Re: WIP: clamav: update to 1.0.1.

[nsudsgaard <nsudsgaard@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 13687 bytes --]

New comment by nsudsgaard on void-packages repository

https://github.com/void-linux/void-packages/pull/41188#issuecomment-1724960407

Comment:
I have made some large changes to the code.

- Cleaned up the template.
- Removed the unnecessary patches (whether `CMAKE_BUILD_TYPE` will cause issues is unknown to me).
- Migrated directories `/etc` -> `/etc/clamav` and `/var/lib/_clamav` -> `/var/lib/clamav`.
- Added a message about the migration.
- Patched the configuration to be more Void Linux like.
- Include service files for `clamd`, `clamonacc` and `freshclam` (**untested**). 

What I have tested:

- Builds locally on x86_64 (though I highy suspect this would build on musl or different architectures).
- Briefly tested x86_64 (ran `freshclam` and `clamscan`).
- Files properly migrate

NOTE: This code only works if you are updating using a [custom repository](https://docs.voidlinux.org/xbps/repositories/custom.html) (not by `xi`), as I "bootstrap" the package by
reinstalling during the post phase of `INSTALL`.
I am not sure if this is the best idea so I will let people more knowledgeable than me decide on that.

This is a patch against the **upstream version.**
```patch
diff --git a/common/shlibs b/common/shlibs
index d2791c238e..89f9e73b08 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -2257,10 +2257,11 @@ libsfml-system.so.2.5 SFML-2.5.0_1
 libsfml-window.so.2.5 SFML-2.5.0_1
 libsfml-audio.so.2.5 SFML-2.5.0_1
 libsfml-graphics.so.2.5 SFML-2.5.0_1
-libclamav.so.9 clamav-0.103.1_2
-libclamunrar.so.9 clamav-0.103.1_2
-libclamunrar_iface.so.9 clamav-0.103.1_2
-libfreshclam.so.2 clamav-0.103.1_2
+libclamav.so.12 clamav-1.2.0_1
+libclamunrar.so.12 clamav-1.2.0_1
+libclamunrar_iface.so.12 clamav-1.2.0_1
+libfreshclam.so.3 clamav-1.2.0_1
+libclammspack.so.0 clamav-1.2.0_1
 libqca-qt5.so.2 qca-qt5-2.1.3_1
 libqt5keychain.so.1 qtkeychain-qt5-0.7.0_1
 libphonon4qt5.so.4 phonon-qt5-4.8.3_1
diff --git a/srcpkgs/clamav/INSTALL b/srcpkgs/clamav/INSTALL
index 4b8adfa4a3..7ea5300a7a 100644
--- a/srcpkgs/clamav/INSTALL
+++ b/srcpkgs/clamav/INSTALL
@@ -1,20 +1,84 @@
 # INSTALL
+
+readonly old_configdir=/etc
+readonly configdir=/etc/clamav
+readonly old_config_files="
+    ${old_configdir}/clamd.conf
+    ${old_configdir}/freshclam.conf"
+readonly config_files="
+    ${configdir}/clamav-milter.conf
+    ${configdir}/clamd.conf
+    ${configdir}/freshclam.conf"
+readonly old_databasedir=/var/lib/_clamav
+readonly databasedir=/var/lib/clamav
+
+version="$(xbps-query clamav | grep pkgver)"
+version=${version#pkgver: clamav-}
+
+check_mv() {
+	[ -f "${1}" ] && mv "${1}" "${2}"
+}
+
+# The following functions are to used automatically to migrate the config files
+# from /etc (0.x versions) to /etc/clamav (1.x versions) safely.
+save_conflicting_config_files() {
+	[ ! -d ${configdir} ] && mkdir -p ${configdir}
+	for file in ${config_files}; do
+		check_mv "${file}" "${file}".custom
+	done
+	# Saves the previous version to use in the post action.
+	printf '%s' "${version}" > ${configdir}/.migrate
+}
+
+# This is done as moving the old config files into /etc/clamav in the preinstall
+# phase would end in xbps overwriting them with the new config files (not making
+# xxx.new-${VERSION}).
