Discussion: GVM Release Version 21.4.4

(moderator note: this topic was split from GVM Release Version 21.4.4)

Hi DeeAn,

Thank you for the info! I’m curious that is there any upgrade scripts or I’ll need to re-run every setup steps or only the steps that build and copy the source to root dir?

Hi,

if you build from source you need to rebuild all our components, install them and run gvmd --migrate afterwards. If you did install GVM from distribution packages you need to wait for updates of that packages. Same is true for some Docker images.

Well noted Bricks, thanks for the update!

Hello everybody!

I tried to build the GVM Version 21.4.4 from source as you have descript in your Documentation (Building GVM 21.04 — Greenbone Documentation documentation). But at the point where the GSA is compiled, the build process fails with a notice that CMakeLists.txt is missing.

~/build/gsa# cmake $SOURCE_DIR/gsa-$GSA_VERSION \
>   -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
>   -DCMAKE_BUILD_TYPE=Release \
>   -DSYSCONFDIR=/etc \
>   -DLOCALSTATEDIR=/var \
>   -DGVM_RUN_DIR=/run/gvm \
>   -DGSAD_PID_DIR=/run/gvm \
>   -DLOGROTATE_DIR=/etc/logrotate.d
CMake Error: The source directory "/root/source/gsa-21.4.4" does not appear to contain CMakeLists.txt.
Specify --help for usage, or press the help button on the CMake GUI.

Is this an error, or has the documentation not been updated at this point?

I would be grateful for a short feedback.

Many greetings

Oh I am sorry we forgot to update the GSA part in the docs for the latest release. I’ll do that in the next minutes. Until that you can use the commands from GitHub - greenbone/gsa: Greenbone Security Assistant - The web frontend for the Greenbone Vulnerability Management (GVM) framework

Ok, thanks for changing the documentation. But now I get the following error message:

~/source/gsa-21.4.4# yarn
00h00m00s 0/0: : ERROR: There are no scenarios; must have at least one.

Can you try using yarnpkg instead of yarn? Debian installs yarn as yarnpkg. I’ve updated the docs accordingly (Building GVM 21.04 — Greenbone Documentation documentation)

Thanks very much. yarnpkg worked. The GSA build process has now gone smoothly.

However, I get more error messages in the course of the further build processes.

During the gsad build, the copy job fails to copy the gsad.service file to the lib directory.

~/build/gsad# cp -rv $INSTALL_DIR/* /
'/root/install/etc/gvm/gsad_log.conf' -> '/etc/gvm/gsad_log.conf'
'/root/install/etc/logrotate.d/gsad' -> '/etc/logrotate.d/gsad'
cp: overwriting non‐directory '/lib' with directory '/root/install/lib' is not possible.
'/root/install/run/gsad' -> '/run/gsad'
'/root/install/usr/local/sbin/gsad' -> '/usr/local/sbin/gsad'
'/root/install/usr/local/share/man/man8/gsad.8' -> '/usr/local/share/man/man8/gsad.8'

A manual copy worked!

Now I’m stuck on a pythen3 call during the installation of ospd-openvas. It seems that temporary data is not found here.

~/source/ospd-openvas-21.4.4# python3 -m pip install . --prefix=$INSTALL_PREFIX --root=$INSTALL_DIR --no-warn-script-location
Processing /root/source/ospd-openvas-21.4.4
  Installing build dependencies ... done
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/usr/lib/python3.7/tokenize.py", line 447, in open
        buffer = _builtin_open(filename, 'rb')
    FileNotFoundError: [Errno 2] No such file or directory: '/tmp/pip-req-build-9hksibfi/setup.py'

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-req-build-9hksibfi/

The temporary directory does not exist.

Building now!
Thanks

Good afternoon!
I have the same situation as ChristianS.

Could you try updating pip via python3 -m pip install -U pip first. Maybe it uses a very old version. I’ve tried to reproduce the ospd-openvas installation issue without success.

Thanks, it worked.!!!

I encountered the same exact issue with compiling ospd-openvas that @ChristianS had, and running
python3 -m pip install -U pip did seem to help a bit, but in that same python3 -m pip install . --prefix=$INSTALL_PREFIX --root=$INSTALL_DIR --no-warn-script-location step got tripped up on a permissions issue, according to the message.

