Blob Blame History Raw
%define         tar_version 3.4+beta2

Name:		openvas-scanner
Summary:	Open Vulnerability Assessment (OpenVAS) Scanner
Version:	3.4
Release:	4.beta2%{?dist}
License:	GPLv2
Group:		System Environment/Libraries

Source1:	openvas-scanner.initd
Source2:	openvassd.conf
Source3:	openvas-scanner.logrotate
Source4:	openvas-scanner.sysconfig
Source5:	openvas-nvt-sync-cron
Source6:	openvas-nvt-sync-cronjob
Source7:	openvas-scanner.service

#Separate nvt and gsf feeds to separate directories
#Separation of feeds is currently not possible because nasl script_dependencies doesn't search in all include_folders
#Patch0:		openvas-scanner-nvtfeed.patch

#Put certs to /etc/pki as suggested by
#Not reported upstream as it is RedHat/Fedora specific
Patch1:		openvas-scanner-pki.patch

#Put openvas-mkcert-client to bin directory instead of sbin and install its man page
#Reported upstream
Patch2:		openvas-scanner-mkcertclient.patch

#Allow compile time definition of the directory to store openvassd.rules
#Reported upstream
Patch3:		openvas-scanner-rulesdir.patch

#Fix compile time errors for F15 where variables set but not used are reported as error
#Reported upstream
#Patch4:		openvas-scanner-notused.patch

#Replace _BSD_SOURCE and _SVID_SOURCE with _DEFAULT_SOURCE otherwise build fails with Werror
Patch5:		openvas-scanner-3.4+beta2-bsdsource.patch

BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires:	openvas-libraries-devel >= 6.0
BuildRequires:	cmake >= 2.6.0
BuildRequires:	glib2-devel
BuildRequires:	libpcap-devel
BuildRequires:	gnutls-devel
BuildRequires:	gpgme-devel
BuildRequires:  libksba-devel
BuildRequires:	pkgconfig
BuildRequires:	systemd-units
BuildRequires:	libgcrypt-devel

# This is introduced to accomodate difference in RHEL5/CentOS5
%if %{defined rhel}
%if 0%{?rhel} <= 5
BuildRequires:	e2fsprogs-libs-devel
BuildRequires:	libuuid-devel
#Fedora 14 doesn't have "rhel" defined
BuildRequires:	libuuid-devel

Requires(post):		systemd-units
Requires(preun):	systemd-units
Requires(postun):	systemd-units
# This is actually needed for the %triggerun script but Requires(triggerun)
# is not valid.  We can use %post because this particular %triggerun script
# should fire just after this package is installed.
Requires(post):		systemd-sysv

#Required by the openvas-nvt-sync and greenbone-nvt-sync
Requires:	/usr/bin/md5sum
Requires:	/usr/bin/rsync
Requires:	/usr/bin/wget
Requires:	/usr/bin/curl

%filter_provides_in %{_libdir}/openvas/plugins

Scanner module for the Open Vulnerability Assessment System (OpenVAS).

%package sysvinit
Summary:	SysV style init script for %{name}
Group:		Documentation
Requires:	%{name} = %{version}-%{release}
Requires(post):		chkconfig
Requires(preun):	chkconfig
Requires(preun):	initscripts

%description sysvinit
SysV style init script for %{name}.
It needs to be installed only if systemd is not used as the system init process.

#%setup -q 
%setup -q -n %{name}-%{tar_version}
#Separation of feeds not possible because nasl script_dependencies doesn't search in all include_folders
#patch0 -p 1 -b .nvtfeed
%patch1 -p 1 -b .pkipath
%patch2 -p 1 -b .mkcert
%patch3 -p 1 -b .rules
#%patch4 -p 1 -b .notused
%patch5 -p 1 -b .bsdsource

for i in CHANGES ChangeLog; do
	iconv -f iso8859-1 -t utf-8 $i > $i.utf8 && \
	touch -r $i $i.utf8 && \
	mv -f $i.utf8 $i;

#configure --disable-static
export CFLAGS=-Werror=unused-but-set-variable
%cmake -DLOCALSTATEDIR:PATH=%{_var} -DOPENVASSD_RULES:PATH=%{_sysconfdir}/openvas/openvassd.rules
make %{?_smp_mflags}

rm -rf %{buildroot}

make install DESTDIR=%{buildroot} INSTALL="install -p"
find %{buildroot} -name '*.la' -exec rm -f {} ';'

#Config directory
mkdir -p %{buildroot}/%{_sysconfdir}/openvas
chmod 755 %{buildroot}/%{_sysconfdir}/openvas

