diff options
author | Armin Kuster <akuster808@gmail.com> | 2019-04-09 09:02:00 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-04-14 10:54:07 -0700 |
commit | ab3c84c4d34cb07a3a2bfa0893dc3bd0103190a9 (patch) | |
tree | f09db4a9a6208b86ba08b540626821992a8ba60f | |
parent | 3b88d3d9ca5193242b66eb23a9cb857a13bf8535 (diff) | |
download | meta-security-ab3c84c4d34cb07a3a2bfa0893dc3bd0103190a9.tar.gz |
clamav: add clamav-cvd package for cvd db
Add native package to support creating a mirror
of the clamav cvd and supply it in a new package.
Provide a INSTALL_CLAMAV_CVD flag to bypass this creation
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | recipes-security/clamav/clamav_0.99.4.bb | 41 | ||||
-rw-r--r-- | recipes-security/clamav/files/freshclam-native.conf | 224 |
2 files changed, 259 insertions, 6 deletions
diff --git a/recipes-security/clamav/clamav_0.99.4.bb b/recipes-security/clamav/clamav_0.99.4.bb index 3fc48e7..32dc59c 100644 --- a/recipes-security/clamav/clamav_0.99.4.bb +++ b/recipes-security/clamav/clamav_0.99.4.bb | |||
@@ -4,8 +4,9 @@ HOMEPAGE = "http://www.clamav.net/index.html" | |||
4 | SECTION = "security" | 4 | SECTION = "security" |
5 | LICENSE = "LGPL-2.1" | 5 | LICENSE = "LGPL-2.1" |
6 | 6 | ||
7 | DEPENDS = "libtool db libmspack chrpath-replacement-native" | 7 | DEPENDS = "libtool db libmspack chrpath-replacement-native clamav-native" |
8 | 8 | DEPENDS_class-native = "db-native" | |
9 | |||
9 | LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092" | 10 | LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092" |
10 | 11 | ||
11 | SRCREV = "b66e5e27b48c0a07494f9df9b809ed933cede047" | 12 | SRCREV = "b66e5e27b48c0a07494f9df9b809ed933cede047" |
@@ -15,6 +16,7 @@ SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \ | |||
15 | file://freshclam.conf \ | 16 | file://freshclam.conf \ |
16 | file://volatiles.03_clamav \ | 17 | file://volatiles.03_clamav \ |
17 | file://${BPN}.service \ | 18 | file://${BPN}.service \ |
19 | file://freshclam-native.conf \ | ||
18 | " | 20 | " |
19 | 21 | ||
20 | S = "${WORKDIR}/git" | 22 | S = "${WORKDIR}/git" |
@@ -28,6 +30,7 @@ inherit autotools-brokensep pkgconfig useradd systemd | |||
28 | 30 | ||
29 | UID = "clamav" | 31 | UID = "clamav" |
30 | GID = "clamav" | 32 | GID = "clamav" |
33 | INSTALL_CLAMAV_CVD ?= "1" | ||
31 | 34 | ||
32 | # Clamav has a built llvm version 2 but does not build with gcc 6.x, | 35 | # Clamav has a built llvm version 2 but does not build with gcc 6.x, |
33 | # disable the internal one. This is a known issue | 36 | # disable the internal one. This is a known issue |
@@ -58,12 +61,27 @@ EXTRA_OECONF += " --with-user=${UID} --with-group=${GID} \ | |||
58 | --disable-rpath \ | 61 | --disable-rpath \ |
59 | " | 62 | " |
60 | 63 | ||
64 | EXTRA_OECONF_class-native += "--without-libcheck-prefix --disable-unrar \ | ||
65 | --with-system-llvm --with-llvm-linking=dynamic --disable-llvm \ | ||
66 | --disable-mempool \ | ||
67 | --program-prefix="" \ | ||
68 | --disable-yara \ | ||
69 | --without-libbz2-prefix --without-zlib \ | ||
70 | " | ||
71 | |||
61 | do_configure () { | 72 | do_configure () { |
62 | cd ${S} | 73 | cd ${S} |
63 | ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} | 74 | ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} |
75 | install -d ${S}/clamav_db | ||
64 | } | 76 | } |
65 | 77 | ||
66 | do_compile_append() { | 78 | do_configure_class-native () { |
79 | cd ${S} | ||
80 | ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} | ||
81 | } | ||
82 | |||
83 | |||
84 | do_compile_append_class-target() { | ||
67 | # brute force removing RPATH | 85 | # brute force removing RPATH |
68 | chrpath -d ${B}/libclamav/.libs/libclamav.so.${SO_VER} | 86 | chrpath -d ${B}/libclamav/.libs/libclamav.so.${SO_VER} |
