gvmd: init at 23.4.0

[Tochiaha]

Release: https://github.com/greenbone/gvmd/releases/tag/v23.4.0

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[Tochiaha]

referencing #81418

[Aleksanaa]

share and include are expected in $out, not $out/usr. Is there a particular reason not to use this?

[Tochiaha]

no need for the $out/usr will rely on the cmakeflags destination.

[Tochiaha]

#305096 needed for gvmd

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/4075

[Aleksanaa]

Suggested change

	description = "The central management service between security scanners and the user clients";
	description = "Central management service between security scanners and the user clients";

The policy has changed https://github.com/NixOS/nixpkgs/tree/master/pkgs#meta-attributes

[Aleksanaa]

These two should not be needed. If there is a reason, write in the comment above postInstall.

[Tochiaha]

what will be the best way to approach this error. reason for the postintsall.

[Tochiaha]

In between build time Flags are what's left.

[superherointj]

@Tochiaha Please, ask someone else to review this PR. The inputs I could offer, I already did. And I don't really understand how this application works. And how things are arranged. So my judgement here is not a good one.

I don't know.

[Tochiaha]

for reference it needs some other GVM package and Pgsql from this https://greenbone.github.io/docs/latest/22.4/source-build/index.html#id115 line down shows the setup. also when "gvmd --create-user=admin --password=''" is used it logs error regading roles and user for DB pgsql in $out/var/log/gvm/gvmd.log and run time. creating user and role with Pgsql and executing "gvmd --create-user=admin --password=''" results in this ouput "User created" which shows build time and runtime successful for gvmd. Achitecture for gvm can be seen here for better understanding https://greenbone.github.io/docs/latest/architecture.html#id1

[Tochiaha]

As recommended @fabaff can help he done other required packages of GVM.

[superherointj]

for reference it needs some other GVM package and Pgsql from this https://greenbone.github.io/docs/latest/22.4/source-build/index.html#id115 line down shows the setup. also when "gvmd --create-user=admin --password=''" is used it logs error regading roles and user for DB pgsql in $out/var/log/gvm/gvmd.log and run time. creating user and role with Pgsql and executing "gvmd --create-user=admin --password=''" results in this ouput "User created" which shows build time and runtime successful for gvmd. Achitecture for gvm can be seen here for better understanding https://greenbone.github.io/docs/latest/architecture.html#id1

I really don't understand what you are doing.

$out/var/log/gvm/gvmd.log

This makes no sense to me. Because the nix store is not writable. How/why are you saving logs there?

My guess is, you are packaging a service which needs a NixOS module. I've already tried to explain to you this. Continuously I see red flags in what you are doing. And you don't seem to understand what I tell you.

There is a distinction between what is to be done at build time and what is to be done at runtime. And a package is not part of the runtime. Any runtime consideration should be sorted at a NixOS module. The package can only set a default value. It's static.

So far you have not answered how you are executing the application. How is this being run at runtime? Why you continuously add runtime concerns to a package?

I don't have context of this application. I think you need feedback from someone that knows best. Which is not me. Still. I highly recommend you to add other reviews. I think, you should seek help. Particularly from someone that understand what you are doing.

[superherointj]

@Tochiaha

1. How is this application being executed?
2. Is this a service?
3. If this is a service, consider a NixOS service module for it.
4. Add more reviewers. (We need feedback here.)

[superherointj]

Most of these parameters shouldn't go to the nix store. The package is just a default value for these parameters. And it should be a standard system parameter, no $out (which is nix store). Then, there are the runtime concerns I told you. Which is separate of the package.

[superherointj]

State in the nix store?

[superherointj]

Which kind of data is this?

[superherointj]

Suggested change

	-DDATADIR=$out/share \
	-DDATADIR=$out/share \

Which kind of data is this?

[Tochiaha]

without it result to https://termbin.com/bdhv

[superherointj]

Suggested change

	-DLOCALSTATEDIR=$out/var \
	-DLOCALSTATEDIR=$out/var \

State in the nix store?

[Tochiaha]

without it result to https://termbin.com/bdhv

[superherointj]

Suggested change

	-DGVMD_STATE_DIR=$out/var/lib/gvm/gvmd \
	-DGVMD_STATE_DIR=$out/var/lib/gvm/gvmd \

State in the nix store?

[superherointj]

Suggested change

	-DGVMD_RUN_DIR=$out/run/gvmd \
	-DGVMD_RUN_DIR=$out/run/gvmd \

Is it a pid? If it is it shouldn't be in the nix store.

[superherointj]

What is this?

[Tochiaha]

@Tochiaha

1. How is this application being executed?

2. Is this a service?

3. If this is a service, consider a NixOS service module for it.

4. Add more reviewers. (We need feedback here.)

i can still do NixOS service module but consider this https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/security/ospd-openvas/default.nix#L45 @mweinelt any help here?

[mweinelt]

Not interested in this package. Did only contribute a drive-by fix.

[Tochiaha]

Thank you.

[superherointj]

i can still do NixOS service module but consider this https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/security/ospd-openvas/default.nix#L45 @mweinelt any help here?

The NixOS module may be optional, but offering invalid paths as default paths for package was the main issue.
nix store paths are read only, hence no pid, socks, logs, state, data?.
In the package, you can only hard code paths.
To pass through customized paths, a NixOS module is convenient, particularly for runtime considerations.

Note that, at this point in time, we are seeking to clarify the arguments purposes and values. I have asked you several questions (for each argument). Try to answer them. We need to clarify if these arguments are correct. Once that is done, I don't have objections with this PR.

[Tochiaha]

Working on it.

[superherointj]

A sock shouldn't exist in the nix store... That wouldn't be write-able.