#This number is the sequence number on intevation.org to download a file
%global tar_download 1959
#%global tar_version 4.0.6
Name: openvas-scanner
Version: 4.0.6
Release: 1%{?dist}
Summary: Open Vulnerability Assessment (OpenVAS) Scanner
License: GPLv2
URL: http://www.openvas.org
Source0: http://wald.intevation.org/frs/download.php/%{tar_download}/%{name}-%{version}.tar.gz
#Source0: http://wald.intevation.org/frs/download.php/%{tar_download}/%{name}-%{tar_version}.tar.gz
%if 0%{?rhel} >= 7 || 0%{?fedora} > 15
Source7: openvas-scanner.service
%else
Source1: openvas-scanner.initd
%endif
Source2: openvassd.conf
Source3: openvas-scanner.logrotate
Source4: openvas-scanner.sysconfig
Source5: openvas-nvt-sync-cron
Source6: openvas-nvt-sync-cronjob
# Put certs to /etc/pki as suggested by http://fedoraproject.org/wiki/PackagingDrafts/Certificates
# Not reported upstream as it is RedHat/Fedora specific
Patch1: openvas-scanner-pki.patch
# Put openvas-mkcert-client to bin directory instead of sbin and install its man page
# Reported upstream http://wald.intevation.org/tracker/?func=detail&aid=1941&group_id=29&atid=220
Patch2: openvas-scanner-mkcertclient.patch
# Allow compile time definition of the directory to store openvassd.rules
# Reported upstream http://wald.intevation.org/tracker/?func=detail&aid=1940&group_id=29&atid=220
Patch3: openvas-scanner-rulesdir.patch
# Replace _BSD_SOURCE and _SVID_SOURCE with _DEFAULT_SOURCE otherwise build fails with Werror
Patch4: openvas-scanner-bsdsource.patch
BuildRequires: openvas-libraries-devel >= 7.0
BuildRequires: cmake >= 2.6.0
BuildRequires: glib2-devel
BuildRequires: libpcap-devel
BuildRequires: gnutls-devel
BuildRequires: gpgme-devel
BuildRequires: libksba-devel
BuildRequires: pkgconfig
BuildRequires: libgcrypt-devel
BuildRequires: doxygen
# This is introduced to accomodate difference in RHEL5/CentOS5
%if %{defined rhel}
%if 0%{?rhel} <= 5
# RHEL5
BuildRequires: e2fsprogs-libs-devel
%else
#RHEL6
BuildRequires: libuuid-devel
%endif
%else
# Fedora 14 doesn't have "rhel" defined
BuildRequires: libuuid-devel
%endif
%if 0%{?rhel} >= 7 || 0%{?fedora} > 15
BuildRequires: systemd
BuildRequires: systemd-units
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%else
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
%endif
# Required by the openvas-nvt-sync and greenbone-nvt-sync
Requires: /usr/bin/md5sum
Requires: /usr/bin/rsync
Requires: /usr/bin/wget
Requires: /usr/bin/curl
%filter_provides_in %{_libdir}/openvas/plugins
%filter_setup
%description
Scanner module for the Open Vulnerability Assessment System (OpenVAS).
