From 2acaca9dc43feb572f810a803d64c745296837ad Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Mon, 1 Feb 2016 15:21:17 -0800 Subject: [PATCH 01/17] Remove Cane and LOC tasks --- Gemfile | 18 ++++++------------ Rakefile | 12 +----------- 2 files changed, 7 insertions(+), 23 deletions(-) diff --git a/Gemfile b/Gemfile index d3156b5..8cd0ec4 100644 --- a/Gemfile +++ b/Gemfile @@ -7,32 +7,26 @@ group :development do gem 'guard' gem 'guard-rspec' gem 'guard-kitchen' + gem 'guard-foodcritic' end group :test do gem 'rake' - gem 'cane' - gem 'countloc' gem 'rubocop' gem 'foodcritic' - gem 'guard-foodcritic' - gem 'rspec', '>= 3' - gem 'chefspec', '>= 4' + gem 'rspec' + gem 'chefspec' gem 'simplecov' gem 'simplecov-console' gem 'coveralls' gem 'fauxhai' gem 'test-kitchen' - gem 'kitchen-digitalocean', '>= 0.8.0' - gem 'fog' + gem 'kitchen-digitalocean' gem 'kitchen-vagrant' - # TODO: This can go away when ChefDK comes with 1.6.4+ - # (See https://github.com/chef/chef-dk/issues/278) - gem 'nokogiri', '< 1.6.4' end group :integration do - gem 'serverspec', '>= 2' + gem 'serverspec' gem 'cucumber' end @@ -42,5 +36,5 @@ end group :production do gem 'chef', '>= 11' - gem 'berkshelf', '>= 3' + gem 'berkshelf' end diff --git a/Rakefile b/Rakefile index ba06eb0..1d99b95 100755 --- a/Rakefile +++ b/Rakefile @@ -1,25 +1,15 @@ # Encoding: UTF-8 require 'rubygems' -require 'English' require 'bundler/setup' require 'rubocop/rake_task' -require 'cane/rake_task' require 'rspec/core/rake_task' require 'foodcritic' require 'kitchen/rake_tasks' require 'stove/rake_task' -Cane::RakeTask.new - RuboCop::RakeTask.new -desc 'Display LOC stats' -task :loc do - puts "\n## LOC Stats" - Kernel.system 'countloc -r .' -end - FoodCritic::Rake::LintTask.new do |f| f.options = { fail_tags: %w(any) } end @@ -30,4 +20,4 @@ Kitchen::RakeTasks.new Stove::RakeTask.new -task default: %w(cane rubocop loc foodcritic spec) +task default: %w(rubocop foodcritic spec) From 6e84446be032e223e7790e0662d084ca35564a98 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Mon, 1 Feb 2016 15:39:51 -0800 Subject: [PATCH 02/17] Remove the additional (dead) Ubuntu repo --- CHANGELOG.md | 1 + recipes/install_deb.rb | 9 --------- spec/recipes/install_deb_spec.rb | 15 --------------- 3 files changed, 1 insertion(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b00226d..ff3461e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ClamAV Cookbook CHANGELOG v?.?.? (????-??-??) ------------------- +* Remove the additional Ubuntu repo; it was shut down 2016/01/30 v1.2.0 (2015-05-07) ------------------- diff --git a/recipes/install_deb.rb b/recipes/install_deb.rb index 68211c2..19091dd 100644 --- a/recipes/install_deb.rb +++ b/recipes/install_deb.rb @@ -21,15 +21,6 @@ include_recipe 'apt' include_recipe "#{cookbook_name}::services" -apt_repository 'clamav-repo' do - uri 'http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu' - distribution node['lsb']['codename'] - components ['main'] - keyserver 'keyserver.ubuntu.com' - key '5ADC2037' - only_if { node['platform'] == 'ubuntu' } -end - package 'clamav' do action :install version node['clamav']['version'] if node['clamav']['version'] diff --git a/spec/recipes/install_deb_spec.rb b/spec/recipes/install_deb_spec.rb index 8fed6ec..166b294 100644 --- a/spec/recipes/install_deb_spec.rb +++ b/spec/recipes/install_deb_spec.rb @@ -16,21 +16,6 @@ let(:chef_run) { runner.converge(described_recipe) } shared_examples_for 'any node' do - it 'sets up the ClamAV APT repo' do - expect(chef_run).to create_apt_repository('clamav-repo').with( - uri: 