Arch Linux User Repository

I switched to the precompiled assets.
And I added a specific gsad package.

Currently build is broken. Complains about missing terser. But even with the package added as makedep it will still fail.
I currently don't know how to proceed as I don't really know npm/yarn and stuff.
Maybe it is also using newer packages than upstream gsa expects?

this is broken refer https://bbs.archlinux.org/viewtopic.php?id=283507

It seems like gsad is now a seperate tool: https://github.com/greenbone/gsad

Will check it out and work on a seperate package for it

you're right I'll check this out the next days

after installing this latest version, I no longer have a gsad binary at all. Not in /usr/bin/gsad so the systemd service fails. I cannot find it

due to gsa developers using node.js 10 (for debian Buster) and archlinux uses node.js 17 then the solution is now only in jpoppe's comment, namely to execute yarn upgrade in the gsa directory before building

see https://github.com/greenbone/gsa/issues/3422

@fortw the problem is a package community/greenbone-security-assistant 9.0.1-1 in the standard repositories.

@TechVio and @mfulz

The issue is probably that the version of PostCSS which is used by the styled-components package is incompatible with Node 17.

Upgrading the yarn dependencies fixed it for me, for example edit the PKGBUILD like this:

build() {
  cd "${pkgname}-${pkgver}"

  cd gsa
  yarn upgrade
  cd ..

  cmake -DCMAKE_BUILD_TYPE=Release -DSBINDIR=/usr/bin \
    -DCMAKE_INSTALL_PREFIX=/usr -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var .
  make
}

The upgraded packages are untested, so need to wait for upstream fix or older Node version if you don't want this work around.

@mfulz i get this error when installing gsa (yay)

==> Making package: gsa 21.4.2-4 (Fri Dec 10 19:07:11 2021)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Found gsa-21.4.2.tar.gz
  -> Found gsad.service
  -> Found gsad
==> Validating source files with sha512sums...
    gsa-21.4.2.tar.gz ... Passed
    gsad.service ... Passed
    gsad ... Passed
==> Removing existing $srcdir/ directory...
==> Extracting sources...
  -> Extracting gsa-21.4.2.tar.gz with bsdtar
==> Sources are ready.
==> Making package: gsa 21.4.2-4 (Fri Dec 10 19:07:14 2021)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> WARNING: Using existing $srcdir/ tree
==> Starting build()...
-- Configuring Greenbone Security Assistant
-- The C compiler identification is GNU 11.1.0
-- The CXX compiler identification is GNU 11.1.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found Git: /usr/bin/git (found version "2.34.1") 
-- Install prefix: /usr
-- Configuring gsa
-- Found Node: /home/techvio/.nvm/versions/node/v17.2.0/bin/node (found suitable version "17.2.0", minimum required is "10.0") 
-- Could not find yarn executable. Please install yarn (see https://yarnpkg.com/) (missing: YARN_EXECUTABLE) (Required is at least version "1.0")
CMake Warning at gsa/CMakeLists.txt:60 (MESSAGE):
  Yarn package manager not found.  Please install yarn for reproducible
  builds (see https://yarnpkg.com/en/docs/install).  Trying to use npm
  instead.


