[gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, profiles/base/, app-antivirus/clamav/files/, ... - gentoo-commits

From:	Thomas Raschbacher <lordvan@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, profiles/base/, app-antivirus/clamav/files/, ...
Date:	Mon, 12 Sep 2022 19:40:12
Message-Id:	`1663011552.dba22f4f865daa5dd4a26ce07dabb347bd27f44c.lordvan@gentoo`

1

commit:     dba22f4f865daa5dd4a26ce07dabb347bd27f44c

2

Author:     Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>

3

AuthorDate: Fri Sep  9 02:57:26 2022 +0000

4

Commit:     Thomas Raschbacher <lordvan <AT> gentoo <DOT> org>

5

CommitDate: Mon Sep 12 19:39:12 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dba22f4f

7

8

app-antivirus/clamav: add 0.105.1

9

10

Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>

11

Closes: https://github.com/gentoo/gentoo/pull/27153

12

Signed-off-by: Thomas Raschbacher <lordvan <AT> gentoo.org>

13

14

 app-antivirus/clamav/Manifest                      |   1 +

15

 app-antivirus/clamav/clamav-0.105.1.ebuild         | 246 +++++++++++++++++++++

16

 .../files/clamav-0.105.1-cmake-llvm-fix.patch      |  73 ++++++

17

 app-antivirus/clamav/metadata.xml                  |   1 +

18

 profiles/arch/hppa/package.mask                    |   2 +-

19

 profiles/base/package.use.mask                     |   5 +

20

 profiles/features/wd40/package.mask                |   1 +

21

 7 files changed, 328 insertions(+), 1 deletion(-)

22

23

diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest

24

index c25f65795799..563f2972fc66 100644

25

--- a/app-antivirus/clamav/Manifest

26

+++ b/app-antivirus/clamav/Manifest

27

@@ -1,3 +1,4 @@

28

 DIST clamav-0.103.6.tar.gz 16491761 BLAKE2B 3c43bcda4a613f81d1b31036e7323a7af7708e54af94ad30a659a8fb318d8f79f357086ce70703659298524d778374df886495cd8c75280bbbe4bae30795a85a SHA512 d39e1964678b8251bde3a9f3db30fe3d3d76cc566a86834297f4dd8489086dc9cc4c6541ca128089159f4c071d2d85b530455bd942987d3929ea0082b8ab272b

29

 DIST clamav-0.103.7.tar.gz 16501741 BLAKE2B 49fc1c8c42ee8168dbaec4aa13ab0dfef7fa285e335cb38b17bc020df7400ee1daae49e06ba5b4ae0364d47d707cb83c0b1a8442d5b01d2bba5827606fe27fb4 SHA512 d426169889d94411b20a2c9c9579fc22a15090c9847849822c63fc6b404075feba0ff3663ee1382b2af5300394c7a93669844736f7473bfdce3250e1fd130326

30

 DIST clamav-0.104.4.tar.gz 12027448 BLAKE2B e8627b49b46e9bf5669b7186d829fd2caa76d9071b1533da252fea1bdeed1b78ec4a138db8957b0d121df1180eb37a6230f5f0db1e4d3f2de80bf7dddad5b47e SHA512 5aa8abe96ff49548cf74df47a7e56279c3082dc8ca98cab02f64f44b2da0230e75b5f634b3086ba8ca155052cbc22a2a47ab3dd159ae033d3f599dcde1f2420e

31

+DIST clamav-0.105.1.tar.gz 29467856 BLAKE2B be46d9afd76fb536d7de7363a45d38fef6a5983011e3cd0dcc25c2a209c8d37a2bbe1f7f4a5694152cabf622ef83e072b892ae12ba404da1955bb5b654e5216d SHA512 dcaa3eb90e5a8951f1750f0676791c33507206ae0d58a3da0d07f6f86b559799db09a4aed83fbd9d3eed8f1f17654f8304070e6770ba7e02de6f2be2cda65bec

32

33

diff --git a/app-antivirus/clamav/clamav-0.105.1.ebuild b/app-antivirus/clamav/clamav-0.105.1.ebuild

34

new file mode 100644

35

index 000000000000..0d62bc5c14c0

36

--- /dev/null

37

+++ b/app-antivirus/clamav/clamav-0.105.1.ebuild

38

@@ -0,0 +1,246 @@

39

+# Copyright 1999-2022 Gentoo Authors

40

+# Distributed under the terms of the GNU General Public License v2

41

+

42

+EAPI=8

43

+

44

+LLVM_MAX_SLOT=13

45

+PYTHON_COMPAT=( python3_{8..11} )

46

+inherit cmake flag-o-matic llvm python-any-r1 systemd tmpfiles

47

+

48

+DESCRIPTION="Clam Anti-Virus Scanner"

49

+HOMEPAGE="https://www.clamav.net/"

50

+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"

51

+

52

+LICENSE="GPL-2"

53

+SLOT="0"

54

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"

55

+IUSE="doc clamonacc +clamapp experimental jit libclamav-only milter rar selinux systemd test"

56

+

57

+REQUIRED_USE="libclamav-only? ( !clamonacc !clamapp !milter )

58

+	clamonacc? ( clamapp )

59

+	milter? ( clamapp )

60

+	test? ( !libclamav-only )"

61

+

62

+RESTRICT="!test? ( test )"

63

+

64

+# Require acct-{user,group}/clamav at build time so that we can set

65

+# the permissions on /var/lib/clamav in src_install rather than in

66

+# pkg_postinst; calling "chown" on the live filesystem scares me.

