Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 24 Feb 2024 23:37:51 GMT
From:      Palle Girgensohn <girgen@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 6e1d089e3b04 - main - security/go-cve-dictionary: Upgrade to 0.10.1.
Message-ID:  <202402242337.41ONbpc8046547@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by girgen:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6e1d089e3b04f21ebb453622bbc7a09b9bab8c70

commit 6e1d089e3b04f21ebb453622bbc7a09b9bab8c70
Author:     Palle Girgensohn <girgen@FreeBSD.org>
AuthorDate: 2024-01-26 16:14:04 +0000
Commit:     Palle Girgensohn <girgen@FreeBSD.org>
CommitDate: 2024-02-24 23:37:44 +0000

    security/go-cve-dictionary: Upgrade to 0.10.1.
    
    This port is mainly here as a dependency of security/vuls. Update and
    take maintainership due to maintainer timeout. [1]
    
    Adding a default config file that should work more or less out the box
    for a simple local setup. It has examples for a larger deployment.
    
    PR:     259948 [1] Maintainer timeout
---
 security/go-cve-dictionary/Makefile                | 67 +++++-------------
 security/go-cve-dictionary/distinfo                | 82 ++--------------------
 .../go-cve-dictionary/files/go-cve-dictionary.in   | 44 +++++-------
 .../go-cve-dictionary/files/go-cve-dictionary.yaml | 23 ++++++
 .../files/newsyslog-go-cve-dictionary.conf         |  7 ++
 .../files/patch-commands_fetchjvn.go               | 29 --------
 .../files/patch-commands_fetchnvd.go               | 29 --------
 .../go-cve-dictionary/files/patch-commands_root.go | 29 ++++++++
 .../files/patch-commands_server.go                 | 29 --------
 .../files/periodic-go-cve-dictionary.in            | 36 ++++++++++
 security/go-cve-dictionary/files/pkg-message.in    | 23 +++---
 security/go-cve-dictionary/pkg-descr               |  8 ++-
 security/go-cve-dictionary/pkg-plist               |  5 ++
 13 files changed, 164 insertions(+), 247 deletions(-)

diff --git a/security/go-cve-dictionary/Makefile b/security/go-cve-dictionary/Makefile
index bd780b01bc5d..ebbaceacdab9 100644
--- a/security/go-cve-dictionary/Makefile
+++ b/security/go-cve-dictionary/Makefile
@@ -1,12 +1,11 @@
 PORTNAME=	go-cve-dictionary
-DISTVERSIONPREFIX=	v
-DISTVERSION=		0.5.5
-PORTREVISION=	17
+DISTVERSIONPREFIX=v
+DISTVERSION=	0.10.1
 CATEGORIES=	security
 
-MAINTAINER=	iscandr@gmail.com
+MAINTAINER=	girgen@FreeBSD.org
 COMMENT=	Build local copies of vulnerabilities from NVD and JVN
-WWW=		https://github.com/kotakanbe/go-cve-dictionary/
+WWW=		https://github.com/vulsio/go-cve-dictionary/
 