'http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu', - distribution: 'precise', - components: %w(main), - keyserver: 'keyserver.ubuntu.com', - key: '5ADC2037' - ) - end - - it 'sends a notification to "apt-get update"' do - e = 'execute[apt-get update]' - expect(chef_run.apt_repository('clamav-repo')).to notify(e).to(:run) - end - it 'installs the pertinent packages' do packages.each do |p| expect(chef_run).to install_package(p) From 88943a2679e8da689bee28ed49e4bea1f5e52cc0 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Mon, 1 Feb 2016 15:43:27 -0800 Subject: [PATCH 03/17] Delete YARD and Guard references --- Gemfile | 10 +--------- Guardfile | 28 ---------------------------- 2 files changed, 1 insertion(+), 37 deletions(-) delete mode 100644 Guardfile diff --git a/Gemfile b/Gemfile index 8cd0ec4..2d74f10 100644 --- a/Gemfile +++ b/Gemfile @@ -2,18 +2,10 @@ source 'https://rubygems.org' -group :development do - gem 'yard-chef' - gem 'guard' - gem 'guard-rspec' - gem 'guard-kitchen' - gem 'guard-foodcritic' -end - group :test do gem 'rake' gem 'rubocop' - gem 'foodcritic' + gem 'foodcritic', '~> 6.0' gem 'rspec' gem 'chefspec' gem 'simplecov' diff --git a/Guardfile b/Guardfile deleted file mode 100644 index 75bca0f..0000000 --- a/Guardfile +++ /dev/null @@ -1,28 +0,0 @@ -# Encoding: UTF-8 - -guard :rspec, all_on_start: true, notification: false do - watch(%r{^spec/.+_spec\.rb$}) - watch('spec/spec_helper.rb') { 'spec' } - - watch(%r{^recipes/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" } - watch(%r{^attributes/(.+)\.rb$}) - watch(%r{^files/(.+)}) - watch(%r{^templates/(.+)}) - watch(%r{^providers/(.+)\.rb}) - watch(%r{^resources/(.+)\.rb}) - watch(%r{^libraries/(.+)\.rb}) -end - -# guard :foodcritic, cookbook_paths: '.', cli: '-t ~FC023 -f any' do -# watch(/^.*\.rb$/) -# end - -# guard :kitchen do -# watch(/test\/.+/) -# watch(/^recipes\/(.+)\.rb$/) -# watch(/^attributes\/(.+)\.rb$/) -# watch(/^files\/(.+)/) -# watch(/^templates\/(.+)/) -# watch(/^providers\/(.+)\.rb/) -# watch(/^resources\/(.+)\.rb/) -# end From 689d4b9059352be99c549122b4d9b739f9bd8d8c Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Mon, 1 Feb 2016 15:49:45 -0800 Subject: [PATCH 04/17] Resolve RuboCop offenses --- .rubocop.yml | 3 --- recipes/clamav_scan.rb | 10 ++++++---- recipes/freshclam.rb | 8 +++----- 3 files changed, 9 insertions(+), 12 deletions(-) delete mode 100644 .rubocop.yml diff --git a/.rubocop.yml b/.rubocop.yml deleted file mode 100644 index 0e082ec..0000000 --- a/.rubocop.yml +++ /dev/null @@ -1,3 +0,0 @@ -SingleSpaceBeforeFirstArg: - Exclude: - - "**/metadata.rb" diff --git a/recipes/clamav_scan.rb b/recipes/clamav_scan.rb index 3ff5ea9..2d9aefc 100644 --- a/recipes/clamav_scan.rb +++ b/recipes/clamav_scan.rb @@ -26,14 +26,17 @@ only_if { node['clamav']['scan']['script']['enable'] } end +script_path = node['clamav']['scan']['script']['path'] +min_dirs = node['clamav']['scan']['minimal']['dirs'] +full_dirs = node['clamav']['scan']['full']['dirs'] + cron_d 'clamav_minimal_scan' do minute node['clamav']['scan']['minimal']['minute'] hour node['clamav']['scan']['minimal']['hour'] weekday node['clamav']['scan']['minimal']['weekday'] user node['clamav']['scan']['user'] mailto node['clamav']['scan']['mailto'] - command "#{node['clamav']['scan']['script']['path']} " + - node['clamav']['scan']['minimal']['dirs'] + command "#{script_path} #{min_dirs}" only_if { node['clamav']['scan']['minimal']['enable'] } end @@ -43,7 +46,6 @@ weekday node['clamav']['scan']['full']['weekday'] user node['clamav']['scan']['user'] mailto node['clamav']['scan']['mailto'] - command "#{node['clamav']['scan']['script']['path']} " + - node['clamav']['scan']['full']['dirs'] + command "#{script_path} #{full_dirs}" only_if { node['clamav']['scan']['full']['enable'] } end diff --git a/recipes/freshclam.rb b/recipes/freshclam.rb index da52582..3714e57 100644 --- a/recipes/freshclam.rb +++ b/recipes/freshclam.rb @@ -29,11 +29,9 @@ recursive true end -if node['clamav']['clamd']['enabled'] - notify = File.expand_path("#{node['clamav']['conf_dir']}/clamd.conf") -else - notify = nil -end +notify = if node['clamav']['clamd']['enabled'] + File.expand_path("#{node['clamav']['conf_dir']}/clamd.conf") + end template "#{node['clamav']['conf_dir']}/freshclam.conf" do owner node['clamav']['user'] From 04b600f8255ce6098ac67cd96257068fc4acec4a Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Mon, 1 Feb 2016 15:56:44 -0800 Subject: [PATCH 05/17] Convert the CI build to use Docker --- .kitchen.travis.yml | 18 ++++++++---------- .kitchen.yml | 5 ++--- .travis.yml | 24 +++++++++++++----------- Gemfile | 2 +- 4 files changed, 24 insertions(+), 25 deletions(-) diff --git a/.kitchen.travis.yml b/.kitchen.travis.yml index fb8d2ae..50789a5 100644 --- a/.kitchen.travis.yml +++ b/.kitchen.travis.yml @@ -1,13 +1,11 @@ --- driver: - name: digitalocean - # Clamd will fail to start on some distros with only 512MB - size: 1gb + name: docker + privileged: true + platforms: - # - name: ubuntu-14-10-x64 - - name: ubuntu-14-04-x64 - - name: ubuntu-12-04-x64 - - name: centos-7-0-x64 - - name: centos-6-5-x64 - # TODO: DO's 5.10 image has the slug name of 5.8 for some reason - - name: centos-5-8-x64 + - name: ubuntu-14.04 + - name: ubuntu-12.04 + - name: centos-7 + - name: centos-6 + - name: centos-5 diff --git a/.kitchen.yml b/.kitchen.yml index d39358a..4f10a42 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -3,10 +3,9 @@ driver: name: vagrant platforms: - - name: centos-7.0 - - name: centos-6.6 + - name: centos-7.2 + - name: centos-6.7 - name: centos-5.11 - # - name: ubuntu-14.10 - name: ubuntu-14.04 - name: ubuntu-12.04 diff --git a/.travis.yml b/.travis.yml index 2110200..5247973 100755 --- a/.travis.yml +++ b/.travis.yml @@ -1,20 +1,22 @@ language: ruby +branches: + only: + - master + +sudo: required + +services: + - docker + install: - - curl -L https://www.opscode.com/chef/install.sh | sudo bash -s -- -P chefdk + - sudo apt-get purge -y lxc-docker + - wget -qO- https://get.docker.com/ | sudo sh + - curl -L https://www.chef.io/chef/install.sh | sudo bash -s -- -P chefdk - chef exec bundle install --without=development integration before_script: - # Pending ENV support in Kitchen's Rake tasks and not just the CLI - cp .kitchen.travis.yml .kitchen.local.yml - - echo -e $DIGITALOCEAN_SSH_KEY_BODY > ~/.ssh/id_rsa script: - - chef exec rake && chef exec bundle exec kitchen test -c 4 - -after_script: - - chef exec bundle exec kitchen destroy - -env: - global: - # - KITCHEN_LOCAL_YAML=.kitchen.travis.yml + - chef exec rake && chef exec kitchen test diff --git a/Gemfile b/Gemfile index 2d74f10..c44683b 100644 --- a/Gemfile +++ b/Gemfile @@ -13,8 +13,8 @@ group :test do gem 'coveralls' gem 'fauxhai' gem 'test-kitchen' - gem 'kitchen-digitalocean' gem 'kitchen-vagrant' + gem 'kitchen-docker' end group :integration do From af9467d217df1563c588ce32209c4b7997ea6115 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Mon, 1 Feb 2016 22:51:55 -0800 Subject: [PATCH 06/17] Update deprecated SimpleCov usage --- spec/spec_helper.rb | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index c3c41b1..b207ef3 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -71,11 +71,13 @@ def stub_service_resources c.after(:suite) { FileUtils.rm_r(COOKBOOK_PATH) } end -SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[ - Coveralls::SimpleCov::Formatter, - SimpleCov::Formatter::HTMLFormatter, - SimpleCov::Formatter::Console -] +SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new( + [ + Coveralls::SimpleCov::Formatter, + SimpleCov::Formatter::HTMLFormatter, + SimpleCov::Formatter::Console + ] +) SimpleCov.minimum_coverage(90) SimpleCov.start From e6176a9b69e00ae7352fe0a1aed208c8081e3d7e Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Mon, 1 Feb 2016 23:03:59 -0800 Subject: [PATCH 07/17] Add an attribute to skip the initial Freshclam run Mostly so there's an easy way to speed up the build --- .kitchen.yml | 3 +++ attributes/freshclam.rb | 3 +++ recipes/freshclam.rb | 9 +++++---- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 4f10a42..0feccf4 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -14,6 +14,9 @@ suites: run_list: - recipe[clamav_test] attributes: + clamav: + freshclam: + skip_initial_run: true - name: all_options_enabled run_list: - recipe[clamav_test] diff --git a/attributes/freshclam.rb b/attributes/freshclam.rb index 8ec2175..b137a94 100644 --- a/attributes/freshclam.rb +++ b/attributes/freshclam.rb @@ -66,4 +66,7 @@ default['clamav']['freshclam']['detection_stats_host_id'] = nil default['clamav']['freshclam']['safe_browsing'] = nil default['clamav']['freshclam']['extra_databases'] = [] + +# Other default['clamav']['freshclam']['rhel_cron_disable'] = true +default['clamav']['freshclam']['skip_initial_run'] = false diff --git a/recipes/freshclam.rb b/recipes/freshclam.rb index 3714e57..5e3b066 100644 --- a/recipes/freshclam.rb +++ b/recipes/freshclam.rb @@ -20,9 +20,12 @@ include_recipe "#{cookbook_name}::services" -platform_family = node['platform_family'] supp_groups = node['clamav']['allow_supplementary_groups'] +run_freshclam = !node['clamav']['freshclam']['skip_initial_run'] && \ + (!node['clamav']['freshclam']['enabled'] || \ + node['platform_family'] == 'debian') + directory node['clamav']['database_directory'] do owner node['clamav']['user'] group node['clamav']['group'] @@ -51,9 +54,7 @@ notifies :restart, "service[#{node['clamav']['freshclam']['service']}]", :delayed end - if !node['clamav']['freshclam']['enabled'] || platform_family == 'debian' - notifies :run, 'execute[freshclam]', :delayed - end + notifies(:run, 'execute[freshclam]', :delayed) if run_freshclam end execute 'freshclam' do From 68e5757c3e526567e219729008687b9d821e74c3 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Tue, 2 Feb 2016 14:02:05 -0800 Subject: [PATCH 08/17] Update logging test for Kitchen instances with broken logrotate --- .../serverspec/localhost/logging_spec.rb | 26 +++++++++++-------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/test/integration/default/serverspec/localhost/logging_spec.rb b/test/integration/default/serverspec/localhost/logging_spec.rb index 4527db7..b26ab5f 100644 --- a/test/integration/default/serverspec/localhost/logging_spec.rb +++ b/test/integration/default/serverspec/localhost/logging_spec.rb @@ -3,24 +3,28 @@ require 'spec_helper' describe 'clamav logging' do - let(:log_files) do - %w(/var/log/clamav/clamd.log /var/log/clamav/freshclam.log) + let(:rotators) do + { + '/etc/logrotate.d/clamav' => '/var/log/clamav/clamd.log', + '/etc/logrotate.d/freshclam' => '/var/log/clamav/freshclam.log' + } end - let(:cmd) { 'logrotate -d /etc/logrotate.conf 2>&1' } - it 'has a valid logrotate config' do - expect(command(cmd).exit_status).to