git: 6e1d089e3b04 - main - security/go-cve-dictionary: Upgrade to 0.10.1.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 24 Feb 2024 23:37:51 UTC
The branch main has been updated by girgen:
URL: https://cgit.FreeBSD.org/ports/commit/?id=6e1d089e3b04f21ebb453622bbc7a09b9bab8c70
commit 6e1d089e3b04f21ebb453622bbc7a09b9bab8c70
Author: Palle Girgensohn <girgen@FreeBSD.org>
AuthorDate: 2024-01-26 16:14:04 +0000
Commit: Palle Girgensohn <girgen@FreeBSD.org>
CommitDate: 2024-02-24 23:37:44 +0000
security/go-cve-dictionary: Upgrade to 0.10.1.
This port is mainly here as a dependency of security/vuls. Update and
take maintainership due to maintainer timeout. [1]
Adding a default config file that should work more or less out the box
for a simple local setup. It has examples for a larger deployment.
PR: 259948 [1] Maintainer timeout
---
security/go-cve-dictionary/Makefile | 67 +++++-------------
security/go-cve-dictionary/distinfo | 82 ++--------------------
.../go-cve-dictionary/files/go-cve-dictionary.in | 44 +++++-------
.../go-cve-dictionary/files/go-cve-dictionary.yaml | 23 ++++++
.../files/newsyslog-go-cve-dictionary.conf | 7 ++
.../files/patch-commands_fetchjvn.go | 29 --------
.../files/patch-commands_fetchnvd.go | 29 --------
.../go-cve-dictionary/files/patch-commands_root.go | 29 ++++++++
.../files/patch-commands_server.go | 29 --------
.../files/periodic-go-cve-dictionary.in | 36 ++++++++++
security/go-cve-dictionary/files/pkg-message.in | 23 +++---
security/go-cve-dictionary/pkg-descr | 8 ++-
security/go-cve-dictionary/pkg-plist | 5 ++
13 files changed, 164 insertions(+), 247 deletions(-)
diff --git a/security/go-cve-dictionary/Makefile b/security/go-cve-dictionary/Makefile
index bd780b01bc5d..ebbaceacdab9 100644
--- a/security/go-cve-dictionary/Makefile
+++ b/security/go-cve-dictionary/Makefile
@@ -1,12 +1,11 @@
PORTNAME= go-cve-dictionary
-DISTVERSIONPREFIX= v
-DISTVERSION= 0.5.5
-PORTREVISION= 17
+DISTVERSIONPREFIX=v
+DISTVERSION= 0.10.1
CATEGORIES= security
-MAINTAINER= iscandr@gmail.com
+MAINTAINER= girgen@FreeBSD.org
COMMENT= Build local copies of vulnerabilities from NVD and JVN
-WWW= https://github.com/kotakanbe/go-cve-dictionary/
+WWW= https://github.com/vulsio/go-cve-dictionary/
LICENSE= APACHE20
@@ -14,59 +13,31 @@ RUN_DEPENDS= ca_root_nss>=0:security/ca_root_nss
USES= go:modules
-USE_GITHUB= yes
-GH_ACCOUNT= kotakanbe
-GH_TUPLE= \
- PuerkitoBio:goquery:v1.5.1:puerkitobio_goquery/vendor/github.com/PuerkitoBio/goquery \
- VividCortex:ewma:v1.1.1:vividcortex_ewma/vendor/github.com/VividCortex/ewma \
- andybalholm:cascadia:v1.1.0:andybalholm_cascadia/vendor/github.com/andybalholm/cascadia \
- asaskevich:govalidator:f61b66f89f4a:asaskevich_govalidator/vendor/github.com/asaskevich/govalidator \
- cespare:xxhash:v2.1.1:cespare_xxhash_v2/vendor/github.com/cespare/xxhash/v2 \
- cheggaaa:pb:v3.0.5:cheggaaa_pb_v3/vendor/github.com/cheggaaa/pb \
- dgrijalva:jwt-go:v3.2.0:dgrijalva_jwt_go/vendor/github.com/dgrijalva/jwt-go \
- dgryski:go-rendezvous:9f7001d12a5f:dgryski_go_rendezvous/vendor/github.com/dgryski/go-rendezvous \
- fatih:color:v1.9.0:fatih_color/vendor/github.com/fatih/color \
- redis:go-redis:v8.4.0:go_redis_redis_v8/vendor/github.com/go-redis/redis/v8 \