 LICENSE=	APACHE20
 
@@ -14,59 +13,31 @@ RUN_DEPENDS=	ca_root_nss>=0:security/ca_root_nss
 
 USES=		go:modules
 
-USE_GITHUB=	yes
-GH_ACCOUNT=	kotakanbe
-GH_TUPLE=	\
-		PuerkitoBio:goquery:v1.5.1:puerkitobio_goquery/vendor/github.com/PuerkitoBio/goquery \
-		VividCortex:ewma:v1.1.1:vividcortex_ewma/vendor/github.com/VividCortex/ewma \
-		andybalholm:cascadia:v1.1.0:andybalholm_cascadia/vendor/github.com/andybalholm/cascadia \
-		asaskevich:govalidator:f61b66f89f4a:asaskevich_govalidator/vendor/github.com/asaskevich/govalidator \
-		cespare:xxhash:v2.1.1:cespare_xxhash_v2/vendor/github.com/cespare/xxhash/v2 \
-		cheggaaa:pb:v3.0.5:cheggaaa_pb_v3/vendor/github.com/cheggaaa/pb \
-		dgrijalva:jwt-go:v3.2.0:dgrijalva_jwt_go/vendor/github.com/dgrijalva/jwt-go \
-		dgryski:go-rendezvous:9f7001d12a5f:dgryski_go_rendezvous/vendor/github.com/dgryski/go-rendezvous \
-		fatih:color:v1.9.0:fatih_color/vendor/github.com/fatih/color \
-		redis:go-redis:v8.4.0:go_redis_redis_v8/vendor/github.com/go-redis/redis/v8 \
-		go-sql-driver:mysql:v1.5.0:go_sql_driver_mysql/vendor/github.com/go-sql-driver/mysql \
-		go-stack:stack:v1.8.0:go_stack_stack/vendor/github.com/go-stack/stack \
-		golang:crypto:75b288015ac9:golang_crypto/vendor/golang.org/x/crypto \
-		golang:net:a7d1128ccaa0:golang_net/vendor/golang.org/x/net \
-		golang:sys:v0.6.0:golang_sys/vendor/golang.org/x/sys \
-		golang:text:v0.3.3:golang_text/vendor/golang.org/x/text \
-		google:subcommands:v1.2.0:google_subcommands/vendor/github.com/google/subcommands \
-		hashicorp:go-version:v1.2.1:hashicorp_go_version/vendor/github.com/hashicorp/go-version \
-		htcat:htcat:v1.0.2:htcat_htcat/vendor/github.com/htcat/htcat \
-		inconshreveable:log15:b30bc20e4fd1:inconshreveable_log15/vendor/github.com/inconshreveable/log15 \
-		jinzhu:gorm:v1.9.16:jinzhu_gorm/vendor/github.com/jinzhu/gorm \
-		jinzhu:inflection:v1.0.0:jinzhu_inflection/vendor/github.com/jinzhu/inflection \
-		k0kubun:colorstring:9440f1994b88:k0kubun_colorstring/vendor/github.com/k0kubun/colorstring \
-		k0kubun:pp:v3.0.1:k0kubun_pp/vendor/github.com/k0kubun/pp \
-		knqyf263:go-cpe:659663f6eca2:knqyf263_go_cpe/vendor/github.com/knqyf263/go-cpe \
-		labstack:echo:v3.3.10:labstack_echo/vendor/github.com/labstack/echo \
-		labstack:gommon:v0.3.0:labstack_gommon/vendor/github.com/labstack/gommon \
-		lib:pq:v1.1.1:lib_pq/vendor/github.com/lib/pq \
-		mattn:go-colorable:v0.1.4:mattn_go_colorable/vendor/github.com/mattn/go-colorable \
-		mattn:go-isatty:v0.0.12:mattn_go_isatty/vendor/github.com/mattn/go-isatty \
-		mattn:go-runewidth:v0.0.7:mattn_go_runewidth/vendor/github.com/mattn/go-runewidth \
-		mattn:go-sqlite3:v1.14.2:mattn_go_sqlite3/vendor/github.com/mattn/go-sqlite3 \
-		olekukonko:tablewriter:v0.0.4:olekukonko_tablewriter/vendor/github.com/olekukonko/tablewriter \
-		open-telemetry:opentelemetry-go:v0.14.0:open_telemetry_opentelemetry_go/vendor/go.opentelemetry.io/otel \
-		pkg:errors:v0.9.1:pkg_errors/vendor/github.com/pkg/errors \
-		valyala:bytebufferpool:v1.0.0:valyala_bytebufferpool/vendor/github.com/valyala/bytebufferpool \
-		valyala:fasttemplate:v1.2.1:valyala_fasttemplate/vendor/github.com/valyala/fasttemplate
+GO_MODULE=	github.com/vulsio/go-cve-dictionary
 
 USE_RC_SUBR=	${PORTNAME}
 
 GO_BUILDFLAGS=	-ldflags "-X main.version=${PORTVERSION}"
 
-SUB_FILES=	pkg-message
+SUB_FILES=	pkg-message periodic-go-cve-dictionary
 SUB_LIST=	PORTNAME=${PORTNAME} USERS=${USERS} GROUPS=${GROUPS}
 
 USERS=		vuls
 GROUPS=		vuls
 
+post-patch:
+	${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' ${WRKSRC}/commands/root.go
+
 post-install:
-	${MKDIR} ${STAGEDIR}/var/db/vuls
-	${MKDIR} ${STAGEDIR}/var/log/vuls
+	${MKDIR} ${STAGEDIR}/var/db/vuls \
+		${STAGEDIR}/var/log/vuls \
+		${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d \
+		${STAGEDIR}${PREFIX}/etc/periodic/daily
+	${INSTALL_DATA} ${FILESDIR}/newsyslog-${PORTNAME}.conf \
+		${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d/${PORTNAME}.conf.sample
+	${INSTALL_DATA} ${FILESDIR}/${PORTNAME}.yaml \
+		${STAGEDIR}${PREFIX}/etc/${PORTNAME}.yaml.sample
+	${INSTALL_SCRIPT} ${WRKDIR}/periodic-${PORTNAME} \
+		${STAGEDIR}${PREFIX}/etc/periodic/daily/${PORTNAME}
 
