@bricks
The greenbone containers everytime I pull, the new images are build and breaking changes occur.
Eg: Earlier I used gvmd 25.1.0 version working fine on python 3.10, now suddenly i deleted all containers and pulled again, now gvmd version became 25.2.0.
gvm-cli is not working anymore. On investigating, the gvm-tools container is using python 3.11. Now do you expect someone to upgrade python 3.10 to any other version just like that. It will result in heavy unstable system upgrading python just to support greenbone containers and install the correct version of gvm-tools.
GVMd 25.2.0 requires gvm-cli 25.3.0 (API version 26.1.0) version since i am using python 3.10 gvm tools version is always gvm-cli 25.3.0 (API version 24.8.0)
Now how to handle this situation.
Using gvm-tools using the docker run as shown below is taking 10 to 20 seconds.
If gvm-cli is installed locally it is very quick to run. I dont want to run docker run gvm-tools just to make things work.
Suggest a way either how to pin the versions of containers in docker compose file so i pull always the right version.
It is so bad that such a great tool has poor versioning and breaking changes
Is there any tracker or changelog where what versions of gvmd, pg, redis, gsa, openvas etc. were used to build the compose file together
If it does not work then tell me how to use gvm-cli with SSH. Using SSH is throwing authentication error
ubuntu@ubuntu-dev-vulnscanner-1:~$ gvm-cli --gmp-username admin --gmp-password admin ssh --hostname 127.0.0.1 --xml "<get_version/>"
/home/ubuntu/.local/lib/python3.10/site-packages/paramiko/pkey.py:82: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
"cipher": algorithms.TripleDES,
/home/ubuntu/.local/lib/python3.10/site-packages/paramiko/transport.py:253: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
"class": algorithms.TripleDES,
ERROR:gvmtools.cli:SSH Connection failed: Authentication failed.
If rest API is present , then how to use it. It supports TLS but I gsa and all are running on http and its not working. How to properly use TLS. There is literally no proper documentation at all.
you should take a look at the GitHub projects of all our components. The releases are published there and all of them contain a list of the changes. Also the container images are build and published from these projects. It’s all open.
I am not sure what you are expecting and saying here. gvm-tools itself is running on Python version >=3.9.2. If the provided container image doesn’t fit for you just build your own or run it from your docker host. We are of course updating our containers with never versions of software. This includes the Python version. I don’t have a clue why this might be an issue.
You are free to pin all images in your compose files. All docker images are tagged also with {major version}, {major version}.{minor version} and {major version}.{minor version}.{patch version}. So you want a specific version just use registry.community.greenbone.net/community/gvmd:25.1.0. If you want the latest container image containing only fixes use registry.community.greenbone.net/community/gvmd:25.1. If you want new features but only compatible changes use registry.community.greenbone.net/community/gvmd:25.
The meaning of stable is misunderstand able. It always contains the latest released version which might include breaking changes. It’s not something like an LTS. It means it’s build on top of Debian stable. We also provide image tags for Debian testing and oldstable.
I don’t know what’s your right version. This depends on your expectations.
But stableshould work. If not report it here or on GitHub if you have further information for the developers and know which component does have an issue. This also helps us to fix issues as fast as possible which then will be provided with a new stable image too.
SSH and TLS access are not documented. For SSH you need to forward the SSH connection to the local unix domain socket for example via netcat. For TLS you need to create certs and adjust the starting parameters of gvmd and gsad.
There is no official REST interface. The container of openvas scanner will provide a REST interface in near future and gsad provides some kind of REST interface for the web fronted GSA. The interface of gsad is undocumented and not official.