Change: Replace CPE xml_split with XML iterator

.docker/prod.Dockerfile

@@ -100,7 +100,6 @@ RUN apt-get update && \
     texlive-fonts-recommended \
     texlive-latex-extra \
     wget \
-    xml-twig-tools \
     xmlstarlet \
     xsltproc \
     zip && \

INSTALL.md

@@ -705,9 +705,6 @@ Prerequisites for S/MIME support (e.g. email encryption):
 Prerequisites for certificate generation:
 * GnuTLS certtool (Debian package: gnutls-bin)
 
-Prerequisites (recommended) to lower sync RAM usage
-* xml_split (Debian package: xml-twig-tools)
-
 ## Static code analysis with the Clang Static Analyzer
 
 If you want to use the Clang Static Analyzer (https://clang-analyzer.llvm.org/)

src/CMakeLists.txt

@@ -26,10 +26,10 @@ find_package (Threads)
 ## list and throw an error, otherwise long install-cmake-install-cmake cycles
 ## might occur.
 
-pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.8)
-pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.8)
-pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.8)
-pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.8)
+pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.9)
+pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.9)
+pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.9)
+pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.9)
 pkg_check_modules (GNUTLS REQUIRED gnutls>=3.2.15)
 pkg_check_modules (GLIB REQUIRED glib-2.0>=2.42)
 pkg_check_modules (LIBBSD REQUIRED libbsd)
@@ -55,14 +55,6 @@ elseif ((CMAKE_MATCH_1 EQUAL 9 AND CMAKE_MATCH_2 LESS 6)
   message (STATUS "PostgreSQL version ${CMAKE_MATCH_1}.${CMAKE_MATCH_2}${CMAKE_MATCH_3}")
 endif (NOT CMAKE_MATCH_1)
 
-message (STATUS "Looking for xml_split...")
-find_program (XML_SPLIT_EXECUTABLE xml_split DOC "xml_split")
-if (NOT XML_SPLIT_EXECUTABLE)
-  message (WARNING "xml_split is recommended to reduce SCAP sync memory usage (Debian package xml-twig-tools).")
-else (NOT XML_SPLIT_EXECUTABLE)
-  message (STATUS "Looking for xml_split... ${XML_SPLIT_EXECUTABLE}")
-endif (NOT XML_SPLIT_EXECUTABLE)
-
 message (STATUS "Looking for xsltproc...")
 find_program (XSLTPROC_EXECUTABLE xsltproc DOC "xsltproc")
 if (NOT XSLTPROC_EXECUTABLE)

src/manage.h

@@ -3449,6 +3449,9 @@ setting_iterator_comment (iterator_t*);
 const char*
 setting_iterator_value (iterator_t*);
 
+int
+setting_value_int (const char *, int *);
+
 int
 modify_setting (const gchar *, const gchar *, const gchar *, gchar **);
 

src/manage_sql.c

@@ -328,9 +328,6 @@ static void
 set_credential_snmp_secret (credential_t, const char *, const char *,
                             const char *);
 
-static int
-setting_value_int (const char *, int *);
-
 static int
 setting_auto_cache_rebuild_int ();
 
@@ -16005,6 +16002,19 @@ check_db_settings ()
          "  'Delta Reports Version',"
          "  'Version of the generation of the Delta Reports.',"
          "  '2' );");
+
+  if (sql_int ("SELECT count(*) FROM settings"
+               " WHERE uuid = '" SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD "'"
+               " AND " ACL_IS_GLOBAL () ";")
+      == 0)
+    sql ("INSERT into settings (uuid, owner, name, comment, value)"
+         " VALUES"
+         " ('" SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD "', NULL,"
+         "  'SecInfo SQL Buffer Threshold',"
+         "  'Buffer size threshold in MiB for running buffered SQL statements'"
+         "  || ' in SecInfo updates before the end of the file'"
+         "  || ' being processed.',"
+         "  '100' );");
 }
 
 /**
@@ -51978,7 +51988,7 @@ setting_value (const char *uuid, char **value)
  *
  * @return 0 success, -1 error.
  */
-static int
+int
 setting_value_int (const char *uuid, int *value)
 {
   gchar *quoted_uuid;
@@ -52683,6 +52693,8 @@ setting_name (const gchar *uuid)
     return "Feed Import Roles";
   if (strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION) == 0)
     return "Delta Reports Version";
+  if (strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD) == 0)
+    return "SecInfo SQL Buffer Threshold";
 
   return NULL;
 }
@@ -52722,12 +52734,15 @@ setting_description (const gchar *uuid)
     return "Roles given access to new resources from feed.";
   if (strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION) == 0)
     return "Version of the generation of the Delta Reports.";
+  if (strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD) == 0)
+    return "Buffer size threshold in MiB for running buffered SQL statements"
+           " in SecInfo updates before the end of the file being processed.";
 
   return NULL;
 }
 
 /**
- * @brief Get the name of a setting.
+ * @brief Verify the value of a setting.
  *
  * @param[in]  uuid   UUID of setting.
  * @param[in]  value  Value of setting, to verify.
@@ -52815,6 +52830,14 @@ setting_verify (const gchar *uuid, const gchar *value, const gchar *user)
         return 1;
     }
 
+  if (strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD))
+    {
+      int threshold;
+      threshold = atoi (value);
+      if (threshold < 0 || threshold > (INT_MAX / 1048576))
+        return 1;
+    }
+
   return 0;
 }
 
@@ -52870,6 +52893,15 @@ setting_normalise (const gchar *uuid, const gchar *value)
       return g_string_free (normalised, FALSE);
     }
 
+  if (strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD) == 0)
+    {
+      int threshold;
+      threshold = atoi (value);
+      if (threshold < 0)
+        return NULL;
+      return g_strdup_printf ("%i", threshold);
+    }
+
   return g_strdup (value);
 }
 
@@ -52900,7 +52932,8 @@ manage_modify_setting (GSList *log_config, const db_conn_info_t *database,
       && strcmp (uuid, SETTING_UUID_LSC_DEB_MAINTAINER)
       && strcmp (uuid, SETTING_UUID_FEED_IMPORT_OWNER)
       && strcmp (uuid, SETTING_UUID_FEED_IMPORT_ROLES)
-      && strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION))
+      && strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION)
+      && strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD))
     {
       fprintf (stderr, "Error in setting UUID.\n");
       return 3;
@@ -52927,7 +52960,8 @@ manage_modify_setting (GSList *log_config, const db_conn_info_t *database,
       if ((strcmp (uuid, SETTING_UUID_DEFAULT_CA_CERT) == 0)
           || (strcmp (uuid, SETTING_UUID_FEED_IMPORT_OWNER) == 0)
           || (strcmp (uuid, SETTING_UUID_FEED_IMPORT_ROLES) == 0)
-          || (strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION) == 0))
+          || (strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION) == 0)
+          || (strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD) == 0))
         {
           sql_rollback ();
           fprintf (stderr,

src/manage_sql.h

@@ -142,6 +142,10 @@
  */
 #define SETTING_UUID_DELTA_REPORTS_VERSION "985a0c05-2140-4e66-9989-ce9a0906a5a9"
 
+/**
+ * @brief UUID of 'SecInfo SQL Buffer Threshold' setting.
+ */
+#define SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD "316275a9-3629-49ad-9cea-5b3ab155b93f"
 
 /**
  * @brief Trust constant for error.