 .include <bsd.port.mk>
diff --git a/security/go-cve-dictionary/distinfo b/security/go-cve-dictionary/distinfo
index b581269dde99..9d9399338338 100644
--- a/security/go-cve-dictionary/distinfo
+++ b/security/go-cve-dictionary/distinfo
@@ -1,77 +1,5 @@
-TIMESTAMP = 1679132467
-SHA256 (kotakanbe-go-cve-dictionary-v0.5.5_GH0.tar.gz) = 19b0e10daff6946717d441eb6a9e056fe2a28cd2e5b008a97ff2fd2f2c952fc3
-SIZE (kotakanbe-go-cve-dictionary-v0.5.5_GH0.tar.gz) = 46715
-SHA256 (PuerkitoBio-goquery-v1.5.1_GH0.tar.gz) = 50b671f7128ac6993b7388d4e8a76901afdcaa7c6889f45687a2acc0d0753ca4
-SIZE (PuerkitoBio-goquery-v1.5.1_GH0.tar.gz) = 101380
-SHA256 (VividCortex-ewma-v1.1.1_GH0.tar.gz) = 3b2d62412b7ba2726a379cc0ae557595c027dc8206d0ef98f13831281b8f2b85
-SIZE (VividCortex-ewma-v1.1.1_GH0.tar.gz) = 6042
-SHA256 (andybalholm-cascadia-v1.1.0_GH0.tar.gz) = 5d03f4610b70cab7860b158efab1afd91baa58fd95286a0adbadcdc3b49c7936
-SIZE (andybalholm-cascadia-v1.1.0_GH0.tar.gz) = 15464
-SHA256 (asaskevich-govalidator-f61b66f89f4a_GH0.tar.gz) = 7e241314ac30b59d9dc6ead8e902de94e07135486694e4e7ef0dc97eaf42c40e
-SIZE (asaskevich-govalidator-f61b66f89f4a_GH0.tar.gz) = 51800
-SHA256 (cespare-xxhash-v2.1.1_GH0.tar.gz) = 0ee31178d2c5a1249be4e26294a2f428008dc4e1ecbbfbe47f74e41026df1148
-SIZE (cespare-xxhash-v2.1.1_GH0.tar.gz) = 9292
-SHA256 (cheggaaa-pb-v3.0.5_GH0.tar.gz) = c3442908441cd17c4a2ed0c9f0875eeb52947e3b73d5c6e483d2698d7ed8ef43
-SIZE (cheggaaa-pb-v3.0.5_GH0.tar.gz) = 30815
-SHA256 (dgrijalva-jwt-go-v3.2.0_GH0.tar.gz) = 197465ef53219f3aeb1a6940b70e16d288fe4e4108d4831b91ea101118440e63
-SIZE (dgrijalva-jwt-go-v3.2.0_GH0.tar.gz) = 36960
-SHA256 (dgryski-go-rendezvous-9f7001d12a5f_GH0.tar.gz) = 29584550745fd4b8fce2e2f3def7b9d9ffe2b86cf9b6596b53a660c9bbfe27b6
-SIZE (dgryski-go-rendezvous-9f7001d12a5f_GH0.tar.gz) = 1699
-SHA256 (fatih-color-v1.9.0_GH0.tar.gz) = f5a6372ff7c87d22baaa2089e5cdd8a218fb3a9be047195c0ab421d5340f6f3f
-SIZE (fatih-color-v1.9.0_GH0.tar.gz) = 1230941
-SHA256 (redis-go-redis-v8.4.0_GH0.tar.gz) = c9aaa3d49398792ce64b0a54ae37663ec4def987bb68a79a5db6f71fc6e598e9
-SIZE (redis-go-redis-v8.4.0_GH0.tar.gz) = 123964
-SHA256 (go-sql-driver-mysql-v1.5.0_GH0.tar.gz) = 9d98b46623037447a26a51a203540bf605b6e6220d31f2efc7396242fcb660b5
-SIZE (go-sql-driver-mysql-v1.5.0_GH0.tar.gz) = 90474
-SHA256 (go-stack-stack-v1.8.0_GH0.tar.gz) = 3b8987e137d76f4f35db1e8005ec7fb766b68eed8cac0ca0b795ac43cd72b319
-SIZE (go-stack-stack-v1.8.0_GH0.tar.gz) = 8039
-SHA256 (golang-crypto-75b288015ac9_GH0.tar.gz) = 6e74e21bf9dfdbf0a8dac8cb205fbc3bfd8dff308a24080b9d6093a3858f0db2
-SIZE (golang-crypto-75b288015ac9_GH0.tar.gz) = 1729931
-SHA256 (golang-net-a7d1128ccaa0_GH0.tar.gz) = 4bed33fe7ea1e5ce005798c033fa18bddaa12fe5b6848bbe144e34c41c4b168f
-SIZE (golang-net-a7d1128ccaa0_GH0.tar.gz) = 1177106
-SHA256 (golang-sys-v0.6.0_GH0.tar.gz) = b4f6d17c7a128f76169964b437cb66b3f2dbf9a33361928ec19dfecf7b03fc54
-SIZE (golang-sys-v0.6.0_GH0.tar.gz) = 1434234
-SHA256 (golang-text-v0.3.3_GH0.tar.gz) = 1604233637e3593749fbbb13b5069b08e6feba6d2b55a02fd3148793d5871185
-SIZE (golang-text-v0.3.3_GH0.tar.gz) = 7747332
-SHA256 (google-subcommands-v1.2.0_GH0.tar.gz) = 99602409506274003f52f6eb901f3a4d6aa2fc041971939dfa753ffcf0549bae
-SIZE (google-subcommands-v1.2.0_GH0.tar.gz) = 9383
-SHA256 (hashicorp-go-version-v1.2.1_GH0.tar.gz) = 9c63e2107ca0cf4e78ddba1128c73adfdfcdd45faa90c3bf7c6feda7d2326cc5
-SIZE (hashicorp-go-version-v1.2.1_GH0.tar.gz) = 13911
-SHA256 (htcat-htcat-v1.0.2_GH0.tar.gz) = 6e3eb20766e668e8ff8bbe08a84544b3cbde45d6bdccad0a5fae905a06ef2f7e
-SIZE (htcat-htcat-v1.0.2_GH0.tar.gz) = 8561
-SHA256 (inconshreveable-log15-b30bc20e4fd1_GH0.tar.gz) = 515e98c8aadad3bb92c8db7e48bea0a4ad3dea40726aeb272fb1f7e9d68e3355
-SIZE (inconshreveable-log15-b30bc20e4fd1_GH0.tar.gz) = 23537
-SHA256 (jinzhu-gorm-v1.9.16_GH0.tar.gz) = c7ea6db55ab5226b6eb71e5654d14690459d02304df50cdf4adbe70db0308cab
-SIZE (jinzhu-gorm-v1.9.16_GH0.tar.gz) = 97157
-SHA256 (jinzhu-inflection-v1.0.0_GH0.tar.gz) = 582808364cc268544e3e6775b15d7fffbc28ccfb930a29840bb25e32d7d95e1f
-SIZE (jinzhu-inflection-v1.0.0_GH0.tar.gz) = 4766
-SHA256 (k0kubun-colorstring-9440f1994b88_GH0.tar.gz) = 8a8b7c4bfc362722139afceb014225fbde2b464c78c7d864f3436a12fa732bd0
-SIZE (k0kubun-colorstring-9440f1994b88_GH0.tar.gz) = 3627
-SHA256 (k0kubun-pp-v3.0.1_GH0.tar.gz) = 7ee809d1b55839d39965151142988bbb51ebb1e8105086703c55caf3e8eb0488
-SIZE (k0kubun-pp-v3.0.1_GH0.tar.gz) = 9734
