282,7 @@
+ 
+ ## Configs (e.g. systemd service file)
+ 
+-add_subdirectory (config)
++# add_subdirectory (config)
+ 
+ ## Documentation
+ 
+@@ -292,10 +292,11 @@
+ 
+ install (DIRECTORY DESTINATION ${GVMD_STATE_DIR})
+ 
+-install (FILES ${CMAKE_BINARY_DIR}/src/gvmd_log.conf
++install (FILES ${CMAKE_BINARY_DIR}/src/gvmd_log.conf.sample
+          DESTINATION ${GVM_SYSCONF_DIR})
+ 
+-install (FILES ${CMAKE_SOURCE_DIR}/src/pwpolicy.conf
++
++install (FILES ${CMAKE_SOURCE_DIR}/src/pwpolicy.conf.sample
+          DESTINATION ${GVM_SYSCONF_DIR})
+ 
+ # Schema formats.
diff --git a/security/gvmd/files/patch-src_CMakeLists.txt b/security/gvmd/files/patch-src_CMakeLists.txt
new file mode 100644
index 000000000000..5e6801a41ca9
--- /dev/null
+++ b/security/gvmd/files/patch-src_CMakeLists.txt
@@ -0,0 +1,19 @@
+--- src/CMakeLists.txt	2020-08-11 10:05:36.000000000 -0500
++++ src/CMakeLists.txt	2021-01-04 19:53:06.893137000 -0500
+@@ -227,7 +227,7 @@
+                        ${GNUTLS_LDFLAGS} ${GPGME_LDFLAGS} ${CMAKE_THREAD_LIBS_INIT} ${LINKER_HARDENING_FLAGS} ${LINKER_DEBUG_FLAGS}
+                        ${PostgreSQL_LIBRARIES} ${GLIB_LDFLAGS} ${GTHREAD_LDFLAGS}
+                        ${LIBGVM_BASE_LDFLAGS} ${LIBGVM_UTIL_LDFLAGS} ${LIBGVM_OSP_LDFLAGS} ${LIBGVM_GMP_LDFLAGS}
+-                       ${LIBICAL_LDFLAGS} ${LINKER_HARDENING_FLAGS})
++                       ${LIBICAL_LDFLAGS} ${LINKER_HARDENING_FLAGS} -lexecinfo)
+ target_link_libraries (manage-test cgreen m
+                        ${GNUTLS_LDFLAGS} ${GPGME_LDFLAGS} ${CMAKE_THREAD_LIBS_INIT} ${LINKER_HARDENING_FLAGS} ${LINKER_DEBUG_FLAGS}
+                        ${PostgreSQL_LIBRARIES} ${GLIB_LDFLAGS} ${GTHREAD_LDFLAGS}
+@@ -441,5 +441,7 @@
+                    COMMAND ctags ${C_FILES})
+ add_custom_target (tags COMMENT "Building tags files...")