%prep
%setup -q
#%setup -q -n %{name}-%{tar_version}
# Separation of feeds not possible because nasl script_dependencies doesn't search in all include_folders
#patch0 -p 1 -b .nvtfeed
%patch1 -p 1 -b .pkipath
%patch2 -p 1 -b .mkcert
%patch3 -p 1 -b .rules
#Patch for bsdsource seems to be needed only in 21/devel branch
%if 0%{?fedora} >= 21
%patch4 -p 1 -b .bsdsource
%endif
for i in CHANGES ChangeLog; do
iconv -f iso8859-1 -t utf-8 $i > $i.utf8 && \
touch -r $i $i.utf8 && \
mv -f $i.utf8 $i;
done
%build
#configure --disable-static
export CFLAGS=-Werror=unused-but-set-variable
%cmake -DLOCALSTATEDIR:PATH=%{_var} -DOPENVASSD_RULES:PATH=%{_sysconfdir}/openvas/openvassd.rules
make %{?_smp_mflags}
%install
make install DESTDIR=%{buildroot} INSTALL="install -p"
find %{buildroot} -name '*.la' -exec rm -f {} ';'
# Config directory
mkdir -p %{buildroot}/%{_sysconfdir}/openvas
chmod 755 %{buildroot}/%{_sysconfdir}/openvas
# Make directories for the certificates
mkdir -p %{buildroot}/%{_sysconfdir}/pki/openvas/CA
chmod 755 %{buildroot}/%{_sysconfdir}/pki/openvas
chmod 755 %{buildroot}/%{_sysconfdir}/pki/openvas/CA
mkdir -p %{buildroot}/%{_sysconfdir}/pki/openvas/private/CA
chmod 700 %{buildroot}/%{_sysconfdir}/pki/openvas/private
chmod 700 %{buildroot}/%{_sysconfdir}/pki/openvas/private/CA
# Make directories for the NVT feeds
mkdir -p %{buildroot}/%{_var}/lib/openvas/plugins
chmod 755 %{buildroot}/%{_var}/lib/openvas/plugins
# Separation of feeds not possible because nasl script_dependencies doesn't search in all include_folders
#mkdir -p _{buildroot}/_{_var}/lib/openvas/plugins/nvt
#mkdir -p _{buildroot}/_{_var}/lib/openvas/plugins/gsf
# Log direcotry
mkdir -p %{buildroot}/%{_var}/log/openvas
# Make plugin cache directory
mkdir -p %{buildroot}/%{_var}/cache/openvas
%if 0%{?rhel} >= 7 || 0%{?fedora} > 15
# Install systemd
install -Dp -m 644 %{SOURCE7} %{buildroot}/%{_unitdir}/%{name}.service
%else
# Install startup script
install -Dp -m 755 %{SOURCE1} %{buildroot}/%{_initddir}/openvas-scanner
%endif
# Install initial configuration
sed -e "s:@@OPENVAS_PLUGINS@@:%{_var}/lib/openvas/plugins:g
s:@@OPENVAS_CACHE@@:%{_var}/cache/openvas:g
s:@@OPENVAS_LOGDIR@@:%{_var}/log/openvas:g
s:@@OPENVAS_SYSCONF@@:%{_sysconfdir}/openvas:g
s:@@OPENVAS_CERT@@:%{_sysconfdir}/pki/openvas:g" %{SOURCE2} > openvassd.conf
install -Dp -m 644 openvassd.conf %{buildroot}/%{_sysconfdir}/openvas/
# Install log rotation stuff
install -m 644 -Dp %{SOURCE3} %{buildroot}/%{_sysconfdir}/logrotate.d/openvas-scanner
# Install sysconfig configration
install -Dp -m 644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/openvas-scanner
# Install cron script for update
install -Dp -m 755 %{SOURCE5} %{buildroot}/%{_sbindir}/
# Install cront jobs to periodically update plugins
install -Dp -m 644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/cron.d/openvas-sync-plugins
%if 0%{?rhel} >= 7 || 0%{?fedora} > 15
#systemd post
%post
%systemd_post %{name}.service
%preun
%systemd_preun %{name}.service
%postun
%systemd_postun_with_restart %{name}.service
%else
#initv post
%post
# This adds the proper /etc/rc*.d links for the script
if [ "$1" -eq 1 ]; then
/sbin/chkconfig --add openvas-scanner
fi
%preun
if [ $1 = 0 ]; then
/sbin/service openvas-scanner stop >/dev/null 2>&1
