From: nsudsgaard <nsudsgaard@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: WIP: clamav: update to 1.0.1.
Date: Tue, 19 Sep 2023 10:01:09 +0200 [thread overview]
Message-ID: <20230919080109.1VYtS83qd_U9x_CBFdUUGYRPxv-cR31tezPYBMLaJL4@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-41188@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 13687 bytes --]
New comment by nsudsgaard on void-packages repository
https://github.com/void-linux/void-packages/pull/41188#issuecomment-1724960407
Comment:
I have made some large changes to the code.
- Cleaned up the template.
- Removed the unnecessary patches (whether `CMAKE_BUILD_TYPE` will cause issues is unknown to me).
- Migrated directories `/etc` -> `/etc/clamav` and `/var/lib/_clamav` -> `/var/lib/clamav`.
- Added a message about the migration.
- Patched the configuration to be more Void Linux like.
- Include service files for `clamd`, `clamonacc` and `freshclam` (**untested**).
What I have tested:
- Builds locally on x86_64 (though I highy suspect this would build on musl or different architectures).
- Briefly tested x86_64 (ran `freshclam` and `clamscan`).
- Files properly migrate
NOTE: This code only works if you are updating using a [custom repository](https://docs.voidlinux.org/xbps/repositories/custom.html) (not by `xi`), as I "bootstrap" the package by
reinstalling during the post phase of `INSTALL`.
I am not sure if this is the best idea so I will let people more knowledgeable than me decide on that.
This is a patch against the **upstream version.**
```patch
diff --git a/common/shlibs b/common/shlibs
index d2791c238e..89f9e73b08 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -2257,10 +2257,11 @@ libsfml-system.so.2.5 SFML-2.5.0_1
libsfml-window.so.2.5 SFML-2.5.0_1
libsfml-audio.so.2.5 SFML-2.5.0_1
libsfml-graphics.so.2.5 SFML-2.5.0_1
-libclamav.so.9 clamav-0.103.1_2
-libclamunrar.so.9 clamav-0.103.1_2
-libclamunrar_iface.so.9 clamav-0.103.1_2
-libfreshclam.so.2 clamav-0.103.1_2
+libclamav.so.12 clamav-1.2.0_1
+libclamunrar.so.12 clamav-1.2.0_1
+libclamunrar_iface.so.12 clamav-1.2.0_1
+libfreshclam.so.3 clamav-1.2.0_1
+libclammspack.so.0 clamav-1.2.0_1
libqca-qt5.so.2 qca-qt5-2.1.3_1
libqt5keychain.so.1 qtkeychain-qt5-0.7.0_1
libphonon4qt5.so.4 phonon-qt5-4.8.3_1
diff --git a/srcpkgs/clamav/INSTALL b/srcpkgs/clamav/INSTALL
index 4b8adfa4a3..7ea5300a7a 100644
--- a/srcpkgs/clamav/INSTALL
+++ b/srcpkgs/clamav/INSTALL
@@ -1,20 +1,84 @@
# INSTALL
+
+readonly old_configdir=/etc
+readonly configdir=/etc/clamav
+readonly old_config_files="
+ ${old_configdir}/clamd.conf
+ ${old_configdir}/freshclam.conf"
+readonly config_files="
+ ${configdir}/clamav-milter.conf
+ ${configdir}/clamd.conf
+ ${configdir}/freshclam.conf"
+readonly old_databasedir=/var/lib/_clamav
+readonly databasedir=/var/lib/clamav
+
+version="$(xbps-query clamav | grep pkgver)"
+version=${version#pkgver: clamav-}
+
+check_mv() {
+ [ -f "${1}" ] && mv "${1}" "${2}"
+}
+
+# The following functions are to used automatically to migrate the config files
+# from /etc (0.x versions) to /etc/clamav (1.x versions) safely.
+save_conflicting_config_files() {
+ [ ! -d ${configdir} ] && mkdir -p ${configdir}
+ for file in ${config_files}; do
+ check_mv "${file}" "${file}".custom
+ done
+ # Saves the previous version to use in the post action.