67

+CDEPEND="

68

+	acct-group/clamav

69

+	acct-user/clamav

70

+	app-arch/bzip2

71

+	dev-libs/json-c:=

72

+	dev-libs/libltdl

73

+	dev-libs/libmspack

74

+	dev-libs/libpcre2:=

75

+	dev-libs/libxml2

76

+	dev-libs/openssl:=

77

+	dev-libs/tomsfastmath:=

78

+	>=sys-libs/zlib-1.2.2:=

79

+	virtual/libiconv

80

+	!libclamav-only? ( net-misc/curl )

81

+	clamapp? ( sys-libs/ncurses:= net-misc/curl )

82

+	elibc_musl? ( sys-libs/fts-standalone )

83

+	jit? ( <sys-devel/llvm-$((${LLVM_MAX_SLOT} + 1)):= )

84

+	milter? ( mail-filter/libmilter:= )

85

+	rar? ( app-arch/unrar )

86

+	test? ( dev-python/pytest )

87

+"

88

+

89

+BDEPEND="

90

+	virtual/pkgconfig

91

+	>=virtual/rust-1.56

92

+	doc? ( app-doc/doxygen )

93

+	test? (

94

+		${PYTHON_DEPS}

95

+		$(python_gen_any_dep 'dev-python/pytest[${PYTHON_USEDEP}]')

96

+	)

97

+"

98

+

99

+DEPEND="${CDEPEND}

100

+	test? ( dev-libs/check )"

101

+

102

+RDEPEND="${CDEPEND}

103

+	selinux? ( sec-policy/selinux-clamav )"

104

+

105

+python_check_deps() {

106

+	python_has_version -b "dev-python/pytest[${PYTHON_USEDEP}]"

107

+}

108

+

109

+pkg_setup() {

110

+	use jit && llvm_pkg_setup

111

+	use test && python-any-r1_pkg_setup

112

+}

113

+

114

+PATCHES=(

115

+	"${FILESDIR}/${P}-cmake-llvm-fix.patch"

116

+)

117

+

118

+src_configure() {

119

+	use elibc_musl && append-ldflags -lfts

120

+	use ppc64 && append-flags -mminimal-toc

121

+

122

+	local mycmakeargs=(

123

+		-DDATABASE_DIRECTORY="${EPREFIX}"/var/lib/clamav

124

+		-DAPP_CONFIG_DIRECTORY="${EPREFIX}"/etc/clamav

125

+		-DENABLE_EXPERIMENTAL=$(usex experimental ON OFF)

126

+		-DENABLE_JSON_SHARED=ON

127

+		-DENABLE_APP=$(usex clamapp ON OFF)

128

+		-DENABLE_MILTER=$(usex milter ON OFF)

129

+		-DENABLE_CLAMONACC=$(usex clamonacc ON OFF)

130

+		-DCLAMAV_USER="clamav"

131

+		-DCLAMAV_GROUP="clamav"

132

+		-DBYTECODE_RUNTIME=$(usex jit llvm interpreter)

133

+		-DOPTIMIZE=ON

134

+		-DENABLE_EXTERNAL_MSPACK=ON

135

+		-DENABLE_EXTERNAL_TOMSFASTMATH=ON

136

+		-DENABLE_MAN_PAGES=ON

137

+		-DENABLE_DOXYGEN=$(usex doc)

138

+		-DENABLE_UNRAR=$(usex rar ON OFF)

139

+		-DENABLE_TESTS=$(usex test ON OFF)

140

+		-DENABLE_STATIC_LIB=OFF

141

+		-DENABLE_SHARED_LIB=ON

142

+		-DENABLE_SYSTEMD=$(usex systemd ON OFF)

143

+	)

144

+

145

+	if use test ; then

146

+		# https://bugs.gentoo.org/818673

147

+		# Used to enable some more tests but doesn't behave well in

148

+		# sandbox necessarily(?) + needs certain debug symbols present

149

+		# in e.g. glibc.

150

+		mycmakeargs+=( -DCMAKE_DISABLE_FIND_PACKAGE_Valgrind=ON )

151

+	fi

152

+

153

+	if use jit ; then

154

+		# Suppress CMake warnings that variables aren't consumed if we aren't using LLVM

155

+		# https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md#llvm-optional-see-bytecode-runtime-section

156

+		# https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md#bytecode-runtime

157

+		mycmakeargs+=(

158

+			-DLLVM_ROOT_DIR="$(get_llvm_prefix -d ${LLVM_MAX_SLOT})"

159

+			-DLLVM_FIND_VERSION="$(best_version sys-devel/llvm:${LLVM_MAX_SLOT} | cut -c 16-)"

160

+		)

161

+	fi

162

+

163

+	cmake_src_configure

164

+}

165

+

166

+src_install() {

167

+	cmake_src_install

168

+	# init scripts

169

+	newinitd "${FILESDIR}/clamd.initd" clamd

170

+	newinitd "${FILESDIR}/freshclam.initd" freshclam

171

+	use clamonacc && \

172

+		newinitd "${FILESDIR}/clamonacc.initd" clamonacc

173

+	use milter && \

174

+		newinitd "${FILESDIR}/clamav-milter.initd" clamav-milter

175

+

176

+	rm -rf "${ED}"/var/lib/clamav || die

177

+

178

+	if ! use libclamav-only ; then

179

+		if use systemd ; then

180

+			# The tmpfiles entry is behind USE=systemd because the

181

+			# upstream OpenRC service files should (and do) ensure that

182

+			# the directories they need exist and have the correct

183

+			# permissions without the help of opentmpfiles. There are

184

+			# years-old root exploits in opentmpfiles, the design is

185

+			# fundamentally flawed, and the maintainer is not up to

186

+			# the task of fixing it.

