Date: Sat, 24 Feb 2024 23:37:51 GMT From: Palle Girgensohn <girgen@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 6e1d089e3b04 - main - security/go-cve-dictionary: Upgrade to 0.10.1. Message-ID: <202402242337.41ONbpc8046547@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by girgen: URL: https://cgit.FreeBSD.org/ports/commit/?id=6e1d089e3b04f21ebb453622bbc7a09b9bab8c70 commit 6e1d089e3b04f21ebb453622bbc7a09b9bab8c70 Author: Palle Girgensohn <girgen@FreeBSD.org> AuthorDate: 2024-01-26 16:14:04 +0000 Commit: Palle Girgensohn <girgen@FreeBSD.org> CommitDate: 2024-02-24 23:37:44 +0000 security/go-cve-dictionary: Upgrade to 0.10.1. This port is mainly here as a dependency of security/vuls. Update and take maintainership due to maintainer timeout. [1] Adding a default config file that should work more or less out the box for a simple local setup. It has examples for a larger deployment. PR: 259948 [1] Maintainer timeout --- security/go-cve-dictionary/Makefile | 67 +++++------------- security/go-cve-dictionary/distinfo | 82 ++-------------------- .../go-cve-dictionary/files/go-cve-dictionary.in | 44 +++++------- .../go-cve-dictionary/files/go-cve-dictionary.yaml | 23 ++++++ .../files/newsyslog-go-cve-dictionary.conf | 7 ++ .../files/patch-commands_fetchjvn.go | 29 -------- .../files/patch-commands_fetchnvd.go | 29 -------- .../go-cve-dictionary/files/patch-commands_root.go | 29 ++++++++ .../files/patch-commands_server.go | 29 -------- .../files/periodic-go-cve-dictionary.in | 36 ++++++++++ security/go-cve-dictionary/files/pkg-message.in | 23 +++--- security/go-cve-dictionary/pkg-descr | 8 ++- security/go-cve-dictionary/pkg-plist | 5 ++ 13 files changed, 164 insertions(+), 247 deletions(-) diff --git a/security/go-cve-dictionary/Makefile b/security/go-cve-dictionary/Makefile index bd780b01bc5d..ebbaceacdab9 100644 --- a/security/go-cve-dictionary/Makefile +++ b/security/go-cve-dictionary/Makefile @@ -1,12 +1,11 @@ PORTNAME= go-cve-dictionary -DISTVERSIONPREFIX= v -DISTVERSION= 0.5.5 -PORTREVISION= 17 +DISTVERSIONPREFIX=v +DISTVERSION= 0.10.1 CATEGORIES= security -MAINTAINER= iscandr@gmail.com +MAINTAINER= girgen@FreeBSD.org COMMENT= Build local copies of vulnerabilities from NVD and JVN -WWW= https://github.com/kotakanbe/go-cve-dictionary/ +WWW= https://github.com/vulsio/go-cve-dictionary/ LICENSE= APACHE20 @@ -14,59 +13,31 @@ RUN_DEPENDS= ca_root_nss>=0:security/ca_root_nss USES= go:modules -USE_GITHUB= yes -GH_ACCOUNT= kotakanbe -GH_TUPLE= \ - PuerkitoBio:goquery:v1.5.1:puerkitobio_goquery/vendor/github.com/PuerkitoBio/goquery \ - VividCortex:ewma:v1.1.1:vividcortex_ewma/vendor/github.com/VividCortex/ewma \ - andybalholm:cascadia:v1.1.0:andybalholm_cascadia/vendor/github.com/andybalholm/cascadia \ - asaskevich:govalidator:f61b66f89f4a:asaskevich_govalidator/vendor/github.com/asaskevich/govalidator \ - cespare:xxhash:v2.1.1:cespare_xxhash_v2/vendor/github.com/cespare/xxhash/v2 \ - cheggaaa:pb:v3.0.5:cheggaaa_pb_v3/vendor/github.com/cheggaaa/pb \ - dgrijalva:jwt-go:v3.2.0:dgrijalva_jwt_go/vendor/github.com/dgrijalva/jwt-go \ - dgryski:go-rendezvous:9f7001d12a5f:dgryski_go_rendezvous/vendor/github.com/dgryski/go-rendezvous \ - fatih:color:v1.9.0:fatih_color/vendor/github.com/fatih/color \ - redis:go-redis:v8.4.0:go_redis_redis_v8/vendor/github.com/go-redis/redis/v8 \ - go-sql-driver:mysql:v1.5.0:go_sql_driver_mysql/vendor/github.com/go-sql-driver/mysql \ - go-stack:stack:v1.8.0:go_stack_stack/vendor/github.com/go-stack/stack \ - golang:crypto:75b288015ac9:golang_crypto/vendor/golang.org/x/crypto \ - golang:net:a7d1128ccaa0:golang_net/vendor/golang.org/x/net \ - golang:sys:v0.6.0:golang_sys/vendor/golang.org/x/sys \ - golang:text:v0.3.3:golang_text/vendor/golang.org/x/text \ - google:subcommands:v1.2.0:google_subcommands/vendor/github.com/google/subcommands \ - hashicorp:go-version:v1.2.1:hashicorp_go_version/vendor/github.com/hashicorp/go-version \ - htcat:htcat:v1.0.2:htcat_htcat/vendor/github.com/htcat/htcat \ - inconshreveable:log15:b30bc20e4fd1:inconshreveable_log15/vendor/github.com/inconshreveable/log15 \ - jinzhu:gorm:v1.9.16:jinzhu_gorm/vendor/github.com/jinzhu/gorm \ - jinzhu:inflection:v1.0.0:jinzhu_inflection/vendor/github.com/jinzhu/inflection \ - k0kubun:colorstring:9440f1994b88:k0kubun_colorstring/vendor/github.com/k0kubun/colorstring \ - k0kubun:pp:v3.0.1:k0kubun_pp/vendor/github.com/k0kubun/pp \ - knqyf263:go-cpe:659663f6eca2:knqyf263_go_cpe/vendor/github.com/knqyf263/go-cpe \ - labstack:echo:v3.3.10:labstack_echo/vendor/github.com/labstack/echo \ - labstack:gommon:v0.3.0:labstack_gommon/vendor/github.com/labstack/gommon \ - lib:pq:v1.1.1:lib_pq/vendor/github.com/lib/pq \ - mattn:go-colorable:v0.1.4:mattn_go_colorable/vendor/github.com/mattn/go-colorable \ - mattn:go-isatty:v0.0.12:mattn_go_isatty/vendor/github.com/mattn/go-isatty \ - mattn:go-runewidth:v0.0.7:mattn_go_runewidth/vendor/github.com/mattn/go-runewidth \ - mattn:go-sqlite3:v1.14.2:mattn_go_sqlite3/vendor/github.com/mattn/go-sqlite3 \ - olekukonko:tablewriter:v0.0.4:olekukonko_tablewriter/vendor/github.com/olekukonko/tablewriter \ - open-telemetry:opentelemetry-go:v0.14.0:open_telemetry_opentelemetry_go/vendor/go.opentelemetry.io/otel \ - pkg:errors:v0.9.1:pkg_errors/vendor/github.com/pkg/errors \ - valyala:bytebufferpool:v1.0.0:valyala_bytebufferpool/vendor/github.com/valyala/bytebufferpool \ - valyala:fasttemplate:v1.2.1:valyala_fasttemplate/vendor/github.com/valyala/fasttemplate +GO_MODULE= github.com/vulsio/go-cve-dictionary USE_RC_SUBR= ${PORTNAME} GO_BUILDFLAGS= -ldflags "-X main.version=${PORTVERSION}" -SUB_FILES= pkg-message +SUB_FILES= pkg-message periodic-go-cve-dictionary SUB_LIST= PORTNAME=${PORTNAME} USERS=${USERS} GROUPS=${GROUPS} USERS= vuls GROUPS= vuls +post-patch: + ${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' ${WRKSRC}/commands/root.go + post-install: - ${MKDIR} ${STAGEDIR}/var/db/vuls - ${MKDIR} ${STAGEDIR}/var/log/vuls + ${MKDIR} ${STAGEDIR}/var/db/vuls \ + ${STAGEDIR}/var/log/vuls \ + ${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d \ + ${STAGEDIR}${PREFIX}/etc/periodic/daily + ${INSTALL_DATA} ${FILESDIR}/newsyslog-${PORTNAME}.conf \ + ${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d/${PORTNAME}.conf.sample + ${INSTALL_DATA} ${FILESDIR}/${PORTNAME}.yaml \ + ${STAGEDIR}${PREFIX}/etc/${PORTNAME}.yaml.sample + ${INSTALL_SCRIPT} ${WRKDIR}/periodic-${PORTNAME} \ + ${STAGEDIR}${PREFIX}/etc/periodic/daily/${PORTNAME} .include <bsd.port.mk> diff --git a/security/go-cve-dictionary/distinfo b/security/go-cve-dictionary/distinfo index b581269dde99..9d9399338338 100644 --- a/security/go-cve-dictionary/distinfo +++ b/security/go-cve-dictionary/distinfo @@ -1,77 +1,5 @@ -TIMESTAMP = 1679132467 -SHA256 (kotakanbe-go-cve-dictionary-v0.5.5_GH0.tar.gz) = 