+ printf '%s' "${version}" > ${configdir}/.migrate
+}
+
+# This is done as moving the old config files into /etc/clamav in the preinstall
+# phase would end in xbps overwriting them with the new config files (not making
+# xxx.new-${VERSION}).
+# An alternative to this would be by renaming the new config files into the
+# xxx.new-${VERSION} format before moving the old config files into /etc/clamav
+# in the postinstall phase. However, it is usually not a good idea to emulate
+# program behavior as it may cause issues in the future (in this case if the
+# format changes).
+bootstrap_pkg() {
+ printf '%s\n' "${PKGNAME}-${VERSION}: bootstrapping ..."
+ xbps-remove -y clamav > /dev/null 2>&1
+ xbps-install -y clamav > /dev/null 2>&1
+}
+
+migrate_config_files() {
+ for file in ${old_config_files}; do
+ for match in "${file}"*; do
+ name=${match#"${old_configdir}"/}
+ check_mv "${match}" ${configdir}/"${name}"
+ done
+ done
+ bootstrap_pkg
+ rm ${configdir}/.migrate
+}
+
case "$ACTION" in
+pre)
+ if [ "$UPDATE" = "yes" ]; then
+ case "${version}" in
+ 0.*) save_conflicting_config_files ;;
+ esac
+ fi
+ ;;
post)
- # Only if not updating
if [ "$UPDATE" != "yes" ]; then
- # Create the database directory
- mkdir -p var/lib/_clamav
- # The clamav user owns it
- chown -R _clamav:_clamav var/lib/_clamav
- # Let group members write to it
- chmod g+w var/lib/_clamav
+ mkdir -p ${databasedir}
else
- if [ -d "var/lib/clamav" ]; then
- mv var/lib/clamav var/lib/_clamav
- chown -R _clamav:_clamav var/lib/_clamav
- fi
+ prev_version="$(cat ${configdir}/.migrate 2> /dev/null)"
+
+ case "${prev_version}" in
+ 0.*)
+ # This should come first or else the old database
+ # directory will be moved to /var/lib/clamav/_clamav.
+ [ -d ${old_databasedir} ] && mv ${old_databasedir} ${databasedir}
+ migrate_config_files
+ ;;
+ esac
fi
+ chown -R _clamav:_clamav ${databasedir}
+ chmod g+w ${databasedir}
;;
esac
-
diff --git a/srcpkgs/clamav/INSTALL.msg b/srcpkgs/clamav/INSTALL.msg
new file mode 100644
index 0000000000..325ec6002c
--- /dev/null
+++ b/srcpkgs/clamav/INSTALL.msg
@@ -0,0 +1,12 @@
+The directories used by clamav have changed in versions >=1.2.0_1. This change
+was made to keep the system clean and consistent with other packages.
+
+Changes:
+ - All the configuration files are now located in /etc/clamav
+ - The database directory is now /lib/var/clamav
+
+This change should be done automatically for most users and should require no
+user interference.
+
+For users already using the /etc/clamav directory for custom clamav installs,
+a '.custom' extension was added to those configuration files.
diff --git a/srcpkgs/clamav/REMOVE b/srcpkgs/clamav/REMOVE
index 1edffaba78..bc2171087b 100644
--- a/srcpkgs/clamav/REMOVE
+++ b/srcpkgs/clamav/REMOVE
@@ -1,10 +1,14 @@
# REMOVE
+
+readonly configdir=/etc/clamav
+readonly databasedir=/var/lib/clamav
+
case "$ACTION" in
pre)
- # Only if not updating
if [ "$UPDATE" != "yes" ]; then
- # Remove the clamav database directory and contents
- rm -rf var/lib/_clamav
+ # Do not delete while bootstrapping.