eq(0) + it 'has logrotate configs' do + rotators.each { |conf, _| expect(file(conf)).to be_file } end - it 'is configured to rotate the ClamAV logs' do - res = command(cmd) - log_files.each do |f| - expect(res.stdout).to match(/considering log #{f}/) + it 'has valid logrotate configs' do + rotators.each do |conf, _| + expect(command("logrotate -d #{conf}").exit_status).to eq(0) end end - it 'has correct log file ownership' do - log_files.each { |f| expect(file(f)).to be_file } + it 'is configured to rotate the ClamAV logs' do + rotators.each do |conf, file| + expected = /considering log #{file}/ + expect(command("logrotate -d #{conf} 2>&1").stdout).to match(expected) + end end it 'has unused package default users removed' do From a8b492d33673da86e6e901bb8752f10f7a89fa69 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Tue, 2 Feb 2016 15:53:57 -0800 Subject: [PATCH 09/17] Use a CentOS 7 Docker image with Systemd --- .kitchen.travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.kitchen.travis.yml b/.kitchen.travis.yml index 50789a5..14d0a72 100644 --- a/.kitchen.travis.yml +++ b/.kitchen.travis.yml @@ -7,5 +7,7 @@ platforms: - name: ubuntu-14.04 - name: ubuntu-12.04 - name: centos-7 + driver: + image: roboticcheese/centos-7-systemd - name: centos-6 - name: centos-5 From 5be4470041834bd5455304dbbe777b8a28863b75 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Tue, 2 Feb 2016 15:55:38 -0800 Subject: [PATCH 10/17] Ensure rsyslog is running in build environments --- test/cookbooks/clamav_test/recipes/default.rb | 30 ++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/test/cookbooks/clamav_test/recipes/default.rb b/test/cookbooks/clamav_test/recipes/default.rb index 49dd594..18b8fcf 100644 --- a/test/cookbooks/clamav_test/recipes/default.rb +++ b/test/cookbooks/clamav_test/recipes/default.rb @@ -21,4 +21,32 @@ # Compiler is needed to install Cucumber for the acceptance tests include_recipe 'apt' if node['platform_family'] == 'debian' include_recipe 'build-essential' -include_recipe 'clamav::default' + +# Ensure rsyslog is installed and running, regardless of whether the build +# environment is a Vagrant box or a Docker container with no init system. +package 'rsyslog' +file '/etc/rsyslog.conf' do + content <<-EOH.gsub(/^ {4}/, '') + $ModLoad imuxsock + $WorkDirectory /var/lib/rsyslog + $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + $OmitLocalLogging off + *.info;mail.none;authpriv.none;cron.none /var/log/messages + authpriv.* /var/log/secure + mail.* -/var/log/maillog + cron.* /var/log/cron + *.emerg :omusrmsg:* + uucp,news.crit /var/log/spooler + local7.* /var/log/boot.log + EOH + only_if do + node['platform_family'] == 'rhel' && \ + node['platform_version'].to_i >= 7 && \ + File.open('/proc/1/cmdline').read.start_with?('/usr/sbin/sshd') + end +end +execute 'rsyslogd' do + ignore_failure true +end + +include_recipe 'clamav' From d836af1657f95630a4ea234d53d0b6941fedb8d4 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Tue, 2 Feb 2016 16:15:21 -0800 Subject: [PATCH 11/17] Ensure /etc/cron.d exists on test instances At least the CentOS 5 Docker container doesn't have it created --- test/cookbooks/clamav_test/recipes/default.