19b0e10daff6946717d441eb6a9e056fe2a28cd2e5b008a97ff2fd2f2c952fc3 -SIZE (kotakanbe-go-cve-dictionary-v0.5.5_GH0.tar.gz) = 46715 -SHA256 (PuerkitoBio-goquery-v1.5.1_GH0.tar.gz) = 50b671f7128ac6993b7388d4e8a76901afdcaa7c6889f45687a2acc0d0753ca4 -SIZE (PuerkitoBio-goquery-v1.5.1_GH0.tar.gz) = 101380 -SHA256 (VividCortex-ewma-v1.1.1_GH0.tar.gz) = 3b2d62412b7ba2726a379cc0ae557595c027dc8206d0ef98f13831281b8f2b85 -SIZE (VividCortex-ewma-v1.1.1_GH0.tar.gz) = 6042 -SHA256 (andybalholm-cascadia-v1.1.0_GH0.tar.gz) = 5d03f4610b70cab7860b158efab1afd91baa58fd95286a0adbadcdc3b49c7936 -SIZE (andybalholm-cascadia-v1.1.0_GH0.tar.gz) = 15464 -SHA256 (asaskevich-govalidator-f61b66f89f4a_GH0.tar.gz) = 7e241314ac30b59d9dc6ead8e902de94e07135486694e4e7ef0dc97eaf42c40e -SIZE (asaskevich-govalidator-f61b66f89f4a_GH0.tar.gz) = 51800 -SHA256 (cespare-xxhash-v2.1.1_GH0.tar.gz) = 0ee31178d2c5a1249be4e26294a2f428008dc4e1ecbbfbe47f74e41026df1148 -SIZE (cespare-xxhash-v2.1.1_GH0.tar.gz) = 9292 -SHA256 (cheggaaa-pb-v3.0.5_GH0.tar.gz) = c3442908441cd17c4a2ed0c9f0875eeb52947e3b73d5c6e483d2698d7ed8ef43 -SIZE (cheggaaa-pb-v3.0.5_GH0.tar.gz) = 30815 -SHA256 (dgrijalva-jwt-go-v3.2.0_GH0.tar.gz) = 197465ef53219f3aeb1a6940b70e16d288fe4e4108d4831b91ea101118440e63 -SIZE (dgrijalva-jwt-go-v3.2.0_GH0.tar.gz) = 36960 -SHA256 (dgryski-go-rendezvous-9f7001d12a5f_GH0.tar.gz) = 29584550745fd4b8fce2e2f3def7b9d9ffe2b86cf9b6596b53a660c9bbfe27b6 -SIZE (dgryski-go-rendezvous-9f7001d12a5f_GH0.tar.gz) = 1699 -SHA256 (fatih-color-v1.9.0_GH0.tar.gz) = f5a6372ff7c87d22baaa2089e5cdd8a218fb3a9be047195c0ab421d5340f6f3f -SIZE (fatih-color-v1.9.0_GH0.tar.gz) = 1230941 -SHA256 (redis-go-redis-v8.4.0_GH0.tar.gz) = c9aaa3d49398792ce64b0a54ae37663ec4def987bb68a79a5db6f71fc6e598e9 -SIZE (redis-go-redis-v8.4.0_GH0.tar.gz) = 123964 -SHA256 (go-sql-driver-mysql-v1.5.0_GH0.tar.gz) = 9d98b46623037447a26a51a203540bf605b6e6220d31f2efc7396242fcb660b5 -SIZE (go-sql-driver-mysql-v1.5.0_GH0.tar.gz) = 90474 -SHA256 (go-stack-stack-v1.8.0_GH0.tar.gz) = 3b8987e137d76f4f35db1e8005ec7fb766b68eed8cac0ca0b795ac43cd72b319 -SIZE (go-stack-stack-v1.8.0_GH0.tar.gz) = 8039 -SHA256 (golang-crypto-75b288015ac9_GH0.tar.gz) = 6e74e21bf9dfdbf0a8dac8cb205fbc3bfd8dff308a24080b9d6093a3858f0db2 -SIZE (golang-crypto-75b288015ac9_GH0.tar.gz) = 1729931 -SHA256 (golang-net-a7d1128ccaa0_GH0.tar.gz) = 4bed33fe7ea1e5ce005798c033fa18bddaa12fe5b6848bbe144e34c41c4b168f -SIZE (golang-net-a7d1128ccaa0_GH0.tar.gz) = 1177106 -SHA256 (golang-sys-v0.6.0_GH0.tar.gz) = b4f6d17c7a128f76169964b437cb66b3f2dbf9a33361928ec19dfecf7b03fc54 -SIZE (golang-sys-v0.6.0_GH0.tar.gz) = 1434234 -SHA256 (golang-text-v0.3.3_GH0.tar.gz) = 1604233637e3593749fbbb13b5069b08e6feba6d2b55a02fd3148793d5871185 -SIZE (golang-text-v0.3.3_GH0.tar.gz) = 7747332 -SHA256 (google-subcommands-v1.2.0_GH0.tar.gz) = 99602409506274003f52f6eb901f3a4d6aa2fc041971939dfa753ffcf0549bae -SIZE (google-subcommands-v1.2.0_GH0.tar.gz) = 9383 -SHA256 (hashicorp-go-version-v1.2.1_GH0.tar.gz) = 9c63e2107ca0cf4e78ddba1128c73adfdfcdd45faa90c3bf7c6feda7d2326cc5 -SIZE (hashicorp-go-version-v1.2.1_GH0.tar.gz) = 13911 -SHA256 (htcat-htcat-v1.0.2_GH0.tar.gz) = 6e3eb20766e668e8ff8bbe08a84544b3cbde45d6bdccad0a5fae905a06ef2f7e -SIZE (htcat-htcat-v1.0.2_GH0.tar.gz) = 8561 -SHA256 (inconshreveable-log15-b30bc20e4fd1_GH0.tar.gz) = 515e98c8aadad3bb92c8db7e48bea0a4ad3dea40726aeb272fb1f7e9d68e3355 -SIZE (inconshreveable-log15-b30bc20e4fd1_GH0.tar.gz) = 23537 -SHA256 (jinzhu-gorm-v1.9.16_GH0.tar.gz) = c7ea6db55ab5226b6eb71e5654d14690459d02304df50cdf4adbe70db0308cab -SIZE (jinzhu-gorm-v1.9.16_GH0.tar.gz) = 97157 -SHA256 (jinzhu-inflection-v1.0.0_GH0.tar.gz) = 582808364cc268544e3e6775b15d7fffbc28ccfb930a29840bb25e32d7d95e1f -SIZE (jinzhu-inflection-v1.0.0_GH0.tar.gz) = 4766 -SHA256 (k0kubun-colorstring-9440f1994b88_GH0.tar.gz) = 8a8b7c4bfc362722139afceb014225fbde2b464c78c7d864f3436a12fa732bd0 -SIZE (k0kubun-colorstring-9440f1994b88_GH0.tar.gz) = 3627 -SHA256 (k0kubun-pp-v3.0.1_GH0.tar.gz) = 7ee809d1b55839d39965151142988bbb51ebb1e8105086703c55caf3e8eb0488 -SIZE (k0kubun-pp-v3.0.1_GH0.tar.gz) = 9734 -SHA256 (knqyf263-go-cpe-659663f6eca2_GH0.tar.gz) = 429ea378b3e3918df8c6e6550e2d0bd421f104206fad25bdf5282d628f14dc52 -SIZE (knqyf263-go-cpe-659663f6eca2_GH0.tar.gz) = 2650095 -SHA256 (labstack-echo-v3.3.10_GH0.tar.gz) = 0b130e57652d0b90740541339161bb3105c1fdec2dd5b6a716b5929bef91a125 -SIZE (labstack-echo-v3.3.10_GH0.tar.gz) = 279846 -SHA256 (labstack-gommon-v0.3.0_GH0.tar.gz) = c23fa6b18c3f3c4dc917e7fb6d40db88ca2d13f51dbc9a8e8e098b8aa03611e9 -SIZE (labstack-gommon-v0.3.0_GH0.tar.gz) = 11426 -SHA256 (lib-pq-v1.1.1_GH0.tar.gz) = bc19f104f21e71536f43d99c375355bfdee159f967050af690a51ef588ab0e37 -SIZE (lib-pq-v1.1.1_GH0.tar.gz) = 95305 -SHA256 (mattn-go-colorable-v0.1.4_GH0.tar.gz) = 157806ad8125e6bef4d9b58c9125ccb98a8343136f93faf442ab0cc6e7c24c11 -SIZE (mattn-go-colorable-v0.1.4_GH0.tar.gz) = 8981 -SHA256 (mattn-go-isatty-v0.0.12_GH0.tar.gz) = addbdc341d7685ed4cc8d2d8a8fd2bd9b784bde00d0ea99fb251039fc10c611c -SIZE (mattn-go-isatty-v0.0.12_GH0.tar.gz) = 4548 -SHA256 (mattn-go-runewidth-v0.0.7_GH0.tar.gz) = 09270ddb93b2d77d4b3903bbadacbb3a3d4f0cce93c373fb21503840829d8697 -SIZE (mattn-go-runewidth-v0.0.7_GH0.tar.gz) = 16089 -SHA256 (mattn-go-sqlite3-v1.14.2_GH0.tar.gz) = faa3138a0219c1cd684386b2a13c203361e62ae51a3d895deeffcd3fe6c6d5b9 -SIZE (mattn-go-sqlite3-v1.14.2_GH0.tar.gz) = 2354866 -SHA256 (olekukonko-tablewriter-v0.0.4_GH0.tar.gz) = a86028430fb4dd99ce0030a7c4d37915337c3b9a9efbfd2698b375f3e3488bd0 -SIZE (olekukonko-tablewriter-v0.0.4_GH0.tar.gz) = 19252 -SHA256 (open-telemetry-opentelemetry-go-v0.14.0_GH0.tar.gz) = f096a442e4674b320d22e4cb253c005a6f3b82630b27e9c8856d0612f590b501 -SIZE (open-telemetry-opentelemetry-go-v0.14.0_GH0.tar.gz) = 469278 -SHA256 (pkg-errors-v0.9.1_GH0.tar.gz) = 56bfd893023daa498508bfe161de1be83299fcf15376035e7df79cbd7d6fa608 -SIZE (pkg-errors-v0.9.1_GH0.tar.gz) = 13415 -SHA256 (valyala-bytebufferpool-v1.0.0_GH0.tar.gz) = 089013e3429ebe7fd2bc3527f003bf3f3f639891e5d8ba6a56010e3671465e1f -SIZE (valyala-bytebufferpool-v1.0.0_GH0.tar.gz) = 5025 -SHA256 (valyala-fasttemplate-v1.2.1_GH0.tar.gz) = 14881149dfc3d49606728d0c8e704cfaeb7fbbf2c42d20e771cf1bbae9fb1044 -SIZE (valyala-fasttemplate-v1.2.1_GH0.tar.gz) = 11550 +TIMESTAMP = 1706283379 +SHA256 (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.mod) = 605f168ac90dfb779f3a67dea287bab9938a4d32e4fe9157dc6d0aabf14d7217 +SIZE (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.mod) = 3338 +SHA256 (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.zip) = aa21dbe8c6064679071d64eb0afa965904d734d580c908ecc289859f145cc263 +SIZE (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.zip) = 353325 diff --git a/security/go-cve-dictionary/files/go-cve-dictionary.in b/security/go-cve-dictionary/files/go-cve-dictionary.in index ef483b29574b..7cb3ff1a6fbe 