Add updates for GVM 21.04

README.org

@@ -6,7 +6,7 @@ Edition (GSE)]] open source project.
 
 ** Docker
 The source code of [[https://hub.docker.com/u/admirito][admirito]]'s unofficial docker images for Greenbone
-Vulnerability Management 20--which is based on [[https://launchpad.net/~mrazavi/+archive/ubuntu/gvm][admirito's GVM PPA]]--is
+Vulnerability Management 21--which is based on [[https://launchpad.net/~mrazavi/+archive/ubuntu/gvm][admirito's GVM PPA]]--is
 hosted on this repo. It contains the source for the following docker
 images:
 - [[https://hub.docker.com/r/admirito/gvmd][gvmd]]: Greenbone Vulnerability Manager
@@ -54,7 +54,7 @@ namespace and then install the helm chart:
 kubectl create namespace gvm
 
 helm install gvm \
-    https://github.com/admirito/gvm-containers/releases/download/chart-1.2.0/gvm-1.2.0.tgz \
+    https://github.com/admirito/gvm-containers/releases/download/chart-1.3.0/gvm-1.3.0.tgz \
     --namespace gvm --set gvmd-db.postgresqlPassword="mypassword"
 #+END_SRC
 

cert-sync.yml

@@ -6,7 +6,7 @@ volumes:
 
 services:
   cert-sync:
-    image: admirito/gvmd:20
+    image: admirito/gvmd:21
     volumes:
       - gvm-var-lib:/var/lib/gvm
       - run-gvm:/run/gvm

chart/README.org

@@ -59,10 +59,10 @@ of the GVM chart and their default values. For a complete list see
 
 | Parameter                             | Description                                               | Default |
 |---------------------------------------+-----------------------------------------------------------+---------|
-| image.gvmd.tag                        | the docker tag for gvmd image                             | 20      |
-| image.gsad.tag                        | the docker tag for gsad image                             | 20      |
-| image.openvas.tag                     | the docker tag for openvas image                          | 20      |
-| gvmd-db.image.tag                     | the docker tag for gvm-postgres image                     | 20      |
+| image.gvmd.tag                        | the docker tag for gvmd image                             | 21      |
+| image.gsad.tag                        | the docker tag for gsad image                             | 21      |
+| image.openvas.tag                     | the docker tag for openvas image                          | 21      |
+| gvmd-db.image.tag                     | the docker tag for gvm-postgres image                     | 21      |
 | secrets.gvmdUsername                  | the username for gvmd                                     | admin   |
 | secrets.gvmdPassword                  | the password for gvmd                                     | admin   |
 | gvmd-db.postgresqlPassword            | the password for "gvmduser" in "gvmd" postgresql database | ""      |

chart/gvm/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: gvm
-version: 1.2.0
-appVersion: "20.08"
+version: 1.3.0
+appVersion: "21.04"
 description: The Greenbone Vulnerability Management Solution (previously known as Open Vulnerability Assessment System) i.e. a remote network security auditing tool
 keywords:
   - gvm

chart/gvm/values.yaml

@@ -8,7 +8,7 @@ replicaCount: 1
 ## Example:
 #
 # global:
-#   gvmImageTag: "20"
+#   gvmImageTag: "21"
 # image:
 #   gvmd:
 #     tag: "{{ .Values.global.gvmImageTag }}"
@@ -21,17 +21,17 @@ image:
   gvmd:
     registry: "docker.io"
     repository: "admirito/gvmd"
-    tag: "20"
+    tag: "21"
     pullPolicy: IfNotPresent
   gsad:
     registry: "docker.io"
     repository: "admirito/gsad"
-    tag: "20"
+    tag: "21"
     pullPolicy: IfNotPresent
   openvas:
     registry: "docker.io"
-    repository: "admirito/openvas"
-    tag: "20"
+    repository: "admirito/openvas-scanner"
+    tag: "21"
     pullPolicy: IfNotPresent
   socat:
     registry: "docker.io"

docker-compose.yml

@@ -11,7 +11,7 @@ volumes:
 
 services:
   gvm-postgres:
-    image: admirito/gvm-postgres:20
+    image: admirito/gvm-postgres:21
     environment:
       PGDATA: /var/lib/postgresql/data
       POSTGRES_DB: gvmd
@@ -22,7 +22,7 @@ services:
 
   gvmd:
     # CONNECTED /run/ospd/ospd.sock
-    image: admirito/gvmd:20
+    image: admirito/gvmd:21
     environment:
       GVMD_POSTGRESQL_URI: postgresql://gvmduser:mypassword@gvm-postgres:5432/gvmd?application_name=gvmd
       # see https://marlam.de/msmtp/ for possible configuration options for the default system account
@@ -46,7 +46,7 @@ services:
         condition: service_started
 