-- Found Node: /home/techvio/.nvm/versions/node/v17.2.0/bin/node (found version "17.2.0") 
-- Found Npm: /home/techvio/.nvm/versions/node/v17.2.0/bin/npm  
-- Building gsa version 21.4.2
-- Configuring gsad
-- Building gsad version 21.4.2
-- Looking for clang-format...
-- clang-format not found.
-- Found PkgConfig: /usr/bin/pkg-config (found version "1.8.0") 
-- Checking for module 'libmicrohttpd>=0.9.0'
--   Found libmicrohttpd, version 0.9.73
-- Checking for module 'libxml-2.0'
--   Found libxml-2.0, version 2.9.12
-- Checking for module 'glib-2.0>=2.42'
--   Found glib-2.0, version 2.70.1
-- Checking for module 'libgvm_base>=21.4.1'
--   Found libgvm_base, version 21.4.2
-- Checking for module 'libgvm_util>=21.4.1'
--   Found libgvm_util, version 21.4.2
-- Checking for module 'libgvm_gmp>=21.4.1'
--   Found libgvm_gmp, version 21.4.2
-- Checking for module 'gnutls>=3.2.15'
--   Found gnutls, version 3.7.2
-- Looking for libgcrypt...
-- Looking for libgcrypt... /usr/lib/libgcrypt.so
-- Looking for pthread.h
-- Looking for pthread.h - found
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Failed
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - found
-- Found Threads: TRUE  
-- Found Doxygen: /usr/bin/doxygen (found version "1.9.2") found components: doxygen dot 
-- Looking for xmltoman...
-- Looking for xmltoman... /usr/bin/xmltoman
-- Looking for xmlmantohtml... /usr/bin/xmlmantohtml
-- Configuring done
-- Generating done
-- Build files have been written to: /home/techvio/.cache/yay/gsa/src/gsa-21.4.2
[  5%] Install gsa js dependencies
npm WARN deprecated ini@1.3.5: Please update to ini >=1.3.6 to avoid a prototype pollution issue
npm WARN deprecated jest-environment-jsdom-sixteen@2.0.0: jest@26 ships with jsdom@16, so there is no reason to use this module
npm WARN deprecated flatten@1.0.2: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated @hapi/topo@3.1.3: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated @hapi/address@2.0.0: Moved to 'npm install @sideway/address'
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated @hapi/hoek@8.2.0: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated i18next-xhr-backend@3.2.2: replaced by i18next-http-backend
npm WARN deprecated buffer@4.9.1: This version of 'buffer' is out-of-date. You must update to v4.9.2 or newer
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
npm WARN deprecated svgo@1.3.0: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated popper.js@1.16.1: You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1
npm WARN deprecated highlight.js@10.4.0: Potential vulnerability. Please upgrade to @latest
npm WARN deprecated core-js@1.2.7: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@2.6.10: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.

added 2888 packages, and audited 2889 packages in 5m

152 packages are looking for funding
  run `npm fund` for details

78 vulnerabilities (4 low, 32 moderate, 37 high, 5 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.
[ 11%] Build gsa install files

> gsa@21.4.2 build
> INLINE_RUNTIME_CHUNK=false react-scripts build

node:internal/modules/cjs/loader:488
      throw e;
      ^

Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './lib/tokenize' is not defined by "exports" in /home/techvio/.cache/yay/gsa/src/gsa-21.4.2/gsa/node_modules/postcss-safe-parser/node_modules/postcss/package.json
    at new NodeError (node:internal/errors:371:5)
    at throwExportsNotFound (node:internal/modules/esm/resolve:429:9)
    at packageExportsResolve (node:internal/modules/esm/resolve:683:3)
    at resolveExports (node:internal/modules/cjs/loader:482:36)
    at Function.Module._findPath (node:internal/modules/cjs/loader:522:31)
    at Function.Module._resolveFilename (node:internal/modules/cjs/loader:919:27)
    at Function.Module._load (node:internal/modules/cjs/loader:778:27)
    at Module.require (node:internal/modules/cjs/loader:999:19)
    at require (node:internal/modules/cjs/helpers:102:18)
    at Object.<anonymous> (/home/techvio/.cache/yay/gsa/src/gsa-21.4.2/gsa/node_modules/postcss-safe-parser/lib/safe-parser.js:1:17) {
  code: 'ERR_PACKAGE_PATH_NOT_EXPORTED'
}

Node.js v17.2.0
make[2]: *** [gsa/CMakeFiles/gsa.dir/build.make:1183: gsa/bundle.stamp] Error 1
make[1]: *** [CMakeFiles/Makefile2:176: gsa/CMakeFiles/gsa.dir/all] Error 2
make: *** [Makefile:136: all] Error 2
==> ERROR: A failure occurred in build().
    Aborting...
 -> error making: gsa