100644 --- a/security/go-cve-dictionary/files/go-cve-dictionary.in +++ b/security/go-cve-dictionary/files/go-cve-dictionary.in @@ -8,19 +8,18 @@ # to enable this service: # # go_cve_dictionary_enable (bool): Set to NO by default -# Set it to YES to enable the CVE server +# Set it to YES to enable the CVE server # go_cve_dictionary_user (string): Set user to run go_cve_dictionary -# Default is "%%USERS%%" +# Default is "%%USERS%%" # go_cve_dictionary_group (string): Set group to run go_cve_dictionary -# Default is "%%GROUPS%%" -# go_cve_dictionary_db_path (string): Set database path -# Default is "/var/db/vuls/cve.sqlite3" -# go_cve_dictionary_db_type (string): Set database type -# Default is "sqlite3" -# go_cve_dictionary_log_file (string): Set file that go_cve_dictionary will log to -# Default is "/var/log/vuls/go_cve_dictionary.log" +# Default is "%%GROUPS%%" +# go_cve_dictionary_log_file (string): Set file that go-cve-dictionary will log to +# Default is "/var/log/vuls/go_cve_dictionary.log" # go_cve_dictionary_args (string): Set additional command line arguments -# Default is "" +# Default is "" +# +# Set up go-cve-dictionary using the config file: %%PREFIX%%/etc/go-cve-dictionary.yaml +# . /etc/rc.subr @@ -32,32 +31,27 @@ load_rc_config $name : ${go_cve_dictionary_enable:="NO"} : ${go_cve_dictionary_user:="%%USERS%%"} : ${go_cve_dictionary_group:="%%GROUPS%%"} -: ${go_cve_dictionary_db_path:="/var/db/vuls/cve.sqlite3"} -: ${go_cve_dictionary_db_type:="sqlite3"} : ${go_cve_dictionary_log_file:="/var/log/vuls/go_cve_dictionary.log"} : ${go_cve_dictionary_args:=""} -pidfile=/var/run/go_cve_dictionary.pid +pidfile=/var/run/${name}.pid +pidfile_daemon=/var/run/${name}_daemon.pid command="/usr/sbin/daemon" procname="%%PREFIX%%/bin/%%PORTNAME%%" -command_args="-p ${pidfile} /usr/bin/env ${procname} server \ - -dbpath=${go_cve_dictionary_db_path} \ - -dbtype=${go_cve_dictionary_db_type} \ - ${go_cve_dictionary_args} >> ${go_cve_dictionary_log_file} 2>&1" +command_args="-p ${pidfile} -P ${pidfile_daemon} -t ${name} \ + -Ho ${go_cve_dictionary_log_file} \ + ${procname} server \ + ${go_cve_dictionary_args}" start_precmd=go_cve_dictionary_startprecmd go_cve_dictionary_startprecmd() { - if [ ! -e ${pidfile} ]; then - install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \ - -m 640 /dev/null ${pidfile}; - fi - if [ ! -f "${go_cve_dictionary_log_file}" ]; then - install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \ - -m 640 /dev/null ${go_cve_dictionary_log_file}; - fi + /usr/bin/install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \ + -m 640 /dev/null ${pidfile} + /usr/bin/install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \ + -m 640 /dev/null ${pidfile_daemon} } load_rc_config $name diff --git a/security/go-cve-dictionary/files/go-cve-dictionary.yaml b/security/go-cve-dictionary/files/go-cve-dictionary.yaml new file mode 100644 index 000000000000..80f093e60df0 --- /dev/null +++ b/security/go-cve-dictionary/files/go-cve-dictionary.yaml @@ -0,0 +1,23 @@ +# The FreeBSD port uses `daemon' and logs from stdout to file +# log-dir string +# log-json: bool +# log-to-file: bool +log-to-file: false +log-json: false + +# alternatives are sqlite3, postgres, redis or mysql +dbtype: sqlite3 +dbpath: /var/db/vuls/cve.sqlite3 + +# dbtype: postgres +# dbpath: "host=dbhost user=dbuser dbname=cve password=password" + +# Choose which IP addresses