-SHA256 (knqyf263-go-cpe-659663f6eca2_GH0.tar.gz) = 429ea378b3e3918df8c6e6550e2d0bd421f104206fad25bdf5282d628f14dc52
-SIZE (knqyf263-go-cpe-659663f6eca2_GH0.tar.gz) = 2650095
-SHA256 (labstack-echo-v3.3.10_GH0.tar.gz) = 0b130e57652d0b90740541339161bb3105c1fdec2dd5b6a716b5929bef91a125
-SIZE (labstack-echo-v3.3.10_GH0.tar.gz) = 279846
-SHA256 (labstack-gommon-v0.3.0_GH0.tar.gz) = c23fa6b18c3f3c4dc917e7fb6d40db88ca2d13f51dbc9a8e8e098b8aa03611e9
-SIZE (labstack-gommon-v0.3.0_GH0.tar.gz) = 11426
-SHA256 (lib-pq-v1.1.1_GH0.tar.gz) = bc19f104f21e71536f43d99c375355bfdee159f967050af690a51ef588ab0e37
-SIZE (lib-pq-v1.1.1_GH0.tar.gz) = 95305
-SHA256 (mattn-go-colorable-v0.1.4_GH0.tar.gz) = 157806ad8125e6bef4d9b58c9125ccb98a8343136f93faf442ab0cc6e7c24c11
-SIZE (mattn-go-colorable-v0.1.4_GH0.tar.gz) = 8981
-SHA256 (mattn-go-isatty-v0.0.12_GH0.tar.gz) = addbdc341d7685ed4cc8d2d8a8fd2bd9b784bde00d0ea99fb251039fc10c611c
-SIZE (mattn-go-isatty-v0.0.12_GH0.tar.gz) = 4548
-SHA256 (mattn-go-runewidth-v0.0.7_GH0.tar.gz) = 09270ddb93b2d77d4b3903bbadacbb3a3d4f0cce93c373fb21503840829d8697
-SIZE (mattn-go-runewidth-v0.0.7_GH0.tar.gz) = 16089
-SHA256 (mattn-go-sqlite3-v1.14.2_GH0.tar.gz) = faa3138a0219c1cd684386b2a13c203361e62ae51a3d895deeffcd3fe6c6d5b9
-SIZE (mattn-go-sqlite3-v1.14.2_GH0.tar.gz) = 2354866
-SHA256 (olekukonko-tablewriter-v0.0.4_GH0.tar.gz) = a86028430fb4dd99ce0030a7c4d37915337c3b9a9efbfd2698b375f3e3488bd0
-SIZE (olekukonko-tablewriter-v0.0.4_GH0.tar.gz) = 19252
-SHA256 (open-telemetry-opentelemetry-go-v0.14.0_GH0.tar.gz) = f096a442e4674b320d22e4cb253c005a6f3b82630b27e9c8856d0612f590b501
-SIZE (open-telemetry-opentelemetry-go-v0.14.0_GH0.tar.gz) = 469278
-SHA256 (pkg-errors-v0.9.1_GH0.tar.gz) = 56bfd893023daa498508bfe161de1be83299fcf15376035e7df79cbd7d6fa608
-SIZE (pkg-errors-v0.9.1_GH0.tar.gz) = 13415
-SHA256 (valyala-bytebufferpool-v1.0.0_GH0.tar.gz) = 089013e3429ebe7fd2bc3527f003bf3f3f639891e5d8ba6a56010e3671465e1f
-SIZE (valyala-bytebufferpool-v1.0.0_GH0.tar.gz) = 5025
-SHA256 (valyala-fasttemplate-v1.2.1_GH0.tar.gz) = 14881149dfc3d49606728d0c8e704cfaeb7fbbf2c42d20e771cf1bbae9fb1044
-SIZE (valyala-fasttemplate-v1.2.1_GH0.tar.gz) = 11550
+TIMESTAMP = 1706283379
+SHA256 (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.mod) = 605f168ac90dfb779f3a67dea287bab9938a4d32e4fe9157dc6d0aabf14d7217
+SIZE (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.mod) = 3338
+SHA256 (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.zip) = aa21dbe8c6064679071d64eb0afa965904d734d580c908ecc289859f145cc263
+SIZE (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.zip) = 353325
diff --git a/security/go-cve-dictionary/files/go-cve-dictionary.in b/security/go-cve-dictionary/files/go-cve-dictionary.in
index ef483b29574b..7cb3ff1a6fbe 100644
--- a/security/go-cve-dictionary/files/go-cve-dictionary.in
+++ b/security/go-cve-dictionary/files/go-cve-dictionary.in
@@ -8,19 +8,18 @@
 # to enable this service:
 #
 # go_cve_dictionary_enable (bool):     Set to NO by default
-#                                Set it to YES to enable the CVE server
+#                                      Set it to YES to enable the CVE server
 # go_cve_dictionary_user (string):     Set user to run go_cve_dictionary
-#                                Default is "%%USERS%%"
+#                                      Default is "%%USERS%%"
 # go_cve_dictionary_group (string):    Set group to run go_cve_dictionary
-#                                Default is "%%GROUPS%%"
-# go_cve_dictionary_db_path (string):  Set database path
-#                                Default is "/var/db/vuls/cve.sqlite3"
-# go_cve_dictionary_db_type (string):  Set database type
-#                                Default is "sqlite3"
-# go_cve_dictionary_log_file (string): Set file that go_cve_dictionary will log to
-#                                Default is "/var/log/vuls/go_cve_dictionary.log"
+#                                      Default is "%%GROUPS%%"
+# go_cve_dictionary_log_file (string): Set file that go-cve-dictionary will log to
+#                                      Default is "/var/log/vuls/go_cve_dictionary.log"
 # go_cve_dictionary_args (string):     Set additional command line arguments
-#                                Default is ""
+#                                      Default is ""
+#
+# Set up go-cve-dictionary using the config file: %%PREFIX%%/etc/go-cve-dictionary.yaml
+#
 