- go-sql-driver:mysql:v1.5.0:go_sql_driver_mysql/vendor/github.com/go-sql-driver/mysql \
- go-stack:stack:v1.8.0:go_stack_stack/vendor/github.com/go-stack/stack \
- golang:crypto:75b288015ac9:golang_crypto/vendor/golang.org/x/crypto \
- golang:net:a7d1128ccaa0:golang_net/vendor/golang.org/x/net \
- golang:sys:v0.6.0:golang_sys/vendor/golang.org/x/sys \
- golang:text:v0.3.3:golang_text/vendor/golang.org/x/text \
- google:subcommands:v1.2.0:google_subcommands/vendor/github.com/google/subcommands \
- hashicorp:go-version:v1.2.1:hashicorp_go_version/vendor/github.com/hashicorp/go-version \
- htcat:htcat:v1.0.2:htcat_htcat/vendor/github.com/htcat/htcat \
- inconshreveable:log15:b30bc20e4fd1:inconshreveable_log15/vendor/github.com/inconshreveable/log15 \
- jinzhu:gorm:v1.9.16:jinzhu_gorm/vendor/github.com/jinzhu/gorm \
- jinzhu:inflection:v1.0.0:jinzhu_inflection/vendor/github.com/jinzhu/inflection \
- k0kubun:colorstring:9440f1994b88:k0kubun_colorstring/vendor/github.com/k0kubun/colorstring \
- k0kubun:pp:v3.0.1:k0kubun_pp/vendor/github.com/k0kubun/pp \
- knqyf263:go-cpe:659663f6eca2:knqyf263_go_cpe/vendor/github.com/knqyf263/go-cpe \
- labstack:echo:v3.3.10:labstack_echo/vendor/github.com/labstack/echo \
- labstack:gommon:v0.3.0:labstack_gommon/vendor/github.com/labstack/gommon \
- lib:pq:v1.1.1:lib_pq/vendor/github.com/lib/pq \
- mattn:go-colorable:v0.1.4:mattn_go_colorable/vendor/github.com/mattn/go-colorable \
- mattn:go-isatty:v0.0.12:mattn_go_isatty/vendor/github.com/mattn/go-isatty \
- mattn:go-runewidth:v0.0.7:mattn_go_runewidth/vendor/github.com/mattn/go-runewidth \
- mattn:go-sqlite3:v1.14.2:mattn_go_sqlite3/vendor/github.com/mattn/go-sqlite3 \
- olekukonko:tablewriter:v0.0.4:olekukonko_tablewriter/vendor/github.com/olekukonko/tablewriter \
- open-telemetry:opentelemetry-go:v0.14.0:open_telemetry_opentelemetry_go/vendor/go.opentelemetry.io/otel \
- pkg:errors:v0.9.1:pkg_errors/vendor/github.com/pkg/errors \
- valyala:bytebufferpool:v1.0.0:valyala_bytebufferpool/vendor/github.com/valyala/bytebufferpool \
- valyala:fasttemplate:v1.2.1:valyala_fasttemplate/vendor/github.com/valyala/fasttemplate
+GO_MODULE= github.com/vulsio/go-cve-dictionary
USE_RC_SUBR= ${PORTNAME}
GO_BUILDFLAGS= -ldflags "-X main.version=${PORTVERSION}"
-SUB_FILES= pkg-message
+SUB_FILES= pkg-message periodic-go-cve-dictionary
SUB_LIST= PORTNAME=${PORTNAME} USERS=${USERS} GROUPS=${GROUPS}
USERS= vuls
GROUPS= vuls
+post-patch:
+ ${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' ${WRKSRC}/commands/root.go
+
post-install:
- ${MKDIR} ${STAGEDIR}/var/db/vuls
- ${MKDIR} ${STAGEDIR}/var/log/vuls
+ ${MKDIR} ${STAGEDIR}/var/db/vuls \
+ ${STAGEDIR}/var/log/vuls \
+ ${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d \
+ ${STAGEDIR}${PREFIX}/etc/periodic/daily
+ ${INSTALL_DATA} ${FILESDIR}/newsyslog-${PORTNAME}.conf \
+ ${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d/${PORTNAME}.conf.sample
+ ${INSTALL_DATA} ${FILESDIR}/${PORTNAME}.yaml \
+ ${STAGEDIR}${PREFIX}/etc/${PORTNAME}.yaml.sample
+ ${INSTALL_SCRIPT} ${WRKDIR}/periodic-${PORTNAME} \
+ ${STAGEDIR}${PREFIX}/etc/periodic/daily/${PORTNAME}
.include <bsd.port.mk>
diff --git a/security/go-cve-dictionary/distinfo b/security/go-cve-dictionary/distinfo