+ add_dependencies (tags etags ctags)
++
++file(RENAME "pwpolicy.conf" "pwpolicy.conf.sample")
+ 
+ ## End
diff --git a/security/gvmd/files/patch-src_gvmd.c b/security/gvmd/files/patch-src_gvmd.c
new file mode 100644
index 000000000000..49ea71bfe998
--- /dev/null
+++ b/security/gvmd/files/patch-src_gvmd.c
@@ -0,0 +1,71 @@
+--- src/gvmd.c	2020-08-11 10:05:36.000000000 -0500
++++ src/gvmd.c	2021-01-03 16:50:30.707314000 -0500
+@@ -1362,6 +1362,7 @@
+   struct sockaddr_un address_unix;
+   struct sockaddr_storage address_tls;
+   int address_size;
++  socklen_t addrlen;
+ 
+   memset (&address_tls, 0, sizeof (struct sockaddr_storage));
+   memset (&address_unix, 0, sizeof (struct sockaddr_un));
+@@ -1375,9 +1376,8 @@
+       /* UNIX file socket. */
+ 
+       address_unix.sun_family = AF_UNIX;
+-      strncpy (address_unix.sun_path,
+-               address_str_unix,
+-               sizeof (address_unix.sun_path) - 1);
++      strcpy (address_unix.sun_path,
++               address_str_unix);
+ 
+       g_debug ("%s: address_unix.sun_path: %s",
+                __func__,
+@@ -1398,7 +1398,7 @@
+         }
+ 
+       address = (struct sockaddr *) &address_unix;
+-      address_size = sizeof (address_unix);
++      addrlen = sizeof(struct sockaddr_un);
+ 
+       /* Ensure the path of the socket exists. */
+ 
+@@ -1414,8 +1414,8 @@
+     }
+   else if (address_str_tls)
+     {
+-      struct sockaddr_in *addr4;
+-      struct sockaddr_in6 *addr6;
++      struct sockaddr_in *addr4 = (struct sockaddr_in *) &address_tls;
++      struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &address_tls;
+       int port, optval;
+ 
+       /* TLS TCP socket. */
+@@ -1440,17 +1440,17 @@
+             port = htons (GVMD_PORT);
+         }
+ 
+-      addr4 = (struct sockaddr_in *) &address_tls;
+-      addr6 = (struct sockaddr_in6 *) &address_tls;
+       if (inet_pton (AF_INET6, address_str_tls, &addr6->sin6_addr) > 0)
+         {
+           address_tls.ss_family = AF_INET6;
+           addr6->sin6_port = port;
++	  addrlen = sizeof (*addr6);
+         }
+       else if (inet_pton (AF_INET, address_str_tls, &addr4->sin_addr) > 0)
+         {
+           address_tls.ss_family = AF_INET;
+           addr4->sin_port = port;
++	  addrlen = sizeof (*addr4);
+         }
+       else
+         {
+@@ -1491,7 +1491,7 @@
+       return -1;
+     }
+ 
+-  if (bind (*soc, address, address_size) == -1)
++  if (bind (*soc, address, addrlen) == -1)
+     {
+       g_warning ("Failed to bind manager socket: %s", strerror (errno));
+       return -1;
diff --git a/security/gvmd/files/patch-src_manage.c b/security/gvmd/files/patch-src_manage.c
new file mode 100644
index 000000000000..85f58ef903cf
--- /dev/null
+++ b/security/gvmd/files/patch-src_manage.c
@@ -0,0 +1,10 @@
+--- src/manage.c	2020-12-31 17:01:32.913198000 -0500
++++ src/manage.c	2020-12-31 17:01:47.001860000 -0500
+@@ -75,6 +75,7 @@
+ #include <sys/file.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
++#include <sys/socket.h>
