Merge branch 'main' into batch-vt-sevs

.docker/build.Dockerfile

@@ -1,5 +1,5 @@
 # Define ARG we use through the build
-ARG VERSION=edge
+ARG VERSION=oldstable
 
 # We want gvm-libs to be ready so we use the build docker image of gvm-libs
 FROM greenbone/gvm-libs:$VERSION

.docker/prod.Dockerfile

@@ -1,5 +1,5 @@
-ARG VERSION=unstable
-ARG GVM_LIBS_VERSION=edge
+ARG VERSION=edge
+ARG GVM_LIBS_VERSION=oldstable
 ARG DEBIAN_FRONTEND=noninteractive
 
 FROM greenbone/gvmd-build:${VERSION} as builder

.github/workflows/build-and-test.yml

@@ -22,7 +22,7 @@ jobs:
   scan-build:
     name: scan-build (clang static analyzer)
     runs-on: ubuntu-latest
-    container: greenbone/gvmd-build:unstable
+    container: greenbone/gvmd-build:stable
     steps:
       - name: Check out gvmd
         uses: actions/checkout@v3
@@ -46,7 +46,7 @@ jobs:
   test-units:
     name: Unit Tests
     runs-on: ubuntu-latest
-    container: greenbone/gvmd-build:unstable
+    container: greenbone/gvmd-build:stable
     steps:
       - name: Check out gvmd
         uses: actions/checkout@v3

.github/workflows/build-container.yml

@@ -2,13 +2,15 @@ name: Build Container Image Builds
 
 on:
   push:
-    branches: [ main, stable, oldstable ]
+    branches:
+      - main
     tags: ["v*"]
     paths:
       - .github/workflows/build-container.yml
       - .docker/build.Dockerfile
   pull_request:
-    branches: [ main, stable, oldstable ]
+    branches:
+      - main
     paths:
       - .github/workflows/build-container.yml
       - .docker/build.Dockerfile
@@ -25,25 +27,32 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - uses: greenbone/actions/is-latest-tag@v2
+        id: latest
       - name: Setup container meta information
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: ${{ github.repository }}-build
           labels: |
             org.opencontainers.image.vendor=Greenbone
-            org.opencontainers.image.base.name=debian/stable-slim
+            org.opencontainers.image.base.name=greenbone/gvm-libs
           flavor: latest=false # no latest container tag for git tags
           tags: |
-            # create container tag for git tags
-            type=ref,event=tag
+            # use version, major.minor and major  for tags
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+            # use edge for default branch
+            type=edge
+
+            # set label for non-published pull request builds
             type=ref,event=pr
-            # use latest for stable branch
-            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }}
-            type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }}
-            type=raw,value=oldstable,enable=${{ github.ref == format('refs/heads/{0}', 'oldstable') }}
-            # use unstable for main branch
-            type=raw,value=unstable,enable={{is_default_branch}}
+
+            # when a new git tag is created set stable and a latest tags
+            type=raw,value=latest,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }}
+            type=raw,value=stable,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }}
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
         uses: docker/login-action@v2

.github/workflows/build-docs.yml

@@ -16,7 +16,7 @@ jobs:
   build-gmp-doc:
     name: Build GMP documentation
     runs-on: ubuntu-latest
-    container: greenbone/gvmd-build:latest
+    container: greenbone/gvmd-build:stable
     steps:
       - name: Check out gvmd
         uses: actions/checkout@v3

.github/workflows/codeql-analysis-c.yml

@@ -19,7 +19,7 @@ jobs:
       actions: read
       contents: read
       security-events: write
-    container: greenbone/gvmd-build:unstable
+    container: greenbone/gvmd-build:stable
 
     strategy:
       fail-fast: false

.github/workflows/container.yml

@@ -2,12 +2,13 @@ name: Container Image Builds
 
 on:
   push:
-    branches: [main, stable, oldstable]
+    branches:
+      - main
     tags: ["v*"]
   pull_request:
-    branches: [main, stable, oldstable]
+    branches:
+      - main
   workflow_dispatch:
-  repository_dispatch:
 