/sbin/chkconfig --del openvas-scanner
fi
%postun
if [ $1 -ge 1 ]; then
/sbin/service openvas-scanner condrestart >/dev/null 2>&1
fi
%endif
%files
%doc CHANGES ChangeLog COPYING COPYING.GPLv2 README
%dir %{_sysconfdir}/openvas/
%dir %{_sysconfdir}/pki/openvas/
%dir %{_sysconfdir}/pki/openvas/CA/
%dir %{_sysconfdir}/pki/openvas/private/
%dir %{_sysconfdir}/pki/openvas/private/CA/
%dir %{_var}/lib/openvas/
%dir %{_var}/lib/openvas/plugins/
#Separation of feeds not possible because nasl script_dependencies doesn't search in all include_folders
#_dir _{_var}/lib/openvas/plugins/nvt/
#_dir _{_var}/lib/openvas/plugins/gsf/
%dir %{_var}/log/openvas/
%dir %{_var}/cache/openvas/
%config(noreplace) %{_sysconfdir}/openvas/openvassd.conf
%config(noreplace) %{_sysconfdir}/sysconfig/openvas-scanner
%config(noreplace) %{_sysconfdir}/cron.d/openvas-sync-plugins
%config(noreplace) %{_sysconfdir}/logrotate.d/openvas-scanner
%if 0%{?rhel} >= 7 || 0%{?fedora} > 15
%{_unitdir}/%{name}.service
%else
%{_initddir}/openvas-scanner
%endif
%{_bindir}/openvas-mkcert-client
%{_sbindir}/openvas-mkcert
%{_sbindir}/openvas-nvt-sync
%{_sbindir}/openvas-nvt-sync-cron
%{_sbindir}/greenbone-nvt-sync
%{_sbindir}/openvassd
%{_mandir}/man1/*.1.*
%{_mandir}/man8/*.8.*
#attr(644,root,root) _{_libdir}/openvas/plugins/*.nes
%changelog
* Sat Apr 04 2015 Michal Ambroz <rebus at, seznam.cz> - 4.0.6-1
- Update to OpenVAS-7 openvas-scanner release 4.0.6
* Sat Dec 06 2014 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-1
- Update to OpenVAS-7 openvas-scanner release 4.0.5
* Fri Nov 07 2014 Michal Ambroz <rebus at, seznam.cz> - 4.0.4-2
- removed sysvinit subpackage - not needed anymore
* Wed Nov 05 2014 Michal Ambroz <rebus at, seznam.cz> - 4.0.4-1
- Update to OpenVAS-7 openvas-scanner release 4.0.4
* Fri Sep 12 2014 Michal Ambroz <rebus at, seznam.cz> - 4.0.3-1
- Update to OpenVAS-7 openvas-scanner release 4.0.3
* Tue Sep 02 2014 Michal Ambroz <rebus at, seznam.cz> - 4.0.2-1
- Update to OpenVAS-7 openvas-scanner release 4.0.2
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Michal Ambroz <rebus at, seznam.cz> - 4.0.1-2
- fix startscripts due to -q (quiet) option removed
* Mon May 26 2014 Fabian Affolter <mail@fabian-affolter.ch> - 4.0.1-1
- Spec file update
- Update to lastest upstream release 4.0.1
* Thu Apr 24 2014 Tomáš Mráz <tmraz@redhat.com> - 3.4-4.beta2
- Rebuild for new libgcrypt
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.4-3.beta2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Mar 12 2013 Michal Ambroz <rebus at, seznam.cz> - 3.4-2.beta2
- bump to OpenVas-6 version 3.4+beta2
* Thu Mar 07 2013 Tomáš Mráz <tmraz@redhat.com> - 3.4-1.beta1
- rebuilt with new GnuTLS
* Wed Feb 06 2013 Michal Ambroz <rebus at, seznam.cz> - 3.4-0.beta1
- bump to OpenVas-6 version 3.4+beta1
* Thu Nov 15 2012 Michal Ambroz <rebus at, seznam.cz> - 3.3.1-1
- bump to OpenVas-5 version 3.3.1
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Apr 10 2012 Michal Ambroz <rebus at, seznam.cz> - 3.2.5-5
- migrate the init scripts to systemd unit
- not containing the scripts for trigrerun as the whole suite is not functional
anyway because of the incompatibility of gnutls
* Mon Jan 23 2012 Michal Ambroz <rebus at, seznam.cz> - 3.2.5-4
