Gentoo Archives: gentoo-commits

From: Thomas Raschbacher <lordvan@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, profiles/base/, app-antivirus/clamav/files/, ...
Date: Mon, 12 Sep 2022 19:40:12
Message-Id: 1663011552.dba22f4f865daa5dd4a26ce07dabb347bd27f44c.lordvan@gentoo
1 commit: dba22f4f865daa5dd4a26ce07dabb347bd27f44c
2 Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
3 AuthorDate: Fri Sep 9 02:57:26 2022 +0000
4 Commit: Thomas Raschbacher <lordvan <AT> gentoo <DOT> org>
5 CommitDate: Mon Sep 12 19:39:12 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dba22f4f
7
8 app-antivirus/clamav: add 0.105.1
9
10 Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
11 Closes: https://github.com/gentoo/gentoo/pull/27153
12 Signed-off-by: Thomas Raschbacher <lordvan <AT> gentoo.org>
13
14 app-antivirus/clamav/Manifest | 1 +
15 app-antivirus/clamav/clamav-0.105.1.ebuild | 246 +++++++++++++++++++++
16 .../files/clamav-0.105.1-cmake-llvm-fix.patch | 73 ++++++
17 app-antivirus/clamav/metadata.xml | 1 +
18 profiles/arch/hppa/package.mask | 2 +-
19 profiles/base/package.use.mask | 5 +
20 profiles/features/wd40/package.mask | 1 +
21 7 files changed, 328 insertions(+), 1 deletion(-)
22
23 diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest
24 index c25f65795799..563f2972fc66 100644
25 --- a/app-antivirus/clamav/Manifest
26 +++ b/app-antivirus/clamav/Manifest
27 @@ -1,3 +1,4 @@
28 DIST clamav-0.103.6.tar.gz 16491761 BLAKE2B 3c43bcda4a613f81d1b31036e7323a7af7708e54af94ad30a659a8fb318d8f79f357086ce70703659298524d778374df886495cd8c75280bbbe4bae30795a85a SHA512 d39e1964678b8251bde3a9f3db30fe3d3d76cc566a86834297f4dd8489086dc9cc4c6541ca128089159f4c071d2d85b530455bd942987d3929ea0082b8ab272b
29 DIST clamav-0.103.7.tar.gz 16501741 BLAKE2B 49fc1c8c42ee8168dbaec4aa13ab0dfef7fa285e335cb38b17bc020df7400ee1daae49e06ba5b4ae0364d47d707cb83c0b1a8442d5b01d2bba5827606fe27fb4 SHA512 d426169889d94411b20a2c9c9579fc22a15090c9847849822c63fc6b404075feba0ff3663ee1382b2af5300394c7a93669844736f7473bfdce3250e1fd130326
30 DIST clamav-0.104.4.tar.gz 12027448 BLAKE2B e8627b49b46e9bf5669b7186d829fd2caa76d9071b1533da252fea1bdeed1b78ec4a138db8957b0d121df1180eb37a6230f5f0db1e4d3f2de80bf7dddad5b47e SHA512 5aa8abe96ff49548cf74df47a7e56279c3082dc8ca98cab02f64f44b2da0230e75b5f634b3086ba8ca155052cbc22a2a47ab3dd159ae033d3f599dcde1f2420e
31 +DIST clamav-0.105.1.tar.gz 29467856 BLAKE2B be46d9afd76fb536d7de7363a45d38fef6a5983011e3cd0dcc25c2a209c8d37a2bbe1f7f4a5694152cabf622ef83e072b892ae12ba404da1955bb5b654e5216d SHA512 dcaa3eb90e5a8951f1750f0676791c33507206ae0d58a3da0d07f6f86b559799db09a4aed83fbd9d3eed8f1f17654f8304070e6770ba7e02de6f2be2cda65bec
32
33 diff --git a/app-antivirus/clamav/clamav-0.105.1.ebuild b/app-antivirus/clamav/clamav-0.105.1.ebuild
34 new file mode 100644
35 index 000000000000..0d62bc5c14c0
36 --- /dev/null
37 +++ b/app-antivirus/clamav/clamav-0.105.1.ebuild
38 @@ -0,0 +1,246 @@
39 +# Copyright 1999-2022 Gentoo Authors
40 +# Distributed under the terms of the GNU General Public License v2
41 +
42 +EAPI=8
43 +
44 +LLVM_MAX_SLOT=13
45 +PYTHON_COMPAT=( python3_{8..11} )
46 +inherit cmake flag-o-matic llvm python-any-r1 systemd tmpfiles
47 +
48 +DESCRIPTION="Clam Anti-Virus Scanner"
49 +HOMEPAGE="https://www.clamav.net/"
50 +SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
51 +
52 +LICENSE="GPL-2"
53 +SLOT="0"
54 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
55 +IUSE="doc clamonacc +clamapp experimental jit libclamav-only milter rar selinux systemd test"
56 +
57 +REQUIRED_USE="libclamav-only? ( !clamonacc !clamapp !milter )
58 + clamonacc? ( clamapp )
59 + milter? ( clamapp )
60 + test? ( !libclamav-only )"
61 +
62 +RESTRICT="!test? ( test )"
63 +
64 +# Require acct-{user,group}/clamav at build time so that we can set
65 +# the permissions on /var/lib/clamav in src_install rather than in
66 +# pkg_postinst; calling "chown" on the live filesystem scares me.