index b581269dde99..9d9399338338 100644
--- a/security/go-cve-dictionary/distinfo
+++ b/security/go-cve-dictionary/distinfo
@@ -1,77 +1,5 @@
-TIMESTAMP = 1679132467
-SHA256 (kotakanbe-go-cve-dictionary-v0.5.5_GH0.tar.gz) = 19b0e10daff6946717d441eb6a9e056fe2a28cd2e5b008a97ff2fd2f2c952fc3
-SIZE (kotakanbe-go-cve-dictionary-v0.5.5_GH0.tar.gz) = 46715
-SHA256 (PuerkitoBio-goquery-v1.5.1_GH0.tar.gz) = 50b671f7128ac6993b7388d4e8a76901afdcaa7c6889f45687a2acc0d0753ca4
-SIZE (PuerkitoBio-goquery-v1.5.1_GH0.tar.gz) = 101380
-SHA256 (VividCortex-ewma-v1.1.1_GH0.tar.gz) = 3b2d62412b7ba2726a379cc0ae557595c027dc8206d0ef98f13831281b8f2b85
-SIZE (VividCortex-ewma-v1.1.1_GH0.tar.gz) = 6042
-SHA256 (andybalholm-cascadia-v1.1.0_GH0.tar.gz) = 5d03f4610b70cab7860b158efab1afd91baa58fd95286a0adbadcdc3b49c7936
-SIZE (andybalholm-cascadia-v1.1.0_GH0.tar.gz) = 15464
-SHA256 (asaskevich-govalidator-f61b66f89f4a_GH0.tar.gz) = 7e241314ac30b59d9dc6ead8e902de94e07135486694e4e7ef0dc97eaf42c40e
-SIZE (asaskevich-govalidator-f61b66f89f4a_GH0.tar.gz) = 51800
-SHA256 (cespare-xxhash-v2.1.1_GH0.tar.gz) = 0ee31178d2c5a1249be4e26294a2f428008dc4e1ecbbfbe47f74e41026df1148
-SIZE (cespare-xxhash-v2.1.1_GH0.tar.gz) = 9292
-SHA256 (cheggaaa-pb-v3.0.5_GH0.tar.gz) = c3442908441cd17c4a2ed0c9f0875eeb52947e3b73d5c6e483d2698d7ed8ef43
-SIZE (cheggaaa-pb-v3.0.5_GH0.tar.gz) = 30815
-SHA256 (dgrijalva-jwt-go-v3.2.0_GH0.tar.gz) = 197465ef53219f3aeb1a6940b70e16d288fe4e4108d4831b91ea101118440e63
-SIZE (dgrijalva-jwt-go-v3.2.0_GH0.tar.gz) = 36960
-SHA256 (dgryski-go-rendezvous-9f7001d12a5f_GH0.tar.gz) = 29584550745fd4b8fce2e2f3def7b9d9ffe2b86cf9b6596b53a660c9bbfe27b6
-SIZE (dgryski-go-rendezvous-9f7001d12a5f_GH0.tar.gz) = 1699
-SHA256 (fatih-color-v1.9.0_GH0.tar.gz) = f5a6372ff7c87d22baaa2089e5cdd8a218fb3a9be047195c0ab421d5340f6f3f
-SIZE (fatih-color-v1.9.0_GH0.tar.gz) = 1230941
-SHA256 (redis-go-redis-v8.4.0_GH0.tar.gz) = c9aaa3d49398792ce64b0a54ae37663ec4def987bb68a79a5db6f71fc6e598e9
-SIZE (redis-go-redis-v8.4.0_GH0.tar.gz) = 123964
-SHA256 (go-sql-driver-mysql-v1.5.0_GH0.tar.gz) = 9d98b46623037447a26a51a203540bf605b6e6220d31f2efc7396242fcb660b5
-SIZE (go-sql-driver-mysql-v1.5.0_GH0.tar.gz) = 90474
-SHA256 (go-stack-stack-v1.8.0_GH0.tar.gz) = 3b8987e137d76f4f35db1e8005ec7fb766b68eed8cac0ca0b795ac43cd72b319
-SIZE (go-stack-stack-v1.8.0_GH0.tar.gz) = 8039
-SHA256 (golang-crypto-75b288015ac9_GH0.tar.gz) = 6e74e21bf9dfdbf0a8dac8cb205fbc3bfd8dff308a24080b9d6093a3858f0db2
-SIZE (golang-crypto-75b288015ac9_GH0.tar.gz) = 1729931
-SHA256 (golang-net-a7d1128ccaa0_GH0.tar.gz) = 4bed33fe7ea1e5ce005798c033fa18bddaa12fe5b6848bbe144e34c41c4b168f
-SIZE (golang-net-a7d1128ccaa0_GH0.tar.gz) = 1177106
-SHA256 (golang-sys-v0.6.0_GH0.tar.gz) = b4f6d17c7a128f76169964b437cb66b3f2dbf9a33361928ec19dfecf7b03fc54
-SIZE (golang-sys-v0.6.0_GH0.tar.gz) = 1434234
-SHA256 (golang-text-v0.3.3_GH0.tar.gz) = 1604233637e3593749fbbb13b5069b08e6feba6d2b55a02fd3148793d5871185
-SIZE (golang-text-v0.3.3_GH0.tar.gz) = 7747332
-SHA256 (google-subcommands-v1.2.0_GH0.tar.gz) = 99602409506274003f52f6eb901f3a4d6aa2fc041971939dfa753ffcf0549bae
-SIZE (google-subcommands-v1.2.0_GH0.tar.gz) = 9383
-SHA256 (hashicorp-go-version-v1.2.1_GH0.tar.gz) = 9c63e2107ca0cf4e78ddba1128c73adfdfcdd45faa90c3bf7c6feda7d2326cc5