#Make directories for the certificates
mkdir -p %{buildroot}/%{_sysconfdir}/pki/openvas/CA
chmod 755 %{buildroot}/%{_sysconfdir}/pki/openvas
chmod 755 %{buildroot}/%{_sysconfdir}/pki/openvas/CA
mkdir -p %{buildroot}/%{_sysconfdir}/pki/openvas/private/CA
chmod 700 %{buildroot}/%{_sysconfdir}/pki/openvas/private
chmod 700 %{buildroot}/%{_sysconfdir}/pki/openvas/private/CA

#Make directories for the NVT feeds
mkdir -p  %{buildroot}/%{_var}/lib/openvas/plugins
chmod 755 %{buildroot}/%{_var}/lib/openvas/plugins
#Separation of feeds not possible because nasl script_dependencies doesn't search in all include_folders
#mkdir -p  _{buildroot}/_{_var}/lib/openvas/plugins/nvt
#mkdir -p  _{buildroot}/_{_var}/lib/openvas/plugins/gsf

#Log direcotry
mkdir -p %{buildroot}/%{_var}/log/openvas

# Make plugin cache directory
mkdir -p %{buildroot}/%{_var}/cache/openvas

# Install startup script
install -Dp -m 755 %{SOURCE1} %{buildroot}/%{_initddir}/openvas-scanner

# Install systemd
install -Dp -m 644 %{SOURCE7} %{buildroot}/%{_unitdir}/%{name}.service

# Install initial configuration
sed -e "s:@@OPENVAS_PLUGINS@@:%{_var}/lib/openvas/plugins:g
	s:@@OPENVAS_CERT@@:%{_sysconfdir}/pki/openvas:g" %{SOURCE2} > openvassd.conf

install -Dp -m 644 openvassd.conf %{buildroot}/%{_sysconfdir}/openvas/

# install log rotation stuff
install -m 644 -Dp %{SOURCE3} \

# Install sysconfig configration
install -Dp -m 644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/openvas-scanner

# Install cront script for update
install -Dp -m 755 %{SOURCE5} %{buildroot}/%{_sbindir}/

# Install cront jobs to periodically update plugins
install -Dp -m 644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/cron.d/openvas-sync-plugins

rm -rf %{buildroot}

if [ $1 -eq 1 ] ; then
    # Initial installation
    /bin/systemctl daemon-reload >/dev/null 2>&1 || :

if [ $1 -eq 0 ] ; then
    # Package removal, not upgrade
    /bin/systemctl --no-reload disable openvas-scanner.service > /dev/null 2>&1 || :
    /bin/systemctl stop openvas-scanner.service > /dev/null 2>&1 || :

/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
    # Package upgrade, not uninstall
    /bin/systemctl try-restart openvas-scanner >/dev/null 2>&1 || :

%triggerun -- openvas-scanner < 3.2.5-5
# Save the current service runlevel info
# User must manually run systemd-sysv-convert --apply openvas-scanner
# to migrate them to systemd targets
/usr/bin/systemd-sysv-convert --save openvas-scanner >/dev/null 2>&1 ||:

# Run these because the SysV package being removed won't do them
/sbin/chkconfig --del openvas-scanner >/dev/null 2>&1 || :
/bin/systemctl try-restart openvas-scanner.service >/dev/null 2>&1 || :

%post sysvinit
# This adds the proper /etc/rc*.d links for the script
if [ "$1" -eq 1 ]; then
	/sbin/chkconfig --add openvas-scanner

%preun sysvinit
if [ $1 = 0 ]; then
	/sbin/service openvas-scanner stop >/dev/null 2>&1
	/sbin/chkconfig --del openvas-scanner

%postun sysvinit
if [ $1 -ge 1 ]; then
	/sbin/service openvas-scanner condrestart >/dev/null 2>&1

%dir %{_sysconfdir}/openvas
%dir %{_sysconfdir}/pki/openvas
%dir %{_sysconfdir}/pki/openvas/CA
%dir %{_sysconfdir}/pki/openvas/private
%dir %{_sysconfdir}/pki/openvas/private/CA
%dir %{_var}/lib/openvas
%dir %{_var}/lib/openvas/plugins
#Separation of feeds not possible because nasl script_dependencies doesn't search in all include_folders
#_dir _{_var}/lib/openvas/plugins/nvt
#_dir _{_var}/lib/openvas/plugins/gsf
%dir %{_var}/log/openvas
%dir %{_var}/cache/openvas
%config(noreplace) %{_sysconfdir}/openvas/openvassd.conf
%config(noreplace) %{_sysconfdir}/sysconfig/openvas-scanner
%config(noreplace) %{_sysconfdir}/cron.d/openvas-sync-plugins
%config(noreplace) %{_sysconfdir}/logrotate.d/openvas-scanner
#attr(644,root,root) _{_libdir}/openvas/plugins/*.nes

