Arch Linux User Repository

due to gsa developers using node.js 10 (for debian Buster) and archlinux uses node.js 17 then the solution is now only in jpoppe's comment, namely to execute yarn upgrade in the gsa directory before building

see https://github.com/greenbone/gsa/issues/3422

@fortw the problem is a package community/greenbone-security-assistant 9.0.1-1 in the standard repositories.

@TechVio and @mfulz

The issue is probably that the version of PostCSS which is used by the styled-components package is incompatible with Node 17.

Upgrading the yarn dependencies fixed it for me, for example edit the PKGBUILD like this:

build() {
  cd "${pkgname}-${pkgver}"

  cd gsa
  yarn upgrade
  cd ..

  cmake -DCMAKE_BUILD_TYPE=Release -DSBINDIR=/usr/bin \
    -DCMAKE_INSTALL_PREFIX=/usr -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var .
  make
}

The upgraded packages are untested, so need to wait for upstream fix or older Node version if you don't want this work around.

@mfulz i get this error when installing gsa (yay)

==> Making package: gsa 21.4.2-4 (Fri Dec 10 19:07:11 2021)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Found gsa-21.4.2.tar.gz
  -> Found gsad.service
  -> Found gsad
==> Validating source files with sha512sums...
    gsa-21.4.2.tar.gz ... Passed
    gsad.service ... Passed
    gsad ... Passed
==> Removing existing $srcdir/ directory...
==> Extracting sources...
  -> Extracting gsa-21.4.2.tar.gz with bsdtar
==> Sources are ready.
==> Making package: gsa 21.4.2-4 (Fri Dec 10 19:07:14 2021)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> WARNING: Using existing $srcdir/ tree
==> Starting build()...
-- Configuring Greenbone Security Assistant
-- The C compiler identification is GNU 11.1.0
-- The CXX compiler identification is GNU 11.1.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found Git: /usr/bin/git (found version "2.34.1") 
-- Install prefix: /usr
-- Configuring gsa
-- Found Node: /home/techvio/.nvm/versions/node/v17.2.0/bin/node (found suitable version "17.2.0", minimum required is "10.0") 
-- Could not find yarn executable. Please install yarn (see https://yarnpkg.com/) (missing: YARN_EXECUTABLE) (Required is at least version "1.0")
CMake Warning at gsa/CMakeLists.txt:60 (MESSAGE):
  Yarn package manager not found.  Please install yarn for reproducible
  builds (see https://yarnpkg.com/en/docs/install).  Trying to use npm
  instead.


-- Found Node: /home/techvio/.nvm/versions/node/v17.2.0/bin/node (found version "17.2.0") 
-- Found Npm: /home/techvio/.nvm/versions/node/v17.2.0/bin/npm  
-- Building gsa version 21.4.2
-- Configuring gsad
-- Building gsad version 21.4.2
-- Looking for clang-format...
-- clang-format not found.
-- Found PkgConfig: /usr/bin/pkg-config (found version "1.8.0") 
-- Checking for module 'libmicrohttpd>=0.9.0'
--   Found libmicrohttpd, version 0.9.73
-- Checking for module 'libxml-2.0'
--   Found libxml-2.0, version 2.9.12
-- Checking for module 'glib-2.0>=2.42'
--   Found glib-2.0, version 2.70.1
-- Checking for module 'libgvm_base>=21.4.1'
--   Found libgvm_base, version 21.4.2
-- Checking for module 'libgvm_util>=21.4.1'
--   Found libgvm_util, version 21.4.2
-- Checking for module 'libgvm_gmp>=21.4.1'
--   Found libgvm_gmp, version 21.4.2
-- Checking for module 'gnutls>=3.2.15'
--   Found gnutls, version 3.7.2
-- Looking for libgcrypt...
-- Looking for libgcrypt... /usr/lib/libgcrypt.so
-- Looking for pthread.h
-- Looking for pthread.h - found
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Failed
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - found
-- Found Threads: TRUE  
-- Found Doxygen: /usr/bin/doxygen (found version "1.9.2") found components: doxygen dot 
-- Looking for xmltoman...
-- Looking for xmltoman... /usr/bin/xmltoman
-- Looking for xmlmantohtml... /usr/bin/xmlmantohtml
-- Configuring done
-- Generating done
-- Build files have been written to: /home/techvio/.cache/yay/gsa/src/gsa-21.4.2
[  5%] Install gsa js dependencies
npm WARN deprecated ini@1.3.5: Please update to ini >=1.3.6 to avoid a prototype pollution issue
npm WARN deprecated jest-environment-jsdom-sixteen@2.0.0: jest@26 ships with jsdom@16, so there is no reason to use this module
npm WARN deprecated flatten@1.0.2: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated @hapi/topo@3.1.3: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated @hapi/address@2.0.0: Moved to 'npm install @sideway/address'
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated @hapi/hoek@8.2.0: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated i18next-xhr-backend@3.2.2: replaced by i18next-http-backend
npm WARN deprecated buffer@4.9.1: This version of 'buffer' is out-of-date. You must update to v4.9.2 or newer
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated svgo@1.3.0: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated popper.js@1.16.1: You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1
npm WARN deprecated highlight.js@10.4.0: Potential vulnerability. Please upgrade to @latest
npm WARN deprecated core-js@1.2.7: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@2.6.10: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.