+ [ -f ${configdir}/.migrate ] && exit 0
+ rm -rf ${databasedir}
fi
;;
esac
diff --git a/srcpkgs/clamav/files/clamd/run b/srcpkgs/clamav/files/clamd/run
new file mode 100755
index 0000000000..155ded0a57
--- /dev/null
+++ b/srcpkgs/clamav/files/clamd/run
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+readonly runtimedir=/run/clamav
+
+[ ! -d "${runtime_dir}" ] && install -m 755 -o _clamav -g _clamav -d "${runtimedir}"
+exec clamd --foreground 2>&1
diff --git a/srcpkgs/clamav/files/clamonacc/run b/srcpkgs/clamav/files/clamonacc/run
new file mode 100755
index 0000000000..bee5f4fb75
--- /dev/null
+++ b/srcpkgs/clamav/files/clamonacc/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec clamonacc --foreground --fdpass 2>&1
diff --git a/srcpkgs/clamav/files/freshclam/run b/srcpkgs/clamav/files/freshclam/run
new file mode 100755
index 0000000000..69c2b54c22
--- /dev/null
+++ b/srcpkgs/clamav/files/freshclam/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec freshclam --daemon --foreground 2>&1
diff --git a/srcpkgs/clamav/patches/10-voidlinux-config.patch b/srcpkgs/clamav/patches/10-voidlinux-config.patch
new file mode 100644
index 0000000000..b59cb1689e
--- /dev/null
+++ b/srcpkgs/clamav/patches/10-voidlinux-config.patch
@@ -0,0 +1,44 @@
+--- a/etc/clamav-milter.conf.sample 2023-09-15 09:11:43.813492975 +0900
++++ b/etc/clamav-milter.conf.sample 2023-09-15 09:13:25.618493838 +0900
+@@ -38,7 +38,7 @@
+ # to work)
+ #
+ # Default: unset (don't drop privileges)
+-#User clamav
++#User _clamav
+
+ # Waiting for data from clamd will timeout after this time (seconds).
+ # Value of 0 disables the timeout.
+--- a/etc/clamd.conf.sample 2023-09-15 09:01:18.780487677 +0900
++++ b/etc/clamd.conf.sample 2023-09-15 09:06:04.215490096 +0900
+@@ -224,7 +224,7 @@
+
+ # Run as another user (clamd must be started by root for this option to work)
+ # Default: don't drop privileges
+-#User clamav
++#User _clamav
+
+ # Stop daemon when libclamav reports out of memory condition.
+ #ExitOnOOM yes
+@@ -766,7 +766,7 @@
+ # It has the same potential race condition limitations of the
+ # OnAccessExcludeUID option.
+ # Default: disabled
+-#OnAccessExcludeUname clamav
++#OnAccessExcludeUname _clamav
+
+ # Number of times the OnAccess client will retry a failed scan due to
+ # connection problems (or other issues).
+--- a/etc/freshclam.conf.sample 2023-09-15 09:10:07.028492154 +0900
++++ a/etc/freshclam.conf.sample 2023-09-15 09:08:02.132491096 +0900
+@@ -56,8 +56,8 @@
+
+ # By default when started freshclam drops privileges and switches to the
+ # "clamav" user. This directive allows you to change the database owner.
+-# Default: clamav (may depend on installation options)
+-#DatabaseOwner clamav
++# Default: _clamav (may depend on installtion options)
++#DatabaseOwner _clamav
+
+ # Use DNS to verify virus database version. FreshClam uses DNS TXT records
+ # to verify database and software versions. With this directive you can change
diff --git a/srcpkgs/clamav/template b/srcpkgs/clamav/template
index 3574b7baee..eacaba9302 100644
--- a/srcpkgs/clamav/template
+++ b/srcpkgs/clamav/template
@@ -1,66 +1,68 @@
# Template file for 'clamav'
pkgname=clamav
-version=0.103.8
-revision=4
-build_style=gnu-configure
-# XXX: system llvm is too new (< 3.7 required)
-# Shipped llvm does not build with gcc>=6
-configure_args="--sbindir=/usr/bin --libdir=/usr/lib
- --with-openssl=${XBPS_CROSS_BASE}/usr --with-pcre=${XBPS_CROSS_BASE}/usr
- --with-zlib=${XBPS_CROSS_BASE}/usr --with-libbz2-prefix=${XBPS_CROSS_BASE}/usr
- --with-system-libmspack=${XBPS_CROSS_BASE}/usr --with-libcurl=${XBPS_CROSS_BASE}/usr
- --enable-ipv6 --with-user=_clamav --with-group=_clamav"
-conf_files="/etc/clamd.conf /etc/freshclam.conf"
-hostmakedepends="flex pkg-config zip"
-makedepends="json-c-devel libcurl-devel libmspack-devel libxml2-devel
- ncurses-devel pcre-devel tcl-devel"
+version=1.2.0
+revision=1
+
+_configdir=/etc/clamav
+_databasedir=/var/lib/clamav
+
+build_style=cmake
+cmake_builddir=build
+# Setting ENABLE_JSON_SHARED=OFF is preferred, as libclamav.so may crash if you
+# use a different JSON library.