 . /etc/rc.subr
 
@@ -32,32 +31,27 @@ load_rc_config $name
 : ${go_cve_dictionary_enable:="NO"}
 : ${go_cve_dictionary_user:="%%USERS%%"}
 : ${go_cve_dictionary_group:="%%GROUPS%%"}
-: ${go_cve_dictionary_db_path:="/var/db/vuls/cve.sqlite3"}
-: ${go_cve_dictionary_db_type:="sqlite3"}
 : ${go_cve_dictionary_log_file:="/var/log/vuls/go_cve_dictionary.log"}
 : ${go_cve_dictionary_args:=""}
 
-pidfile=/var/run/go_cve_dictionary.pid
+pidfile=/var/run/${name}.pid
+pidfile_daemon=/var/run/${name}_daemon.pid
 command="/usr/sbin/daemon"
 procname="%%PREFIX%%/bin/%%PORTNAME%%"
 
-command_args="-p ${pidfile} /usr/bin/env ${procname} server \
-                -dbpath=${go_cve_dictionary_db_path} \
-                -dbtype=${go_cve_dictionary_db_type} \
-                ${go_cve_dictionary_args} >> ${go_cve_dictionary_log_file} 2>&1"
+command_args="-p ${pidfile} -P ${pidfile_daemon} -t ${name} \
+	-Ho ${go_cve_dictionary_log_file} \
+	${procname} server \
+	${go_cve_dictionary_args}"
 
 start_precmd=go_cve_dictionary_startprecmd
 
 go_cve_dictionary_startprecmd()
 {
-    if [ ! -e ${pidfile} ]; then
-        install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \
-            -m 640 /dev/null ${pidfile};
-    fi
-    if [ ! -f "${go_cve_dictionary_log_file}" ]; then
-        install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \
-            -m 640 /dev/null ${go_cve_dictionary_log_file};
-    fi
+	/usr/bin/install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \
+		-m 640 /dev/null ${pidfile}
+	/usr/bin/install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \
+		-m 640 /dev/null ${pidfile_daemon}
 }
 