187

+			dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf"

188

+			systemd_newunit "${FILESDIR}/clamd_at.service-0.104.0" "clamd@.service"

189

+			systemd_dounit "${FILESDIR}/clamd.service"

190

+			systemd_newunit "${FILESDIR}/freshclamd.service-r1" \

191

+							"freshclamd.service"

192

+		fi

193

+

194

+		if use clamapp ; then

195

+			# Modify /etc/{clamd,freshclam}.conf to be usable out of the box

196

+			sed -e "s:^\(Example\):\# \1:" \

197

+				-e "s/^#\(PidFile .*\)/\1/" \

198

+				-e "s/^#\(LocalSocket .*\)/\1/" \

199

+				-e "s/^#\(User .*\)/\1/" \

200

+				-e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \

201

+				-e "s:^\#\(LogTime\).*:\1 yes:" \

202

+				-e "s/^#\(DatabaseDirectory .*\)/\1/" \

203

+				"${ED}"/etc/clamav/clamd.conf.sample > \

204

+				"${ED}"/etc/clamav/clamd.conf || die

205

+

206

+			sed -e "s:^\(Example\):\# \1:" \

207

+				-e "s/^#\(PidFile .*\)/\1/" \

208

+				-e "s/^#\(DatabaseOwner .*\)/\1/" \

209

+				-e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \

210

+				-e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamav/clamd.conf:" \

211

+				-e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \

212

+				-e "s/^#\(DatabaseDirectory .*\)/\1/" \

213

+				"${ED}"/etc/clamav/freshclam.conf.sample > \

214

+				"${ED}"/etc/clamav/freshclam.conf || die

215

+

216

+			if use milter ; then

217

+				# Note: only keep the "unix" ClamdSocket and MilterSocket!

218

+				sed -e "s:^\(Example\):\# \1:" \

219

+					-e "s/^#\(PidFile .*\)/\1/" \

220

+					-e "s/^#\(ClamdSocket unix:.*\)/\1/" \

221

+					-e "s/^#\(User .*\)/\1/" \

222

+					-e "s/^#\(MilterSocket unix:.*\)/\1/" \

223

+					-e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \

224

+					"${ED}"/etc/clamav/clamav-milter.conf.sample > \

225

+					"${ED}"/etc/clamav/clamav-milter.conf || die

226

+

227

+				systemd_newunit "${FILESDIR}/clamav-milter.service-0.104.0" clamav-milter.service

228

+			fi

229

+

230

+			local i

231

+			for i in clamd freshclam clamav-milter

232

+			do

233

+				if [[ -f "${ED}"/etc/"${i}".conf.sample ]] ; then

234

+					mv "${ED}"/etc/"${i}".conf{.sample,} || die

235

+				fi

236

+			done

237

+

238

+			# These both need to be writable by the clamav user.

239

+			# TODO: use syslog by default; that's what it's for.

240

+			diropts -o clamav -g clamav

241

+			keepdir /var/lib/clamav

242

+			keepdir /var/log/clamav

243

+		fi

244

+	fi

245

+

246

+	if use doc ; then

247

+		local HTML_DOCS=( docs/html/. )

248

+		einstalldocs

249

+	fi

250

+

251

+	# Don't install man pages for utilities we didn't install

252

+	if use libclamav-only ; then

253

+		rm -r "${ED}"/usr/share/man || die

254

+	fi

255

+

256

+	find "${ED}" -name '*.la' -delete || die

257

+}

258

+

259

+pkg_postinst() {

260

+	if ! use libclamav-only ; then

261

+		if use systemd ; then

262

+			tmpfiles_process clamav.conf

263

+		fi

264

+	fi

265

+

266

+	if use milter ; then

267

+		elog "For simple instructions how to setup the clamav-milter read the"

268

+		elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"

269

+	fi

270

+

271

+	local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )

272

+	if [[ ! -f "${databases}" ]] ; then

273

+		ewarn "You must run freshclam manually to populate the virus database"

274

+		ewarn "before starting clamav for the first time."

275

+	fi

276

+

277

+	 if ! systemd_is_booted ; then

278

+		ewarn "This version of ClamAV provides separate OpenRC services"

279

+		ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The"

280

+		ewarn "clamd service now starts only the clamd daemon itself. You"

281

+		ewarn "should add freshclam (and perhaps clamav-milter) to any"

282

+		ewarn "runlevels that previously contained clamd."

283

+	fi

284

+}

285

286

diff --git a/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch b/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch

287

new file mode 100644

288

index 000000000000..b73a2e066ef1

289

--- /dev/null

290

+++ b/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch

291

@@ -0,0 +1,73 @@

292

+clamav 0.105.1 doesn't support LLVM version detection

293

+

294

+See: https://github.com/Cisco-Talos/clamav/pull/692

295

+

296

+--- a/CMakeLists.txt

297

++++ b/CMakeLists.txt

298

+@@ -480,39 +480,43 @@ find_package(JSONC REQUIRED)

299

+ # Set variable required by libclamav to use libjson-c

300

+ set(HAVE_JSON 1)

301

+

302

++set(LLVM_MAX_VER "14.0.0")

303

++set(LLVM_MIN_VER "8.0.0")

304

++

305

+ string (TOLOWER ${BYTECODE_RUNTIME} bytecodeRuntime)

306

+ if(${bytecodeRuntime} STREQUAL "llvm")

307

+-    set (LLVM_FIND_VERSION "8.0.0")

308

+-    find_package(LLVM REQUIRED)

309

++    if(DEFINED LLVM_ROOT_DIR AND DEFINED LLVM_FIND_VERSION)

310

++        find_package(LLVM EXACT ${LLVM_FIND_VERSION} REQUIRED HINTS ${LLVM_ROOT_DIR})

311

++    elseif(DEFINED LLVM_ROOT_DIR)

312

++        find_package(LLVM REQUIRED HINTS ${LLVM_ROOT_DIR})

313

++    elseif(DEFINED LLVM_FIND_VERSION)