-SIZE (hashicorp-go-version-v1.2.1_GH0.tar.gz) = 13911
-SHA256 (htcat-htcat-v1.0.2_GH0.tar.gz) = 6e3eb20766e668e8ff8bbe08a84544b3cbde45d6bdccad0a5fae905a06ef2f7e
-SIZE (htcat-htcat-v1.0.2_GH0.tar.gz) = 8561
-SHA256 (inconshreveable-log15-b30bc20e4fd1_GH0.tar.gz) = 515e98c8aadad3bb92c8db7e48bea0a4ad3dea40726aeb272fb1f7e9d68e3355
-SIZE (inconshreveable-log15-b30bc20e4fd1_GH0.tar.gz) = 23537
-SHA256 (jinzhu-gorm-v1.9.16_GH0.tar.gz) = c7ea6db55ab5226b6eb71e5654d14690459d02304df50cdf4adbe70db0308cab
-SIZE (jinzhu-gorm-v1.9.16_GH0.tar.gz) = 97157
-SHA256 (jinzhu-inflection-v1.0.0_GH0.tar.gz) = 582808364cc268544e3e6775b15d7fffbc28ccfb930a29840bb25e32d7d95e1f
-SIZE (jinzhu-inflection-v1.0.0_GH0.tar.gz) = 4766
-SHA256 (k0kubun-colorstring-9440f1994b88_GH0.tar.gz) = 8a8b7c4bfc362722139afceb014225fbde2b464c78c7d864f3436a12fa732bd0
-SIZE (k0kubun-colorstring-9440f1994b88_GH0.tar.gz) = 3627
-SHA256 (k0kubun-pp-v3.0.1_GH0.tar.gz) = 7ee809d1b55839d39965151142988bbb51ebb1e8105086703c55caf3e8eb0488
-SIZE (k0kubun-pp-v3.0.1_GH0.tar.gz) = 9734
-SHA256 (knqyf263-go-cpe-659663f6eca2_GH0.tar.gz) = 429ea378b3e3918df8c6e6550e2d0bd421f104206fad25bdf5282d628f14dc52
-SIZE (knqyf263-go-cpe-659663f6eca2_GH0.tar.gz) = 2650095
-SHA256 (labstack-echo-v3.3.10_GH0.tar.gz) = 0b130e57652d0b90740541339161bb3105c1fdec2dd5b6a716b5929bef91a125
-SIZE (labstack-echo-v3.3.10_GH0.tar.gz) = 279846
-SHA256 (labstack-gommon-v0.3.0_GH0.tar.gz) = c23fa6b18c3f3c4dc917e7fb6d40db88ca2d13f51dbc9a8e8e098b8aa03611e9
-SIZE (labstack-gommon-v0.3.0_GH0.tar.gz) = 11426
-SHA256 (lib-pq-v1.1.1_GH0.tar.gz) = bc19f104f21e71536f43d99c375355bfdee159f967050af690a51ef588ab0e37
-SIZE (lib-pq-v1.1.1_GH0.tar.gz) = 95305
-SHA256 (mattn-go-colorable-v0.1.4_GH0.tar.gz) = 157806ad8125e6bef4d9b58c9125ccb98a8343136f93faf442ab0cc6e7c24c11
-SIZE (mattn-go-colorable-v0.1.4_GH0.tar.gz) = 8981
-SHA256 (mattn-go-isatty-v0.0.12_GH0.tar.gz) = addbdc341d7685ed4cc8d2d8a8fd2bd9b784bde00d0ea99fb251039fc10c611c
-SIZE (mattn-go-isatty-v0.0.12_GH0.tar.gz) = 4548
-SHA256 (mattn-go-runewidth-v0.0.7_GH0.tar.gz) = 09270ddb93b2d77d4b3903bbadacbb3a3d4f0cce93c373fb21503840829d8697
-SIZE (mattn-go-runewidth-v0.0.7_GH0.tar.gz) = 16089
-SHA256 (mattn-go-sqlite3-v1.14.2_GH0.tar.gz) = faa3138a0219c1cd684386b2a13c203361e62ae51a3d895deeffcd3fe6c6d5b9
-SIZE (mattn-go-sqlite3-v1.14.2_GH0.tar.gz) = 2354866
-SHA256 (olekukonko-tablewriter-v0.0.4_GH0.tar.gz) = a86028430fb4dd99ce0030a7c4d37915337c3b9a9efbfd2698b375f3e3488bd0
-SIZE (olekukonko-tablewriter-v0.0.4_GH0.tar.gz) = 19252
-SHA256 (open-telemetry-opentelemetry-go-v0.14.0_GH0.tar.gz) = f096a442e4674b320d22e4cb253c005a6f3b82630b27e9c8856d0612f590b501
-SIZE (open-telemetry-opentelemetry-go-v0.14.0_GH0.tar.gz) = 469278
-SHA256 (pkg-errors-v0.9.1_GH0.tar.gz) = 56bfd893023daa498508bfe161de1be83299fcf15376035e7df79cbd7d6fa608
-SIZE (pkg-errors-v0.9.1_GH0.tar.gz) = 13415
-SHA256 (valyala-bytebufferpool-v1.0.0_GH0.tar.gz) = 089013e3429ebe7fd2bc3527f003bf3f3f639891e5d8ba6a56010e3671465e1f
-SIZE (valyala-bytebufferpool-v1.0.0_GH0.tar.gz) = 5025
-SHA256 (valyala-fasttemplate-v1.2.1_GH0.tar.gz) = 14881149dfc3d49606728d0c8e704cfaeb7fbbf2c42d20e771cf1bbae9fb1044
-SIZE (valyala-fasttemplate-v1.2.1_GH0.tar.gz) = 11550