 load_rc_config $name
diff --git a/security/go-cve-dictionary/files/go-cve-dictionary.yaml b/security/go-cve-dictionary/files/go-cve-dictionary.yaml
new file mode 100644
index 000000000000..80f093e60df0
--- /dev/null
+++ b/security/go-cve-dictionary/files/go-cve-dictionary.yaml
@@ -0,0 +1,23 @@
+# The FreeBSD port uses `daemon' and logs from stdout to file
+# log-dir string
+# log-json: bool
+# log-to-file: bool
+log-to-file: false
+log-json: false
+
+# alternatives are sqlite3, postgres, redis or mysql
+dbtype: sqlite3
+dbpath: /var/db/vuls/cve.sqlite3
+
+# dbtype: postgres
+# dbpath: "host=dbhost user=dbuser dbname=cve password=password"
+
+# Choose which IP addresses to listen to
+#
+# bind: 127.0.0.0
+# port: 1323
+
+# http-proxy string
+
+# debug: bool
+# debug-sql: bool
diff --git a/security/go-cve-dictionary/files/newsyslog-go-cve-dictionary.conf b/security/go-cve-dictionary/files/newsyslog-go-cve-dictionary.conf
new file mode 100644
index 000000000000..a1634a888413
--- /dev/null
+++ b/security/go-cve-dictionary/files/newsyslog-go-cve-dictionary.conf
@@ -0,0 +1,7 @@
+# configuration file for newsyslog for sqlpage
+#
+# see newsyslog.conf(5) for details
+#
+# logfilename                               [owner:group]    mode count size when flags [/pid_file] [sig_num]
+/var/log/vuls/go_cve_dictionary.log         vuls:vuls        640  7     100  *    J     /var/run/go_cve_dictionary_daemon.pid
+/var/log/vuls/go_cve_dictionary-updates.log vuls:vuls        640  7     *    @T00 J
diff --git a/security/go-cve-dictionary/files/patch-commands_fetchjvn.go b/security/go-cve-dictionary/files/patch-commands_fetchjvn.go
deleted file mode 100644
index 060efc488de0..000000000000
--- a/security/go-cve-dictionary/files/patch-commands_fetchjvn.go
+++ /dev/null
@@ -1,29 +0,0 @@
---- commands/fetchjvn.go.orig	2017-06-26 10:39:59 UTC
-+++ commands/fetchjvn.go
-@@ -3,7 +3,6 @@ package commands
- import (
- 	"context"
- 	"flag"
--	"os"
- 	"strconv"
- 	"time"
- 
-@@ -45,7 +44,7 @@ func (*FetchJvnCmd) Usage() string {
- 		[-latest]
- 		[-last2y]
- 		[-years] 1998 1999 ...
--		[-dbpath=$PWD/cve.sqlite3 or connection string]
-+		[-dbpath=/var/db/vuls/cve.sqlite3 or connection string]
- 		[-dbtype=mysql|postgres|sqlite3|redis]
- 		[-http-proxy=http://192.168.0.1:8080]
- 		[-debug]
-@@ -65,8 +64,7 @@ func (p *FetchJvnCmd) SetFlags(f *flag.F
- 	defaultLogDir := util.GetDefaultLogDir()
- 	f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
- 
--	pwd := os.Getenv("PWD")
--	f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3",
-+	f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3",
- 		"/path/to/sqlite3 or SQL connection string")
- 
- 	f.StringVar(&p.dbtype, "dbtype", "sqlite3",
diff --git a/security/go-cve-dictionary/files/patch-commands_fetchnvd.go b/security/go-cve-dictionary/files/patch-commands_fetchnvd.go
deleted file mode 100644
index e081ba1a7de3..000000000000
--- a/security/go-cve-dictionary/files/patch-commands_fetchnvd.go
+++ /dev/null
@@ -1,29 +0,0 @@
---- commands/fetchnvd.go.orig	2017-06-26 10:39:59 UTC
-+++ commands/fetchnvd.go
-@@ -3,7 +3,6 @@ package commands
- import (
- 	"context"
- 	"flag"
--	"os"
- 	"strconv"
- 	"time"
- 
-@@ -43,7 +42,7 @@ func (*FetchNvdCmd) Usage() string {
- 		[-last2y]
- 		[-years] 2015 2016 ...
- 		[-dbtype=mysql|postgres|sqlite3|redis]
--		[-dbpath=$PWD/cve.sqlite3 or connection string]
-+		[-dbpath=/var/db/vuls/cve.sqlite3 or connection string]
- 		[-http-proxy=http://192.168.0.1:8080]
- 		[-debug]
- 		[-debug-sql]
-@@ -65,8 +64,7 @@ func (p *FetchNvdCmd) SetFlags(f *flag.F
- 	defaultLogDir := util.GetDefaultLogDir()
- 	f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
- 
--	pwd := os.Getenv("PWD")
--	f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3",
-+	f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3",
- 		"/path/to/sqlite3 or SQL connection string")
- 
- 	f.StringVar(&p.dbtype, "dbtype", "sqlite3",
diff --git a/security/go-cve-dictionary/files/patch-commands_root.go b/security/go-cve-dictionary/files/patch-commands_root.go
new file mode 100644
index 000000000000..1f383c5b7b8b
--- /dev/null
+++ b/security/go-cve-dictionary/files/patch-commands_root.go
@@ -0,0 +1,29 @@
+--- commands/root.go.orig	1979-11-29 23:00:00 UTC
