net-analyzer/greenbone-feed-sync: new package, add 23.6.0

Signed-off-by: Giuseppe Foti <foti.giuseppe@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/31106
Signed-off-by: Florian Schmaus <flow@gentoo.org>

7 files changed, 122 insertions, 0 deletions

diff --git a/net-analyzer/greenbone-feed-sync/Manifest b/net-analyzer/greenbone-feed-sync/Manifest
new file mode 100644
index 000000000000..04427bbb47c1
--- /dev/null
+++ b/net-analyzer/greenbone-feed-sync/Manifest
@@ -0,0 +1 @@
+DIST greenbone-feed-sync-23.6.0.tar.gz 65420 BLAKE2B f5f30867ff47f10832b175de1c04136d9b42d7662f679f1f87d00684aacde575093a7c199566c04959faa8b26373d4b3e64cc6e7afaf6bca0f80aab095b0d40f SHA512 20427f183ef2c278c96d39ff9ad82e8cbadae12fb2ef4518186993b67dd4c0f5de4a11f375684154daa530c8807dfda07d654a15e580f7886fcedf285531829d
diff --git a/net-analyzer/greenbone-feed-sync/files/greenbone-feed-sync.cron b/net-analyzer/greenbone-feed-sync/files/greenbone-feed-sync.cron
new file mode 100644
index 000000000000..5b3755982966
--- /dev/null
+++ b/net-analyzer/greenbone-feed-sync/files/greenbone-feed-sync.cron
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# To enable sync via cron, execute "sudo -u gvm touch /etc/gvm/cron-feed-sync-enabled"
+if [[ ! -f /etc/gvm/cron-feed-sync-enabled ]]; then
+   exit
+fi
+sudo -u gvm /usr/bin/greenbone-feed-sync --quiet --type all
diff --git a/net-analyzer/greenbone-feed-sync/files/greenbone-feed-sync.service b/net-analyzer/greenbone-feed-sync/files/greenbone-feed-sync.service
new file mode 100644
index 000000000000..987fe731d47b
--- /dev/null
+++ b/net-analyzer/greenbone-feed-sync/files/greenbone-feed-sync.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=sync the Greenbone Community Feed
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/greenbone-feed-sync --quiet --type all
+SyslogIdentifier=greenbone-feed-sync
+User=gvm
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-analyzer/greenbone-feed-sync/files/greenbone-feed-sync.timer b/net-analyzer/greenbone-feed-sync/files/greenbone-feed-sync.timer
new file mode 100644
index 000000000000..9faf470e013c
--- /dev/null
+++ b/net-analyzer/greenbone-feed-sync/files/greenbone-feed-sync.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Daily update of all feeds of the Greenbone Vulerability Management (GMV) suite
+
+[Timer]
+OnCalendar=daily
+RandomizedDelaySec=2hour
+
+[Install]
+WantedBy=timers.target
diff --git a/net-analyzer/greenbone-feed-sync/greenbone-feed-sync-23.6.0.ebuild b/net-analyzer/greenbone-feed-sync/greenbone-feed-sync-23.6.0.ebuild
new file mode 100644
index 000000000000..ade285666c24
--- /dev/null
+++ b/net-analyzer/greenbone-feed-sync/greenbone-feed-sync-23.6.0.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+DISTUTILS_USE_PEP517=poetry
+inherit distutils-r1 systemd
+
+DESCRIPTION="New script for syncing the Greenbone Community Feed"
+HOMEPAGE="https://github.com/greenbone/greenbone-feed-sync"
+SRC_URI="https://github.com/greenbone/greenbone-feed-sync/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-3+"
+KEYWORDS="~amd64 ~x86"
+IUSE="cron"
+RESTRICT="test"
+
+DEPEND="
+	acct-user/gvm
+	net-misc/rsync
+	>=net-analyzer/gvmd-22.5.0
+	dev-python/tomli[${PYTHON_USEDEP}]
+	dev-python/rich[${PYTHON_USEDEP}]
+"
+
+RDEPEND="
+	${DEPEND}
+	cron? ( virtual/cron )
+"
+
+python_compile() {
+	distutils-r1_python_compile
+}
+
+python_install() {
+	distutils-r1_python_install
+
+	#greenbone-feed-sync should not be run as root to avoid changing file permissions
+	insinto /etc/sudoers.d
+	newins - greenbone-feed-sync <<-EOF
+	gvm ALL = NOPASSWD: /usr/bin/greenbone-feed-sync
+EOF
+
+	if use cron ; then
+		exeinto /etc/cron.daily
+		newexe "${FILESDIR}"/${PN}.cron ${PN}
+	fi
+
+	systemd_dounit "${FILESDIR}/${PN}.timer" "${FILESDIR}/${PN}.service"
+}
+
+pkg_postinst() {
+	if [[ -n ${REPLACING_VERSIONS} ]]; then
+		return
+	fi
+
+	if use cron ; then
+		elog
+		elog "Edit ${EROOT}/etc/cron.weekly/greenbone-feed-sync to activate daily feed update!"
+		elog
+	fi
+
+	if systemd_is_booted; then
+		elog
+		elog "To enable the systemd timer, run the following command:"
+		elog "   systemctl enable --now greenbone-feed-sync.timer"
+		elog
+	fi
+}
diff --git a/net-analyzer/greenbone-feed-sync/metadata.xml b/net-analyzer/greenbone-feed-sync/metadata.xml
new file mode 100644
index 000000000000..7f358764088e
--- /dev/null
+++ b/net-analyzer/greenbone-feed-sync/metadata.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person" proxied="yes">
+		<email>foti.giuseppe@gmail.com</email>
+		<name>Giuseppe Foti</name>
+	</maintainer>
+	<maintainer type="project" proxied="proxy">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="cron">Adds file to enable daily cron job to update Greenbone Community Feed's data"</flag>
+	</use>
+	<longdescription lang="en">
+			This is the new script for syncing the Greenbone Community Feed.
+			The greenbone-nvt-sync script was previously installed by net-analyzer/openvas-scanner.
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone/greenbone-feed-sync</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/profiles/features/musl/package.mask b/profiles/features/musl/package.mask
index f539037e9028..f6248dd0f9c2 100644
--- a/profiles/features/musl/package.mask
+++ b/profiles/features/musl/package.mask
@@ -74,6 +74,7 @@ sys-apps/noexec
 # New packages that require packages masked by the previous block.
 dev-db/pg-gvm
 net-analyzer/notus-scanner
+net-analyzer/greenbone-feed-sync
 
 # Petr Vaněk <arkamar@atlas.cz> (2022-09-23)
 # Musl does not implement rresvport function, bugs #713810 and #713376.