+TIMESTAMP = 1706283379
+SHA256 (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.mod) = 605f168ac90dfb779f3a67dea287bab9938a4d32e4fe9157dc6d0aabf14d7217
+SIZE (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.mod) = 3338
+SHA256 (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.zip) = aa21dbe8c6064679071d64eb0afa965904d734d580c908ecc289859f145cc263
+SIZE (go/security_go-cve-dictionary/go-cve-dictionary-v0.10.1/v0.10.1.zip) = 353325
diff --git a/security/go-cve-dictionary/files/go-cve-dictionary.in b/security/go-cve-dictionary/files/go-cve-dictionary.in
index ef483b29574b..7cb3ff1a6fbe 100644
--- a/security/go-cve-dictionary/files/go-cve-dictionary.in
+++ b/security/go-cve-dictionary/files/go-cve-dictionary.in
@@ -8,19 +8,18 @@
# to enable this service:
#
# go_cve_dictionary_enable (bool): Set to NO by default
-# Set it to YES to enable the CVE server
+# Set it to YES to enable the CVE server
# go_cve_dictionary_user (string): Set user to run go_cve_dictionary
-# Default is "%%USERS%%"
+# Default is "%%USERS%%"
# go_cve_dictionary_group (string): Set group to run go_cve_dictionary
-# Default is "%%GROUPS%%"
-# go_cve_dictionary_db_path (string): Set database path
-# Default is "/var/db/vuls/cve.sqlite3"
-# go_cve_dictionary_db_type (string): Set database type
-# Default is "sqlite3"
-# go_cve_dictionary_log_file (string): Set file that go_cve_dictionary will log to
-# Default is "/var/log/vuls/go_cve_dictionary.log"
+# Default is "%%GROUPS%%"
+# go_cve_dictionary_log_file (string): Set file that go-cve-dictionary will log to
+# Default is "/var/log/vuls/go_cve_dictionary.log"
# go_cve_dictionary_args (string): Set additional command line arguments
-# Default is ""
+# Default is ""
+#
+# Set up go-cve-dictionary using the config file: %%PREFIX%%/etc/go-cve-dictionary.yaml
+#
. /etc/rc.subr
@@ -32,32 +31,27 @@ load_rc_config $name
: ${go_cve_dictionary_enable:="NO"}
: ${go_cve_dictionary_user:="%%USERS%%"}
: ${go_cve_dictionary_group:="%%GROUPS%%"}
-: ${go_cve_dictionary_db_path:="/var/db/vuls/cve.sqlite3"}
-: ${go_cve_dictionary_db_type:="sqlite3"}
: ${go_cve_dictionary_log_file:="/var/log/vuls/go_cve_dictionary.log"}
: ${go_cve_dictionary_args:=""}
-pidfile=/var/run/go_cve_dictionary.pid
+pidfile=/var/run/${name}.pid
+pidfile_daemon=/var/run/${name}_daemon.pid
command="/usr/sbin/daemon"
procname="%%PREFIX%%/bin/%%PORTNAME%%"
-command_args="-p ${pidfile} /usr/bin/env ${procname} server \
- -dbpath=${go_cve_dictionary_db_path} \
- -dbtype=${go_cve_dictionary_db_type} \
- ${go_cve_dictionary_args} >> ${go_cve_dictionary_log_file} 2>&1"
+command_args="-p ${pidfile} -P ${pidfile_daemon} -t ${name} \
+ -Ho ${go_cve_dictionary_log_file} \
+ ${procname} server \
+ ${go_cve_dictionary_args}"
start_precmd=go_cve_dictionary_startprecmd
go_cve_dictionary_startprecmd()
{
- if [ ! -e ${pidfile} ]; then
- install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \
- -m 640 /dev/null ${pidfile};
- fi
- if [ ! -f "${go_cve_dictionary_log_file}" ]; then
- install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \
- -m 640 /dev/null ${go_cve_dictionary_log_file};
- fi
+ /usr/bin/install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \
+ -m 640 /dev/null ${pidfile}