+# An alternative to this would be by renaming the new config files into the
+# xxx.new-${VERSION} format before moving the old config files into /etc/clamav
+# in the postinstall phase. However, it is usually not a good idea to emulate
+# program behavior as it may cause issues in the future (in this case if the
+# format changes).
+bootstrap_pkg() {
+	printf '%s\n' "${PKGNAME}-${VERSION}: bootstrapping ..."
+	xbps-remove -y clamav > /dev/null 2>&1
+	xbps-install -y clamav > /dev/null 2>&1
+}
+
+migrate_config_files() {
+	for file in ${old_config_files}; do
+		for match in "${file}"*; do
+			name=${match#"${old_configdir}"/}
+			check_mv "${match}" ${configdir}/"${name}"
+		done
+	done
+	bootstrap_pkg
+	rm ${configdir}/.migrate
+}
+
 case "$ACTION" in
+pre)
+	if [ "$UPDATE" = "yes" ]; then
+		case "${version}" in
+		0.*) save_conflicting_config_files ;;
+		esac
+	fi
+	;;
 post)
-	# Only if not updating
 	if [ "$UPDATE" != "yes" ]; then
-		# Create the database directory
-		mkdir -p var/lib/_clamav
-		# The clamav user owns it
-		chown -R _clamav:_clamav var/lib/_clamav
-		# Let group members write to it
-		chmod g+w var/lib/_clamav
+		mkdir -p ${databasedir}
 	else
-		if [ -d "var/lib/clamav" ]; then
-			mv var/lib/clamav var/lib/_clamav
-			chown -R _clamav:_clamav var/lib/_clamav
-		fi
+		prev_version="$(cat ${configdir}/.migrate 2> /dev/null)"
+
+		case "${prev_version}" in
+		0.*)
+			# This should come first or else the old database
+			# directory will be moved to /var/lib/clamav/_clamav.
+			[ -d ${old_databasedir} ] && mv ${old_databasedir} ${databasedir}
+			migrate_config_files
+			;;
+		esac
 	fi
+	chown -R _clamav:_clamav ${databasedir}
+	chmod g+w ${databasedir}
 	;;
 esac
-
diff --git a/srcpkgs/clamav/INSTALL.msg b/srcpkgs/clamav/INSTALL.msg
new file mode 100644
index 0000000000..325ec6002c
--- /dev/null
+++ b/srcpkgs/clamav/INSTALL.msg
@@ -0,0 +1,12 @@
+The directories used by clamav have changed in versions >=1.2.0_1. This change
+was made to keep the system clean and consistent with other packages.
+
+Changes:
+ - All the configuration files are now located in /etc/clamav
+ - The database directory is now /lib/var/clamav
+
+This change should be done automatically for most users and should require no
+user interference.
+
+For users already using the /etc/clamav directory for custom clamav installs,
+a '.custom' extension was added to those configuration files.
diff --git a/srcpkgs/clamav/REMOVE b/srcpkgs/clamav/REMOVE
index 1edffaba78..bc2171087b 100644
--- a/srcpkgs/clamav/REMOVE
+++ b/srcpkgs/clamav/REMOVE
@@ -1,10 +1,14 @@
 # REMOVE
+
+readonly configdir=/etc/clamav
+readonly databasedir=/var/lib/clamav
+
 case "$ACTION" in
 pre)
-	# Only if not updating
 	if [ "$UPDATE" != "yes" ]; then
-		# Remove the clamav database directory and contents
-		rm -rf var/lib/_clamav
+		# Do not delete while bootstrapping.
+		[ -f ${configdir}/.migrate ] && exit 0
+		rm -rf ${databasedir}
 	fi
 	;;
 esac
diff --git a/srcpkgs/clamav/files/clamd/run b/srcpkgs/clamav/files/clamd/run
new file mode 100755
index 0000000000..155ded0a57
--- /dev/null
+++ b/srcpkgs/clamav/files/clamd/run
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+readonly runtimedir=/run/clamav
+
+[ ! -d "${runtime_dir}" ] && install -m 755 -o _clamav -g _clamav -d "${runtimedir}"
+exec clamd --foreground 2>&1
diff --git a/srcpkgs/clamav/files/clamonacc/run b/srcpkgs/clamav/files/clamonacc/run
