From ee32beb0333105ea120420a3556a752079ef5437 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Wed, 2 Jun 2021 12:48:35 -0700 Subject: meta-security: subtree update:baca6133f9..ab239f1497 Armin Kuster (16): build cleanup: add iam to base depend tripwire: Blacklist pkg, upstream seems abandond tpm2-pkcs11: Update to 1.6.0 clamav: update to tip. ossec-hids: add UPSTREAM_CHECK_COMMITS python3-scapy: add UPSTREAM_CHECK_COMMITS suricata: 4.1.x add UPSTREAM_CHECK_URI ibmswtpm2: update to 1661 ibmtpm2tss: update to tip packagegroup-core-security: fix typo for mips Apparmor: fix multi config build issue. aide: Add another ids packagegroup-core-security: add aide and ossec .gitlab-ci: drop clean up combine alt w base clamav: fix systemd startup packagegroup-core-security: add clamav-daemon Change-Id: Id941ea16208920cfa31bf6d42f8a01fc9765ec7c Signed-off-by: William A. Kennington III --- .../recipes-scanners/clamav/clamav_0.104.0.bb | 49 ++++++++++++---------- .../clamav/files/fix_systemd_socket.patch | 25 +++++++++++ 2 files changed, 52 insertions(+), 22 deletions(-) create mode 100644 meta-security/recipes-scanners/clamav/files/fix_systemd_socket.patch (limited to 'meta-security/recipes-scanners/clamav') diff --git a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb b/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb index 36e498dfb..ce5b0ea4d 100644 --- a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb +++ b/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb @@ -8,16 +8,17 @@ DEPENDS = "glibc llvm libtool db openssl zlib curl libxml2 bison pcre2 json-c li LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b273d5902896f7bbe17" -SRCREV = "5553a5e206ceae5d920368baee7d403f823bcb6f" +# May 2nd +SRCREV = "de0086aa918b79cd22570d0c05977a288b197e23" SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=dev/0.104 \ file://clamd.conf \ file://freshclam.conf \ file://volatiles.03_clamav \ file://tmpfiles.clamav \ - file://${BPN}.service \ file://headers_fixup.patch \ file://oe_cmake_fixup.patch \ + file://fix_systemd_socket.patch \ " S = "${WORKDIR}/git" @@ -28,6 +29,8 @@ BINCONFIG = "${bindir}/clamav-config" inherit cmake chrpath pkgconfig useradd systemd multilib_header multilib_script +UPSTREAM_CHECK_COMMITS = "1" + CLAMAV_UID ?= "clamav" CLAMAV_GID ?= "clamav" @@ -67,31 +70,29 @@ do_install_append () { rm ${D}/${libdir}/libmspack.so if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then - install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service install -d ${D}${sysconfdir}/tmpfiles.d install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf fi oe_multilib_header clamav-types.h } -pkg_postinst_ontarget_${PN} () { - if command -v systemd-tmpfiles >/dev/null; then - systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf - elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then - ${sysconfdir}/init.d/populate-volatile.sh update +pkg_postinst_${PN} () { + if [ -z "$D" ]; then + if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi + chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav fi - mkdir -p ${localstatedir}/lib/clamav - chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav } - -PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc \ - ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev" +PACKAGES += "${PN}-daemon ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav" FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit ${sbindir}/clamonacc \ ${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \ ${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \ - ${docdir}/clamav/* ${libdir}/libmspack* " + ${docdir}/clamav/*" FILES_${PN}-clamdscan = " ${bindir}/clamdscan \ ${docdir}/clamdscan/* \ @@ -103,11 +104,11 @@ FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \ ${mandir}/man5/clamd* ${mandir}/man8/clamd* \ ${sysconfdir}/clamd.conf* \ /usr/etc/clamd.conf* \ - ${systemd_unitdir}/system/clamav-daemon/* \ + ${systemd_system_unitdir}/clamav-daemon/* \ ${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \ ${sysconfdir}/logcheck/ignore.d.server/clamav-daemon \ - ${systemd_unitdir}/system/clamav-daemon.service \ - ${systemd_unitdir}/system/clamav-clamonacc.service \ + ${systemd_system_unitdir}/clamav-daemon.service \ + ${systemd_system_unitdir}/clamav-clamonacc.service \ " FILES_${PN}-freshclam = "${bindir}/freshclam \ @@ -118,7 +119,7 @@ FILES_${PN}-freshclam = "${bindir}/freshclam \ ${localstatedir}/lib/clamav \ ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \ ${mandir}/man5/freshclam.conf.* \ - ${systemd_unitdir}/system/clamav-freshclam.service" + ${systemd_system_unitdir}/clamav-freshclam.service" FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \ ${libdir}/pkgconfig/*.pc \ @@ -128,7 +129,8 @@ FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \ FILES_${PN}-staticdev = "${libdir}/*.a" FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so* \ - ${libdir}/libfreshclam.so* ${docdir}/libclamav/* " + ${libdir}/libfreshclam.so* ${docdir}/libclamav/* \ + ${libdir}/libmspack* " FILES_${PN}-doc = "${mandir}/man/* \ ${datadir}/man/* \ @@ -137,12 +139,15 @@ FILES_${PN}-doc = "${mandir}/man/* \ USERADD_PACKAGES = "${PN}" GROUPADD_PARAM_${PN} = "--system ${CLAMAV_UID}" USERADD_PARAM_${PN} = "--system -g ${CLAMAV_GID} --home-dir \ - ${localstatedir}/spool/${BPN} \ - --no-create-home --shell /bin/false ${BPN}" + ${localstatedir}/lib/${BPN} \ + --no-create-home --shell /sbin/nologin ${BPN}" RPROVIDES_${PN} += "${PN}-systemd" RREPLACES_${PN} += "${PN}-systemd" RCONFLICTS_${PN} += "${PN}-systemd" -SYSTEMD_SERVICE_${PN} = "${BPN}.service" +SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-freshclam" +SYSTEMD_SERVICE_${PN}-daemon = "clamav-daemon.service" +SYSTEMD_SERVICE_${PN}-freshclam = "clamav-freshclam.service" RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav" +RDEPENDS_${PN}-daemon = "clamav" diff --git a/meta-security/recipes-scanners/clamav/files/fix_systemd_socket.patch b/meta-security/recipes-scanners/clamav/files/fix_systemd_socket.patch new file mode 100644 index 000000000..3e9abe236 --- /dev/null +++ b/meta-security/recipes-scanners/clamav/files/fix_systemd_socket.patch @@ -0,0 +1,25 @@ +clamd not installing clamav-daemon.socket + +Fixes: +__main__.SystemdUnitNotFoundError: (PosixPath('../security-build-image/1.0-r0/rootfs'), 'clamav-daemon.socket') +%post(clamav-daemon-0.104.0-r0.core2_64): waitpid(3587571) rc 3587571 status 100 +warning: %post(clamav-daemon-0.104.0-r0.core2_64) scriptlet failed, exit status 1 + +Upstream-Status: Pending +Signed-off-by: Armin Kuster + +Index: git/clamd/CMakeLists.txt +=================================================================== +--- git.orig/clamd/CMakeLists.txt ++++ git/clamd/CMakeLists.txt +@@ -54,4 +54,10 @@ if(SYSTEMD_FOUND) + install( + FILES ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.service + DESTINATION ${SYSTEMD_UNIT_DIR}) ++ configure_file( ++ ${CMAKE_CURRENT_SOURCE_DIR}/clamav-daemon.socket.in ++ ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket @ONLY) ++ install( ++ FILES ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket ++ DESTINATION ${SYSTEMD_UNIT_DIR}) + endif() -- cgit v1.2.3