69 | chrpath -d ${B}/sigtool/.libs/sigtool | 87 | chrpath -d ${B}/sigtool/.libs/sigtool |
@@ -72,9 +90,14 @@ do_compile_append() { | |||
72 | chrpath -d ${B}/clamconf/.libs/clamconf | 90 | chrpath -d ${B}/clamconf/.libs/clamconf |
73 | chrpath -d ${B}/clamd/.libs/clamd | 91 | chrpath -d ${B}/clamd/.libs/clamd |
74 | chrpath -d ${B}/freshclam/.libs/freshclam | 92 | chrpath -d ${B}/freshclam/.libs/freshclam |
93 | |||
94 | if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then | ||
95 | bbnote "CLAMAV creating cvd" | ||
96 | ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf | ||
97 | fi | ||
75 | } | 98 | } |
76 | 99 | ||
77 | do_install_append() { | 100 | do_install_append_class-target () { |
78 | install -d ${D}/${sysconfdir} | 101 | install -d ${D}/${sysconfdir} |
79 | install -d ${D}/${localstatedir}/lib/clamav | 102 | install -d ${D}/${localstatedir}/lib/clamav |
80 | install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles | 103 | install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles |
@@ -84,6 +107,7 @@ do_install_append() { | |||
84 | install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav | 107 | install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav |
85 | sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc | 108 | sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc |
86 | rm ${D}/${libdir}/libclamav.so | 109 | rm ${D}/${libdir}/libclamav.so |
110 | install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/. | ||
87 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then | 111 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then |
88 | install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service | 112 | install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service |
89 | fi | 113 | fi |
@@ -93,11 +117,11 @@ pkg_postinst_ontarget_${PN} () { | |||
93 | if [ -e /etc/init.d/populate-volatile.sh ] ; then | 117 | if [ -e /etc/init.d/populate-volatile.sh ] ; then |
94 | ${sysconfdir}/init.d/populate-volatile.sh update | 118 | ${sysconfdir}/init.d/populate-volatile.sh update |
95 | fi | 119 | fi |
96 | chown ${UID}:${GID} ${localstatedir}/lib/clamav | 120 | chown -R ${UID}:${GID} ${localstatedir}/lib/clamav |
97 | } | 121 | } |
98 | 122 | ||
99 | 123 | ||
100 | PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc \ | 124 | PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \ |
101 | ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev" | 125 | ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev" |
102 | 126 | ||
103 | FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \ | 127 | FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \ |
@@ -140,6 +164,8 @@ FILES_${PN}-doc = "${mandir}/man/* \ | |||
140 | ${datadir}/man/* \ | 164 | ${datadir}/man/* \ |
141 | ${docdir}/* " | 165 | ${docdir}/* " |
142 | 166 | ||
167 | FILES_${PN}-cvd = "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat" | ||
168 | |||
143 | USERADD_PACKAGES = "${PN}" | 169 | USERADD_PACKAGES = "${PN}" |
144 | GROUPADD_PARAM_${PN} = "--system ${UID}" | 170 | GROUPADD_PARAM_${PN} = "--system ${UID}" |
145 | USERADD_PARAM_${PN} = "--system -g ${GID} --home-dir \ | 171 | USERADD_PARAM_${PN} = "--system -g ${GID} --home-dir \ |
@@ -152,3 +178,6 @@ RCONFLICTS_${PN} += "${PN}-systemd" | |||
152 | SYSTEMD_SERVICE_${PN} = "${BPN}.service" | 178 | SYSTEMD_SERVICE_${PN} = "${BPN}.service" |
153 | 179 | ||
154 | RDEPENDS_${PN} += "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav" | 180 | RDEPENDS_${PN} += "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav" |
181 | RDEPENDS_${PN}_class-native = "" | ||
182 | |||
183 | BBCLASSEXTEND = "native" | ||