- fixed reporting of missing key file
* Mon Jan 23 2012 Michal Ambroz <rebus at, seznam.cz> - 3.2.5-3
- changed init.d script to display hints about openvas-mkcert in syslog
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Sat Nov 05 2011 Michal Ambroz <rebus at, seznam.cz> - 3.2.5-1
- bump to bugfix release 3.2.5
* Tue Oct 04 2011 Michal Ambroz <rebus at, seznam.cz> - 3.2.4-1
- bump to bugfix release 3.2.4
* Mon Apr 11 2011 Michal Ambroz <rebus at, seznam.cz> - 3.2.3-1
- bump to bugfix release 3.2.3
* Mon Mar 28 2011 Michal Ambroz <rebus at, seznam.cz> - 3.2.2-4
- more strict dependencies to new openvas-libraries for OpenVAS 4
* Mon Mar 28 2011 Michal Ambroz <rebus at, seznam.cz> - 3.2.2-3
- rename intrd and logrotate to allow same naming convention for openvas-manager
* Sat Mar 26 2011 Michal Ambroz <rebus at, seznam.cz> - 3.2.2-2
- patch to fix compile time errors about set but not used variables
* Fri Mar 18 2011 Michal Ambroz <rebus at, seznam.cz> - 3.2.2-1
- Bump to latest stable release 4
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Dec 9 2010 Stjepan Gros <stjepan.gros@gmail.com> - 3.1.2-2
- Changed BR so that it works for both RHEL5/CentOS5 and Fedora
- Changed startup script so that it works for both RHEL5/CentOS5 and Fedora
* Tue Nov 23 2010 Stjepan Gros <stjepan.gros@gmail.com> - 3.1.1-1
- synced with upstream version
* Fri Apr 16 2010 Stjepan Gros <stjepan.gros@gmail.com> - 3.0.2-3
- Reverted plugin permissions to 644
- Removed non-existing provides
* Wed Apr 14 2010 Stjepan Gros <stjepan.gros@gmail.com> - 3.0.2-2
- Changes based on the comments in the following review
https://bugzilla.redhat.com/show_bug.cgi?id=562469#c24
- Included missed modifications to openvassd.conf by Michal Ambroz
* Tue Apr 13 2010 Stjepan Gros <stjepan.gros@gmail.com> - 3.0.2-1
- bump to a new upstream release
* Thu Mar 25 2010 Michal Ambroz <rebus at, seznam.cz> - 3.0.1-6
- fix config on 32bit architecture, double includes in specfile, permissions
- usage of macros/shell variables
* Fri Mar 12 2010 Stjepan Gros <stjepan.gros@gmail.com> - 3.0.1-5
- cron job shouldn't be replaced upon upgrade
- better alignment with Fedora's SysVInitScript guidelines
- Moved cronjob to cron.d directory
- Changed init.d name from openvassd into openvas-scanner
- Don't strip binary plugins in install phase to properly generate debuginfo
* Tue Mar 9 2010 Stjepan Gros <stjepan.gros@gmail.com> - 3.0.1-4
- Added cron job to periodically update plugins
- Added new option to init.d script to reload plugins
* Wed Mar 3 2010 Stjepan Gros <stjepan.gros@gmail.com> - 3.0.1-3
- Changes based on the comments in
https://bugzilla.redhat.com/show_bug.cgi?id=562469#c5
- Fixed a small bug in postun scriptlet
- Ownership of /etc/openvas directory moved to libraries
- Modified init.d script to change openvassd into openvas-scanner
* Fri Feb 26 2010 Stjepan Gros <stjepan.gros@gmail.com> - 3.0.1-2
- Added cmake BR
- Changes based on the comments in
https://bugzilla.redhat.com/show_bug.cgi?id=562469#c3
* Sat Feb 6 2010 Stjepan Gros <stjepan.gros@gmail.com> - 3.0.1-1
- Upgraded spec file for scanner version 3
* Tue Nov 17 2009 Stjepan Gros <stjepan.gros@gmail.com> - 2.0.3-1
- Minor changes from taken from Xavier Bachelot <xavier@bachelot.org>
- Initial spec file