314

++        find_package(LLVM EXACT ${LLVM_FIND_VERSION} REQUIRED)

315

++    else()

316

++        set (LLVM_FIND_VERSION ${LLVM_MIN_VER})

317

++        find_package(LLVM REQUIRED)

318

++    endif()

319

+     if(LLVM_FOUND)

320

+         if (LLVM_AVAILABLE_LIBS)

321

+-            # Found using LLVMConfig.cmake

322

+-            message("LLVM found using LLVMConfig.cmake")

323

+-            set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})

324

++            message(STATUS "LLVM found using LLVMConfig.cmake")

325

+             set(LLVM_LIBRARIES ${LLVM_AVAILABLE_LIBS})

326

+-

327

+-            if (${LLVM_PACKAGE_VERSION} VERSION_LESS "8.0.0")

328

+-                message(FATAL "LLVM version ${LLVM_PACKAGE_VERSION} is too old")

329

+-            endif()

330

+-

331

+         else()

332

+-            # Found using FindLLVM.cmake

333

+-            message("LLVM found using FindLLVM.cmake")

334

+-

335

+-            # Set variable required by libclamav to use llvm instead of interpreter

336

+-            set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})

337

+-            message("LLVM_FOUND ${LLVM_FOUND}")

338

++            message(STATUS "LLVM found using FindLLVM.cmake")

339

++            set(LLVM_PACKAGE_VERSION ${LLVM_VERSION_STRING})

340

+

341

+-            if (${LLVM_VERSION_STRING} VERSION_GREATER_EQUAL "9.0.0")

342

+-                if (${LLVM_VERSION_STRING} VERSION_LESS "10.0.0")

343

+-                    set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DNDEBUG")

344

+-                endif()

345

++            if (${LLVM_VERSION_STRING} VERSION_GREATER_EQUAL "9.0.0" AND ${LLVM_VERSION_STRING} VERSION_LESS "10.0.0")

346

++                set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DNDEBUG")

347

+             endif()

348

++        endif()

349

+

350

+-            if (${LLVM_VERSION_STRING} VERSION_LESS "8.0.0")

351

+-                message(FATAL "LLVM version ${LLVM_VERSION_STRING} is too old")

352

+-            endif()

353

++        if (${LLVM_PACKAGE_VERSION} VERSION_LESS ${LLVM_MIN_VER})

354

++            message(FATAL_ERROR "LLVM version ${LLVM_PACKAGE_VERSION} is too old")

355

++        elseif (${LLVM_PACKAGE_VERSION} VERSION_GREATER_EQUAL ${LLVM_MAX_VER} )

356

++            message(FATAL_ERROR "LLVM version ${LLVM_PACKAGE_VERSION} is too new")

357

++        else()

358

++            message(STATUS "LLVM version ${LLVM_PACKAGE_VERSION} found")

359

+         endif()

360

++        # Set variable required by libclamav to use llvm instead of interpreter

361

++        set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})

362

+     endif()

363

+ endif()

364

+

365

366

diff --git a/app-antivirus/clamav/metadata.xml b/app-antivirus/clamav/metadata.xml

367

index 7a3fe540cf8d..ea313c4a9868 100644

368

--- a/app-antivirus/clamav/metadata.xml

369

+++ b/app-antivirus/clamav/metadata.xml

370

@@ -16,6 +16,7 @@

371

 		<flag name="clamonacc">Build the clamonacc on-access scanner</flag>

372

 		<flag name="clamdtop">A Top like tool which shows what clamd is currently scanning amongst other things</flag>

373

 		<flag name="clamsubmit">A tool to submit false positives / negatives</flag>

374

+		<flag name="experimental">Enable experimental features</flag>

375

 		<flag name="libclamav-only">Bypass building of libfreshclam and the ClamAV CLI applications.</flag>

376

 		<flag name="metadata-analysis-api">Enables collection of file property metadata using ClamAV API for analysis by ClamAV bytecode programs.</flag>

377

 		<flag name="xml">DMG and XAR support</flag>

378

379

diff --git a/profiles/arch/hppa/package.mask b/profiles/arch/hppa/package.mask

380

index b6b7d0f1baa3..1ff307a672b3 100644

381

--- a/profiles/arch/hppa/package.mask

382

+++ b/profiles/arch/hppa/package.mask

383

@@ -2,6 +2,6 @@

384

 # Distributed under the terms of the GNU General Public License v2

385

386

 # Quote from <eike@×××××.de>:

387

-# "Compilation fails with: #error You need to define CycleTimer for 

388

+# "Compilation fails with: #error You need to define CycleTimer for

389

 #  your OS and CPU"

390

 dev-cpp/benchmark

391

392

diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask

393

index 5497dea044f9..25a7ce9973b3 100644

394

--- a/profiles/base/package.use.mask

395

+++ b/profiles/base/package.use.mask

396

@@ -6,6 +6,11 @@

397

 # This file is only for generic masks. For arch-specific masks (i.e.

398

 # mask everywhere, unmask on arch/*) use arch/base.

399

400

+# Matt Jolly <Matt.Jolly@××××××××.ninja (2022-09-09)

401

+# app-antivirus/clamav JIT support requires LLVM <=13

402

+# ebuild support is there but currently failing to link

403

+app-antivirus/clamav jit

404

+

405

 # Sam James <sam@g.o> (2022-09-06)

406

 # Incompatible with merged-usr and is a fundamentally flaky approach.

407

 # - app-arch/lbzip2: bug #868318 (possible solution in bug #868651)

408

409

diff --git a/profiles/features/wd40/package.mask b/profiles/features/wd40/package.mask