diff --git a/recipes-security/clamav/files/freshclam-native.conf b/recipes-security/clamav/files/freshclam-native.conf new file mode 100644 index 0000000..aaa8cf4 --- /dev/null +++ b/recipes-security/clamav/files/freshclam-native.conf | |||
@@ -0,0 +1,224 @@ | |||
1 | # Path to the database directory. | ||
2 | # WARNING: It must match clamd.conf's directive! | ||
3 | # Default: hardcoded (depends on installation options) | ||
4 | #DatabaseDirectory /var/lib/clamav | ||
5 | |||
6 | # Path to the log file (make sure it has proper permissions) | ||
7 | # Default: disabled | ||
8 | #UpdateLogFile /var/log/clamav/freshclam.log | ||
9 | |||
10 | # Maximum size of the log file. | ||
11 | # Value of 0 disables the limit. | ||
12 | # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) | ||
13 | # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). | ||
14 | # in bytes just don't use modifiers. If LogFileMaxSize is enabled, | ||
15 | # log rotation (the LogRotate option) will always be enabled. | ||
16 | # Default: 1M | ||
17 | LogFileMaxSize 2M | ||
18 | |||
19 | # Log time with each message. | ||
20 | # Default: no | ||
21 | LogTime yes | ||
22 | |||
23 | # Enable verbose logging. | ||
24 | # Default: no | ||
25 | #LogVerbose yes | ||
26 | |||
27 | # Use system logger (can work together with UpdateLogFile). | ||
28 | # Default: no | ||
29 | #LogSyslog yes | ||
30 | |||
31 | # Specify the type of syslog messages - please refer to 'man syslog' | ||
32 | # for facility names. | ||
33 | # Default: LOG_LOCAL6 | ||
34 | #LogFacility LOG_MAIL | ||
35 | |||
36 | # Enable log rotation. Always enabled when LogFileMaxSize is enabled. | ||
37 | # Default: no | ||
38 | #LogRotate yes | ||
39 | |||
40 | # This option allows you to save the process identifier of the daemon | ||
41 | # Default: disabled | ||
42 | #PidFile /var/run/freshclam.pid | ||
43 | |||
44 | # By default when started freshclam drops privileges and switches to the | ||
45 | # "clamav" user. This directive allows you to change the database owner. | ||
46 | # Default: clamav (may depend on installation options) | ||
47 | DatabaseOwner clamav | ||
48 | |||
49 | # Initialize supplementary group access (freshclam must be started by root). | ||
50 | # Default: no | ||
51 | #AllowSupplementaryGroups yes | ||
52 | |||
53 | # Use DNS to verify virus database version. Freshclam uses DNS TXT records | ||
54 | # to verify database and software versions. With this directive you can change | ||
55 | # the database verification domain. | ||
56 | # WARNING: Do not touch it unless you're configuring freshclam to use your | ||
57 | # own database verification domain. | ||
58 | # Default: current.cvd.clamav.net | ||
59 | #DNSDatabaseInfo current.cvd.clamav.net | ||
60 | |||
61 | # Uncomment the following line and replace XY with your country | ||
62 | # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. | ||
63 | # You can use db.XY.ipv6.clamav.net for IPv6 connections. | ||
64 | #DatabaseMirror db.XY.clamav.net | ||
65 | |||
66 | # database.clamav.net is a round-robin record which points to our most | ||
67 | # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is | ||
68 | # not working. DO NOT TOUCH the following line unless you know what you | ||
69 | # are doing. | ||
70 | DatabaseMirror database.clamav.net | ||
71 | |||
72 | # How many attempts to make before giving up. | ||
73 | # Default: 3 (per mirror) | ||
74 | #MaxAttempts 5 | ||
75 | |||
76 | # With this option you can control scripted updates. It's highly recommended | ||
77 | # to keep it enabled. | ||
78 | # Default: yes | ||
79 | #ScriptedUpdates yes | ||
80 | |||
81 | # By default freshclam will keep the local databases (.cld) uncompressed to | ||
82 | # make their handling faster. With this option you can enable the compression; | ||
83 | # the change will take effect with the next database update. | ||