to listen to +# +# bind: 127.0.0.0 +# port: 1323 + +# http-proxy string + +# debug: bool +# debug-sql: bool diff --git a/security/go-cve-dictionary/files/newsyslog-go-cve-dictionary.conf b/security/go-cve-dictionary/files/newsyslog-go-cve-dictionary.conf new file mode 100644 index 000000000000..a1634a888413 --- /dev/null +++ b/security/go-cve-dictionary/files/newsyslog-go-cve-dictionary.conf @@ -0,0 +1,7 @@ +# configuration file for newsyslog for sqlpage +# +# see newsyslog.conf(5) for details +# +# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] +/var/log/vuls/go_cve_dictionary.log vuls:vuls 640 7 100 * J /var/run/go_cve_dictionary_daemon.pid +/var/log/vuls/go_cve_dictionary-updates.log vuls:vuls 640 7 * @T00 J diff --git a/security/go-cve-dictionary/files/patch-commands_fetchjvn.go b/security/go-cve-dictionary/files/patch-commands_fetchjvn.go deleted file mode 100644 index 060efc488de0..000000000000 --- a/security/go-cve-dictionary/files/patch-commands_fetchjvn.go +++ /dev/null @@ -1,29 +0,0 @@ ---- commands/fetchjvn.go.orig 2017-06-26 10:39:59 UTC -+++ commands/fetchjvn.go -@@ -3,7 +3,6 @@ package commands - import ( - "context" - "flag" -- "os" - "strconv" - "time" - -@@ -45,7 +44,7 @@ func (*FetchJvnCmd) Usage() string { - [-latest] - [-last2y] - [-years] 1998 1999 ... -- [-dbpath=$PWD/cve.sqlite3 or connection string] -+ [-dbpath=/var/db/vuls/cve.sqlite3 or connection string] - [-dbtype=mysql|postgres|sqlite3|redis] - [-http-proxy=http://192.168.0.1:8080] - [-debug] -@@ -65,8 +64,7 @@ func (p *FetchJvnCmd) SetFlags(f *flag.F - defaultLogDir := util.GetDefaultLogDir() - f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log") - -- pwd := os.Getenv("PWD") -- f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3", -+ f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3", - "/path/to/sqlite3 or SQL connection string") - - f.StringVar(&p.dbtype, "dbtype", "sqlite3", diff --git a/security/go-cve-dictionary/files/patch-commands_fetchnvd.go b/security/go-cve-dictionary/files/patch-commands_fetchnvd.go deleted file mode 100644 index e081ba1a7de3..000000000000 --- a/security/go-cve-dictionary/files/patch-commands_fetchnvd.go +++ /dev/null @@ -1,29 +0,0 @@ ---- commands/fetchnvd.go.orig 2017-06-26 10:39:59 UTC -+++ commands/fetchnvd.go -@@ -3,7 +3,6 @@ package commands - import ( - "context" - "flag" -- "os" - "strconv" - "time" - -@@ -43,7 +42,7 @@ func (*FetchNvdCmd) Usage() string { - [-last2y] - [-years] 2015 2016 ... - [-dbtype=mysql|postgres|sqlite3|redis] -- [-dbpath=$PWD/cve.sqlite3 or connection string] -+ [-dbpath=/var/db/vuls/cve.sqlite3 or connection string] - [-http-proxy=http://192.168.0.1:8080] - [-debug] - [-debug-sql] -@@ -65,8 +64,7 @@ func (p *FetchNvdCmd) SetFlags(f *flag.F - defaultLogDir := util.GetDefaultLogDir() - f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log") - -- pwd := os.Getenv("PWD") -- f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3", -+ f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3", - "/path/to/sqlite3 or SQL connection string") - - f.StringVar(&p.dbtype, "dbtype", "sqlite3", diff --git a/security/go-cve-dictionary/files/patch-commands_root.go b/security/go-cve-dictionary/files/patch-commands_root.go new file mode 100644 index 000000000000..1f383c5b7b8b --- /dev/null +++ b/security/go-cve-dictionary/files/patch-commands_root.go @@ -0,0 +1,29 @@ +--- commands/root.go.orig 1979-11-29 