67 +CDEPEND="
68 + acct-group/clamav
69 + acct-user/clamav
70 + app-arch/bzip2
71 + dev-libs/json-c:=
72 + dev-libs/libltdl
73 + dev-libs/libmspack
74 + dev-libs/libpcre2:=
75 + dev-libs/libxml2
76 + dev-libs/openssl:=
77 + dev-libs/tomsfastmath:=
78 + >=sys-libs/zlib-1.2.2:=
79 + virtual/libiconv
80 + !libclamav-only? ( net-misc/curl )
81 + clamapp? ( sys-libs/ncurses:= net-misc/curl )
82 + elibc_musl? ( sys-libs/fts-standalone )
83 + jit? ( <sys-devel/llvm-$((${LLVM_MAX_SLOT} + 1)):= )
84 + milter? ( mail-filter/libmilter:= )
85 + rar? ( app-arch/unrar )
86 + test? ( dev-python/pytest )
87 +"
88 +
89 +BDEPEND="
90 + virtual/pkgconfig
91 + >=virtual/rust-1.56
92 + doc? ( app-doc/doxygen )
93 + test? (
94 + ${PYTHON_DEPS}
95 + $(python_gen_any_dep 'dev-python/pytest[${PYTHON_USEDEP}]')
96 + )
97 +"
98 +
99 +DEPEND="${CDEPEND}
100 + test? ( dev-libs/check )"
101 +
102 +RDEPEND="${CDEPEND}
103 + selinux? ( sec-policy/selinux-clamav )"
104 +
105 +python_check_deps() {
106 + python_has_version -b "dev-python/pytest[${PYTHON_USEDEP}]"
107 +}
108 +
109 +pkg_setup() {
110 + use jit && llvm_pkg_setup
111 + use test && python-any-r1_pkg_setup
112 +}
113 +
114 +PATCHES=(
115 + "${FILESDIR}/${P}-cmake-llvm-fix.patch"
116 +)
117 +
118 +src_configure() {
119 + use elibc_musl && append-ldflags -lfts
120 + use ppc64 && append-flags -mminimal-toc
121 +
122 + local mycmakeargs=(
123 + -DDATABASE_DIRECTORY="${EPREFIX}"/var/lib/clamav
124 + -DAPP_CONFIG_DIRECTORY="${EPREFIX}"/etc/clamav
125 + -DENABLE_EXPERIMENTAL=$(usex experimental ON OFF)
126 + -DENABLE_JSON_SHARED=ON
127 + -DENABLE_APP=$(usex clamapp ON OFF)
128 + -DENABLE_MILTER=$(usex milter ON OFF)
129 + -DENABLE_CLAMONACC=$(usex clamonacc ON OFF)
130 + -DCLAMAV_USER="clamav"
131 + -DCLAMAV_GROUP="clamav"
132 + -DBYTECODE_RUNTIME=$(usex jit llvm interpreter)
133 + -DOPTIMIZE=ON
134 + -DENABLE_EXTERNAL_MSPACK=ON
135 + -DENABLE_EXTERNAL_TOMSFASTMATH=ON
136 + -DENABLE_MAN_PAGES=ON
137 + -DENABLE_DOXYGEN=$(usex doc)
138 + -DENABLE_UNRAR=$(usex rar ON OFF)
139 + -DENABLE_TESTS=$(usex test ON OFF)
140 + -DENABLE_STATIC_LIB=OFF
141 + -DENABLE_SHARED_LIB=ON
142 + -DENABLE_SYSTEMD=$(usex systemd ON OFF)
143 + )
144 +
145 + if use test ; then
146 + # https://bugs.gentoo.org/818673
147 + # Used to enable some more tests but doesn't behave well in
148 + # sandbox necessarily(?) + needs certain debug symbols present
149 + # in e.g. glibc.