 jobs:
   images:
@@ -16,30 +17,32 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
+      - uses: greenbone/actions/is-latest-tag@v2
+        id: latest
       - name: Setup container meta information
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: ${{ github.repository }}
           labels: |
             org.opencontainers.image.vendor=Greenbone
-            org.opencontainers.image.base.name=debian/stable-slim
+            org.opencontainers.image.base.name=greenbone/gvm-libs
           flavor: latest=false # no latest container tag for git tags
           tags: |
-            # use container tag for git tags
-            type=match,pattern=v(.*),group=1
-            # use latest for latest tag from stable branch
-            type=raw,value=latest,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v22.4') }}
-            # use stable for latest 22.4 tag
-            type=raw,value=stable,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v22.4') }}
-            # use oldstable for latest 21.4 tag
-            type=raw,value=oldstable,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v21.4') }}
+            # use version, major.minor and major  for tags
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
             # use edge for default branch
             type=edge
-            # use branch-sha otherwise for pushes to branches other then main (will not be uploaded)
-            type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }}
-            # use pr-$PR_ID for pull requests (will not be uploaded)
+
+            # set label for non-published pull request builds
             type=ref,event=pr
+
+            # when a new git tag is created set stable and a latest tags
+            type=raw,value=latest,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }}
+            type=raw,value=stable,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }}
       - name: Login to Docker Registry
         if: github.event_name != 'pull_request'
         uses: docker/login-action@v2

.github/workflows/release-pontos.yml

@@ -1,34 +1,54 @@
-name: Release gvmd with pontos
+name: Release gvmd
 
 on:
   pull_request:
     types: [closed]
   workflow_dispatch:
+    inputs:
+      release-type:
+        type: choice
+        description: What kind of release do you want to do (pontos --release-type argument)?
+        options:
+          - patch
+          - minor
+          - major
+      release-version:
+        type: string
+        description: Set an explicit version, that will overwrite release-type. Fails if version is not compliant.
 
 jobs:
   build-and-release:
-    name: Create a new release with pontos
-    # If the event is a workflow_dispatch or the label 'make release' is set and PR is closed because of a merge
-    if: (github.event_name == 'workflow_dispatch') || (contains( github.event.pull_request.labels.*.name, 'make release') && github.event.pull_request.merged == true)
-    runs-on: "ubuntu-latest"
+    name: Create a new release
+    # If the event is a workflow_dispatch or on of the labels 'pre release',
+    # 'patch release', 'minor release' or 'major release' is set and PR is
+    # closed because of a merge
+    # NOTE: priority of set labes will be alpha > release-candidate > patch > minor > major,
+    #       so if 'major' and 'patch' labes are set, it will create a patch release.
+    if: |
+      ( github.event_name == 'workflow_dispatch') || (
+        ( contains(github.event.pull_request.labels.*.name, 'alpha release') ||
+          contains(github.event.pull_request.labels.*.name, 'rc release') ||
+          contains(github.event.pull_request.labels.*.name, 'patch release') ||
+          contains(github.event.pull_request.labels.*.name, 'minor release') ||
+          contains(github.event.pull_request.labels.*.name, 'major release')) &&
+          github.event.pull_request.merged == true )
+    runs-on: 'ubuntu-latest'
     steps:
-      - name: Setting the Reference
-        run: |
-          if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then
-            echo "RELEASE_REF=${{ github.ref_name }}" >> $GITHUB_ENV
-          else
-            echo "RELEASE_REF=${{ github.base_ref }}" >> $GITHUB_ENV
-          fi
+      - name: Selecting the Release type
+        id: release-type
+        uses: greenbone/actions/release-type@v2
+        with:
+          release-type-input: ${{ inputs.release-type }}
       - name: Release with release action
         uses: greenbone/actions/release@v2
         with:
-          python-version: "3.10"
-          conventional-commits: true
           github-user: ${{ secrets.GREENBONE_BOT }}
           github-user-mail: ${{ secrets.GREENBONE_BOT_MAIL }}
           github-user-token: ${{ secrets.GREENBONE_BOT_TOKEN }}
           gpg-key: ${{ secrets.GPG_KEY }}
           gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }}
           gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
-          strategy: calendar
-          ref: ${{ env.RELEASE_REF }}
+          release-type: ${{ steps.release-type.outputs.release-type }}
+          release-version: ${{ inputs.release-version }}
+          ref: ${{ steps.release-type.outputs.release-ref }}
+          versioning-scheme: "semver"

.gitignore

@@ -2,3 +2,4 @@ build/
 tags
 .ccls
 .vscode
+.venv

CMakeLists.txt

@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 22.4.1
+         VERSION 22.5.1
          LANGUAGES C)
 
 if (POLICY CMP0005)

cmake/FindPostgreSQL.cmake

@@ -87,7 +87,7 @@ set(PostgreSQL_ROOT_DIR_MESSAGE "Set the PostgreSQL_ROOT system variable to wher
 
 
 set(PostgreSQL_KNOWN_VERSIONS ${PostgreSQL_ADDITIONAL_VERSIONS}
-    "14" "13" "12" "11" "10" "9.6" "9.5" "9.4" "9.3" "9.2" "9.1" "9.0" "8.4" "8.3" "8.2" "8.1" "8.0")
+    "15" "14" "13" "12" "11" "10" "9.6" "9.5" "9.4" "9.3" "9.2" "9.1" "9.0" "8.4" "8.3" "8.2" "8.1" "8.0")
 
