From 7670abe3540d980be394ef40eaacc5e18244123b Mon Sep 17 00:00:00 2001 From: Nicholas Sudsgaard Date: Sat, 23 Sep 2023 22:21:32 +0900 Subject: [PATCH 1/2] clamav: update to 1.2.0. --- common/shlibs | 9 ++- srcpkgs/clamav/INSTALL | 88 ++++++++++++++++++--- srcpkgs/clamav/INSTALL.msg | 12 +++ srcpkgs/clamav/REMOVE | 10 ++- srcpkgs/clamav/files/clamd/run | 9 +++ srcpkgs/clamav/files/clamonacc/run | 4 + srcpkgs/clamav/files/freshclam/run | 4 + srcpkgs/clamav/patches/10-void-linux.patch | 71 +++++++++++++++++ srcpkgs/clamav/template | 92 +++++++++++----------- 9 files changed, 235 insertions(+), 64 deletions(-) create mode 100644 srcpkgs/clamav/INSTALL.msg create mode 100755 srcpkgs/clamav/files/clamd/run create mode 100755 srcpkgs/clamav/files/clamonacc/run create mode 100755 srcpkgs/clamav/files/freshclam/run create mode 100644 srcpkgs/clamav/patches/10-void-linux.patch diff --git a/common/shlibs b/common/shlibs index 2d7f32eee393b8..8b33fe5ee29b3c 100644 --- a/common/shlibs +++ b/common/shlibs @@ -2257,10 +2257,11 @@ libsfml-system.so.2.5 SFML-2.5.0_1 libsfml-window.so.2.5 SFML-2.5.0_1 libsfml-audio.so.2.5 SFML-2.5.0_1 libsfml-graphics.so.2.5 SFML-2.5.0_1 -libclamav.so.9 clamav-0.103.1_2 -libclamunrar.so.9 clamav-0.103.1_2 -libclamunrar_iface.so.9 clamav-0.103.1_2 -libfreshclam.so.2 clamav-0.103.1_2 +libclamav.so.12 clamav-1.2.0_1 +libclamunrar.so.12 clamav-1.2.0_1 +libclamunrar_iface.so.12 clamav-1.2.0_1 +libfreshclam.so.3 clamav-1.2.0_1 +libclammspack.so.0 clamav-1.2.0_1 libqca-qt5.so.2 qca-qt5-2.1.3_1 libqt5keychain.so.1 qtkeychain-qt5-0.7.0_1 libphonon4qt5.so.4 phonon-qt5-4.8.3_1 diff --git a/srcpkgs/clamav/INSTALL b/srcpkgs/clamav/INSTALL index 4b8adfa4a360aa..7ea5300a7a8f93 100644 --- a/srcpkgs/clamav/INSTALL +++ b/srcpkgs/clamav/INSTALL @@ -1,20 +1,84 @@ # INSTALL + +readonly old_configdir=/etc +readonly configdir=/etc/clamav +readonly old_config_files=" + ${old_configdir}/clamd.conf + ${old_configdir}/freshclam.conf" +readonly config_files=" + ${configdir}/clamav-milter.conf + ${configdir}/clamd.conf + ${configdir}/freshclam.conf" +readonly old_databasedir=/var/lib/_clamav +readonly databasedir=/var/lib/clamav + +version="$(xbps-query clamav | grep pkgver)" +version=${version#pkgver: clamav-} + +check_mv() { + [ -f "${1}" ] && mv "${1}" "${2}" +} + +# The following functions are to used automatically to migrate the config files +# from /etc (0.x versions) to /etc/clamav (1.x versions) safely. +save_conflicting_config_files() { + [ ! -d ${configdir} ] && mkdir -p ${configdir} + for file in ${config_files}; do + check_mv "${file}" "${file}".custom + done + # Saves the previous version to use in the post action. + printf '%s' "${version}" > ${configdir}/.migrate +} + +# This is done as moving the old config files into /etc/clamav in the preinstall +# phase would end in xbps overwriting them with the new config files (not making +# xxx.new-${VERSION}). +# An alternative to this would be by renaming the new config files into the +# xxx.new-${VERSION} format before moving the old config files into /etc/clamav +# in the