+ /usr/bin/install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \
+ -m 640 /dev/null ${pidfile_daemon}
}
load_rc_config $name
diff --git a/security/go-cve-dictionary/files/go-cve-dictionary.yaml b/security/go-cve-dictionary/files/go-cve-dictionary.yaml
new file mode 100644
index 000000000000..80f093e60df0
--- /dev/null
+++ b/security/go-cve-dictionary/files/go-cve-dictionary.yaml
@@ -0,0 +1,23 @@
+# The FreeBSD port uses `daemon' and logs from stdout to file
+# log-dir string
+# log-json: bool
+# log-to-file: bool
+log-to-file: false
+log-json: false
+
+# alternatives are sqlite3, postgres, redis or mysql
+dbtype: sqlite3
+dbpath: /var/db/vuls/cve.sqlite3
+
+# dbtype: postgres
+# dbpath: "host=dbhost user=dbuser dbname=cve password=password"
+
+# Choose which IP addresses to listen to
+#
+# bind: 127.0.0.0
+# port: 1323
+
+# http-proxy string
+
+# debug: bool
+# debug-sql: bool
diff --git a/security/go-cve-dictionary/files/newsyslog-go-cve-dictionary.conf b/security/go-cve-dictionary/files/newsyslog-go-cve-dictionary.conf
new file mode 100644
index 000000000000..a1634a888413
--- /dev/null
+++ b/security/go-cve-dictionary/files/newsyslog-go-cve-dictionary.conf
@@ -0,0 +1,7 @@
+# configuration file for newsyslog for sqlpage
+#
+# see newsyslog.conf(5) for details
+#
+# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
+/var/log/vuls/go_cve_dictionary.log vuls:vuls 640 7 100 * J /var/run/go_cve_dictionary_daemon.pid
+/var/log/vuls/go_cve_dictionary-updates.log vuls:vuls 640 7 * @T00 J
diff --git a/security/go-cve-dictionary/files/patch-commands_fetchjvn.go b/security/go-cve-dictionary/files/patch-commands_fetchjvn.go
deleted file mode 100644
index 060efc488de0..000000000000
--- a/security/go-cve-dictionary/files/patch-commands_fetchjvn.go
+++ /dev/null
@@ -1,29 +0,0 @@
---- commands/fetchjvn.go.orig 2017-06-26 10:39:59 UTC
-+++ commands/fetchjvn.go
-@@ -3,7 +3,6 @@ package commands
- import (
- "context"
- "flag"
-- "os"
- "strconv"
- "time"
-
-@@ -45,7 +44,7 @@ func (*FetchJvnCmd) Usage() string {
- [-latest]
- [-last2y]
- [-years] 1998 1999 ...
-- [-dbpath=$PWD/cve.sqlite3 or connection string]
-+ [-dbpath=/var/db/vuls/cve.sqlite3 or connection string]
- [-dbtype=mysql|postgres|sqlite3|redis]
- [-http-proxy=http://192.168.0.1:8080]
- [-debug]
-@@ -65,8 +64,7 @@ func (p *FetchJvnCmd) SetFlags(f *flag.F
- defaultLogDir := util.GetDefaultLogDir()
- f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
-
-- pwd := os.Getenv("PWD")
-- f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3",
-+ f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3",
- "/path/to/sqlite3 or SQL connection string")
-
- f.StringVar(&p.dbtype, "dbtype", "sqlite3",
diff --git a/security/go-cve-dictionary/files/patch-commands_fetchnvd.go b/security/go-cve-dictionary/files/patch-commands_fetchnvd.go
deleted file mode 100644
index e081ba1a7de3..000000000000
--- a/security/go-cve-dictionary/files/patch-commands_fetchnvd.go
+++ /dev/null
@@ -1,29 +0,0 @@
---- commands/fetchnvd.go.orig 2017-06-26 10:39:59 UTC
-+++ commands/fetchnvd.go
-@@ -3,7 +3,6 @@ package commands
- import (
- "context"
- "flag"
-- "os"
- "strconv"
- "time"
-
-@@ -43,7 +42,7 @@ func (*FetchNvdCmd) Usage() string {
- [-last2y]
- [-years] 2015 2016 ...
- [-dbtype=mysql|postgres|sqlite3|redis]
-- [-dbpath=$PWD/cve.sqlite3 or connection string]
-+ [-dbpath=/var/db/vuls/cve.sqlite3 or connection string]
- [-http-proxy=http://192.168.0.1:8080]
- [-debug]
- [-debug-sql]
-@@ -65,8 +64,7 @@ func (p *FetchNvdCmd) SetFlags(f *flag.F
- defaultLogDir := util.GetDefaultLogDir()
- f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
-
-- pwd := os.Getenv("PWD")
-- f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3",
-+ f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3",
- "/path/to/sqlite3 or SQL connection string")
-
- f.StringVar(&p.dbtype, "dbtype", "sqlite3",
diff --git a/security/go-cve-dictionary/files/patch-commands_root.go b/security/go-cve-dictionary/files/patch-commands_root.go
new file mode 100644
index 000000000000..1f383c5b7b8b
--- /dev/null
+++ b/security/go-cve-dictionary/files/patch-commands_root.go
@@ -0,0 +1,29 @@
+--- commands/root.go.orig 1979-11-29 23:00:00 UTC
++++ commands/root.go
+@@ -3,7 +3,6 @@ import (
+ import (
+ "fmt"
+ "os"
+- "path/filepath"
+
+ homedir "github.com/mitchellh/go-homedir"
+ "github.com/spf13/cobra"
+@@ -25,7 +24,7 @@ func init() {
+ func init() {
+ cobra.OnInitialize(initConfig)
+
+- RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.go-cve-dictionary.yaml)")
++ RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "%%PREFIX%%/etc/go-cve-dictionary.yaml", "config file")
+
+ RootCmd.PersistentFlags().Bool("log-to-file", false, "output log to file")
+ _ = viper.BindPFlag("log-to-file", RootCmd.PersistentFlags().Lookup("log-to-file"))
+@@ -42,8 +41,7 @@ func init() {
+ RootCmd.PersistentFlags().Bool("debug-sql", false, "SQL debug mode")
+ _ = viper.BindPFlag("debug-sql", RootCmd.PersistentFlags().Lookup("debug-sql"))
+
+- pwd := os.Getenv("PWD")
+- RootCmd.PersistentFlags().String("dbpath", filepath.Join(pwd, "cve.sqlite3"), "/path/to/sqlite3 or SQL connection string")
++ RootCmd.PersistentFlags().String("dbpath", "/var/db/vuls/cve.sqlite3", "/path/to/sqlite3 or SQL connection string")
+ _ = viper.BindPFlag("dbpath", RootCmd.PersistentFlags().Lookup("dbpath"))
+
+ RootCmd.PersistentFlags().String("dbtype", "sqlite3", "Database type to store data in (sqlite3, mysql, postgres or redis supported)")
diff --git a/security/go-cve-dictionary/files/patch-commands_server.go b/security/go-cve-dictionary/files/patch-commands_server.go
deleted file mode 100644
index a2c836a7bd66..000000000000
--- a/security/go-cve-dictionary/files/patch-commands_server.go
+++ /dev/null
@@ -1,29 +0,0 @@
---- commands/server.go.orig 2017-06-26 10:39:59 UTC
-+++ commands/server.go
-@@ -3,7 +3,6 @@ package commands
- import (
- "context"
- "flag"
-- "os"
-
- "github.com/google/subcommands"
- c "github.com/kotakanbe/go-cve-dictionary/config"
-@@ -37,7 +36,7 @@ func (*ServerCmd) Usage() string {
- server
- [-bind=127.0.0.1]
- [-port=8000]
-- [-dbpath=$PWD/cve.sqlite3 or connection string]
-+ [-dbpath=/var/db/vuls/cve.sqlite3 or connection string]
- [-dbtype=mysql|postgres|sqlite3|redis]
- [-debug]
- [-debug-sql]
-@@ -56,8 +55,7 @@ func (p *ServerCmd) SetFlags(f *flag.Fla
- defaultLogDir := util.GetDefaultLogDir()
- f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
-
-- pwd := os.Getenv("PWD")
-- f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3",
-+ f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3",
- "/path/to/sqlite3 or SQL connection string")
-
- f.StringVar(&p.dbtype, "dbtype", "sqlite3",
diff --git a/security/go-cve-dictionary/files/periodic-go-cve-dictionary.in b/security/go-cve-dictionary/files/periodic-go-cve-dictionary.in
new file mode 100644
index 000000000000..4d7a71aad4fc
--- /dev/null
+++ b/security/go-cve-dictionary/files/periodic-go-cve-dictionary.in
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+#
+# Update the CVE database every night.