added 2888 packages, and audited 2889 packages in 5m

152 packages are looking for funding
  run `npm fund` for details

78 vulnerabilities (4 low, 32 moderate, 37 high, 5 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.
[ 11%] Build gsa install files

> gsa@21.4.2 build
> INLINE_RUNTIME_CHUNK=false react-scripts build

node:internal/modules/cjs/loader:488
      throw e;
      ^

Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './lib/tokenize' is not defined by "exports" in /home/techvio/.cache/yay/gsa/src/gsa-21.4.2/gsa/node_modules/postcss-safe-parser/node_modules/postcss/package.json
    at new NodeError (node:internal/errors:371:5)
    at throwExportsNotFound (node:internal/modules/esm/resolve:429:9)
    at packageExportsResolve (node:internal/modules/esm/resolve:683:3)
    at resolveExports (node:internal/modules/cjs/loader:482:36)
    at Function.Module._findPath (node:internal/modules/cjs/loader:522:31)
    at Function.Module._resolveFilename (node:internal/modules/cjs/loader:919:27)
    at Function.Module._load (node:internal/modules/cjs/loader:778:27)
    at Module.require (node:internal/modules/cjs/loader:999:19)
    at require (node:internal/modules/cjs/helpers:102:18)
    at Object.<anonymous> (/home/techvio/.cache/yay/gsa/src/gsa-21.4.2/gsa/node_modules/postcss-safe-parser/lib/safe-parser.js:1:17) {
  code: 'ERR_PACKAGE_PATH_NOT_EXPORTED'
}

Node.js v17.2.0
make[2]: *** [gsa/CMakeFiles/gsa.dir/build.make:1183: gsa/bundle.stamp] Error 1
make[1]: *** [CMakeFiles/Makefile2:176: gsa/CMakeFiles/gsa.dir/all] Error 2
make: *** [Makefile:136: all] Error 2
==> ERROR: A failure occurred in build().
    Aborting...
 -> error making: gsa

@mfulz That was the issue because systemd service was in /lib instead of /usr/lib. I've made a quick dirty fix (I'm not familiar with PKGBUILD guidelines, sorry). It's ugly, I'm sorry about it!

--- a/PKGBUILD
+++ b/PKGBUILD
@@ -32,6 +32,8 @@ package() {
   cd "${pkgname}-${pkgver}"
   make DESTDIR="${pkgdir}" install

+  install -d $pkgdir/lib $pkgdir/usr/lib
+  rm -r $pkgdir/lib
   install -d $pkgdir/usr/lib/systemd/system
   install -m 644 $srcdir/gsad.service $pkgdir/usr/lib/systemd/system
   install -d $pkgdir/etc/default

@alien2003 thanks I've realized this already but I don't know why this is happening -> Need to check it out

/lib exists in filesystem (owned by filesystem)

For some weird reason following the instructions on https://wiki.archlinux.org/index.php/OpenVAS I end up with the following problem:

gsad won't work because it can't find certain libgvm_(...).10 libraries which is weird since I'd assume that the gsad 20.x version would work with libs provided by gvm-libs-20. I copied these libgvm_(...).10 libs by hand from the official arch linux package lib-gvm's sources into /usr/lib/ and it worked fine. Can someone reproduce this?

I will check this out, but not sure if this is here not more a problem related to yay. I'm using aurutils and don't have any issue at all

Hi, could you change the name from gsa 20 to gsa-20 or something like that? the problem is that with yay this cannot be installed, as if yay -S gsa is called then the community/greenbone-security-assistant 9.0.1-1 (2.4 MiB 13.7 MiB) [greenbone-vulnerability-manager] from community will be installed instead... Not cool at all... Had to install from PKGBUILD