postinstall phase. However, it is usually not a good idea to emulate +# program behavior as it may cause issues in the future (in this case if the +# format changes). +bootstrap_pkg() { + printf '%s\n' "${PKGNAME}-${VERSION}: bootstrapping ..." + xbps-remove -y clamav > /dev/null 2>&1 + xbps-install -y clamav > /dev/null 2>&1 +} + +migrate_config_files() { + for file in ${old_config_files}; do + for match in "${file}"*; do + name=${match#"${old_configdir}"/} + check_mv "${match}" ${configdir}/"${name}" + done + done + bootstrap_pkg + rm ${configdir}/.migrate +} + case "$ACTION" in +pre) + if [ "$UPDATE" = "yes" ]; then + case "${version}" in + 0.*) save_conflicting_config_files ;; + esac + fi + ;; post) - # Only if not updating if [ "$UPDATE" != "yes" ]; then - # Create the database directory - mkdir -p var/lib/_clamav - # The clamav user owns it - chown -R _clamav:_clamav var/lib/_clamav - # Let group members write to it - chmod g+w var/lib/_clamav + mkdir -p ${databasedir} else - if [ -d "var/lib/clamav" ]; then - mv var/lib/clamav var/lib/_clamav - chown -R _clamav:_clamav var/lib/_clamav - fi + prev_version="$(cat ${configdir}/.migrate 2> /dev/null)" + + case "${prev_version}" in + 0.*) + # This should come first or else the old database + # directory will be moved to /var/lib/clamav/_clamav. + [ -d ${old_databasedir} ] && mv ${old_databasedir} ${databasedir} + migrate_config_files + ;; + esac fi + chown -R _clamav:_clamav ${databasedir} + chmod g+w ${databasedir} ;; esac - diff --git a/srcpkgs/clamav/INSTALL.msg b/srcpkgs/clamav/INSTALL.msg new file mode 100644 index 00000000000000..325ec6002c6682 --- /dev/null +++ b/srcpkgs/clamav/INSTALL.msg @@ -0,0 +1,12 @@ +The directories used by clamav have changed in versions >=1.2.0_1. This change +was made to keep the system clean and consistent with other packages. + +Changes: + - All the configuration files are now located in /etc/clamav + - The database directory is now /lib/var/clamav + +This change should be done automatically for most users and should require no +user interference. + +For users already using the /etc/clamav directory for custom clamav installs, +a '.custom' extension was added to those configuration files. diff --git a/srcpkgs/clamav/REMOVE b/srcpkgs/clamav/REMOVE index 1edffaba785c3c..bc2171087b722a 100644 --- a/srcpkgs/clamav/REMOVE +++ b/srcpkgs/clamav/REMOVE @@ -1,10 +1,14 @@ # REMOVE + +readonly configdir=/etc/clamav +readonly databasedir=/var/lib/clamav + case "$ACTION" in pre) - # Only if not updating if [ "$UPDATE" != "yes" ]; then - # Remove the clamav database directory and contents - rm -rf var/lib/_clamav + # Do not delete while bootstrapping. + [ -f ${configdir}/.migrate ] && exit 0 + rm -rf ${databasedir} fi ;; esac diff --git a/srcpkgs/clamav/files/clamd/run b/srcpkgs/clamav/files/clamd/run new file mode 100755 index 00000000000000..1eab01d0d077c9 --- /dev/null +++ b/srcpkgs/clamav/files/clamd/run @@ -0,0 +1,9 @@ +#!