[gentoo-commits] repo/gentoo:master commit in: net-analyzer/notus-scanner/files/, net-analyzer/notus-scanner/, ...

["Florian Schmaus" <flow@gentoo.org>]

commit:     73d0bd24fdc3fc390c94366d704540648c0b9e63
Author:     Giuseppe Foti <foti.giuseppe <AT> gmail <DOT> com>
AuthorDate: Sat May 20 17:22:43 2023 +0000
Commit:     Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Mon Jul  3 08:15:23 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73d0bd24

net-analyzer/notus-scanner: new package, add 22.5.0

Signed-off-by: Giuseppe Foti <foti.giuseppe <AT> gmail.com>
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>

 net-analyzer/notus-scanner/Manifest                |  1 +
 .../notus-scanner/files/notus-scanner.confd        | 11 ++++
 .../notus-scanner/files/notus-scanner.initd        | 23 ++++++++
 .../notus-scanner/files/notus-scanner.service.conf |  7 +++
 .../notus-scanner/files/notus-scanner.toml         |  8 +++
 net-analyzer/notus-scanner/metadata.xml            | 19 +++++++
 .../notus-scanner/notus-scanner-22.5.0.ebuild      | 63 ++++++++++++++++++++++
 profiles/features/musl/package.mask                |  1 +
 8 files changed, 133 insertions(+)

diff --git a/net-analyzer/notus-scanner/Manifest b/net-analyzer/notus-scanner/Manifest
new file mode 100644
index 000000000000..653ff84e4195
--- /dev/null
+++ b/net-analyzer/notus-scanner/Manifest
@@ -0,0 +1 @@
+DIST notus-scanner-22.5.0.tar.gz 320894 BLAKE2B 3bf0cb633ad2636d9430705459d841b717139b162bd39f30a6bf06dafe1647b94c0e791b05390d340f97a4ff83351cbd71be6d5b1793dda82c6cad9250ce18c2 SHA512 48576d26a65c439fb00b345d97ba9917c3c2bf99ab5c94ed4488e4638c0442fdcd721ed8a08be147481a01bffc3eadec25029c0d6cd1aed2381221250b16c19d

diff --git a/net-analyzer/notus-scanner/files/notus-scanner.confd b/net-analyzer/notus-scanner/files/notus-scanner.confd
new file mode 100644
index 000000000000..5000145abaeb
--- /dev/null
+++ b/net-analyzer/notus-scanner/files/notus-scanner.confd
@@ -0,0 +1,11 @@
+# Notus Scanner command args
+
+NOTUS_SCANNER_OPTIONS="--log-file=/var/log/gvm/notus-scanner.log"
+
+NOTUS_SCANNER_MQTT_BROKER_ADDRESS="--mqtt-broker-address localhost"
+
+NOTUS_SCANNER_MQTT_BROKER_PORT="--mqtt-broker-port 1883"
+
+NOTUS_SCANNER_PRODUCTS_DIRECTORY="--products-directory /var/lib/notus/products"
+
+NOTUS_DISABLE_HASHSUM_VERIFICATION="--disable-hashsum-verification false"

diff --git a/net-analyzer/notus-scanner/files/notus-scanner.initd b/net-analyzer/notus-scanner/files/notus-scanner.initd
new file mode 100644
index 000000000000..e00e9118e32e
--- /dev/null
+++ b/net-analyzer/notus-scanner/files/notus-scanner.initd
@@ -0,0 +1,23 @@
+#!/sbin/openrc-run
+# Copyright 2023Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="Greenbone Notus Scanner"
+command=/usr/bin/notus-scanner
+pidfile="/run/notus-scanner/${RC_SVCNAME}.pid"
+command_args="${NOTUS_SCANNER_OPTIONS} \
+	${NOTUS_SCANNER_MQTT_BROKER_ADDRESS} \
+	${NOTUS_SCANNER_MQTT_BROKER_PORT} \
+	${NOTUS_SCANNER_PRODUCTS_DIRECTORY} \
+	${NOTUS_DISABLE_HASHSUM_VERIFICATION} \
+	--pid-file ${pidfile} \
+	--config /etc/gvm/notus-scanner.toml"
+
+depend() {
+	after bootmisc
+	need localmount mosquitto
+}
+
+start_pre() {
+        checkpath -d /var/run/notus-scanner
+}

diff --git a/net-analyzer/notus-scanner/files/notus-scanner.service.conf b/net-analyzer/notus-scanner/files/notus-scanner.service.conf
new file mode 100644
index 000000000000..aea5c10e8fad
--- /dev/null
+++ b/net-analyzer/notus-scanner/files/notus-scanner.service.conf
@@ -0,0 +1,7 @@
+[Unit]
+PartOf=gvm.target
+
+[Service]
+Type=forking
+ExecStart=
+ExecStart=/usr/bin/notus-scanner