150 + mycmakeargs+=( -DCMAKE_DISABLE_FIND_PACKAGE_Valgrind=ON )
151 + fi
152 +
153 + if use jit ; then
154 + # Suppress CMake warnings that variables aren't consumed if we aren't using LLVM
155 + # https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md#llvm-optional-see-bytecode-runtime-section
156 + # https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md#bytecode-runtime
157 + mycmakeargs+=(
158 + -DLLVM_ROOT_DIR="$(get_llvm_prefix -d ${LLVM_MAX_SLOT})"
159 + -DLLVM_FIND_VERSION="$(best_version sys-devel/llvm:${LLVM_MAX_SLOT} | cut -c 16-)"
160 + )
161 + fi
162 +
163 + cmake_src_configure
164 +}
165 +
166 +src_install() {
167 + cmake_src_install
168 + # init scripts
169 + newinitd "${FILESDIR}/clamd.initd" clamd
170 + newinitd "${FILESDIR}/freshclam.initd" freshclam
171 + use clamonacc && \
172 + newinitd "${FILESDIR}/clamonacc.initd" clamonacc
173 + use milter && \
174 + newinitd "${FILESDIR}/clamav-milter.initd" clamav-milter
175 +
176 + rm -rf "${ED}"/var/lib/clamav || die
177 +
178 + if ! use libclamav-only ; then
179 + if use systemd ; then
180 + # The tmpfiles entry is behind USE=systemd because the
181 + # upstream OpenRC service files should (and do) ensure that
182 + # the directories they need exist and have the correct
183 + # permissions without the help of opentmpfiles. There are
184 + # years-old root exploits in opentmpfiles, the design is
185 + # fundamentally flawed, and the maintainer is not up to
186 + # the task of fixing it.
187 + dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf"
188 + systemd_newunit "${FILESDIR}/clamd_at.service-0.104.0" "clamd@.service"
189 + systemd_dounit "${FILESDIR}/clamd.service"
190 + systemd_newunit "${FILESDIR}/freshclamd.service-r1" \
191 + "freshclamd.service"
192 + fi
193 +
194 + if use clamapp ; then
195 + # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
196 + sed -e "s:^\(Example\):\# \1:" \
197 + -e "s/^#\(PidFile .*\)/\1/" \
198 + -e "s/^#\(LocalSocket .*\)/\1/" \
199 + -e "s/^#\(User .*\)/\1/" \
200 + -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
201 + -e "s:^\#\(LogTime\).*:\1 yes:" \
202 + -e "s/^#\(DatabaseDirectory .*\)/\1/" \
203 + "${ED}"/etc/clamav/clamd.conf.sample > \
204 + "${ED}"/etc/clamav/clamd.conf || die
205 +
206 + sed -e "s:^\(Example\):\# \1:" \
207 + -e "s/^#\(PidFile .*\)/\1/" \
208 + -e "s/^#\(DatabaseOwner .*\)/\1/" \
209 + -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
210 + -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamav/clamd.conf:" \
211 + -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
212 + -e "s/^#\(DatabaseDirectory .*\)/\1/" \
213 + "${ED}"/etc/clamav/freshclam.conf.sample > \
214 + "${ED}"/etc/clamav/freshclam.conf || die
215 +
216 + if use milter ; then
217 + # Note: only keep the "unix" ClamdSocket and MilterSocket!
218 + sed -e "s:^\(Example\):\# \1:" \
219 + -e "s/^#\(PidFile .*\)/\1/" \
220 + -e "s/^#\(ClamdSocket unix:.*\)/\1/" \
221 + -e "s/^#\(User .*\)/\1/" \
222 + -e "s/^#\(MilterSocket unix:.*\)/\1/" \
223 + -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
224 + "${ED}"/etc/clamav/clamav-milter.conf.sample > \
225 + "${ED}"/etc/clamav/clamav-milter.conf || die
226 +
227 + systemd_newunit "${FILESDIR}/clamav-milter.service-0.104.0" clamav-milter.service
228 + fi
229 +
230 + local i
231 + for i in clamd freshclam clamav-milter
232 + do
233 + if [[ -f "${ED}"/etc/"${i}".conf.sample ]] ; then
234 + mv "${ED}"/etc/"${i}".conf{.sample,} || die
235 + fi
236 + done
237 +
238 + # These both need to be writable by the clamav user.
239 + # TODO: use syslog by default; that's what it's for.