++++ commands/root.go
+@@ -3,7 +3,6 @@ import (
+ import (
+ 	"fmt"
+ 	"os"
+-	"path/filepath"
+ 
+ 	homedir "github.com/mitchellh/go-homedir"
+ 	"github.com/spf13/cobra"
+@@ -25,7 +24,7 @@ func init() {
+ func init() {
+ 	cobra.OnInitialize(initConfig)
+ 
+-	RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.go-cve-dictionary.yaml)")
++	RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "%%PREFIX%%/etc/go-cve-dictionary.yaml", "config file")
+ 
+ 	RootCmd.PersistentFlags().Bool("log-to-file", false, "output log to file")
+ 	_ = viper.BindPFlag("log-to-file", RootCmd.PersistentFlags().Lookup("log-to-file"))
+@@ -42,8 +41,7 @@ func init() {
+ 	RootCmd.PersistentFlags().Bool("debug-sql", false, "SQL debug mode")
+ 	_ = viper.BindPFlag("debug-sql", RootCmd.PersistentFlags().Lookup("debug-sql"))
+ 
+-	pwd := os.Getenv("PWD")
+-	RootCmd.PersistentFlags().String("dbpath", filepath.Join(pwd, "cve.sqlite3"), "/path/to/sqlite3 or SQL connection string")
++	RootCmd.PersistentFlags().String("dbpath", "/var/db/vuls/cve.sqlite3", "/path/to/sqlite3 or SQL connection string")
+ 	_ = viper.BindPFlag("dbpath", RootCmd.PersistentFlags().Lookup("dbpath"))
+ 
+ 	RootCmd.PersistentFlags().String("dbtype", "sqlite3", "Database type to store data in (sqlite3, mysql, postgres or redis supported)")
diff --git a/security/go-cve-dictionary/files/patch-commands_server.go b/security/go-cve-dictionary/files/patch-commands_server.go
deleted file mode 100644
index a2c836a7bd66..000000000000
--- a/security/go-cve-dictionary/files/patch-commands_server.go
+++ /dev/null
@@ -1,29 +0,0 @@
---- commands/server.go.orig	2017-06-26 10:39:59 UTC
-+++ commands/server.go
-@@ -3,7 +3,6 @@ package commands
- import (
- 	"context"
- 	"flag"
--	"os"
- 
- 	"github.com/google/subcommands"
- 	c "github.com/kotakanbe/go-cve-dictionary/config"
-@@ -37,7 +36,7 @@ func (*ServerCmd) Usage() string {
- 	server
- 		[-bind=127.0.0.1]
- 		[-port=8000]
--		[-dbpath=$PWD/cve.sqlite3 or connection string]
-+		[-dbpath=/var/db/vuls/cve.sqlite3 or connection string]
- 		[-dbtype=mysql|postgres|sqlite3|redis]
- 		[-debug]
- 		[-debug-sql]
-@@ -56,8 +55,7 @@ func (p *ServerCmd) SetFlags(f *flag.Fla
- 	defaultLogDir := util.GetDefaultLogDir()
- 	f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
- 
--	pwd := os.Getenv("PWD")
--	f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3",
-+	f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3",
- 		"/path/to/sqlite3 or SQL connection string")
- 
- 	f.StringVar(&p.dbtype, "dbtype", "sqlite3",
diff --git a/security/go-cve-dictionary/files/periodic-go-cve-dictionary.in b/security/go-cve-dictionary/files/periodic-go-cve-dictionary.in
new file mode 100644
index 000000000000..4d7a71aad4fc
--- /dev/null
+++ b/security/go-cve-dictionary/files/periodic-go-cve-dictionary.in
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+#
+# Update the CVE database every night.
+#
+
+# daily_go_cve_dictionary_enable 	- set to YES to enable nightly update of CVE definitions
+# daily_go_cve_dictionary_databases	- This can be a space separated list of databases
+#					  Supported databases are:
+#					  nvd jvn fortinet
+#
+# All other configurations are made in %%PREFIX%%/etc/go-cve-dictionary.yaml.
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+: ${daily_go_cve_dictionary_enable:=NO}
+: ${daily_go_cve_dictionary_databases:=nvd} {
+
+# You can add arguments per database, for example
+# daily_go_cve_dictionary_nvd_args="2020 2021 2022 2023 2024"
+
+case "${daily_go_cve_dictionary_databases}" in
+    [Yy][Ee][Ss])
+	for db in ${go_cve_dictionary_databases}; do
+	    eval args="\${go_cve_dictionary_${db}_args}"
+	    su -fm %%USERS%% \
+		    -c "/usr/bin/env HOME=/var/db/vuls %%PREFIX%%/bin/go-cve-dictionary fetch ${db} ${args}" \
+		    >> /var/log/vuls/go-cve-dictionary-updates.log 2>&1
+	done
+esac
diff --git a/security/go-cve-dictionary/files/pkg-message.in b/security/go-cve-dictionary/files/pkg-message.in
index d18c3ff39247..ae3e999c5f07 100644
--- a/security/go-cve-dictionary/files/pkg-message.in
+++ b/security/go-cve-dictionary/files/pkg-message.in
@@ -3,21 +3,28 @@
   message: <<EOM
 Congratulations, you have installed %%PORTNAME%%!
 