Here’s the message I got:

Collecting pip
  Downloading https://files.pythonhosted.org/packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl (2.1MB)
    100% |████████████████████████████████| 2.1MB 856kB/s
Installing collected packages: pip
Successfully installed pip-22.0.4
Processing /home/user/source/ospd-openvas-21.4.4
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... done
Collecting deprecated<2.0.0,>=1.2.10
  Downloading Deprecated-1.2.13-py2.py3-none-any.whl (9.6 kB)
Collecting paramiko<3.0.0,>=2.7.1
  Downloading paramiko-2.10.3-py2.py3-none-any.whl (211 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 211.9/211.9 KB 2.3 MB/s eta 0:00:00
Collecting packaging<21.0,>=20.4
  Downloading packaging-20.9-py2.py3-none-any.whl (40 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 40.9/40.9 KB 8.5 MB/s eta 0:00:00
Collecting lxml<5.0.0,>=4.5.2
  Downloading lxml-4.8.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl (6.4 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 6.4/6.4 MB 8.5 MB/s eta 0:00:00
Requirement already satisfied: psutil<6.0.0,>=5.5.1 in /usr/lib/python3/dist-packages (from ospd-openvas==21.4.4) (5.5.1)
Collecting redis<4.0.0,>=3.5.3
  Downloading redis-3.5.3-py2.py3-none-any.whl (72 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 72.1/72.1 KB 15.0 MB/s eta 0:00:00
Collecting defusedxml<0.8,>=0.6
  Downloading defusedxml-0.7.1-py2.py3-none-any.whl (25 kB)
Requirement already satisfied: wrapt<2,>=1.10 in /usr/lib/python3/dist-packages (from deprecated<2.0.0,>=1.2.10->ospd-openvas==21.4.4) (1.10.11)
Requirement already satisfied: pyparsing>=2.0.2 in /usr/lib/python3/dist-packages (from packaging<21.0,>=20.4->ospd-openvas==21.4.4) (2.2.0)
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from paramiko<3.0.0,>=2.7.1->ospd-openvas==21.4.4) (1.12.0)
Requirement already satisfied: bcrypt>=3.1.3 in /usr/lib/python3/dist-packages (from paramiko<3.0.0,>=2.7.1->ospd-openvas==21.4.4) (3.1.6)
Requirement already satisfied: pynacl>=1.0.1 in /usr/lib/python3/dist-packages (from paramiko<3.0.0,>=2.7.1->ospd-openvas==21.4.4) (1.3.0)
Requirement already satisfied: cryptography>=2.5 in /usr/lib/python3/dist-packages (from paramiko<3.0.0,>=2.7.1->ospd-openvas==21.4.4) (2.6.1)
Building wheels for collected packages: ospd-openvas
  Building wheel for ospd-openvas (pyproject.toml) ... done
  Created wheel for ospd-openvas: filename=ospd_openvas-21.4.4-py3-none-any.whl size=107805 sha256=9c52c67720463d457250b5fd66e6f39bd8a8a582537fd34fbc2301ced16e57da
  Stored in directory: /home/user/.cache/pip/wheels/a4/7f/c1/de51e892c6e247b6ad91dfcca9de7680b4f30efe9c5617b61f
Successfully built ospd-openvas
Installing collected packages: redis, paramiko, packaging, lxml, deprecated, defusedxml, ospd-openvas
  Attempting uninstall: redis
    Found existing installation: redis 3.2.1
    Uninstalling redis-3.2.1:
ERROR: Could not install packages due to an OSError: [Errno 13] Permission denied: 'utils.py'
Consider using the `--user` option or check the permissions.

cp: cannot stat '/home/user/install/*': No such file or directory

The rest of the install proceeds as expected. When attempting to start the ospd-openvas service towards the end, it fails and doesn’t start. The other services start and operate fine from what I can tell:

Created symlink /etc/systemd/system/multi-user.target.wants/ospd-openvas.service → /etc/systemd/system/ospd-openvas.service.
Created symlink /etc/systemd/system/multi-user.target.wants/gvmd.service → /etc/systemd/system/gvmd.service.
Created symlink /etc/systemd/system/greenbone-security-assistant.service → /etc/systemd/system/gsad.service.
Created symlink /etc/systemd/system/multi-user.target.wants/gsad.service → /etc/systemd/system/gsad.service.
Job for ospd-openvas.service failed because the control process exited with error code.
See "systemctl status ospd-openvas.service" and "journalctl -xe" for details.