240 + diropts -o clamav -g clamav
241 + keepdir /var/lib/clamav
242 + keepdir /var/log/clamav
243 + fi
244 + fi
245 +
246 + if use doc ; then
247 + local HTML_DOCS=( docs/html/. )
248 + einstalldocs
249 + fi
250 +
251 + # Don't install man pages for utilities we didn't install
252 + if use libclamav-only ; then
253 + rm -r "${ED}"/usr/share/man || die
254 + fi
255 +
256 + find "${ED}" -name '*.la' -delete || die
257 +}
258 +
259 +pkg_postinst() {
260 + if ! use libclamav-only ; then
261 + if use systemd ; then
262 + tmpfiles_process clamav.conf
263 + fi
264 + fi
265 +
266 + if use milter ; then
267 + elog "For simple instructions how to setup the clamav-milter read the"
268 + elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
269 + fi
270 +
271 + local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )
272 + if [[ ! -f "${databases}" ]] ; then
273 + ewarn "You must run freshclam manually to populate the virus database"
274 + ewarn "before starting clamav for the first time."
275 + fi
276 +
277 + if ! systemd_is_booted ; then
278 + ewarn "This version of ClamAV provides separate OpenRC services"
279 + ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The"
280 + ewarn "clamd service now starts only the clamd daemon itself. You"
281 + ewarn "should add freshclam (and perhaps clamav-milter) to any"
282 + ewarn "runlevels that previously contained clamd."
283 + fi
284 +}
285
286 diff --git a/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch b/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch
287 new file mode 100644
288 index 000000000000..b73a2e066ef1
289 --- /dev/null
290 +++ b/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch
291 @@ -0,0 +1,73 @@
292 +clamav 0.105.1 doesn't support LLVM version detection
293 +
294 +See: https://github.com/Cisco-Talos/clamav/pull/692
295 +
296 +--- a/CMakeLists.txt
297 ++++ b/CMakeLists.txt
298 +@@ -480,39 +480,43 @@ find_package(JSONC REQUIRED)
299 + # Set variable required by libclamav to use libjson-c
300 + set(HAVE_JSON 1)
301 +
302 ++set(LLVM_MAX_VER "14.0.0")
303 ++set(LLVM_MIN_VER "8.0.0")
304 ++
305 + string (TOLOWER ${BYTECODE_RUNTIME} bytecodeRuntime)
306 + if(${bytecodeRuntime} STREQUAL "llvm")
307 +- set (LLVM_FIND_VERSION "8.0.0")
308 +- find_package(LLVM REQUIRED)
309 ++ if(DEFINED LLVM_ROOT_DIR AND DEFINED LLVM_FIND_VERSION)
310 ++ find_package(LLVM EXACT ${LLVM_FIND_VERSION} REQUIRED HINTS ${LLVM_ROOT_DIR})
311 ++ elseif(DEFINED LLVM_ROOT_DIR)
312 ++ find_package(LLVM REQUIRED HINTS ${LLVM_ROOT_DIR})
313 ++ elseif(DEFINED LLVM_FIND_VERSION)
314 ++ find_package(LLVM EXACT ${LLVM_FIND_VERSION} REQUIRED)
315 ++ else()
316 ++ set (LLVM_FIND_VERSION ${LLVM_MIN_VER})
317 ++ find_package(LLVM REQUIRED)
318 ++ endif()
319 + if(LLVM_FOUND)
320 + if (LLVM_AVAILABLE_LIBS)
321 +- # Found using LLVMConfig.cmake
322 +- message("LLVM found using LLVMConfig.cmake")
323 +- set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})
324 ++ message(STATUS "LLVM found using LLVMConfig.cmake")
325 + set(LLVM_LIBRARIES ${LLVM_AVAILABLE_LIBS})
326 +-
327 +- if (${LLVM_PACKAGE_VERSION} VERSION_LESS "8.0.0")
328 +- message(FATAL "LLVM version ${LLVM_PACKAGE_VERSION} is too old")
329 +- endif()
330 +-
331 + else()
332 +- # Found using FindLLVM.cmake
333 +- message("LLVM found using FindLLVM.cmake")
334 +-
335 +- # Set variable required by libclamav to use llvm instead of interpreter
336 +- set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})
337 +- message("LLVM_FOUND ${LLVM_FOUND}")
338 ++ message(STATUS "LLVM found using FindLLVM.cmake")
339 ++ set(LLVM_PACKAGE_VERSION ${LLVM_VERSION_STRING})
340 +
341 +- if (${LLVM_VERSION_STRING} VERSION_GREATER_EQUAL "9.0.0")