410

index 7ef53b96fb46..6f46776db0a7 100644

411

--- a/profiles/features/wd40/package.mask

412

+++ b/profiles/features/wd40/package.mask

413

@@ -4,6 +4,7 @@

414

 # Various packages requiring Rust.

415

 app-admin/ansible

416

 app-admin/ansible-core

417

+>=app-antivirus/clamav-0.105.1

418

 app-crypt/acme

419

 app-crypt/certbot

420

 app-crypt/certbot-nginx

1	commit: dba22f4f865daa5dd4a26ce07dabb347bd27f44c
2	Author: Matt Jolly <Matt.Jolly <AT> footclan <DOT> ninja>
3	AuthorDate: Fri Sep 9 02:57:26 2022 +0000
4	Commit: Thomas Raschbacher <lordvan <AT> gentoo <DOT> org>
5	CommitDate: Mon Sep 12 19:39:12 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dba22f4f
7
8	app-antivirus/clamav: add 0.105.1
9
10	Signed-off-by: Matt Jolly <Matt.Jolly <AT> footclan.ninja>
11	Closes: https://github.com/gentoo/gentoo/pull/27153
12	Signed-off-by: Thomas Raschbacher <lordvan <AT> gentoo.org>
13
14	app-antivirus/clamav/Manifest \| 1 +
15	app-antivirus/clamav/clamav-0.105.1.ebuild \| 246 +++++++++++++++++++++
16	.../files/clamav-0.105.1-cmake-llvm-fix.patch \| 73 ++++++
17	app-antivirus/clamav/metadata.xml \| 1 +
18	profiles/arch/hppa/package.mask \| 2 +-
19	profiles/base/package.use.mask \| 5 +
20	profiles/features/wd40/package.mask \| 1 +
21	7 files changed, 328 insertions(+), 1 deletion(-)
22
23	diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest
24	index c25f65795799..563f2972fc66 100644
25	--- a/app-antivirus/clamav/Manifest
26	+++ b/app-antivirus/clamav/Manifest
27	@@ -1,3 +1,4 @@
28	DIST clamav-0.103.6.tar.gz 16491761 BLAKE2B 3c43bcda4a613f81d1b31036e7323a7af7708e54af94ad30a659a8fb318d8f79f357086ce70703659298524d778374df886495cd8c75280bbbe4bae30795a85a SHA512 d39e1964678b8251bde3a9f3db30fe3d3d76cc566a86834297f4dd8489086dc9cc4c6541ca128089159f4c071d2d85b530455bd942987d3929ea0082b8ab272b
29	DIST clamav-0.103.7.tar.gz 16501741 BLAKE2B 49fc1c8c42ee8168dbaec4aa13ab0dfef7fa285e335cb38b17bc020df7400ee1daae49e06ba5b4ae0364d47d707cb83c0b1a8442d5b01d2bba5827606fe27fb4 SHA512 d426169889d94411b20a2c9c9579fc22a15090c9847849822c63fc6b404075feba0ff3663ee1382b2af5300394c7a93669844736f7473bfdce3250e1fd130326
30	DIST clamav-0.104.4.tar.gz 12027448 BLAKE2B e8627b49b46e9bf5669b7186d829fd2caa76d9071b1533da252fea1bdeed1b78ec4a138db8957b0d121df1180eb37a6230f5f0db1e4d3f2de80bf7dddad5b47e SHA512 5aa8abe96ff49548cf74df47a7e56279c3082dc8ca98cab02f64f44b2da0230e75b5f634b3086ba8ca155052cbc22a2a47ab3dd159ae033d3f599dcde1f2420e
31	+DIST clamav-0.105.1.tar.gz 29467856 BLAKE2B be46d9afd76fb536d7de7363a45d38fef6a5983011e3cd0dcc25c2a209c8d37a2bbe1f7f4a5694152cabf622ef83e072b892ae12ba404da1955bb5b654e5216d SHA512 dcaa3eb90e5a8951f1750f0676791c33507206ae0d58a3da0d07f6f86b559799db09a4aed83fbd9d3eed8f1f17654f8304070e6770ba7e02de6f2be2cda65bec
32
33	diff --git a/app-antivirus/clamav/clamav-0.105.1.ebuild b/app-antivirus/clamav/clamav-0.105.1.ebuild
34	new file mode 100644
35	index 000000000000..0d62bc5c14c0
36	--- /dev/null
37	+++ b/app-antivirus/clamav/clamav-0.105.1.ebuild
38	@@ -0,0 +1,246 @@
39	+# Copyright 1999-2022 Gentoo Authors
40	+# Distributed under the terms of the GNU General Public License v2
41	+
42	+EAPI=8
43	+
44	+LLVM_MAX_SLOT=13
45	+PYTHON_COMPAT=( python3_{8..11} )
46	+inherit cmake flag-o-matic llvm python-any-r1 systemd tmpfiles
47	+
48	+DESCRIPTION="Clam Anti-Virus Scanner"
49	+HOMEPAGE="https://www.clamav.net/"
50	+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
51	+
52	+LICENSE="GPL-2"
53	+SLOT="0"
54	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
55	+IUSE="doc clamonacc +clamapp experimental jit libclamav-only milter rar selinux systemd test"
56	+
57	+REQUIRED_USE="libclamav-only? ( !clamonacc !clamapp !milter )
58	+ clamonacc? ( clamapp )
59	+ milter? ( clamapp )
60	+ test? ( !libclamav-only )"
61	+
62	+RESTRICT="!test? ( test )"
63	+
64	+# Require acct-{user,group}/clamav at build time so that we can set
65	+# the permissions on /var/lib/clamav in src_install rather than in
66	+# pkg_postinst; calling "chown" on the live filesystem scares me.
67	+CDEPEND="
68	+ acct-group/clamav
69	+ acct-user/clamav
70	+ app-arch/bzip2
71	+ dev-libs/json-c:=
72	+ dev-libs/libltdl
73	+ dev-libs/libmspack
74	+ dev-libs/libpcre2:=
75	+ dev-libs/libxml2
76	+ dev-libs/openssl:=
77	+ dev-libs/tomsfastmath:=
78	+ >=sys-libs/zlib-1.2.2:=
79	+ virtual/libiconv
80	+ !libclamav-only? ( net-misc/curl )
81	+ clamapp? ( sys-libs/ncurses:= net-misc/curl )
82	+ elibc_musl? ( sys-libs/fts-standalone )
83	+ jit? ( <sys-devel/llvm-$((${LLVM_MAX_SLOT} + 1)):= )
84	+ milter? ( mail-filter/libmilter:= )
85	+ rar? ( app-arch/unrar )
86	+ test? ( dev-python/pytest )
87	+"
88	+
89	+BDEPEND="
90	+ virtual/pkgconfig
91	+ >=virtual/rust-1.56
92	+ doc? ( app-doc/doxygen )
93	+ test? (
94	+ ${PYTHON_DEPS}
95	+ $(python_gen_any_dep 'dev-python/pytest[${PYTHON_USEDEP}]')
96	+ )
97	+"
98	+
99	+DEPEND="${CDEPEND}
100	+ test? ( dev-libs/check )"
101	+
102	+RDEPEND="${CDEPEND}
103	+ selinux? ( sec-policy/selinux-clamav )"
104	+
105	+python_check_deps() {
106	+ python_has_version -b "dev-python/pytest[${PYTHON_USEDEP}]"
107	+}
108	+
109	+pkg_setup() {
110	+ use jit && llvm_pkg_setup
111	+ use test && python-any-r1_pkg_setup
112	+}
113	+
114	+PATCHES=(
115	+ "${FILESDIR}/${P}-cmake-llvm-fix.patch"
116	+)
117	+
118	+src_configure() {
119	+ use elibc_musl && append-ldflags -lfts
120	+ use ppc64 && append-flags -mminimal-toc
121	+
122	+ local mycmakeargs=(
123	+ -DDATABASE_DIRECTORY="${EPREFIX}"/var/lib/clamav
124	+ -DAPP_CONFIG_DIRECTORY="${EPREFIX}"/etc/clamav
125	+ -DENABLE_EXPERIMENTAL=$(usex experimental ON OFF)
126	+ -DENABLE_JSON_SHARED=ON
127	+ -DENABLE_APP=$(usex clamapp ON OFF)
128	+ -DENABLE_MILTER=$(usex milter ON OFF)
129	+ -DENABLE_CLAMONACC=$(usex clamonacc ON OFF)
130	+ -DCLAMAV_USER="clamav"
131	+ -DCLAMAV_GROUP="clamav"
132	+ -DBYTECODE_RUNTIME=$(usex jit llvm interpreter)
133	+ -DOPTIMIZE=ON
134	+ -DENABLE_EXTERNAL_MSPACK=ON
135	+ -DENABLE_EXTERNAL_TOMSFASTMATH=ON
136	+ -DENABLE_MAN_PAGES=ON
137	+ -DENABLE_DOXYGEN=$(usex doc)
138	+ -DENABLE_UNRAR=$(usex rar ON OFF)
139	+ -DENABLE_TESTS=$(usex test ON OFF)
140	+ -DENABLE_STATIC_LIB=OFF
141	+ -DENABLE_SHARED_LIB=ON
142	+ -DENABLE_SYSTEMD=$(usex systemd ON OFF)
143	+ )
144	+
145	+ if use test ; then
146	+ # https://bugs.gentoo.org/818673
147	+ # Used to enable some more tests but doesn't behave well in
148	+ # sandbox necessarily(?) + needs certain debug symbols present
149	+ # in e.g. glibc.
150	+ mycmakeargs+=( -DCMAKE_DISABLE_FIND_PACKAGE_Valgrind=ON )
151	+ fi
152	+
153	+ if use jit ; then
154	+ # Suppress CMake warnings that variables aren't consumed if we aren't using LLVM
155	+ # https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md#llvm-optional-see-bytecode-runtime-section
156	+ # https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md#bytecode-runtime
157	+ mycmakeargs+=(
158	+ -DLLVM_ROOT_DIR="$(get_llvm_prefix -d ${LLVM_MAX_SLOT})"
159	+ -DLLVM_FIND_VERSION="$(best_version sys-devel/llvm:${LLVM_MAX_SLOT} \| cut -c 16-)"
160	+ )
161	+ fi
162	+
163	+ cmake_src_configure
164	+}
165	+
166	+src_install() {
167	+ cmake_src_install
168	+ # init scripts
169	+ newinitd "${FILESDIR}/clamd.initd" clamd
170	+ newinitd "${FILESDIR}/freshclam.initd" freshclam
171	+ use clamonacc && \
172	+ newinitd "${FILESDIR}/clamonacc.initd" clamonacc
173	+ use milter && \
174	+ newinitd "${FILESDIR}/clamav-milter.initd" clamav-milter
175	+
176	+ rm -rf "${ED}"/var/lib/clamav \|\| die
177	+
178	+ if ! use libclamav-only ; then
179	+ if use systemd ; then
180	+ # The tmpfiles entry is behind USE=systemd because the
181	+ # upstream OpenRC service files should (and do) ensure that
182	+ # the directories they need exist and have the correct
183	+ # permissions without the help of opentmpfiles. There are
184	+ # years-old root exploits in opentmpfiles, the design is
185	+ # fundamentally flawed, and the maintainer is not up to
186	+ # the task of fixing it.
187	+ dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf"
188	+ systemd_newunit "${FILESDIR}/clamd_at.service-0.104.0" "clamd@.service"
189	+ systemd_dounit "${FILESDIR}/clamd.service"
190	+ systemd_newunit "${FILESDIR}/freshclamd.service-r1" \
191	+ "freshclamd.service"
192	+ fi
193	+
194	+ if use clamapp ; then
195	+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
196	+ sed -e "s:^\(Example\):\# \1:" \
197	+ -e "s/^#\(PidFile .*\)/\1/" \
198	+ -e "s/^#\(LocalSocket .*\)/\1/" \
199	+ -e "s/^#\(User .*\)/\1/" \
200	+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
201	+ -e "s:^\#\(LogTime\).*:\1 yes:" \
202	+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \
203	+ "${ED}"/etc/clamav/clamd.conf.sample > \
204	+ "${ED}"/etc/clamav/clamd.conf \|\| die
205	+
206	+ sed -e "s:^\(Example\):\# \1:" \