Running sudo journalctl -xe gives me:

user@GBTEMP:~$ sudo journalctl -xe
--
-- The job identifier is 1232.
Mar 23 10:28:47 GBTEMP systemd[24681]: ospd-openvas.service: Failed to execute command: No such file or directory
Mar 23 10:28:47 GBTEMP systemd[24681]: ospd-openvas.service: Failed at step EXEC spawning /usr/local/bin/ospd-openvas: No such file or directory
-- Subject: Process /usr/local/bin/ospd-openvas could not be executed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The process /usr/local/bin/ospd-openvas could not be executed and failed.
--
-- The error number returned by this process is ERRNO.
Mar 23 10:28:47 GBTEMP systemd[1]: ospd-openvas.service: Control process exited, code=exited, status=203/EXEC
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- An ExecStart= process belonging to unit ospd-openvas.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 203.
Mar 23 10:28:47 GBTEMP systemd[1]: ospd-openvas.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit ospd-openvas.service has entered the 'failed' state with result 'exit-code'.
Mar 23 10:28:47 GBTEMP systemd[1]: Failed to start OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
-- Subject: A start job for unit ospd-openvas.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit ospd-openvas.service has finished with a failure.
--
-- The job identifier is 1232 and the job result is failed.
Mar 23 10:29:18 GBTEMP sudo[24719]:     user : TTY=pts/0 ; PWD=/home/user ; USER=root ; COMMAND=/usr/bin/journalctl -xe
Mar 23 10:29:18 GBTEMP sudo[24719]: pam_unix(sudo:session): session opened for user root by user(uid=0)

Running sudo systemctl status ospd-openvas gives me:

ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
   Loaded: loaded (/etc/systemd/system/ospd-openvas.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Wed 2022-03-23 10:29:47 EDT; 46s ago
     Docs: man:ospd-openvas(8)
           man:openvas(8)
  Process: 24741 ExecStart=/usr/local/bin/ospd-openvas --unix-socket /run/ospd/ospd-openvas.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas --socket-mode 0o770 (code=exited, status=203/EXEC)

This is performed on a clean, fresh installation of Debian 10 Buster in a VM. APT states all packages are up-to-date prior to the installation process. Normally I run it from an install script I set up based on the instructions for building GBSE, but running each command one at a time has the same result.

If this is posted in the wrong location or needs its own thread, let me know.
Any assistance is much appreciated. Thank you for your time.

Strange, I get this error:

root@f90f57717d70:~/sources/gsa-21.4.4# yarnpkg
internal/modules/cjs/loader.js:905
  throw err;
  ^

Error: Cannot find module '@babel/runtime/helpers/interopRequireWildcard'
Require stack:
- /usr/share/nodejs/yarn/lib/cli/index.js
- /usr/share/nodejs/yarn/bin/yarn.js
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:902:15)
    at Function.Module._load (internal/modules/cjs/loader.js:746:27)
    at Module.require (internal/modules/cjs/loader.js:974:19)
    at require (internal/modules/cjs/helpers.js:101:18)
    at Object.<anonymous> (/usr/share/nodejs/yarn/lib/cli/index.js:3:31)
    at Module._compile (internal/modules/cjs/loader.js:1085:14)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
    at Module.load (internal/modules/cjs/loader.js:950:32)
    at Function.Module._load (internal/modules/cjs/loader.js:790:12)
    at Module.require (internal/modules/cjs/loader.js:974:19) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [
    '/usr/share/nodejs/yarn/lib/cli/index.js',
    '/usr/share/nodejs/yarn/bin/yarn.js'
  ]
}

I’m in this dir:

root@f90f57717d70:~/sources/gsa-21.4.4# ls
CHANGELOG.md  LICENSE  README.md  RELEASE.md  changelog  changelog.toml  jsconfig.json  package.json  public  scripts  src  yarn.lock