new file mode 100755
index 0000000000..bee5f4fb75
--- /dev/null
+++ b/srcpkgs/clamav/files/clamonacc/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec clamonacc --foreground --fdpass 2>&1
diff --git a/srcpkgs/clamav/files/freshclam/run b/srcpkgs/clamav/files/freshclam/run
new file mode 100755
index 0000000000..69c2b54c22
--- /dev/null
+++ b/srcpkgs/clamav/files/freshclam/run
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec freshclam --daemon --foreground 2>&1
diff --git a/srcpkgs/clamav/patches/10-voidlinux-config.patch b/srcpkgs/clamav/patches/10-voidlinux-config.patch
new file mode 100644
index 0000000000..b59cb1689e
--- /dev/null
+++ b/srcpkgs/clamav/patches/10-voidlinux-config.patch
@@ -0,0 +1,44 @@
+--- a/etc/clamav-milter.conf.sample	2023-09-15 09:11:43.813492975 +0900
++++ b/etc/clamav-milter.conf.sample	2023-09-15 09:13:25.618493838 +0900
+@@ -38,7 +38,7 @@
+ # to work)
+ #
+ # Default: unset (don't drop privileges)
+-#User clamav
++#User _clamav
+ 
+ # Waiting for data from clamd will timeout after this time (seconds).
+ # Value of 0 disables the timeout.
+--- a/etc/clamd.conf.sample	2023-09-15 09:01:18.780487677 +0900
++++ b/etc/clamd.conf.sample	2023-09-15 09:06:04.215490096 +0900
+@@ -224,7 +224,7 @@
+ 
+ # Run as another user (clamd must be started by root for this option to work)
+ # Default: don't drop privileges
+-#User clamav
++#User _clamav
+ 
+ # Stop daemon when libclamav reports out of memory condition.
+ #ExitOnOOM yes
+@@ -766,7 +766,7 @@
+ # It has the same potential race condition limitations of the
+ # OnAccessExcludeUID option.
+ # Default: disabled
+-#OnAccessExcludeUname clamav
++#OnAccessExcludeUname _clamav
+ 
+ # Number of times the OnAccess client will retry a failed scan due to
+ # connection problems (or other issues).
+--- a/etc/freshclam.conf.sample	2023-09-15 09:10:07.028492154 +0900
++++ a/etc/freshclam.conf.sample	2023-09-15 09:08:02.132491096 +0900
+@@ -56,8 +56,8 @@
+ 
+ # By default when started freshclam drops privileges and switches to the
+ # "clamav" user. This directive allows you to change the database owner.
+-# Default: clamav (may depend on installation options)
+-#DatabaseOwner clamav
++# Default: _clamav (may depend on installtion options)
++#DatabaseOwner _clamav
+ 
+ # Use DNS to verify virus database version. FreshClam uses DNS TXT records
+ # to verify database and software versions. With this directive you can change
diff --git a/srcpkgs/clamav/template b/srcpkgs/clamav/template
index 3574b7baee..eacaba9302 100644
--- a/srcpkgs/clamav/template
+++ b/srcpkgs/clamav/template
@@ -1,66 +1,68 @@
 # Template file for 'clamav'
 pkgname=clamav
-version=0.103.8
-revision=4
-build_style=gnu-configure
-# XXX: system llvm is too new (< 3.7 required)
-# Shipped llvm does not build with gcc>=6
-configure_args="--sbindir=/usr/bin --libdir=/usr/lib
- --with-openssl=${XBPS_CROSS_BASE}/usr --with-pcre=${XBPS_CROSS_BASE}/usr
- --with-zlib=${XBPS_CROSS_BASE}/usr --with-libbz2-prefix=${XBPS_CROSS_BASE}/usr
- --with-system-libmspack=${XBPS_CROSS_BASE}/usr --with-libcurl=${XBPS_CROSS_BASE}/usr
- --enable-ipv6 --with-user=_clamav --with-group=_clamav"
-conf_files="/etc/clamd.conf /etc/freshclam.conf"
-hostmakedepends="flex pkg-config zip"
-makedepends="json-c-devel libcurl-devel libmspack-devel libxml2-devel
- ncurses-devel pcre-devel tcl-devel"