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/cookbooks/clamav_test/recipes/default.rb b/test/cookbooks/clamav_test/recipes/default.rb index 18b8fcf..5420bd5 100644 --- a/test/cookbooks/clamav_test/recipes/default.rb +++ b/test/cookbooks/clamav_test/recipes/default.rb @@ -49,4 +49,6 @@ ignore_failure true end +directory '/etc/cron.d' + include_recipe 'clamav' From ad37adc59700ed8566d9c2ee2403a8d5f7bd99e7 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Tue, 2 Feb 2016 16:29:54 -0800 Subject: [PATCH 12/17] Ensure /sbin and /usr/sbin are in test env PATH --- .../all_options_enabled/serverspec/spec_helper.rb | 13 ++++++++++++- test/integration/default/serverspec/spec_helper.rb | 9 ++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) mode change 120000 => 100644 test/integration/all_options_enabled/serverspec/spec_helper.rb diff --git a/test/integration/all_options_enabled/serverspec/spec_helper.rb b/test/integration/all_options_enabled/serverspec/spec_helper.rb deleted file mode 120000 index 662bc49..0000000 --- a/test/integration/all_options_enabled/serverspec/spec_helper.rb +++ /dev/null @@ -1 +0,0 @@ -../../default/serverspec/spec_helper.rb \ No newline at end of file diff --git a/test/integration/all_options_enabled/serverspec/spec_helper.rb b/test/integration/all_options_enabled/serverspec/spec_helper.rb new file mode 100644 index 0000000..a28d225 --- /dev/null +++ b/test/integration/all_options_enabled/serverspec/spec_helper.rb @@ -0,0 +1,12 @@ +# Encoding: UTF-8 + +require 'serverspec' + +ENV['PATH'] = (ENV['PATH'].split(':') + %w(/sbin /usr/sbin)).uniq.join(':') + +if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + set :os, family: 'windows' + set :backend, :cmd +else + set :backend, :exec +end diff --git a/test/integration/default/serverspec/spec_helper.rb b/test/integration/default/serverspec/spec_helper.rb index 227b270..a28d225 100644 --- a/test/integration/default/serverspec/spec_helper.rb +++ b/test/integration/default/serverspec/spec_helper.rb @@ -2,4 +2,11 @@ require 'serverspec' -set :backend, :exec +ENV['PATH'] = (ENV['PATH'].split(':') + %w(/sbin /usr/sbin)).uniq.join(':') + +if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + set :os, family: 'windows' + set :backend, :cmd +else + set :backend, :exec +end From d8e52ff7c0f15a19c1b39f9b97c5e1f814a5b486 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Wed, 3 Feb 2016 11:10:33 -0800 Subject: [PATCH 13/17] Revert change to delay freshclam execution On platforms that come with no virus definition files (e.g. Ubuntu 14.04), the clamd service will fail to start unless freshclam is run first. --- recipes/freshclam.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes/freshclam.rb b/recipes/freshclam.rb index 5e3b066..d3a2377 100644 --- a/recipes/freshclam.rb +++ b/recipes/freshclam.rb @@ -54,7 +54,7 @@ notifies :restart, "service[#{node['clamav']['freshclam']['service']}]", :delayed end - notifies(:run, 'execute[freshclam]', :delayed) if run_freshclam + notifies(:run, 'execute[freshclam]', :immediately) if run_freshclam end execute 'freshclam' do From 0d7090e232a51fe22011942589c8f6002f58f4c2 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Wed, 3 Feb 2016 14:44:07 -0800 Subject: [PATCH 14/17] Run Freshclam any time the virus DB is missing --- CHANGELOG.md | 2 ++ recipes/freshclam.rb | 8 ++------ spec/recipes/freshclam_spec.rb | 26 ++++++++++++++++---------- 3 files changed, 20 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff3461e..c926c59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ ClamAV Cookbook CHANGELOG v?.?.? (????-??