+configure_args="
+ -D CMAKE_BUILD_TYPE=Release
+ -D CMAKE_INSTALL_PREFIX=/usr
+ -D APP_CONFIG_DIRECTORY=${_configdir}
+ -D DATABASE_DIRECTORY=${_databasedir}
+ -D CLAMAV_USER=_clamav
+ -D CLAMAV_GROUP=_clamav
+ -D ENABLE_JSON_SHARED=OFF"
+hostmakedepends="rust cargo python3"
+makedepends="bzip2-devel check-devel libcurl-devel json-c-devel libmilter-devel
+ libxml2-devel ncurses-devel openssl-devel pcre2-devel zlib-devel"
short_desc="Clam Anti-Virus scanner"
maintainer="Orphaned <orphan@voidlinux.org>"
license="GPL-2.0-only"
homepage="https://www.clamav.net/"
+changelog="https://raw.githubusercontent.com/Cisco-Talos/clamav/main/NEWS.md"
distfiles="https://www.clamav.net/downloads/production/clamav-${version}.tar.gz"
-checksum=6f49da6ee927936de13d359e559d3944248e3a257d40b80b6c99ebe6fe8c8c3f
-_clamav_homedir="/var/lib/_${pkgname}"
-_clamav_descr="ClamAV user"
+checksum=97a192dffe141480b56cabf1063d79a9fc55cd59203241fa41bfc7a98a548020
system_accounts="_clamav"
-make_check=ci-skip
+_clamav_homedir=${_databasedir}
+conf_files="
+ ${_configdir}/clamav-milter.conf
+ ${_configdir}/clamd.conf
+ ${_configdir}/freshclam.conf"
+_sv_files="clamd clamonacc freshclam"
-CPPFLAGS="-Wno-unused-local-typedefs"
if [ "$CROSS_BUILD" ]; then
- configure_args+=" --disable-mempool"
+ build_helper="qemu"
+ makedepends+=" rust-std"
+ configure_args+="
+ -D RUST_COMPILER_TARGET:STRING=${XBPS_CROSS_RUST_TARGET}
+ -D RUSTFLAGS=${XBPS_CROSS_RUSTFLAGS}"
fi
+
if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
makedepends+=" musl-fts-devel"
- LDFLAGS="-lfts"
+ configure_args+=" -D CMAKE_EXE_LINKER_FLAGS=-lfts"
fi
-do_configure() {
- # Disable detection of sys/cdefs.h (it's obsolete)
- sed -i configure -e 's; sys/cdefs\.h$;;'
- sed -i configure -e 's;3\.7;3.9;'
- # Enable IPv6 for cross builds
- if [ "$CROSS_BUILD" ]; then
- configure_args+=" have_cv_ipv6=yes"
- fi
- # Need to set PCRE_HOME to make --with-pcre=/usr work
- PCRE_HOME=/usr ./configure ${configure_args}
-}
post_install() {
- # Enable and patch clamd configuration
- mv -v ${PKGDESTDIR}/etc/clamd.conf.sample ${PKGDESTDIR}/etc/clamd.conf
- vsconf etc/clamd.conf.sample
- sed -i ${PKGDESTDIR}/etc/clamd.conf \
- -e "s;^Example$;# Example;" \
- -e "s;#DatabaseDirectory.*;DatabaseDirectory /var/lib/_${pkgname};"
+ vmkdir ${_configdir}
+ for sv in ${_sv_files}; do vsv "${sv}"; done
+ for path in ${conf_files}; do
+ name=${path#"${_configdir}"/}
+