+ #include <sys/wait.h>
+ #include <time.h>
+ #include <unistd.h>
diff --git a/security/gvmd/files/patch-src_manage_sql.c b/security/gvmd/files/patch-src_manage_sql.c
new file mode 100644
index 000000000000..b84efda2bca7
--- /dev/null
+++ b/security/gvmd/files/patch-src_manage_sql.c
@@ -0,0 +1,19 @@
+--- src/manage_sql.c	2020-08-11 10:05:36.000000000 -0500
++++ src/manage_sql.c	2021-01-04 17:08:05.732803000 -0500
+@@ -51,7 +51,6 @@
+ #include <dirent.h>
+ #include <errno.h>
+ #include <glib/gstdio.h>
+-#include <malloc.h>
+ #include <pwd.h>
+ #include <stdlib.h>
+ #include <sys/socket.h>
+@@ -15276,7 +15275,7 @@
+ 
+   cleanup_iterator (&nvts);
+ 
+-  malloc_trim (0);
++ // malloc_trim (0);
+ }
+ 
+ /**
diff --git a/security/gvmd/files/patch-src_manage_sql_secinfo.c b/security/gvmd/files/patch-src_manage_sql_secinfo.c
new file mode 100644
index 000000000000..64e96501bd87
--- /dev/null
+++ b/security/gvmd/files/patch-src_manage_sql_secinfo.c
@@ -0,0 +1,10 @@
+--- src/manage_sql_secinfo.c	2020-12-31 16:49:24.318202000 -0500
++++ src/manage_sql_secinfo.c	2020-12-31 16:49:46.253146000 -0500
+@@ -44,6 +44,7 @@
+ #include <sys/file.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
++#include <sys/wait.h>
+ #include <unistd.h>
+ 
+ #include <gvm/base/proctitle.h>
diff --git a/security/gvmd/files/patch-src_sql_pg.c b/security/gvmd/files/patch-src_sql_pg.c
new file mode 100644
index 000000000000..ab311fbc3767
--- /dev/null
+++ b/security/gvmd/files/patch-src_sql_pg.c
@@ -0,0 +1,18 @@
+--- src/sql_pg.c	2020-12-31 16:50:03.471244000 -0500
++++ src/sql_pg.c	2020-12-31 16:50:43.332754000 -0500
+@@ -26,13 +26,13 @@
+ #include "sql.h"
+ 
+ #include <assert.h>
+-#include <endian.h>
++#include <sys/endian.h>
+ #include <errno.h>
+ #include <arpa/inet.h>
+ #include <glib.h>
+ #include <inttypes.h>
+ #include <netinet/in.h>
+-#include <postgresql/libpq-fe.h>
++#include <libpq-fe.h>
+ #include <stdlib.h>
+ #include <string.h>
+ 
diff --git a/security/gvmd/files/patch-src_utils.c b/security/gvmd/files/patch-src_utils.c
new file mode 100644
index 000000000000..00bcbffaace2
--- /dev/null
+++ b/security/gvmd/files/patch-src_utils.c
@@ -0,0 +1,11 @@
+--- src/utils.c	2020-12-31 16:52:50.534962000 -0500
++++ src/utils.c	2020-12-31 16:52:59.759527000 -0500
+@@ -34,7 +34,7 @@
+ /**
+  * @brief Needed for nanosleep.
+  */
+-#define _POSIX_C_SOURCE 199309L
++//#define _POSIX_C_SOURCE 199309L
+ 
+ #include "utils.h"
+ 
diff --git a/security/gvmd/pkg-descr b/security/gvmd/pkg-descr
new file mode 100644
index 000000000000..08df113ed7c2
--- /dev/null
+++ b/security/gvmd/pkg-descr
@@ -0,0 +1,9 @@
+The Greenbone Vulnerability Manager is the central management service between 
+security scanners and the user clients.
+
+It manages the storage of any vulnerability management configurations and of 
+the scan results. Access to data, control commands and workflows is offered 
+via the XML-based Greenbone Management Protocol (GMP). Controlling scanners 
+like OpenVAS is done via the Open Scanner Protocol (OSP).