-??) ------------------- * Remove the additional Ubuntu repo; it was shut down 2016/01/30 +* Run Freshclam any time the virus DB does not exist +* Add an attribute that can be overridden to skip the initial Freshclam run v1.2.0 (2015-05-07) ------------------- diff --git a/recipes/freshclam.rb b/recipes/freshclam.rb index d3a2377..f859eea 100644 --- a/recipes/freshclam.rb +++ b/recipes/freshclam.rb @@ -22,10 +22,6 @@ supp_groups = node['clamav']['allow_supplementary_groups'] -run_freshclam = !node['clamav']['freshclam']['skip_initial_run'] && \ - (!node['clamav']['freshclam']['enabled'] || \ - node['platform_family'] == 'debian') - directory node['clamav']['database_directory'] do owner node['clamav']['user'] group node['clamav']['group'] @@ -54,10 +50,10 @@ notifies :restart, "service[#{node['clamav']['freshclam']['service']}]", :delayed end - notifies(:run, 'execute[freshclam]', :immediately) if run_freshclam end execute 'freshclam' do command 'freshclam' - action :nothing + creates ::File.join(node['clamav']['database_directory'], 'daily.cvd') + not_if { node['clamav']['freshclam']['skip_initial_run'] } end diff --git a/spec/recipes/freshclam_spec.rb b/spec/recipes/freshclam_spec.rb index 9efb69d..f2a4619 100644 --- a/spec/recipes/freshclam_spec.rb +++ b/spec/recipes/freshclam_spec.rb @@ -84,17 +84,15 @@ shared_examples_for 'a node that needs to run freshclam' do it 'runs freshclam manually' do - expect(chef_run).to_not run_execute('freshclam') - expect(chef_run.template(conf)).to notify('execute[freshclam]') - .to(:run) + expect(chef_run).to run_execute('freshclam').with( + creates: '/var/lib/clamav/daily.cvd' + ) end end shared_examples_for 'a node that does not need to run freshclam' do it 'does not run freshclam manually' do expect(chef_run).to_not run_execute('freshclam') - expect(chef_run.template(conf)).to_not notify('execute[freshclam]') - .to(:run) end end @@ -156,11 +154,7 @@ it_behaves_like 'any node' it_behaves_like 'a node with all default attributes' - if k == :Ubuntu - it_behaves_like 'a node that needs to run freshclam' - else - it_behaves_like 'a node that does not need to run freshclam' - end + it_behaves_like 'a node that needs to run freshclam' it_behaves_like 'a node with the freshclam service enabled' it_behaves_like 'a node with the clamd service disabled' end @@ -174,6 +168,18 @@ it_behaves_like 'a node with the freshclam service disabled' it_behaves_like 'a node with the clamd service enabled' end + + context 'a node with the initial freshclam run disabled' do + let(:attributes) do + { clamav: { freshclam: { skip_initial_run: true } } } + end + + it_behaves_like 'any node' + it_behaves_like 'a node with all default attributes' + it_behaves_like 'a node that does not need to run freshclam' + it_behaves_like 'a node with the freshclam service disabled' + it_behaves_like 'a node with the clamd service disabled' + end end end end From 4186ac3489b0f73792943c3f37f98520ec8360b2 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Wed, 3 Feb 2016 15:38:16 -0800 Subject: [PATCH 15/17] In Travis builds, only download the CVDs once --- .gitignore | 2 ++ .kitchen.yml | 4 ---- .travis.yml | 4 ++++ recipes/default.rb | 4 ++-- test/cookbooks/clamav_test/recipes/default.rb | 12 ++++++++++++ 5 files changed, 20 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index dee55d2..6eeda64 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,5 @@ Vagrantfile # sublime text *.sublime-project *.sublime-workspace + +test/cookbooks/clamav_test/files/*.cvd diff --git a/.kitchen.yml b/.kitchen.yml index 0feccf4..5c0a172 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -13,10 +13,6 @@ suites: - name: default run_list: - recipe[clamav_test] - attributes: - clamav: - freshclam: - skip_initial_run: true - name: all_options_enabled run_list: - recipe[clamav_test] diff --git a/.travis.yml b/.travis.yml index 5247973..14b6f98 100755 --- a/.travis.yml +++ b/.travis.yml @@ -16,6 +16,10 @@ install: - chef exec bundle install --without=development integration before_script: + - mkdir -p test/cookbooks/clamav_test/files + - wget -P test/cookbooks/clamav_test/files http://database.clamav.net/main.cvd + - wget -P test/cookbooks/clamav_test/files http://database.clamav.net/daily.cvd + - wget -P test/cookbooks/clamav_test/files http://database.clamav.net/bytecode.cvd - cp .kitchen.travis.yml .kitchen.local.yml script: diff --git a/recipes/default.rb b/recipes/default.rb index 1d4a22d..8a0280e 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -24,8 +24,8 @@ when 'debian' include_recipe "#{cookbook_name}::install_deb" else - fail(Chef::Exceptions::UnsupportedAction, - "Cookbook does not support #{node['platform']} platform") + raise(Chef::Exceptions::UnsupportedAction, + "Cookbook does not support #{node['platform']} platform") end include_recipe "#{cookbook_name}::users" diff --git a/test/cookbooks/clamav_test/recipes/default.rb b/test/cookbooks/clamav_test/recipes/default.rb index 5420bd5..0dfa2f6 100644 --- a/test/cookbooks/clamav_test/recipes/default.rb +++ b/test/cookbooks/clamav_test/recipes/default.rb @@ -51,4 +51,16 @@ directory '/etc/cron.d' +# Speed up Travis builds by dropping in some shared .cvd files instead of +# downloading them from the DB server on each test platform. +if ::File.exist?(::File.expand_path('../../files/main.cvd', __FILE__)) + directory node['clamav']['database_directory'] do + recursive true + end + + %w(main.cvd daily.cvd bytecode.cvd).each do |f| + cookbook_file ::File.join(node['clamav']['database_directory'], f) + end +end + include_recipe 'clamav' From fdc38621c6f800c001dbc32afc2d0084997f2767 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Thu, 4 Feb 2016 14:30:33 -0800 Subject: [PATCH 16/17] Fix build config for Travis' now using a modern Docker version Travis has upgraded their version of Docker so we hopefully don't need to install a more modern one over top of it anymore. --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 14b6f98..fd9441a 100755 --- a/.travis.yml +++ b/.travis.yml @@ -10,8 +10,6 @@ services: - docker install: - - sudo apt-get purge -y lxc-docker - - wget -qO- https://get.docker.com/ | sudo sh - curl -L https://www.chef.io/chef/install.sh | sudo bash -s -- -P chefdk - chef exec bundle install --without=development integration From df377850cf14db9f606f89cd9d87076046969b7f Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Thu, 4 Feb 2016 22:35:18 -0800 Subject: [PATCH 17/17] Cache the downloaded .cvd files in Travis --- .travis.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index fd9441a..e3cc406 100755 --- a/.travis.yml +++ b/.travis.yml @@ -9,15 +9,22 @@ sudo: required services: - docker +cache: + directories: + - test/cookbooks/clamav_test/files + +env: + - CVD_PATH=test/cookbooks/clamav_test/files + install: - curl -L https://www.chef.io/chef/install.sh | sudo bash -s -- -P chefdk - chef exec bundle install --without=development integration before_script: - - mkdir -p test/cookbooks/clamav_test/files - - wget -P test/cookbooks/clamav_test/files http://database.clamav.net/main.cvd - - wget -P test/cookbooks/clamav_test/files http://database.clamav.net/daily.cvd - - wget -P test/cookbooks/clamav_test/files http://database.clamav.net/bytecode.cvd + - mkdir -p $CVD_PATH + - "[ -e $CVD_PATH/main.cvd ] || wget -P $CVD_PATH http://database.clamav.net/main.cvd" + - "[ -e $CVD_PATH/daily.cvd ] || wget -P $CVD_PATH http://database.clamav.net/daily.cvd" + - "[ -e $CVD_PATH/bytecode.cvd ] || wget -P $CVD_PATH http://database.clamav.net/bytecode.cvd" - cp .kitchen.travis.yml .kitchen.local.yml script: