1 |
commit: 5e66ceb053b88d41ef3a76fdecd3144495d62976 |
2 |
Author: Hank Leininger <hlein <AT> korelogic <DOT> com> |
3 |
AuthorDate: Sun Jun 27 18:11:39 2021 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jun 29 04:12:01 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e66ceb0 |
7 |
|
8 |
app-antivirus/clamav: fix logrotate file deployed when USE=milter |
9 |
|
10 |
command -v writes to stdout, not stderr, so the check for openrc/systemd |
11 |
was generating output and emails. |
12 |
|
13 |
Signed-off-by: Hank Leininger <hlein <AT> korelogic.com> |
14 |
Closes: https://bugs.gentoo.org/798933 |
15 |
Package-Manager: Portage-3.0.20, Repoman-3.0.3 |
16 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
17 |
|
18 |
app-antivirus/clamav/clamav-0.103.3-r1.ebuild | 234 +++++++++++++++++++++ |
19 |
.../clamav/files/clamav-milter.logrotate-r1 | 25 +++ |
20 |
2 files changed, 259 insertions(+) |
21 |
|
22 |
diff --git a/app-antivirus/clamav/clamav-0.103.3-r1.ebuild b/app-antivirus/clamav/clamav-0.103.3-r1.ebuild |
23 |
new file mode 100644 |
24 |
index 00000000000..5fcae6ee66c |
25 |
--- /dev/null |
26 |
+++ b/app-antivirus/clamav/clamav-0.103.3-r1.ebuild |
27 |
@@ -0,0 +1,234 @@ |
28 |
+# Copyright 1999-2021 Gentoo Authors |
29 |
+# Distributed under the terms of the GNU General Public License v2 |
30 |
+ |
31 |
+EAPI=7 |
32 |
+ |
33 |
+inherit autotools flag-o-matic systemd tmpfiles |
34 |
+ |
35 |
+DESCRIPTION="Clam Anti-Virus Scanner" |
36 |
+HOMEPAGE="https://www.clamav.net/" |
37 |
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz" |
38 |
+ |
39 |
+LICENSE="GPL-2" |
40 |
+SLOT="0" |
41 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" |
42 |
+IUSE="bzip2 doc clamonacc clamdtop clamsubmit iconv ipv6 libclamav-only milter metadata-analysis-api selinux systemd test uclibc xml" |
43 |
+ |
44 |
+REQUIRED_USE="libclamav-only? ( !clamonacc !clamdtop !clamsubmit !milter !metadata-analysis-api )" |
45 |
+ |
46 |
+RESTRICT="!test? ( test )" |
47 |
+ |
48 |
+# Require acct-{user,group}/clamav at build time so that we can set |
49 |
+# the permissions on /var/lib/clamav in src_install rather than in |
50 |
+# pkg_postinst; calling "chown" on the live filesystem scares me. |
51 |
+CDEPEND="acct-group/clamav |
52 |
+ acct-user/clamav |
53 |
+ dev-libs/libltdl |
54 |
+ dev-libs/libmspack |
55 |
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 ) |
56 |
+ dev-libs/tomsfastmath |
57 |
+ >=sys-libs/zlib-1.2.2:= |
58 |
+ bzip2? ( app-arch/bzip2 ) |
59 |
+ clamdtop? ( sys-libs/ncurses:0 ) |
60 |
+ clamsubmit? ( net-misc/curl dev-libs/json-c:= ) |
61 |
+ elibc_musl? ( sys-libs/fts-standalone ) |
62 |
+ iconv? ( virtual/libiconv ) |
63 |
+ !libclamav-only? ( net-misc/curl ) |
64 |
+ dev-libs/openssl:0= |
65 |
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) ) |
66 |
+ xml? ( dev-libs/libxml2 )" |
67 |
+ |
68 |
+# We need at least autoconf-2.69-r5 because that's the first (patched) |
69 |
+# version of it in Gentoo that supports ./configure --runstatedir. |
70 |
+BDEPEND=">=sys-devel/autoconf-2.69-r5 |
71 |
+ virtual/pkgconfig" |
72 |
+ |
73 |
+DEPEND="${CDEPEND} |
74 |
+ metadata-analysis-api? ( dev-libs/json-c:* ) |
75 |
+ test? ( dev-libs/check )" |
76 |
+RDEPEND="${CDEPEND} |
77 |
+ selinux? ( sec-policy/selinux-clamav )" |
78 |
+ |
79 |
+PATCHES=( |
80 |
+ "${FILESDIR}/${PN}-0.102.1-libxml2_pkgconfig.patch" #661328 |
81 |
+ "${FILESDIR}/${PN}-0.102.2-fix-curl-detection.patch" #709616 |
82 |
+ "${FILESDIR}/${PN}-0.103.0-system-tomsfastmath.patch" # 649394 |
83 |
+ "${FILESDIR}/${PN}-0.103.1-upstream-openrc.patch" |
84 |
+) |
85 |
+ |
86 |
+src_prepare() { |
87 |
+ default |
88 |
+ |
89 |
+ # Be extra sure that we're using the system copy of tomsfastmath |
90 |
+ einfo "removing bundled copy of dev-libs/tomsfastmath" |
91 |
+ rm -r libclamav/tomsfastmath || \ |
92 |
+ die "failed to remove bundled tomsfastmath" |
93 |
+ |
94 |
+ AT_NO_RECURSIVE="yes" eautoreconf |
95 |
+} |
96 |
+ |
97 |
+src_configure() { |
98 |
+ use elibc_musl && append-ldflags -lfts |
99 |
+ use ppc64 && append-flags -mminimal-toc |
100 |
+ use uclibc && export ac_cv_type_error_t=yes |
101 |
+ |
102 |
+ # according to configure help it should be |
103 |
+ # $(use_enable xml) |
104 |
+ # but that does not work |
105 |
+ # do not add this, since --disable-xml seems to override |
106 |
+ # --without-xml |
107 |
+ JSONUSE="--without-libjson" |
108 |
+ |
109 |
+ if use clamsubmit || use metadata-analysis-api; then |
110 |
+ # either of those 2 requires libjson. |
111 |
+ # clamsubmit will be built as soon as libjson and curl are found |
112 |
+ # but we only install the binary if requested |
113 |
+ JSONUSE="--with-libjson=${EPREFIX}/usr" |
114 |
+ fi |
115 |
+ |
116 |
+ local myeconfargs=( |
117 |
+ $(use_enable bzip2) |
118 |
+ $(use_enable clamonacc) |
119 |
+ $(use_enable clamdtop) |
120 |
+ $(use_enable ipv6) |
121 |
+ $(use_enable milter) |
122 |
+ $(use_enable test check) |
123 |
+ $(use_with xml) |
124 |
+ $(use_with iconv) |
125 |
+ ${JSONUSE} |
126 |
+ $(use_enable libclamav-only) |
127 |
+ $(use_with !libclamav-only libcurl) |
128 |
+ --with-system-libmspack |
129 |
+ --cache-file="${S}"/config.cache |
130 |
+ --disable-experimental |
131 |
+ --disable-static |
132 |
+ --disable-zlib-vcheck |
133 |
+ --enable-id-check |
134 |
+ --with-dbdir="${EPREFIX}"/var/lib/clamav |
135 |
+ # Don't call --with-zlib=/usr (see bug #699296) |
136 |
+ --with-zlib |
137 |
+ --disable-llvm |
138 |
+ --enable-openrc |
139 |
+ --runstatedir=/run |
140 |
+ ) |
141 |
+ econf "${myeconfargs[@]}" |
142 |
+} |
143 |
+ |
144 |
+src_install() { |
145 |
+ default |
146 |
+ |
147 |
+ rm -rf "${ED}"/var/lib/clamav || die |
148 |
+ |
149 |
+ if ! use libclamav-only ; then |
150 |
+ if use systemd; then |
151 |
+ # The tmpfiles entry is behind USE=systemd because the |
152 |
+ # upstream OpenRC service files should (and do) ensure that |
153 |
+ # the directories they need exist and have the correct |
154 |
+ # permissions without the help of opentmpfiles. There are |
155 |
+ # years-old root exploits in opentmpfiles, the design is |
156 |
+ # fundamentally flawed, and the maintainer is not up to |
157 |
+ # the task of fixing it. |
158 |
+ dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf" |
159 |
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service" |
160 |
+ systemd_dounit "${FILESDIR}/clamd.service" |
161 |
+ systemd_newunit "${FILESDIR}/freshclamd.service-r1" \ |
162 |
+ "freshclamd.service" |
163 |
+ fi |
164 |
+ |
165 |
+ insinto /etc/logrotate.d |
166 |
+ newins "${FILESDIR}/clamd.logrotate" clamd |
167 |
+ newins "${FILESDIR}/freshclam.logrotate" freshclam |
168 |
+ use milter && \ |
169 |
+ newins "${FILESDIR}/clamav-milter.logrotate-r1" clamav-milter |
170 |
+ |
171 |
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box |
172 |
+ sed -i -e "s:^\(Example\):\# \1:" \ |
173 |
+ -e "s/^#\(PidFile .*\)/\1/" \ |
174 |
+ -e "s/^#\(LocalSocket .*\)/\1/" \ |
175 |
+ -e "s/^#\(User .*\)/\1/" \ |
176 |
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \ |
177 |
+ -e "s:^\#\(LogTime\).*:\1 yes:" \ |
178 |
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \ |
179 |
+ "${ED}"/etc/clamd.conf.sample || die |
180 |
+ |
181 |
+ sed -i -e "s:^\(Example\):\# \1:" \ |
182 |
+ -e "s/^#\(PidFile .*\)/\1/" \ |
183 |
+ -e "s/^#\(DatabaseOwner .*\)/\1/" \ |
184 |
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \ |
185 |
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \ |
186 |
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \ |
187 |
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \ |
188 |
+ "${ED}"/etc/freshclam.conf.sample || die |
189 |
+ |
190 |
+ if use milter ; then |
191 |
+ # Note: only keep the "unix" ClamdSocket and MilterSocket! |
192 |
+ sed -i -e "s:^\(Example\):\# \1:" \ |
193 |
+ -e "s/^#\(PidFile .*\)/\1/" \ |
194 |
+ -e "s/^#\(ClamdSocket unix:.*\)/\1/" \ |
195 |
+ -e "s/^#\(User .*\)/\1/" \ |
196 |
+ -e "s/^#\(MilterSocket unix:.*\)/\1/" \ |
197 |
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \ |
198 |
+ "${ED}"/etc/clamav-milter.conf.sample || die |
199 |
+ |
200 |
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF |
201 |
+ MILTER_NICELEVEL=19 |
202 |
+ START_MILTER=no |
203 |
+ EOF |
204 |
+ |
205 |
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service |
206 |
+ fi |
207 |
+ |
208 |
+ local i |
209 |
+ for i in clamd freshclam clamav-milter |
210 |
+ do |
211 |
+ if [[ -f "${ED}"/etc/"${i}".conf.sample ]]; then |
212 |
+ mv "${ED}"/etc/"${i}".conf{.sample,} || die |
213 |
+ fi |
214 |
+ done |
215 |
+ |
216 |
+ # These both need to be writable by the clamav user. |
217 |
+ # TODO: use syslog by default; that's what it's for. |
218 |
+ diropts -o clamav -g clamav |
219 |
+ keepdir /var/lib/clamav |
220 |
+ keepdir /var/log/clamav |
221 |
+ fi |
222 |
+ |
223 |
+ if use doc ; then |
224 |
+ local HTML_DOCS=( docs/html/. ) |
225 |
+ einstalldocs |
226 |
+ |
227 |
+ if ! use libclamav-only ; then |
228 |
+ doman docs/man/*.[1-8] |
229 |
+ fi |
230 |
+ fi |
231 |
+ |
232 |
+ find "${ED}" -name '*.la' -delete || die |
233 |
+} |
234 |
+ |
235 |
+src_test() { |
236 |
+ if use libclamav-only ; then |
237 |
+ ewarn "Test target not available when USE=libclamav-only is set, skipping tests ..." |
238 |
+ return 0 |
239 |
+ fi |
240 |
+ |
241 |
+ emake quick-check |
242 |
+} |
243 |
+ |
244 |
+pkg_postinst() { |
245 |
+ if use milter ; then |
246 |
+ elog "For simple instructions how to setup the clamav-milter read the" |
247 |
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}" |
248 |
+ fi |
249 |
+ |
250 |
+ local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d ) |
251 |
+ if [[ ! -f "${databases}" ]] ; then |
252 |
+ ewarn "You must run freshclam manually to populate the virus database" |
253 |
+ ewarn "before starting clamav for the first time." |
254 |
+ fi |
255 |
+ |
256 |
+ ewarn "This version of ClamAV provides separate OpenRC services" |
257 |
+ ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The" |
258 |
+ ewarn "clamd service now starts only the clamd daemon itself. You" |
259 |
+ ewarn "should add freshclam (and perhaps clamav-milter) to any" |
260 |
+ ewarn "runlevels that previously contained clamd." |
261 |
+} |
262 |
|
263 |
diff --git a/app-antivirus/clamav/files/clamav-milter.logrotate-r1 b/app-antivirus/clamav/files/clamav-milter.logrotate-r1 |
264 |
new file mode 100644 |
265 |
index 00000000000..8d2f31a852a |
266 |
--- /dev/null |
267 |
+++ b/app-antivirus/clamav/files/clamav-milter.logrotate-r1 |
268 |
@@ -0,0 +1,25 @@ |
269 |
+# This script is intended to rotate the logs for clamav-milter in its |
270 |
+# default configuration on Gentoo, where clamav-milter writes to its |
271 |
+# own log file but does not rotate that file itself. The clamav-milter |
272 |
+# daemon is capable of rotating its own logs; if you have "LogRotate |
273 |
+# yes" in clamav-milter.conf then you do not need this script (and |
274 |
+# should disable it). Likewise, if you are logging to syslog |
275 |
+# (LogSyslog yes), this is redundant. |
276 |
+# |
277 |
+# This is more complicated than the clamd/freshclam scripts because |
278 |
+# the milter doesn't yet reopen its log files when it receives a |
279 |
+# SIGHUP. See https://bugzilla.clamav.net/show_bug.cgi?id=12615 |
280 |
+# for that. Instead we have to attempt OpenRC/systemd service |
281 |
+# restarts on (only) the machines that support them. |
282 |
+/var/log/clamav/clamav-milter.log { |
283 |
+ su clamav clamav |
284 |
+ missingok |
285 |
+ postrotate |
286 |
+ if command -v rc-service >/dev/null; then |
287 |
+ rc-service clamav-milter status 2>/dev/null 1>&2 && rc-service clamav-milter restart 1>/dev/null |
288 |
+ fi |
289 |
+ if command -v systemctl >/dev/null; then |
290 |
+ systemctl try-restart clamav-milter |
291 |
+ fi |
292 |
+ endscript |
293 |
+} |