+ mv -v "${PKGDESTDIR}"/"${path}".sample "${PKGDESTDIR}"/"${path}"
+ vsconf "${PKGDESTDIR}"/"${path}" "${name}".sample
+ sed -i "${PKGDESTDIR}"/"${path}" -e "s;^Example$;# Example;"
+ done
+ vdoc "${FILESDIR}"/README.voidlinux
- # Enable and patch freshclam configuration
- mv -v ${PKGDESTDIR}/etc/freshclam.conf.sample ${PKGDESTDIR}/etc/freshclam.conf
- vsconf etc/freshclam.conf.sample
- sed -i ${PKGDESTDIR}/etc/freshclam.conf \
- -e "s;^Example$;# Example;" \
- -e "s;#DatabaseDirectory.*;DatabaseDirectory /var/lib/_${pkgname};"
- vdoc "${FILESDIR}/README.voidlinux"
}
+
clamav-devel_package() {
depends="${sourcepkg}>=${version}_${revision}"
short_desc+=" - development files"
```
next prev parent reply other threads:[~2023-09-19 8:01 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-19 18:17 [PR PATCH] WIP: clamav: update to 1.0.0 jcgruenhage
2022-12-19 18:18 ` [PR PATCH] [Updated] " jcgruenhage
2022-12-19 20:04 ` jcgruenhage
2022-12-19 20:07 ` jcgruenhage
2022-12-21 23:29 ` jcgruenhage
2023-04-01 1:52 ` github-actions
2023-04-02 9:37 ` [PR PATCH] [Updated] WIP: clamav: update to 1.0.1 jcgruenhage
2023-04-02 9:38 ` jcgruenhage
2023-05-23 21:46 ` r-ricci
2023-05-25 22:21 ` r-ricci
2023-05-26 21:41 ` r-ricci
2023-05-31 20:55 ` r-ricci
2023-08-30 1:44 ` github-actions
2023-09-04 9:57 ` jcgruenhage
2023-09-04 10:02 ` [PR PATCH] [Updated] " jcgruenhage
2023-09-05 20:24 ` [PR REVIEW] " r-ricci
2023-09-06 23:48 ` r-ricci
2023-09-19 7:20 ` nsudsgaard
2023-09-19 7:43 ` nsudsgaard
2023-09-19 7:56 ` nsudsgaard
2023-09-19 7:57 ` nsudsgaard
2023-09-19 8:00 ` nsudsgaard
2023-09-19 8:01 ` nsudsgaard [this message]
2023-09-22 12:00 ` nsudsgaard
2023-09-22 12:00 ` nsudsgaard
2023-09-22 12:00 ` nsudsgaard
2023-09-22 12:00 ` nsudsgaard
2023-09-22 12:00 ` nsudsgaard
2023-09-22 12:00 ` nsudsgaard
2023-09-22 12:00 ` nsudsgaard
2023-09-22 12:00 ` nsudsgaard
2023-09-23 1:44 ` nsudsgaard
2023-09-23 2:45 ` nsudsgaard
2023-09-23 3:30 ` nsudsgaard
2023-09-23 5:51 ` nsudsgaard
2023-12-12 5:12 ` nsudsgaard
2023-12-12 5:12 ` nsudsgaard
2023-12-12 5:12 ` nsudsgaard
2023-12-12 5:12 ` nsudsgaard
2023-12-12 5:12 ` nsudsgaard
2024-03-12 1:44 ` github-actions
2024-03-14 11:46 ` [PR PATCH] [Closed]: " jcgruenhage
2024-03-14 11:46 ` jcgruenhage
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230919080109.1VYtS83qd_U9x_CBFdUUGYRPxv-cR31tezPYBMLaJL4@z \
--to=nsudsgaard@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).