+
+WWW: https://github.com/greenbone/gvmd
diff --git a/security/gvmd/pkg-plist b/security/gvmd/pkg-plist
new file mode 100644
index 000000000000..0b8fc9660487
--- /dev/null
+++ b/security/gvmd/pkg-plist
@@ -0,0 +1,54 @@
+bin/gvm-manage-certs
+@sample etc/gvm/gvmd_log.conf.sample
+@sample etc/gvm/pwpolicy.conf.sample
+lib/libgvm-pg-server.so
+lib/libgvm-pg-server.so.20
+lib/libgvm-pg-server.so.20.08.0
+sbin/greenbone-certdata-sync
+sbin/greenbone-feed-sync
+sbin/greenbone-scapdata-sync
+sbin/gvmd
+share/doc/gvm/example-gvm-manage-certs.conf
+share/doc/gvm/html/gmp.html
+share/gvm/cert/cert_bund_getbyname.xsl
+share/gvm/cert/dfn_cert_getbyname.xsl
+share/gvm/gvm-lsc-deb-creator.sh
+share/gvm/gvm-lsc-rpm-creator.sh
+share/gvm/gvmd/global_alert_methods/159f79a5-fce8-4ec5-aa49-7d17a77739a3/alert
+share/gvm/gvmd/global_alert_methods/2db07698-ec49-11e5-bcff-28d24461215b/alert
+share/gvm/gvmd/global_alert_methods/4a398d42-87c0-11e5-a1c0-28d24461215b/alert
+share/gvm/gvmd/global_alert_methods/5b39c481-9137-4876-b734-263849dd96ce/alert
+share/gvm/gvmd/global_alert_methods/5b39c481-9137-4876-b734-263849dd96ce/report-convert.py
+share/gvm/gvmd/global_alert_methods/9d435134-15d3-11e6-bf5c-28d24461215b/alert
+share/gvm/gvmd/global_alert_methods/c427a688-b653-40ab-a9d0-d6ba842a9d63/alert
+share/gvm/gvmd/global_alert_methods/cd1f5a34-6bdc-11e0-9827-002264764cea/alert
+share/gvm/gvmd/global_alert_methods/f9d97653-f89b-41af-9ba1-0f6ee00e9c1a/alert
+share/gvm/gvmd/global_schema_formats/02052818-dab6-11df-9be4-002264764cea/HTML.xsl
+share/gvm/gvmd/global_schema_formats/02052818-dab6-11df-9be4-002264764cea/generate
+share/gvm/gvmd/global_schema_formats/02052818-dab6-11df-9be4-002264764cea/rnc.xsl
+share/gvm/gvmd/global_schema_formats/18e826fc-dab6-11df-b913-002264764cea/GMP.xml
+share/gvm/gvmd/global_schema_formats/18e826fc-dab6-11df-b913-002264764cea/generate
+share/gvm/gvmd/global_schema_formats/787a4a18-dabc-11df-9486-002264764cea/RNC.xsl
+share/gvm/gvmd/global_schema_formats/787a4a18-dabc-11df-9486-002264764cea/generate
+share/gvm/gvmd/global_schema_formats/787a4a18-dabc-11df-9486-002264764cea/rnc.xsl
+share/gvm/gvmd/global_schema_formats/d6cf255e-947c-11e1-829a-406186ea4fc5/GMP.xsl
+share/gvm/gvmd/global_schema_formats/d6cf255e-947c-11e1-829a-406186ea4fc5/generate
+share/gvm/gvmd/wizards/delete_task_deep.xml
+share/gvm/gvmd/wizards/get_tasks_deep.xml
+share/gvm/gvmd/wizards/modify_task.xml
+share/gvm/gvmd/wizards/quick_auth_scan.xml
+share/gvm/gvmd/wizards/quick_first_scan.xml
+share/gvm/gvmd/wizards/quick_task.xml
+share/gvm/gvmd/wizards/reset_task.xml
+share/gvm/scap/cpe_getbyname.xsl
+share/gvm/scap/cve_getbyname.xsl
+share/gvm/scap/ovaldef_getbyname.xsl
+share/man/man1/gvm-manage-certs.1.gz
+share/man/man8/greenbone-certdata-sync.8.gz
+share/man/man8/greenbone-scapdata-sync.8.gz
+share/man/man8/gvmd.8.gz
+@dir(gvm,gvm,750) /var/lib/gvm/gvmd/gnupg
+@dir(gvm,gvm,750) /var/lib/gvm/gvmd
+@dir(gvm,gvm,750) /var/lib/gvm
+@dir(gvm,gvm,750) /var/run/gvm
+@dir(gvm,gvm,750) /var/log/gvm
author	Jose Alonso Cardenas Marquez <acm@FreeBSD.org>	2021-01-06 08:48:43 +0000
committer	Jose Alonso Cardenas Marquez <acm@FreeBSD.org>	2021-01-06 08:48:43 +0000
commit	19a685d678a085ebd46841c6948a578da61fd563 (patch)
tree	155314ada8cb5de59c3966ca2a3b4559f29a5c5b /security/gvmd
parent	- Connect security/openvas (diff)