23:00:00 UTC ++++ commands/root.go +@@ -3,7 +3,6 @@ import ( + import ( + "fmt" + "os" +- "path/filepath" + + homedir "github.com/mitchellh/go-homedir" + "github.com/spf13/cobra" +@@ -25,7 +24,7 @@ func init() { + func init() { + cobra.OnInitialize(initConfig) + +- RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.go-cve-dictionary.yaml)") ++ RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "%%PREFIX%%/etc/go-cve-dictionary.yaml", "config file") + + RootCmd.PersistentFlags().Bool("log-to-file", false, "output log to file") + _ = viper.BindPFlag("log-to-file", RootCmd.PersistentFlags().Lookup("log-to-file")) +@@ -42,8 +41,7 @@ func init() { + RootCmd.PersistentFlags().Bool("debug-sql", false, "SQL debug mode") + _ = viper.BindPFlag("debug-sql", RootCmd.PersistentFlags().Lookup("debug-sql")) + +- pwd := os.Getenv("PWD") +- RootCmd.PersistentFlags().String("dbpath", filepath.Join(pwd, "cve.sqlite3"), "/path/to/sqlite3 or SQL connection string") ++ RootCmd.PersistentFlags().String("dbpath", "/var/db/vuls/cve.sqlite3", "/path/to/sqlite3 or SQL connection string") + _ = viper.BindPFlag("dbpath", RootCmd.PersistentFlags().Lookup("dbpath")) + + RootCmd.PersistentFlags().String("dbtype", "sqlite3", "Database type to store data in (sqlite3, mysql, postgres or redis supported)") diff --git a/security/go-cve-dictionary/files/patch-commands_server.go b/security/go-cve-dictionary/files/patch-commands_server.go deleted file mode 100644 index a2c836a7bd66..000000000000 --- a/security/go-cve-dictionary/files/patch-commands_server.go +++ /dev/null @@ -1,29 +0,0 @@ ---- commands/server.go.orig 2017-06-26 10:39:59 UTC -+++ commands/server.go -@@ -3,7 +3,6 @@ package commands - import ( - "context" - "flag" -- "os" - - "github.com/google/subcommands" - c "github.com/kotakanbe/go-cve-dictionary/config" -@@ -37,7 +36,7 @@ func (*ServerCmd) Usage() string { - server - [-bind=127.0.0.1] - [-port=8000] -- [-dbpath=$PWD/cve.sqlite3 or connection string] -+ [-dbpath=/var/db/vuls/cve.sqlite3 or connection string] - [-dbtype=mysql|postgres|sqlite3|redis] - [-debug] - [-debug-sql] -@@ -56,8 +55,7 @@ func (p *ServerCmd) SetFlags(f *flag.Fla - defaultLogDir := util.GetDefaultLogDir() - f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log") - -- pwd := os.Getenv("PWD") -- f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3", -+ f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3", - "/path/to/sqlite3 or SQL connection string") - - f.StringVar(&p.dbtype, "dbtype", "sqlite3", diff --git a/security/go-cve-dictionary/files/periodic-go-cve-dictionary.in b/security/go-cve-dictionary/files/periodic-go-cve-dictionary.in new file mode 100644 index 000000000000..4d7a71aad4fc --- /dev/null +++ b/security/go-cve-dictionary/files/periodic-go-cve-dictionary.in @@ -0,0 +1,36 @@ +#!/bin/sh + +# +# Update the CVE database every night. +# + +# daily_go_cve_dictionary_enable - set to YES to enable nightly update of CVE definitions +# daily_go_cve_dictionary_databases - This can be a space separated list of databases +# Supported databases are: +# nvd jvn fortinet +# +# All other configurations are made in %%PREFIX%%/etc/go-cve-dictionary.yaml. + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +: ${daily_go_cve_dictionary_enable:=NO} +: ${daily_go_cve_dictionary_databases:=nvd} { + +# You can add arguments per database, for example +# daily_go_cve_dictionary_nvd_args="2020 