I suppose I’ve installed all dependencies:

root@f90f57717d70:~/sources/gsa-21.4.4# apt-file search /usr/share/nodejs/yarn/bin/yarn.js
yarnpkg: /usr/share/nodejs/yarn/bin/yarn.js

root@f90f57717d70:~/sources/gsa-21.4.4# apt-file search /usr/share/nodejs/yarn/lib/cli/index.js
yarnpkg: /usr/share/nodejs/yarn/lib/cli/index.js
yarnpkg: /usr/share/nodejs/yarn/lib/cli/index.js.map

root@f90f57717d70:~/sources/gsa-21.4.4# apt install yarnpkg
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
yarnpkg is already the newest version (1.22.10+~cs22.25.14-3).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

And also installed this one, since it complained about that file as well:

root@f90f57717d70:~/sources/gsa-21.4.4# dpkg -L node-babel7 | grep Wildcard
/usr/share/nodejs/@babel/runtime-corejs2/helpers/esm/interopRequireWildcard.js
/usr/share/nodejs/@babel/runtime-corejs2/helpers/interopRequireWildcard.js
/usr/share/nodejs/@babel/runtime-corejs3/helpers/esm/interopRequireWildcard.js
/usr/share/nodejs/@babel/runtime-corejs3/helpers/interopRequireWildcard.js

root@f90f57717d70:~/sources/gsa-21.4.4# dpkg -l yarnpkg 
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version               Architecture Description
+++-==============-=====================-============-=========================================
ii  yarnpkg        1.22.10+~cs22.25.14-3 all          Fast, reliable and secure npm alternative

It seems there is an already installed version of the python redis library. Can you try to run apt remove python3-redis and afterwards python3 -m pip install . --prefix=$INSTALL_PREFIX --root=$INSTALL_DIR --no-warn-script-location again?

Just tested in a clean Debian container and followed the steps manually. There it works. So I guess I do something wrong in my Dockerfile. I’ll figure it out.

I found the problem, I followed this installation guide. Which instructs the user to install nodejs from a 3rd party repo. However, this installation guide does not give this instruction. When not upgrading nodejs, everything works.

Could someone please advice which documentation is leading and mostly maintained? I always follow the README docs in the GitHub projects. This causes issues more often, so maybe I’m just reading the wrong docs?

Did this. It resolved the error, but only for that package. It also errored out for python3-packaging, python3-lxml, python3-defusedxml, python3-paramiko, python3-redis in total.

I followed this guide: Building GVM 21.04 — Greenbone Documentation documentation

During the ospd-openvas compile and install section, it explicitly states to install these packages prior to pulling the GitHub code and compiling. If these packages don’t need to be installed prior to complation, I’m not sure why it requests this explicitly here:

ospd-openvas instructions705×928 35 KB

Altogether, here are the adjustments I had to make to my installation script:

export OSPD_OPENVAS_VERSION=$GVM_VERSION

sudo apt install -y \
  python3 \
  python3-pip \
  python3-setuptools \
#  python3-packaging \
  python3-wrapt \
  python3-cffi \
  python3-psutil \
#  python3-lxml \
#  python3-defusedxml \
#  python3-paramiko \
#  python3-redis
  
curl -f -L https://github.com/greenbone/ospd-openvas/archive/refs/tags/v$OSPD_OPENVAS_VERSION.tar.gz -o $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz
curl -f -L https://github.com/greenbone/ospd-openvas/releases/download/v$OSPD_OPENVAS_VERSION/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz.asc -o $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz.asc

gpg --verify $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz.asc $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz

tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION.tar.gz

cd $SOURCE_DIR/ospd-openvas-$OSPD_OPENVAS_VERSION

# Removing dependency from gvmd. Causes ospd-openvas install to fail.
sudo apt remove -y \
  python3-lxml

# New command recommended from forum. Updates pip.
python3 -m pip install -U pip

python3 -m pip install . --prefix=$INSTALL_PREFIX --root=$INSTALL_DIR --no-warn-script-location

sudo cp -rv $INSTALL_DIR/* /

rm -rf $INSTALL_DIR/*

After those adjustments were made, ospd-openvas installs correctly and runs as expected after the Greenbone installation is all said and done. Perhaps the instructions I’ve found are outdated or not the correct set to follow. If so, I’d love to have an authoritative location for updated GSE install commands, as @AquaL1te mentioned.