207	+ -e "s/^#\(PidFile .*\)/\1/" \
208	+ -e "s/^#\(DatabaseOwner .*\)/\1/" \
209	+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
210	+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamav/clamd.conf:" \
211	+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
212	+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \
213	+ "${ED}"/etc/clamav/freshclam.conf.sample > \
214	+ "${ED}"/etc/clamav/freshclam.conf \|\| die
215	+
216	+ if use milter ; then
217	+ # Note: only keep the "unix" ClamdSocket and MilterSocket!
218	+ sed -e "s:^\(Example\):\# \1:" \
219	+ -e "s/^#\(PidFile .*\)/\1/" \
220	+ -e "s/^#\(ClamdSocket unix:.*\)/\1/" \
221	+ -e "s/^#\(User .*\)/\1/" \
222	+ -e "s/^#\(MilterSocket unix:.*\)/\1/" \
223	+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
224	+ "${ED}"/etc/clamav/clamav-milter.conf.sample > \
225	+ "${ED}"/etc/clamav/clamav-milter.conf \|\| die
226	+
227	+ systemd_newunit "${FILESDIR}/clamav-milter.service-0.104.0" clamav-milter.service
228	+ fi
229	+
230	+ local i
231	+ for i in clamd freshclam clamav-milter
232	+ do
233	+ if [[ -f "${ED}"/etc/"${i}".conf.sample ]] ; then
234	+ mv "${ED}"/etc/"${i}".conf{.sample,} \|\| die
235	+ fi
236	+ done
237	+
238	+ # These both need to be writable by the clamav user.
239	+ # TODO: use syslog by default; that's what it's for.
240	+ diropts -o clamav -g clamav
241	+ keepdir /var/lib/clamav
242	+ keepdir /var/log/clamav
243	+ fi
244	+ fi
245	+
246	+ if use doc ; then
247	+ local HTML_DOCS=( docs/html/. )
248	+ einstalldocs
249	+ fi
250	+
251	+ # Don't install man pages for utilities we didn't install
252	+ if use libclamav-only ; then
253	+ rm -r "${ED}"/usr/share/man \|\| die
254	+ fi
255	+
256	+ find "${ED}" -name '*.la' -delete \|\| die
257	+}
258	+
259	+pkg_postinst() {
260	+ if ! use libclamav-only ; then
261	+ if use systemd ; then
262	+ tmpfiles_process clamav.conf
263	+ fi
264	+ fi
265	+
266	+ if use milter ; then
267	+ elog "For simple instructions how to setup the clamav-milter read the"
268	+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
269	+ fi
270	+
271	+ local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )
272	+ if [[ ! -f "${databases}" ]] ; then
273	+ ewarn "You must run freshclam manually to populate the virus database"
274	+ ewarn "before starting clamav for the first time."
275	+ fi
276	+
277	+ if ! systemd_is_booted ; then
278	+ ewarn "This version of ClamAV provides separate OpenRC services"
279	+ ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The"
280	+ ewarn "clamd service now starts only the clamd daemon itself. You"
281	+ ewarn "should add freshclam (and perhaps clamav-milter) to any"
282	+ ewarn "runlevels that previously contained clamd."
283	+ fi
284	+}
285
286	diff --git a/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch b/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch
287	new file mode 100644
288	index 000000000000..b73a2e066ef1
289	--- /dev/null
290	+++ b/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch
291	@@ -0,0 +1,73 @@
292	+clamav 0.105.1 doesn't support LLVM version detection
293	+
294	+See: https://github.com/Cisco-Talos/clamav/pull/692
295	+
296	+--- a/CMakeLists.txt
297	++++ b/CMakeLists.txt
298	+@@ -480,39 +480,43 @@ find_package(JSONC REQUIRED)
299	+ # Set variable required by libclamav to use libjson-c
300	+ set(HAVE_JSON 1)
301	+
302	++set(LLVM_MAX_VER "14.0.0")
303	++set(LLVM_MIN_VER "8.0.0")
304	++
305	+ string (TOLOWER ${BYTECODE_RUNTIME} bytecodeRuntime)
306	+ if(${bytecodeRuntime} STREQUAL "llvm")
307	+- set (LLVM_FIND_VERSION "8.0.0")
308	+- find_package(LLVM REQUIRED)
309	++ if(DEFINED LLVM_ROOT_DIR AND DEFINED LLVM_FIND_VERSION)
310	++ find_package(LLVM EXACT ${LLVM_FIND_VERSION} REQUIRED HINTS ${LLVM_ROOT_DIR})
311	++ elseif(DEFINED LLVM_ROOT_DIR)
312	++ find_package(LLVM REQUIRED HINTS ${LLVM_ROOT_DIR})
313	++ elseif(DEFINED LLVM_FIND_VERSION)
314	++ find_package(LLVM EXACT ${LLVM_FIND_VERSION} REQUIRED)
315	++ else()
316	++ set (LLVM_FIND_VERSION ${LLVM_MIN_VER})
317	++ find_package(LLVM REQUIRED)
318	++ endif()
319	+ if(LLVM_FOUND)
320	+ if (LLVM_AVAILABLE_LIBS)
321	+- # Found using LLVMConfig.cmake
322	+- message("LLVM found using LLVMConfig.cmake")
323	+- set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})
324	++ message(STATUS "LLVM found using LLVMConfig.cmake")
325	+ set(LLVM_LIBRARIES ${LLVM_AVAILABLE_LIBS})