diff --git a/net-analyzer/notus-scanner/files/notus-scanner.toml b/net-analyzer/notus-scanner/files/notus-scanner.toml
new file mode 100644
index 000000000000..cff33c77afc8
--- /dev/null
+++ b/net-analyzer/notus-scanner/files/notus-scanner.toml
@@ -0,0 +1,8 @@
+[notus-scanner]
+mqtt-broker-address = "localhost"
+mqtt-broker-port = "1883"
+products-directory = "/var/lib/notus/products"
+pid-file = "/run/notus-scanner/notus-scanner.pid"
+log-file = "/var/log/gvm/notus-scanner.log"
+log-level = "INFO"
+disable-hashsum-verification = false

diff --git a/net-analyzer/notus-scanner/metadata.xml b/net-analyzer/notus-scanner/metadata.xml
new file mode 100644
index 000000000000..06038ba8d06e
--- /dev/null
+++ b/net-analyzer/notus-scanner/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person" proxied="yes">
+		<email>foti.giuseppe@gmail.com</email>
+		<name>Giuseppe Foti</name>
+	</maintainer>
+	<maintainer type="project" proxied="proxy">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<longdescription lang="en">
+			This is a new scanner that scans after every regular scan, so no user interaction is necessary.
+			It offers better performance due to less system resource consumption and thus, faster scanning.
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone/notus-scanner</remote-id>
+	</upstream>
+</pkgmetadata>

diff --git a/net-analyzer/notus-scanner/notus-scanner-22.5.0.ebuild b/net-analyzer/notus-scanner/notus-scanner-22.5.0.ebuild
new file mode 100644
index 000000000000..3d2b52bf6bee
--- /dev/null
+++ b/net-analyzer/notus-scanner/notus-scanner-22.5.0.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+DISTUTILS_USE_PEP517=poetry
+inherit distutils-r1 systemd
+
+DESCRIPTION="Notus is a vulnerability scanner for creating results from local security checks"
+HOMEPAGE="https://github.com/greenbone/notus-scanner"
+SRC_URI="https://github.com/greenbone/notus-scanner/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="AGPL-3 AGPL-3+"
+KEYWORDS="~amd64 ~x86"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	acct-user/gvm
+	dev-libs/paho-mqtt-c
+	dev-python/psutil[${PYTHON_USEDEP}]
+	>=dev-python/python-gnupg-0.5.0[${PYTHON_USEDEP}]
+	<dev-python/packaging-23.2[${PYTHON_USEDEP}]
+	>=dev-python/sentry-sdk-1.22.2[${PYTHON_USEDEP}]
+	>=dev-python/rope-1.8.0[${PYTHON_USEDEP}]
+	>=dev-python/paho-mqtt-1.5.1[${PYTHON_USEDEP}]
+	<dev-python/tomli-3[${PYTHON_USEDEP}]
+"
+
+RDEPEND="
+	${DEPEND}
+	app-misc/mosquitto
+"
+
+distutils_enable_tests unittest
+
+python_compile() {
+	distutils-r1_python_compile
+}
+
+python_install() {
+	distutils-r1_python_install
+	insinto /etc/gvm
+	doins "${FILESDIR}/${PN}.toml"
+	fowners gvm:gvm "/etc/gvm/${PN}.toml"
+
+	# Set proper permissions on required files/directories
+	keepdir /var/lib/notus
+	keepdir /var/lib/notus/products
+	keepdir /var/lib/notus/advisories
+	if ! use prefix; then
+		fowners -R gvm:gvm /var/lib/notus
+	fi
+
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+
+	systemd_dounit config/${PN}.service
+
+	systemd_install_serviced "${FILESDIR}/notus-scanner.service.conf" \
+			${PN}.service
+}

diff --git a/profiles/features/musl/package.mask b/profiles/features/musl/package.mask
index 3003915d03db..0e288e530d07 100644
--- a/profiles/features/musl/package.mask
+++ b/profiles/features/musl/package.mask
@@ -73,6 +73,7 @@ sys-apps/noexec
 # Giuseppe Foti <foti.giuseppe@gmail.com> (2023-05-19)
 # New packages that require blocked packages in the previous block.
 dev-db/pg-gvm
+net-analyzer/notus-scanner
 
 # Petr Vaněk <arkamar@atlas.cz> (2022-09-23)
 # Musl does not implement rresvport function, bugs #713810 and #713376.