   gsad:
-    image: admirito/gsad:20
+    image: admirito/gsad:21
     volumes:
       - run-gvm:/run/gvm
     ports:
@@ -63,7 +63,7 @@ services:
   openvas:
     # LISTENING /run/ospd/ospd.sock
     # CONNECTED /run/redis/redis.sock
-    image: admirito/openvas:20
+    image: admirito/openvas-scanner:21
     privileged: true
     sysctls:
       net.core.somaxconn: '2048'

gvm-postgres/Dockerfile

@@ -10,4 +10,9 @@ RUN set -ex; \
     apt update; \
     echo en_US.UTF-8 UTF-8 > /etc/locale.gen; \
     DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends libgvm-pg-server0; \
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*; \
+    # Add jit = off according to this thread:
+    # https://community.greenbone.net/t/everything-works-but-i-cant-see-any-report/5875/21
+    # (The postgresql.conf.sample will be copied to
+    # /var/lib/postgresql/data/postgresql.conf by the database initializer)
+    printf "\n\n# Added for gvm-postgres\njit = off\n" >> /usr/share/postgresql/postgresql.conf.sample

gvmd-data-sync.yml

@@ -5,8 +5,8 @@ volumes:
   run-gvm: {}
 
 services:
-  cert-sync:
-    image: admirito/gvmd:20
+  gvmd-data-sync:
+    image: admirito/gvmd:21
     volumes:
       - gvm-var-lib:/var/lib/gvm
       - run-gvm:/run/gvm

gvmd/Dockerfile

@@ -10,10 +10,10 @@ RUN set -ex; \
     DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends gvmd-pg postgresql-client texlive-latex-base texlive-latex-extra texlive-fonts-recommended xsltproc gnutls-bin xmlstarlet zip python3 python3-lxml smbclient snmp gnupg openssh-client sshpass socat haveged rsync wget gpgsm xml-twig-tools msmtp msmtp-mta; \
     sed -i 's|/var/log/gvm/gvmd.log|/dev/stdout|g' /etc/gvm/gvmd_log.conf; \
     cd /; \
-    apt download openvas; \
-    dpkg --fsys-tarfile openvas_*.deb | tar xf - ./usr/bin/greenbone-nvt-sync; \
+    apt download openvas-scanner; \
+    dpkg --fsys-tarfile openvas-scanner_*.deb | tar xf - ./usr/bin/greenbone-nvt-sync; \
     sed -i 's/if \[ "`id -u`" -eq "0" \]/if fasle \&\& [ "`id -u`" -eq "0" ]/' /usr/bin/greenbone-nvt-sync; \
-    rm -rf ./openvas_*.deb; \
+    rm -rf ./openvas-scanner_*.deb; \
     rm -rf /var/lib/apt/lists/*
 
 ENV GVMD_POSTGRESQL_URI="postgresql://gvmduser:password@postgres:5432/gvmd?application_name=gvmd" \

gvmd/docker-entrypoint.sh

@@ -29,6 +29,9 @@ if [ "$1" = 'gvmd' ]; then
 	gvmd --migrate
 
 	touch /var/lib/gvm/.db-init
+    elif [ "${NO_DB_MIGRATION}" != "1" ]; then
+	echo "migrating the database to make sure it is up-to-date..."
+	gvmd --migrate || true
     fi
 
     if [ -n "${GVMD_USER}" ] && ! gvmd --get-users | grep -q "${GVMD_USER}"; then

nvt-sync.yml

@@ -6,7 +6,7 @@ volumes:
 
 services:
   nvt-sync:
-    image: admirito/openvas:20
+    image: admirito/openvas:21
     volumes:
       - openvas-var-lib:/var/lib/openvas
       - run-gvm:/run/gvm

openvas/Dockerfile → openvas-scanner/Dockerfile

@@ -7,7 +7,7 @@ RUN set -ex; \
     apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3C453D244AA450E0; \
     echo "deb http://ppa.launchpad.net/mrazavi/gvm/ubuntu focal main" > /etc/apt/sources.list.d/mrazavi-ubuntu-gvm-focal.list; \
     apt update; \
-    DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends ospd-openvas openvas python3-pkg-resources rsync wget openvas-smb nmap; \
+    DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends ospd-openvas openvas-scanner python3-pkg-resources rsync wget openvas-smb nmap sudo; \
     sed -i 's|/var/log/gvm/openvas.log|/dev/stdout|g' /etc/openvas/openvas_log.conf; \
     sed -i 's/if \[ "`id -u`" -eq "0" \]/if fasle \&\& [ "`id -u`" -eq "0" ]/' /usr/bin/greenbone-nvt-sync; \
     rm -rf /var/lib/apt/lists/*

scap-sync.yml

@@ -6,7 +6,7 @@ volumes:
 
 services:
   scap-sync:
-    image: admirito/gvmd:20
+    image: admirito/gvmd:21
     volumes:
       - gvm-var-lib:/var/lib/gvm
       - run-gvm:/run/gvm