/bin/sh + +exec 2>&1 + +localsocket="$(grep '^[[:space:]]*LocalSocket[[:space:]]' /etc/clamav/clamd.conf | cut -d' ' -f2)" +runtimedir="$(dirname "$localsocket")" + +[ ! -d "${runtimedir}" ] && install -m 755 -o _clamav -g _clamav -d "${runtimedir}" +exec clamd --foreground 2>&1 diff --git a/srcpkgs/clamav/files/clamonacc/run b/srcpkgs/clamav/files/clamonacc/run new file mode 100755 index 00000000000000..622467adf2e984 --- /dev/null +++ b/srcpkgs/clamav/files/clamonacc/run @@ -0,0 +1,4 @@ +#!/bin/sh + +exec 2>&1 +exec clamonacc --foreground --fdpass 2>&1 diff --git a/srcpkgs/clamav/files/freshclam/run b/srcpkgs/clamav/files/freshclam/run new file mode 100755 index 00000000000000..8372eab14e4cb8 --- /dev/null +++ b/srcpkgs/clamav/files/freshclam/run @@ -0,0 +1,4 @@ +#!/bin/sh + +exec 2>&1 +exec freshclam --daemon --foreground 2>&1 diff --git a/srcpkgs/clamav/patches/10-void-linux.patch b/srcpkgs/clamav/patches/10-void-linux.patch new file mode 100644 index 00000000000000..16cb8eb32d4ea6 --- /dev/null +++ b/srcpkgs/clamav/patches/10-void-linux.patch @@ -0,0 +1,71 @@ +--- a/etc/clamav-milter.conf.sample 2023-09-23 21:48:44.563130754 +0900 ++++ b/etc/clamav-milter.conf.sample 2023-09-23 21:52:44.693134403 +0900 +@@ -38,7 +38,7 @@ + # to work) + # + # Default: unset (don't drop privileges) +-#User clamav ++#User _clamav + + # Waiting for data from clamd will timeout after this time (seconds). + # Value of 0 disables the timeout. +--- a/etc/clamd.conf.sample 2023-09-23 21:20:27.717104965 +0900 ++++ b/etc/clamd.conf.sample 2023-09-23 21:57:28.716138720 +0900 +@@ -81,7 +81,7 @@ + #TemporaryDirectory /var/tmp + + # Path to the database directory. +-# Default: hardcoded (depends on installation options) ++# Default: /var/lib/clamav + #DatabaseDirectory /var/lib/clamav + + # Only load the official signatures published by the ClamAV project. +@@ -224,7 +224,7 @@ + + # Run as another user (clamd must be started by root for this option to work) + # Default: don't drop privileges +-#User clamav ++#User _clamav + + # Stop daemon when libclamav reports out of memory condition. + #ExitOnOOM yes +@@ -706,7 +706,7 @@ + # Modifies fanotify blocking behaviour when handling permission events. + # If off, fanotify will only notify if the file scanned is a virus, + # and not perform any blocking. +-# Default: no ++# Default: no (Void Linux does not support this option; setting this to 'yes' will do nothing) + #OnAccessPrevention yes + + # When using prevention, if this option is turned on, any errors that occur +@@ -766,7 +766,7 @@ + # It has the same potential race condition limitations of the + # OnAccessExcludeUID option. + # Default: disabled +-#OnAccessExcludeUname clamav ++#OnAccessExcludeUname _clamav + + # Number of times the OnAccess client will retry a failed scan due to + # connection problems (or other issues). +--- a/etc/freshclam.conf.sample 2023-09-23 21:52:51.220134502 +0900 ++++ b/etc/freshclam.conf.sample 2023-09-23 21:57:12.082138467 +0900 +@@ -9,7 +9,7 @@ + + # Path to the database directory. + # WARNING: It must match clamd.conf's directive! +-# Default: hardcoded (depends on installation options) ++# Default: /var/lib/clamav + #DatabaseDirectory /var/lib/clamav + + # Path to the log file (make sure it has proper permissions) +@@ -56,8 +56,8 @@ + + # By default when started freshclam drops privileges and switches to the + # "clamav" user. This directive allows you to change the database owner. +-# Default: clamav (may depend on installation options) +-#DatabaseOwner clamav ++# Default: _clamav ++#DatabaseOwner _clamav + + # Use DNS to verify virus database version. FreshClam uses DNS TXT records + # to verify database and software versions. With this directive you can change diff --git a/srcpkgs/clamav/template b/srcpkgs/clamav/template index 3574b7baeed094..eacaba9302dfa2 100644 --- a/srcpkgs/clamav/template +++ b/srcpkgs/clamav/template @@ -1,66 +1,68 @@ # Template file for 'clamav' pkgname=clamav -version=0.103.8 -revision=4 -build_style=gnu-configure -# XXX: system llvm is too new (< 3.7 required) -# Shipped llvm does not build with gcc>=6 -configure_args="--sbindir=/usr/bin --libdir=/usr/lib - --with-openssl=${XBPS_CROSS_BASE}/usr --with-pcre=${XBPS_CROSS_BASE}/usr - --with-zlib=${XBPS_CROSS_BASE}/usr --with-libbz2-prefix=${XBPS_CROSS_BASE}/usr - --with-system-libmspack=${XBPS_CROSS_BASE}/usr --with-libcurl=${XBPS_CROSS_BASE}/usr - --enable-ipv6 --with-user=_clamav --with-group=_clamav" -conf_files="/etc/clamd.conf /etc/freshclam.conf" -hostmakedepends="flex pkg-config zip" -makedepends="json-c-devel libcurl-devel libmspack-devel libxml2-devel - ncurses-devel pcre-devel tcl-devel" +version=1.2.0 +revision=1 + +_configdir=/etc/clamav +_databasedir=/var/lib/clamav + +build_style=cmake +cmake_builddir=build +# Setting ENABLE_JSON_SHARED=OFF is preferred, as libclamav.so may crash if you +# use a different JSON library. +configure_args=" + -D CMAKE_BUILD_TYPE=Release + -D CMAKE_INSTALL_PREFIX=/usr + -D APP_CONFIG_DIRECTORY=${_configdir} + -D DATABASE_DIRECTORY=${_databasedir} + -D CLAMAV_USER=_clamav + -D CLAMAV_GROUP=_clamav + -D ENABLE_JSON_SHARED=OFF" +hostmakedepends="rust cargo python3" +makedepends="bzip2-devel check-devel libcurl-devel json-c-devel libmilter-devel + libxml2-devel ncurses-devel openssl-devel pcre2-devel zlib-devel" short_desc="Clam Anti-Virus scanner" maintainer="Orphaned " license="GPL-2.0-only" homepage="https://www.clamav.net/" +changelog="https://raw.githubusercontent.com/Cisco-Talos/clamav/main/NEWS.md" distfiles="https://www.clamav.net/downloads/production/clamav-${version}.tar.gz" -checksum=6f49da6ee927936de13d359e559d3944248e3a257d40b80b6c99ebe6fe8c8c3f -_clamav_homedir="/var/lib/_${pkgname}" -_clamav_descr="ClamAV user" +checksum=97a192dffe141480b56cabf1063d79a9fc55cd59203241fa41bfc7a98a548020 system_accounts="_clamav" -make_check=ci-skip +_clamav_homedir=${_databasedir} +conf_files=" + ${_configdir}/clamav-milter.conf + ${_configdir}/clamd.conf + ${_configdir}/freshclam.conf" +_sv_files="clamd clamonacc freshclam" -CPPFLAGS="-Wno-unused-local-typedefs" if [ "$CROSS_BUILD" ]; then - configure_args+=" --disable-mempool" + build_helper="qemu" + makedepends+=" rust-std" + configure_args+=" + -D RUST_COMPILER_TARGET:STRING=${XBPS_CROSS_RUST_TARGET} + -D RUSTFLAGS=${XBPS_CROSS_RUSTFLAGS}" fi + if [ "$XBPS_TARGET_LIBC" = "musl" ]; then makedepends+=" musl-fts-devel" - LDFLAGS="-lfts" + configure_args+=" -D CMAKE_EXE_LINKER_FLAGS=-lfts" fi -do_configure() { - # Disable detection of sys/cdefs.h (it's obsolete) - sed -i configure -e 's; sys/cdefs\.h$;;' - sed -i configure -e 's;3\.7;3.9;' - # Enable IPv6 for cross builds - if [ "$CROSS_BUILD" ]; then - configure_args+=" have_cv_ipv6=yes" - fi - # Need to set PCRE_HOME to make --with-pcre=/usr work - PCRE_HOME=/usr ./configure ${configure_args} -} post_install() { - # Enable and patch clamd configuration - mv -v ${PKGDESTDIR}/etc/clamd.conf.sample ${PKGDESTDIR}/etc/clamd.conf - vsconf etc/clamd.conf.sample - sed -i ${PKGDESTDIR}/etc/clamd.conf \ - -e "s;^Example$;# Example;" \ - -e "s;#DatabaseDirectory.*;DatabaseDirectory /var/lib/_${pkgname};" + vmkdir ${_configdir} + for sv in ${_sv_files}; do vsv "${sv}"; done + for path in ${conf_files}; do + name=${path#"${_configdir}"/} + + mv -v "${PKGDESTDIR}"/"${path}".sample "${PKGDESTDIR}"/"${path}" + vsconf "${PKGDESTDIR}"/"${path}" "${name}".sample + sed -i "${PKGDESTDIR}"/"${path}" -e "s;^Example$;# Example;" + done + vdoc "${FILESDIR}"/README.voidlinux - # Enable and patch freshclam configuration - mv -v ${PKGDESTDIR}/etc/freshclam.conf.sample ${PKGDESTDIR}/etc/freshclam.conf - vsconf etc/freshclam.conf.sample - sed -i ${PKGDESTDIR}/etc/freshclam.conf \ - -e "s;^Example$;# Example;" \ - -e "s;#DatabaseDirectory.*;DatabaseDirectory /var/lib/_${pkgname};" - vdoc "${FILESDIR}/README.voidlinux" } + clamav-devel_package() { depends="${sourcepkg}>=${version}_${revision}" short_desc+=" - development files" From 2f57e9966bc517324d6cc40f9c38e7c38f3af71b Mon Sep 17 00:00:00 2001 From: Nicholas Sudsgaard Date: Wed, 13 Dec 2023 21:48:17 +0900 Subject: [PATCH 2/2] clamav: update to 1.2.1 --- srcpkgs/clamav/template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/srcpkgs/clamav/template b/srcpkgs/clamav/template index eacaba9302dfa2..3428fbd393a180 100644 --- a/srcpkgs/clamav/template +++ b/srcpkgs/clamav/template @@ -1,6 +1,6 @@ # Template file for 'clamav' pkgname=clamav -version=1.2.0 +version=1.2.1 revision=1 _configdir=/etc/clamav @@ -18,7 +18,7 @@ configure_args=" -D CLAMAV_USER=_clamav -D CLAMAV_GROUP=_clamav -D ENABLE_JSON_SHARED=OFF" -hostmakedepends="rust cargo python3" +hostmakedepends="rust cargo python3 python3-pytest" makedepends="bzip2-devel check-devel libcurl-devel json-c-devel libmilter-devel libxml2-devel ncurses-devel openssl-devel pcre2-devel zlib-devel" short_desc="Clam Anti-Virus scanner" @@ -27,7 +27,7 @@ license="GPL-2.0-only" homepage="https://www.clamav.net/" changelog="https://raw.githubusercontent.com/Cisco-Talos/clamav/main/NEWS.md" distfiles="https://www.clamav.net/downloads/production/clamav-${version}.tar.gz" -checksum=97a192dffe141480b56cabf1063d79a9fc55cd59203241fa41bfc7a98a548020 +checksum=9a14fe870cbb8f5f79f668b789dca0f25cc6be22abe32f4f7d3677e4ee3935b0 system_accounts="_clamav" _clamav_homedir=${_databasedir} conf_files="