+#
+
+# daily_go_cve_dictionary_enable - set to YES to enable nightly update of CVE definitions
+# daily_go_cve_dictionary_databases - This can be a space separated list of databases
+# Supported databases are:
+# nvd jvn fortinet
+#
+# All other configurations are made in %%PREFIX%%/etc/go-cve-dictionary.yaml.
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+: ${daily_go_cve_dictionary_enable:=NO}
+: ${daily_go_cve_dictionary_databases:=nvd} {
+
+# You can add arguments per database, for example
+# daily_go_cve_dictionary_nvd_args="2020 2021 2022 2023 2024"
+
+case "${daily_go_cve_dictionary_databases}" in
+ [Yy][Ee][Ss])
+ for db in ${go_cve_dictionary_databases}; do
+ eval args="\${go_cve_dictionary_${db}_args}"
+ su -fm %%USERS%% \
+ -c "/usr/bin/env HOME=/var/db/vuls %%PREFIX%%/bin/go-cve-dictionary fetch ${db} ${args}" \
+ >> /var/log/vuls/go-cve-dictionary-updates.log 2>&1
+ done
+esac
diff --git a/security/go-cve-dictionary/files/pkg-message.in b/security/go-cve-dictionary/files/pkg-message.in
index d18c3ff39247..ae3e999c5f07 100644
--- a/security/go-cve-dictionary/files/pkg-message.in
+++ b/security/go-cve-dictionary/files/pkg-message.in
@@ -3,21 +3,28 @@
message: <<EOM
Congratulations, you have installed %%PORTNAME%%!
-%%PORTNAME%% does not ship any CVE database.
-To download CVEs from 2002 until present run:
+Setup go-cve-dictionary to use you preferred database type and set up access by
+editing the config file at %%PREFIX%%/etc/go-cve-dictionary.yaml. There's a
+default setup for your convenience using sqlite3, but you can also choose
+Redis, PostgreSQL or MySQL if you prefer that.
-for i in `seq 2002 $(date +"%Y")`; \
- do %%PORTNAME%% fetchnvd -years $i; \
- done
+go-cve-dictionary does not ship any CVE database. Instead, to download CVEs
+from 2002 until present and keep them updated, activate the periodic script by
+running
-After download, set the permissions of the CVE databases:
+sysrc -f /etc/periodic.conf daily_go_cve_dictionary_enable="YES"
-chown %%USERS%%:%%GROUPS%% /var/db/vuls/* /var/log/vuls/*
+Then, to fetch the NVD database of CVEs immediately, run
-To enable %%PORTNAME%% and start:
+/usr/local/etc/periodic/daily/go-cve-dictionary
+
+To enable the go-cve-dictionary service, edit
+%%PREFIX%%/etc/go-cve-dictionary.yaml and set bind and port, and then activate
+and start the service using:
sysrc go_cve_dictionary_enable="YES"
service %%PORTNAME%% start
+
EOM
}
]
diff --git a/security/go-cve-dictionary/pkg-descr b/security/go-cve-dictionary/pkg-descr
index c4e12d79fe89..be27bcedd2c3 100644
--- a/security/go-cve-dictionary/pkg-descr
+++ b/security/go-cve-dictionary/pkg-descr
@@ -1,5 +1,9 @@
go-cve-dictionary builds a a local copy of the National Vulnerabilities
Database(NVD) and Japan Vulnerability Notes(JVN). NVD and JVN contain security
vulnerabilities according to their CVE identifiers including exhaustive
-information and a risk score. The local copy is generated in sqlite format.
-A server is included for easy querying.
+information and a risk score. The local copy is generated in a database, using
+sqlite3, postgres or mysql. A server is included for easy querying.
+
+This program is tightly related to security/vuls, a client binary that is used
+to report about known vulnerabilities in packages. vuls uses the
+go-cve-dictionary service when reporting about problems.
diff --git a/security/go-cve-dictionary/pkg-plist b/security/go-cve-dictionary/pkg-plist
index 413d3df11f36..1543ff8f3156 100644
--- a/security/go-cve-dictionary/pkg-plist
+++ b/security/go-cve-dictionary/pkg-plist
@@ -1,3 +1,8 @@
bin/go-cve-dictionary
+etc/periodic/daily/go-cve-dictionary
+@sample etc/newsyslog.conf.d/go-cve-dictionary.conf.sample
+@sample etc/go-cve-dictionary.yaml.sample
@dir(vuls,vuls,0775) /var/db/vuls
@dir(vuls,vuls,0775) /var/log/vuls
+@dir etc/newsyslog.conf.d
+@dir etc/periodic/daily