2021 2022 2023 2024" + +case "${daily_go_cve_dictionary_databases}" in + [Yy][Ee][Ss]) + for db in ${go_cve_dictionary_databases}; do + eval args="\${go_cve_dictionary_${db}_args}" + su -fm %%USERS%% \ + -c "/usr/bin/env HOME=/var/db/vuls %%PREFIX%%/bin/go-cve-dictionary fetch ${db} ${args}" \ + >> /var/log/vuls/go-cve-dictionary-updates.log 2>&1 + done +esac diff --git a/security/go-cve-dictionary/files/pkg-message.in b/security/go-cve-dictionary/files/pkg-message.in index d18c3ff39247..ae3e999c5f07 100644 --- a/security/go-cve-dictionary/files/pkg-message.in +++ b/security/go-cve-dictionary/files/pkg-message.in @@ -3,21 +3,28 @@ message: <<EOM Congratulations, you have installed %%PORTNAME%%! -%%PORTNAME%% does not ship any CVE database. -To download CVEs from 2002 until present run: +Setup go-cve-dictionary to use you preferred database type and set up access by +editing the config file at %%PREFIX%%/etc/go-cve-dictionary.yaml. There's a +default setup for your convenience using sqlite3, but you can also choose +Redis, PostgreSQL or MySQL if you prefer that. -for i in `seq 2002 $(date +"%Y")`; \ - do %%PORTNAME%% fetchnvd -years $i; \ - done +go-cve-dictionary does not ship any CVE database. Instead, to download CVEs +from 2002 until present and keep them updated, activate the periodic script by +running -After download, set the permissions of the CVE databases: +sysrc -f /etc/periodic.conf daily_go_cve_dictionary_enable="YES" -chown %%USERS%%:%%GROUPS%% /var/db/vuls/* /var/log/vuls/* +Then, to fetch the NVD database of CVEs immediately, run -To enable %%PORTNAME%% and start: +/usr/local/etc/periodic/daily/go-cve-dictionary + +To enable the go-cve-dictionary service, edit +%%PREFIX%%/etc/go-cve-dictionary.yaml and set bind and port, and then activate +and start the service using: sysrc go_cve_dictionary_enable="YES" service %%PORTNAME%% start + EOM } ] diff --git a/security/go-cve-dictionary/pkg-descr b/security/go-cve-dictionary/pkg-descr index c4e12d79fe89..be27bcedd2c3 100644 --- a/security/go-cve-dictionary/pkg-descr +++ b/security/go-cve-dictionary/pkg-descr @@ -1,5 +1,9 @@ go-cve-dictionary builds a a local copy of the National Vulnerabilities Database(NVD) and Japan Vulnerability Notes(JVN). NVD and JVN contain security vulnerabilities according to their CVE identifiers including exhaustive -information and a risk score. The local copy is generated in sqlite format. -A server is included for easy querying. +information and a risk score. The local copy is generated in a database, using +sqlite3, postgres or mysql. A server is included for easy querying. + +This program is tightly related to security/vuls, a client binary that is used +to report about known vulnerabilities in packages. vuls uses the +go-cve-dictionary service when reporting about problems. diff --git a/security/go-cve-dictionary/pkg-plist b/security/go-cve-dictionary/pkg-plist index 413d3df11f36..1543ff8f3156 100644 --- a/security/go-cve-dictionary/pkg-plist +++ b/security/go-cve-dictionary/pkg-plist @@ -1,3 +1,8 @@ bin/go-cve-dictionary +etc/periodic/daily/go-cve-dictionary +@sample etc/newsyslog.conf.d/go-cve-dictionary.conf.sample +@sample etc/go-cve-dictionary.yaml.sample @dir(vuls,vuls,0775) /var/db/vuls @dir(vuls,vuls,0775) /var/log/vuls +@dir etc/newsyslog.conf.d +@dir etc/periodic/daily
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202402242337.41ONbpc8046547>