342 +- if (${LLVM_VERSION_STRING} VERSION_LESS "10.0.0")
343 +- set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DNDEBUG")
344 +- endif()
345 ++ if (${LLVM_VERSION_STRING} VERSION_GREATER_EQUAL "9.0.0" AND ${LLVM_VERSION_STRING} VERSION_LESS "10.0.0")
346 ++ set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DNDEBUG")
347 + endif()
348 ++ endif()
349 +
350 +- if (${LLVM_VERSION_STRING} VERSION_LESS "8.0.0")
351 +- message(FATAL "LLVM version ${LLVM_VERSION_STRING} is too old")
352 +- endif()
353 ++ if (${LLVM_PACKAGE_VERSION} VERSION_LESS ${LLVM_MIN_VER})
354 ++ message(FATAL_ERROR "LLVM version ${LLVM_PACKAGE_VERSION} is too old")
355 ++ elseif (${LLVM_PACKAGE_VERSION} VERSION_GREATER_EQUAL ${LLVM_MAX_VER} )
356 ++ message(FATAL_ERROR "LLVM version ${LLVM_PACKAGE_VERSION} is too new")
357 ++ else()
358 ++ message(STATUS "LLVM version ${LLVM_PACKAGE_VERSION} found")
359 + endif()
360 ++ # Set variable required by libclamav to use llvm instead of interpreter
361 ++ set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})
362 + endif()
363 + endif()
364 +
365
366 diff --git a/app-antivirus/clamav/metadata.xml b/app-antivirus/clamav/metadata.xml
367 index 7a3fe540cf8d..ea313c4a9868 100644
368 --- a/app-antivirus/clamav/metadata.xml
369 +++ b/app-antivirus/clamav/metadata.xml
370 @@ -16,6 +16,7 @@
371 <flag name="clamonacc">Build the clamonacc on-access scanner</flag>
372 <flag name="clamdtop">A Top like tool which shows what clamd is currently scanning amongst other things</flag>
373 <flag name="clamsubmit">A tool to submit false positives / negatives</flag>
374 + <flag name="experimental">Enable experimental features</flag>
375 <flag name="libclamav-only">Bypass building of libfreshclam and the ClamAV CLI applications.</flag>
376 <flag name="metadata-analysis-api">Enables collection of file property metadata using ClamAV API for analysis by ClamAV bytecode programs.</flag>
377 <flag name="xml">DMG and XAR support</flag>
378
379 diff --git a/profiles/arch/hppa/package.mask b/profiles/arch/hppa/package.mask
380 index b6b7d0f1baa3..1ff307a672b3 100644
381 --- a/profiles/arch/hppa/package.mask
382 +++ b/profiles/arch/hppa/package.mask
383 @@ -2,6 +2,6 @@
384 # Distributed under the terms of the GNU General Public License v2
385
386 # Quote from <eike@×××××.de>:
387 -# "Compilation fails with: #error You need to define CycleTimer for
388 +# "Compilation fails with: #error You need to define CycleTimer for
389 # your OS and CPU"
390 dev-cpp/benchmark
391
392 diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask
393 index 5497dea044f9..25a7ce9973b3 100644
394 --- a/profiles/base/package.use.mask
395 +++ b/profiles/base/package.use.mask
396 @@ -6,6 +6,11 @@
397 # This file is only for generic masks. For arch-specific masks (i.e.
398 # mask everywhere, unmask on arch/*) use arch/base.
399
400 +# Matt Jolly <Matt.Jolly@××××××××.ninja (2022-09-09)
401 +# app-antivirus/clamav JIT support requires LLVM <=13
402 +# ebuild support is there but currently failing to link
403 +app-antivirus/clamav jit
404 +
405 # Sam James <sam@g.o> (2022-09-06)
406 # Incompatible with merged-usr and is a fundamentally flaky approach.
407 # - app-arch/lbzip2: bug #868318 (possible solution in bug #868651)
408
409 diff --git a/profiles/features/wd40/package.mask b/profiles/features/wd40/package.mask
410 index 7ef53b96fb46..6f46776db0a7 100644
411 --- a/profiles/features/wd40/package.mask
412 +++ b/profiles/features/wd40/package.mask
413 @@ -4,6 +4,7 @@
414 # Various packages requiring Rust.
415 app-admin/ansible
416 app-admin/ansible-core
417 +>=app-antivirus/clamav-0.105.1
418 app-crypt/acme
419 app-crypt/certbot
420 app-crypt/certbot-nginx