Thank you again for your time, @bricks!

I’ve just tested the installation of ospd-openvas with Debian stable (Bullseye) because of opsd-openvas install failed · Issue #81 · greenbone/docs · GitHub

If I am right you are using Debian oldstable (Buster). In that case some python packages installed via the distribution (apt install) might be indeed to old for ospd-openvas.

I was indeed using Debian 10 Buster. I noticed the instructions have changed accordingly. I spun up a Debian 11 Bullseye VM from a Debian Bullseye netinst ISO and attempted running the updated instructions provided in the Greenbone Docs.

The postgresql-server-dev-11 package isn’t available in the Debian Bullseye repos. It results in the following message during the gvmd section:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package postgresql-server-dev-11
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done

It causes this further down the line when compiling:

user@Greenbone:~/build/gvmd$ cmake $SOURCE_DIR/gvmd-$GVMD_VERSION \
>   -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
>   -DCMAKE_BUILD_TYPE=Release \
>   -DLOCALSTATEDIR=/var \
>   -DSYSCONFDIR=/etc \
>   -DGVM_DATA_DIR=/var \
>   -DGVM_RUN_DIR=/run/gvm \
>   -DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd-openvas.sock \
>   -DGVM_FEED_LOCK_PATH=/var/lib/gvm/feed-update.lock \
>   -DSYSTEMD_SERVICE_DIR=/lib/systemd/system \
>   -DDEFAULT_CONFIG_DIR=/etc/default \
>   -DLOGROTATE_DIR=/etc/logrotate.d
-- Configuring Greenbone Vulnerability Manager...
-- The C compiler identification is GNU 10.2.1
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.2")
-- Could NOT find Git (missing: GIT_EXECUTABLE)
-- Install prefix: /usr/local
-- Looking for pthread.h
-- Looking for pthread.h - found
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Failed
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - found
-- Found Threads: TRUE
-- Checking for module 'libgvm_base>=21.4.1'
--   Found libgvm_base, version 21.4.4
-- Checking for module 'libgvm_util>=21.4.1'
--   Found libgvm_util, version 21.4.4
-- Checking for module 'libgvm_osp>=21.4.1'
--   Found libgvm_osp, version 21.4.4
-- Checking for module 'libgvm_gmp>=21.4.1'
--   Found libgvm_gmp, version 21.4.4
-- Checking for module 'gnutls>=3.2.15'
--   Found gnutls, version 3.7.1
-- Checking for module 'glib-2.0>=2.42'
--   Found glib-2.0, version 2.66.8
-- Checking for module 'libical>=1.00'
--   Found libical, version 3.0.9
-- Looking for PostgreSQL...
CMake Error at cmake/FindPackageHandleStandardArgs.cmake:165 (message):
  Could NOT find PostgreSQL (missing: PostgreSQL_TYPE_INCLUDE_DIR) (found
  version "13.5")
Call Stack (most recent call first):
  cmake/FindPackageHandleStandardArgs.cmake:458 (_FPHSA_FAILURE_MESSAGE)
  cmake/FindPostgreSQL.cmake:247 (find_package_handle_standard_args)
  src/CMakeLists.txt:43 (find_package)


-- Configuring incomplete, errors occurred!
See also "/home/user/build/gvmd/CMakeFiles/CMakeOutput.log".
See also "/home/user/build/gvmd/CMakeFiles/CMakeError.log".
user@Greenbone:~/build/gvmd$

Another package changed names from python-impacket to python3-impacket:

Package python-impacket is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
  python3-impacket

E: Package 'python-impacket' has no installation candidate

As the instructions are currently written, gvmd fails to compile on Debian 11 Bullseye (Stable) for me.

Thanks again for your efforts. Just trying to get this all sorted out.

Update: I changed the packages installed from postgresql-server-dev-11 to postgresql-server-dev-13 and from python-impacket to python3-impacket and everything seems to compile and operate correctly on Debian 11 Bullseye.

I had to modify the command from sudo systemctl start postgresql@11-main to sudo systemctl start postgresql@13-main accordingly for starting the database in a later step. I also noted that disabling the JIT feature on PostgreSQL 13 is needed as well due to performance issues.

No further issues so far. Thank you @bricks for your support!