326	+-
327	+- if (${LLVM_PACKAGE_VERSION} VERSION_LESS "8.0.0")
328	+- message(FATAL "LLVM version ${LLVM_PACKAGE_VERSION} is too old")
329	+- endif()
330	+-
331	+ else()
332	+- # Found using FindLLVM.cmake
333	+- message("LLVM found using FindLLVM.cmake")
334	+-
335	+- # Set variable required by libclamav to use llvm instead of interpreter
336	+- set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})
337	+- message("LLVM_FOUND ${LLVM_FOUND}")
338	++ message(STATUS "LLVM found using FindLLVM.cmake")
339	++ set(LLVM_PACKAGE_VERSION ${LLVM_VERSION_STRING})
340	+
341	+- if (${LLVM_VERSION_STRING} VERSION_GREATER_EQUAL "9.0.0")
342	+- if (${LLVM_VERSION_STRING} VERSION_LESS "10.0.0")
343	+- set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DNDEBUG")
344	+- endif()
345	++ if (${LLVM_VERSION_STRING} VERSION_GREATER_EQUAL "9.0.0" AND ${LLVM_VERSION_STRING} VERSION_LESS "10.0.0")
346	++ set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DNDEBUG")
347	+ endif()
348	++ endif()
349	+
350	+- if (${LLVM_VERSION_STRING} VERSION_LESS "8.0.0")
351	+- message(FATAL "LLVM version ${LLVM_VERSION_STRING} is too old")
352	+- endif()
353	++ if (${LLVM_PACKAGE_VERSION} VERSION_LESS ${LLVM_MIN_VER})
354	++ message(FATAL_ERROR "LLVM version ${LLVM_PACKAGE_VERSION} is too old")
355	++ elseif (${LLVM_PACKAGE_VERSION} VERSION_GREATER_EQUAL ${LLVM_MAX_VER} )
356	++ message(FATAL_ERROR "LLVM version ${LLVM_PACKAGE_VERSION} is too new")
357	++ else()
358	++ message(STATUS "LLVM version ${LLVM_PACKAGE_VERSION} found")
359	+ endif()
360	++ # Set variable required by libclamav to use llvm instead of interpreter
361	++ set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})
362	+ endif()
363	+ endif()
364	+
365
366	diff --git a/app-antivirus/clamav/metadata.xml b/app-antivirus/clamav/metadata.xml
367	index 7a3fe540cf8d..ea313c4a9868 100644
368	--- a/app-antivirus/clamav/metadata.xml
369	+++ b/app-antivirus/clamav/metadata.xml
370	@@ -16,6 +16,7 @@
371	<flag name="clamonacc">Build the clamonacc on-access scanner</flag>
372	<flag name="clamdtop">A Top like tool which shows what clamd is currently scanning amongst other things</flag>
373	<flag name="clamsubmit">A tool to submit false positives / negatives</flag>
374	+ <flag name="experimental">Enable experimental features</flag>
375	<flag name="libclamav-only">Bypass building of libfreshclam and the ClamAV CLI applications.</flag>
376	<flag name="metadata-analysis-api">Enables collection of file property metadata using ClamAV API for analysis by ClamAV bytecode programs.</flag>
377	<flag name="xml">DMG and XAR support</flag>
378
379	diff --git a/profiles/arch/hppa/package.mask b/profiles/arch/hppa/package.mask
380	index b6b7d0f1baa3..1ff307a672b3 100644
381	--- a/profiles/arch/hppa/package.mask
382	+++ b/profiles/arch/hppa/package.mask
383	@@ -2,6 +2,6 @@
384	# Distributed under the terms of the GNU General Public License v2
385
386	# Quote from <eike@×××××.de>:
387	-# "Compilation fails with: #error You need to define CycleTimer for
388	+# "Compilation fails with: #error You need to define CycleTimer for
389	# your OS and CPU"
390	dev-cpp/benchmark
391
392	diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask
393	index 5497dea044f9..25a7ce9973b3 100644
394	--- a/profiles/base/package.use.mask
395	+++ b/profiles/base/package.use.mask
396	@@ -6,6 +6,11 @@
397	# This file is only for generic masks. For arch-specific masks (i.e.
398	# mask everywhere, unmask on arch/*) use arch/base.
399
400	+# Matt Jolly <Matt.Jolly@××××××××.ninja (2022-09-09)
401	+# app-antivirus/clamav JIT support requires LLVM <=13
402	+# ebuild support is there but currently failing to link
403	+app-antivirus/clamav jit
404	+
405	# Sam James <sam@g.o> (2022-09-06)
406	# Incompatible with merged-usr and is a fundamentally flaky approach.
407	# - app-arch/lbzip2: bug #868318 (possible solution in bug #868651)
408
409	diff --git a/profiles/features/wd40/package.mask b/profiles/features/wd40/package.mask
410	index 7ef53b96fb46..6f46776db0a7 100644
411	--- a/profiles/features/wd40/package.mask
412	+++ b/profiles/features/wd40/package.mask
413	@@ -4,6 +4,7 @@
414	# Various packages requiring Rust.
415	app-admin/ansible
416	app-admin/ansible-core
417	+>=app-antivirus/clamav-0.105.1
418	app-crypt/acme
419	app-crypt/certbot
420	app-crypt/certbot-nginx

Gentoo Archives: gentoo-commits