-%%PORTNAME%% does not ship any CVE database.
-To download CVEs from 2002 until present run:
+Setup go-cve-dictionary to use you preferred database type and set up access by
+editing the config file at %%PREFIX%%/etc/go-cve-dictionary.yaml. There's a
+default setup for your convenience using sqlite3, but you can also choose
+Redis, PostgreSQL or MySQL if you prefer that.
 
-for i in `seq 2002 $(date +"%Y")`; \
-    do %%PORTNAME%% fetchnvd -years $i; \
-    done
+go-cve-dictionary does not ship any CVE database. Instead, to download CVEs
+from 2002 until present and keep them updated, activate the periodic script by
+running
 
-After download, set the permissions of the CVE databases:
+sysrc -f /etc/periodic.conf daily_go_cve_dictionary_enable="YES"
 
-chown %%USERS%%:%%GROUPS%% /var/db/vuls/* /var/log/vuls/*
+Then, to fetch the NVD database of CVEs immediately, run
 
-To enable %%PORTNAME%% and start:
+/usr/local/etc/periodic/daily/go-cve-dictionary
+
+To enable the go-cve-dictionary service, edit
+%%PREFIX%%/etc/go-cve-dictionary.yaml and set bind and port, and then activate
+and start the service using:
 
 sysrc go_cve_dictionary_enable="YES"
 service %%PORTNAME%% start
+
 EOM
 }
 ]
diff --git a/security/go-cve-dictionary/pkg-descr b/security/go-cve-dictionary/pkg-descr
index c4e12d79fe89..be27bcedd2c3 100644
--- a/security/go-cve-dictionary/pkg-descr
+++ b/security/go-cve-dictionary/pkg-descr
@@ -1,5 +1,9 @@
 go-cve-dictionary builds a a local copy of the National Vulnerabilities
 Database(NVD) and Japan Vulnerability Notes(JVN). NVD and JVN contain security
 vulnerabilities according to their CVE identifiers including exhaustive
-information and a risk score. The local copy is generated in sqlite format.
-A server is included for easy querying.
+information and a risk score. The local copy is generated in a database, using
+sqlite3, postgres or mysql.  A server is included for easy querying.
+
+This program is tightly related to security/vuls, a client binary that is used
+to report about known vulnerabilities in packages. vuls uses the
+go-cve-dictionary service when reporting about problems.
diff --git a/security/go-cve-dictionary/pkg-plist b/security/go-cve-dictionary/pkg-plist
index 413d3df11f36..1543ff8f3156 100644
--- a/security/go-cve-dictionary/pkg-plist
+++ b/security/go-cve-dictionary/pkg-plist
@@ -1,3 +1,8 @@
 bin/go-cve-dictionary
+etc/periodic/daily/go-cve-dictionary
+@sample etc/newsyslog.conf.d/go-cve-dictionary.conf.sample
+@sample etc/go-cve-dictionary.yaml.sample
 @dir(vuls,vuls,0775) /var/db/vuls
 @dir(vuls,vuls,0775) /var/log/vuls
+@dir etc/newsyslog.conf.d
+@dir etc/periodic/daily



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202402242337.41ONbpc8046547>