+version=1.2.0
+revision=1
+
+_configdir=/etc/clamav
+_databasedir=/var/lib/clamav
+
+build_style=cmake
+cmake_builddir=build
+# Setting ENABLE_JSON_SHARED=OFF is preferred, as libclamav.so may crash if you
+# use a different JSON library.
+configure_args="
+ -D CMAKE_BUILD_TYPE=Release
+ -D CMAKE_INSTALL_PREFIX=/usr
+ -D APP_CONFIG_DIRECTORY=${_configdir}
+ -D DATABASE_DIRECTORY=${_databasedir}
+ -D CLAMAV_USER=_clamav
+ -D CLAMAV_GROUP=_clamav
+ -D ENABLE_JSON_SHARED=OFF"
+hostmakedepends="rust cargo python3"
+makedepends="bzip2-devel check-devel libcurl-devel json-c-devel libmilter-devel
+ libxml2-devel ncurses-devel openssl-devel pcre2-devel zlib-devel"
 short_desc="Clam Anti-Virus scanner"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-2.0-only"
 homepage="https://www.clamav.net/"
+changelog="https://raw.githubusercontent.com/Cisco-Talos/clamav/main/NEWS.md"
 distfiles="https://www.clamav.net/downloads/production/clamav-${version}.tar.gz"
-checksum=6f49da6ee927936de13d359e559d3944248e3a257d40b80b6c99ebe6fe8c8c3f
-_clamav_homedir="/var/lib/_${pkgname}"
-_clamav_descr="ClamAV user"
+checksum=97a192dffe141480b56cabf1063d79a9fc55cd59203241fa41bfc7a98a548020
 system_accounts="_clamav"
-make_check=ci-skip
+_clamav_homedir=${_databasedir}
+conf_files="
+ ${_configdir}/clamav-milter.conf
+ ${_configdir}/clamd.conf
+ ${_configdir}/freshclam.conf"
+_sv_files="clamd clamonacc freshclam"
 
-CPPFLAGS="-Wno-unused-local-typedefs"
 if [ "$CROSS_BUILD" ]; then
-	configure_args+=" --disable-mempool"
+	build_helper="qemu"
+	makedepends+=" rust-std"
+	configure_args+="
+	 -D RUST_COMPILER_TARGET:STRING=${XBPS_CROSS_RUST_TARGET}
+	 -D RUSTFLAGS=${XBPS_CROSS_RUSTFLAGS}"
 fi
+
 if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
 	makedepends+=" musl-fts-devel"
-	LDFLAGS="-lfts"
+	configure_args+=" -D CMAKE_EXE_LINKER_FLAGS=-lfts"
 fi
 
-do_configure() {
-	# Disable detection of sys/cdefs.h (it's obsolete)
-	sed -i configure -e 's; sys/cdefs\.h$;;'
-	sed -i configure -e 's;3\.7;3.9;'
-	# Enable IPv6 for cross builds
-	if [ "$CROSS_BUILD" ]; then
-		configure_args+=" have_cv_ipv6=yes"
-	fi
-	# Need to set PCRE_HOME to make --with-pcre=/usr work
-	PCRE_HOME=/usr ./configure ${configure_args}
-}
 post_install() {
-	# Enable and patch clamd configuration
-	mv -v ${PKGDESTDIR}/etc/clamd.conf.sample ${PKGDESTDIR}/etc/clamd.conf
-	vsconf etc/clamd.conf.sample
-	sed -i ${PKGDESTDIR}/etc/clamd.conf \
-		-e "s;^Example$;# Example;" \
-		-e "s;#DatabaseDirectory.*;DatabaseDirectory /var/lib/_${pkgname};"
+	vmkdir ${_configdir}
+	for sv in ${_sv_files}; do vsv "${sv}"; done
+	for path in ${conf_files}; do
+		name=${path#"${_configdir}"/}
+
+		mv -v "${PKGDESTDIR}"/"${path}".sample "${PKGDESTDIR}"/"${path}"
+		vsconf "${PKGDESTDIR}"/"${path}" "${name}".sample
+		sed -i "${PKGDESTDIR}"/"${path}" -e "s;^Example$;# Example;"
+	done
+	vdoc "${FILESDIR}"/README.voidlinux
 
-	# Enable and patch freshclam configuration
-	mv -v ${PKGDESTDIR}/etc/freshclam.conf.sample ${PKGDESTDIR}/etc/freshclam.conf
-	vsconf etc/freshclam.conf.sample
-	sed -i ${PKGDESTDIR}/etc/freshclam.conf \
-		-e "s;^Example$;# Example;" \
-		-e "s;#DatabaseDirectory.*;DatabaseDirectory /var/lib/_${pkgname};"
-	vdoc "${FILESDIR}/README.voidlinux"
 }
+
 clamav-devel_package() {
 	depends="${sourcepkg}>=${version}_${revision}"
 	short_desc+=" - development files"

```