Re: Greenbone Source Edition Docs

To: debian-security-tools@lists.debian.org
Cc: hertzog@debian.org
Subject: Re: Greenbone Source Edition Docs
From: Björn Ricks <bjoern.ricks@greenbone.net>
Date: Mon, 5 Jul 2021 13:14:03 +0200
Message-id: <[🔎] 35358656-cd25-4638-90af-792bc2492917@greenbone.net>
In-reply-to: <025c6bdb-22e1-2c5f-9cd3-8d40d646fb96@greenbone.net>
References: <025c6bdb-22e1-2c5f-9cd3-8d40d646fb96@greenbone.net>

Hi,

after a long journey I could finally release a first version of a "build
from source" guide at https://greenbone.github.io/docs/
It includes an installation procedure and setup on how we currently
think our software stack should be deployed in a multi user setup. Feel
free to ask questions and provide feedback!

Wherever possible I tried to be as close to the current Debian packages
from https://salsa.debian.org/pkg-security-team/ During writing the
guide it has become obvious that several defaults on our side didn't
make sense. Therefore I've changes a lot of default paths and also the
systemd service files. These changes will be included in the next bugfix
releases.

While writing the documentation some questions came up
* Why do you use sudo runuser instead of sudo -u directly?
* Is it safe or even allowed in Debian to use suid/sgid bits with
specific owner and group?
* Should /run be used directly or via /var/run indirectly?
* When to use /usr/sbin and /usr/bin?

The question about /usr/sbin and /usr/bin is most interesting for me at
the moment because I just found out that we are mixing the installation
paths in the different components. There seems to be no consistency at
the moment.

In the meeting with Raphael I talked about offline node modules
installation by using the provided tarballs (for example
https://github.com/greenbone/gsa/releases/download/v21.4.1/gsa-node-modules-21.4.1.tar.gz)
and the yarn offline mode
(https://github.com/greenbone/gsa/blob/gsa-21.04/gsa/CMakeLists.txt#L67). Sadly
this doesn't work as expected because yarn includes specific metadata
into the node_modules directory (.yarn-integrity file) that depends on
the platform and nodejs version. It would be possible to patch that file
for the correct platform and nodejs version but I am not sure if it is
worth the effort.

As a side node we tried to automate our release processes which resulted
in some issues and changes I wanted to mention. Because our tooling for
the releases is written in Python and Python versioning strips leading
zeros version 21.04 is exchangeable with 21.4. Therefore the leading
zeros got removed. But it seems to be an issue with your tooling at the
moment. Sorry for that!

Also because we couldn't automate the gsa repository for releases yet we
did create releases that always display ~dev1 versions by mistake. This
will be fixed with new releases latest in the last week of July.

At the end I want to give to some outline for the planned changes of our
21.10 release:

* We stripped the binary postgres parts into an own library at
https://github.com/greenbone/pg-gvm This library is installed in a
postgres versioned path for example /usr/lib/postgresql/13/lib.
Therefore it should be possible to build and install the library for
different postgres versions.

* The scanner architecture will change (again) to useq MQTT message
queue (paho-mqtt). Additionally at least one new component will be added
written in golang (https://github.com/greenbone/eulabeia). It could be
possible that the ospd part will not be needed anymore.

* GSA (the web application) and gsad (the web server) will be split into
two separate repositories. This should have been done from the beginning
but currently creates serious issues for the automatic releases.

* We will release bugfix versions at least every month

* After the 21.10 release the next 1.5 to 2 years we will only ship
minor changes even in major releases


Best regards
Björn


> Hi,
> 
> after an online meeting with Raphael two weeks ago I promised to provide
> an installation and setup documentation for our GVM software stack.
> 
> First of all I really underestimated my personal work load and the time
> it requires to write a satisfying documentation. Therefore I couldn't
> hold my promises and the documentation isn't really ready yet.
> 
> But nevertheless you can find a first draft at
> https://greenbone.github.io/docs/ The docs are hosted at GitHub and
> build from https://github.com/greenbone/docs At the moment we are using
> sphinx-doc and restructuredtext for the sources.
> 
> Feel free to give me early feedback and things you want to read in the
> docs. I'll try my best to get a "ready" version for the docs in the next
> two weeks.
> 
> Best regards
> Björn
> 

-- 
Bjoern Ricks |  Greenbone Networks GmbH  |  https://www.greenbone.net
Neumarkt 12, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Chief Executive Officer: Dr. Jan-Oliver Wagner

Reply to:

Follow-Ups:
- Re: Greenbone Source Edition Docs
  - From: Polyna-Maude Racicot-Summerside <debian@polynamaude.com>
- Re: Greenbone Source Edition Docs
  - From: Sophie Brun <sophie@freexian.com>

Prev by Date: Re: Request for join the team
Next by Date: Re: Greenbone Source Edition Docs
Previous by thread: Re: Bug#990302: ITP: bulk-extractor -- A stream-based forensics tool for triage and cross-evidence analysis, which scans the media and extracts recognizable content
Next by thread: Re: Greenbone Source Edition Docs
Index(es):
- Date
- Thread