%files sysvinit

* Thu Apr 24 2014 Tomáš Mráz <> - 3.4-4.beta2
- Rebuild for new libgcrypt

* Sat Aug 03 2013 Fedora Release Engineering <> - 3.4-3.beta2
- Rebuilt for

* Tue Mar 12 2013 Michal Ambroz <rebus at,> - 3.4-2.beta2
- bump to OpenVas-6 version 3.4+beta2

* Thu Mar 07 2013 Tomáš Mráz <> - 3.4-1.beta1
- rebuilt with new GnuTLS

* Wed Feb 06 2013 Michal Ambroz <rebus at,> - 3.4-0.beta1
- bump to OpenVas-6 version 3.4+beta1

* Thu Nov 15 2012 Michal Ambroz <rebus at,> - 3.3.1-1
- bump to OpenVas-5 version 3.3.1

* Fri Jul 20 2012 Fedora Release Engineering <> - 3.2.5-6
- Rebuilt for

* Tue Apr 10 2012 Michal Ambroz <rebus at,> - 3.2.5-5
- migrate the init scripts to systemd unit
- not containing the scripts for trigrerun as the whole suite is not functional
  anyway because of the incompatibility of gnutls

* Mon Jan 23 2012 Michal Ambroz <rebus at,> - 3.2.5-4
- fixed reporting of missing key file

* Mon Jan 23 2012 Michal Ambroz <rebus at,> - 3.2.5-3
- changed init.d script to display hints about openvas-mkcert in syslog

* Fri Jan 13 2012 Fedora Release Engineering <> - 3.2.5-2
- Rebuilt for

* Sat Nov 05 2011 Michal Ambroz <rebus at,> - 3.2.5-1
- bump to bugfix release 3.2.5

* Tue Oct 04 2011 Michal Ambroz <rebus at,> - 3.2.4-1
- bump to bugfix release 3.2.4

* Mon Apr 11 2011 Michal Ambroz <rebus at,> - 3.2.3-1
- bump to bugfix release 3.2.3

* Mon Mar 28 2011 Michal Ambroz <rebus at,> - 3.2.2-4
- more strict dependencies to new openvas-libraries for OpenVAS 4

* Mon Mar 28 2011 Michal Ambroz <rebus at,> - 3.2.2-3
- rename intrd and logrotate to allow same naming convention for openvas-manager

* Sat Mar 26 2011 Michal Ambroz <rebus at,> - 3.2.2-2
- patch to fix compile time errors about set but not used variables

* Fri Mar 18 2011 Michal Ambroz <rebus at,> - 3.2.2-1
- Bump to latest stable release 4

* Tue Feb 08 2011 Fedora Release Engineering <> - 3.1.1-3
- Rebuilt for

* Thu Dec  9 2010 Stjepan Gros <> - 3.1.2-2
- Changed BR so that it works for both RHEL5/CentOS5 and Fedora
- Changed startup script so that it works for both RHEL5/CentOS5 and Fedora

* Tue Nov 23 2010 Stjepan Gros <> - 3.1.1-1
- synced with upstream version

* Fri Apr 16 2010 Stjepan Gros <> - 3.0.2-3
- Reverted plugin permissions to 644
- Removed non-existing provides

* Wed Apr 14 2010 Stjepan Gros <> - 3.0.2-2
- Changes based on the comments in the following review
- Included missed modifications to openvassd.conf by Michal Ambroz

* Tue Apr 13 2010 Stjepan Gros <> - 3.0.2-1
- bump to a new upstream release

* Thu Mar 25 2010 Michal Ambroz <rebus at,> - 3.0.1-6
- fix config on 32bit architecture, double includes in specfile, permissions
- usage of macros/shell variables

* Fri Mar 12 2010 Stjepan Gros <> - 3.0.1-5
- cron job shouldn't be replaced upon upgrade
- better alignment with Fedora's SysVInitScript guidelines
- Moved cronjob to cron.d directory
- Changed init.d name from openvassd into openvas-scanner
- Don't strip binary plugins in install phase to properly generate debuginfo

* Tue Mar  9 2010 Stjepan Gros <> - 3.0.1-4
- Added cron job to periodically update plugins
- Added new option to init.d script to reload plugins

* Wed Mar  3 2010 Stjepan Gros <> - 3.0.1-3
- Changes based on the comments in
- Fixed a small bug in postun scriptlet
- Ownership of /etc/openvas directory moved to libraries
- Modified init.d script to change openvassd into openvas-scanner

* Fri Feb 26 2010 Stjepan Gros <> - 3.0.1-2
- Added cmake BR
- Changes based on the comments in

* Sat Feb  6 2010 Stjepan Gros <> - 3.0.1-1
- Upgraded spec file for scanner version 3

* Tue Nov 17 2009 Stjepan Gros <> - 2.0.3-1
- Minor changes from taken from Xavier Bachelot <>
- Initial spec file