 # Define additional search paths for root directories.
 set( PostgreSQL_ROOT_DIRECTORIES

src/CMakeLists.txt

@@ -34,6 +34,7 @@ pkg_check_modules (GNUTLS REQUIRED gnutls>=3.2.15)
 pkg_check_modules (GLIB REQUIRED glib-2.0>=2.42)
 pkg_check_modules (LIBBSD REQUIRED libbsd)
 pkg_check_modules (LIBICAL REQUIRED libical>=1.00)
+pkg_check_modules (GPGME REQUIRED gpgme)
 
 message (STATUS "Looking for PostgreSQL...")
 find_program (PG_CONFIG_EXECUTABLE pg_config DOC "pg_config")
@@ -70,19 +71,22 @@ else (NOT XSLTPROC_EXECUTABLE)
   message (STATUS "Looking for xsltproc... ${XSLTPROC_EXECUTABLE}")
 endif (NOT XSLTPROC_EXECUTABLE)
 
-message (STATUS "Looking for gpgme...")
-find_library (GPGME gpgme)
-if (NOT GPGME)
-  message (SEND_ERROR "The gpgme library is required.")
-else (NOT GPGME)
-  message (STATUS "Looking for gpgme... ${GPGME}")
-  execute_process (COMMAND gpgme-config --cflags
-    OUTPUT_VARIABLE GPGME_CFLAGS
-    OUTPUT_STRIP_TRAILING_WHITESPACE)
-  execute_process (COMMAND gpgme-config --libs
-    OUTPUT_VARIABLE GPGME_LDFLAGS
-    OUTPUT_STRIP_TRAILING_WHITESPACE)
-endif (NOT GPGME)
+if (NOT GPGME_FOUND)
+  # fallback for older gpgme versions without gpgme.pc file
+  message (STATUS "Looking for gpgme...")
+  find_library (GPGME gpgme)
+  if (NOT GPGME)
+    message (SEND_ERROR "The gpgme library is required.")
+  else (NOT GPGME)
+    message (STATUS "Looking for gpgme... ${GPGME}")
+    execute_process (COMMAND gpgme-config --cflags
+      OUTPUT_VARIABLE GPGME_CFLAGS
+      OUTPUT_STRIP_TRAILING_WHITESPACE)
+    execute_process (COMMAND gpgme-config --libs
+      OUTPUT_VARIABLE GPGME_LDFLAGS
+      OUTPUT_STRIP_TRAILING_WHITESPACE)
+  endif (NOT GPGME)
+endif (NOT GPGME_FOUND)
 
 if (WITH_LIBTHEIA)
   find_package(Theia 1.0.0 REQUIRED)

src/gvmd.c

@@ -1886,6 +1886,7 @@ gvmd (int argc, char** argv, char *env[])
   static gchar *broker_address = NULL;
   static gchar *feed_lock_path = NULL;
   static int feed_lock_timeout = 0;
+  static int vt_ref_insert_size = VT_REF_INSERT_SIZE_DEFAULT;
   static gchar *vt_verification_collation = NULL;
 
   GString *full_disable_commands = g_string_new ("");
@@ -2210,6 +2211,11 @@ gvmd (int argc, char** argv, char *env[])
           &print_version,
           "Print version and exit.",
           NULL },
+        { "vt-ref-insert-size", '\0', 0, G_OPTION_ARG_INT,
+          &vt_ref_insert_size,
+          "Max number of VT refs to insert per statement during VT update,"
+          " 0 for unlimited, default: "
+          G_STRINGIFY (VT_REF_INSERT_SIZE_DEFAULT), "<number>" },
         { "vt-verification-collation", '\0', 0, G_OPTION_ARG_STRING,
           &vt_verification_collation,
           "Set collation for VT verification to <collation>, omit or leave"
@@ -2293,10 +2299,12 @@ gvmd (int argc, char** argv, char *env[])
   /* Set the connection auto retry */
   set_scanner_connection_retry (scanner_connection_retry);
 
-  /* Set SecInfo update commit size */
+  /* Set SQL sizes */
 
   set_secinfo_commit_size (secinfo_commit_size);
 
+  set_vt_ref_insert_size (vt_ref_insert_size);
+
   /* Set VT verification collation override */
   set_vt_verification_collation (vt_verification_collation);