84 | # Default: no | ||
85 | #CompressLocalDatabase no | ||
86 | |||
87 | # With this option you can provide custom sources (http:// or file://) for | ||
88 | # database files. This option can be used multiple times. | ||
89 | # Default: no custom URLs | ||
90 | #DatabaseCustomURL http://myserver.com/mysigs.ndb | ||
91 | #DatabaseCustomURL file:///mnt/nfs/local.hdb | ||
92 | |||
93 | # This option allows you to easily point freshclam to private mirrors. | ||
94 | # If PrivateMirror is set, freshclam does not attempt to use DNS | ||
95 | # to determine whether its databases are out-of-date, instead it will | ||
96 | # use the If-Modified-Since request or directly check the headers of the | ||
97 | # remote database files. For each database, freshclam first attempts | ||
98 | # to download the CLD file. If that fails, it tries to download the | ||
99 | # CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo | ||
100 | # and ScriptedUpdates. It can be used multiple times to provide | ||
101 | # fall-back mirrors. | ||
102 | # Default: disabled | ||
103 | #PrivateMirror mirror1.mynetwork.com | ||
104 | #PrivateMirror mirror2.mynetwork.com | ||
105 | |||
106 | # Number of database checks per day. | ||
107 | # Default: 12 (every two hours) | ||
108 | #Checks 24 | ||
109 | |||
110 | # Proxy settings | ||
111 | # Default: disabled | ||
112 | #HTTPProxyServer myproxy.com | ||
113 | #HTTPProxyPort 1234 | ||
114 | #HTTPProxyUsername myusername | ||
115 | #HTTPProxyPassword mypass | ||
116 | |||
117 | # If your servers are behind a firewall/proxy which applies User-Agent | ||
118 | # filtering you can use this option to force the use of a different | ||
119 | # User-Agent header. | ||
120 | # Default: clamav/version_number | ||
121 | #HTTPUserAgent SomeUserAgentIdString | ||
122 | |||
123 | # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for | ||
124 | # multi-homed systems. | ||
125 | # Default: Use OS'es default outgoing IP address. | ||
126 | #LocalIPAddress aaa.bbb.ccc.ddd | ||
127 | |||
128 | # Send the RELOAD command to clamd. | ||
129 | # Default: no | ||
130 | #NotifyClamd /path/to/clamd.conf | ||
131 | |||
132 | # Run command after successful database update. | ||
133 | # Default: disabled | ||
134 | #OnUpdateExecute command | ||
135 | |||
136 | # Run command when database update process fails. | ||
137 | # Default: disabled | ||
138 | #OnErrorExecute command | ||
139 | |||
140 | # Run command when freshclam reports outdated version. | ||
141 | # In the command string %v will be replaced by the new version number. | ||
142 | # Default: disabled | ||
143 | #OnOutdatedExecute command | ||
144 | |||
145 | # Don't fork into background. | ||
146 | # Default: no | ||
147 | #Foreground yes | ||
148 | |||
149 | # Enable debug messages in libclamav. | ||
150 | # Default: no | ||
151 | #Debug yes | ||
152 | |||
153 | # Timeout in seconds when connecting to database server. | ||
154 | # Default: 30 | ||
155 | #ConnectTimeout 60 | ||
156 | |||
157 | # Timeout in seconds when reading from database server. | ||
158 | # Default: 30 | ||
159 | #ReceiveTimeout 60 | ||
160 | |||
161 | # With this option enabled, freshclam will attempt to load new | ||
162 | # databases into memory to make sure they are properly handled | ||
163 | # by libclamav before replacing the old ones. | ||
164 | # Default: yes | ||
165 | #TestDatabases yes | ||
166 | |||
167 | # When enabled freshclam will submit statistics to the ClamAV Project about | ||
168 | # the latest virus detections in your environment. The ClamAV maintainers | ||
169 | # will then use this data to determine what types of malware are the most | ||
170 | # detected in the field and in what geographic area they are. | ||
171 | # Freshclam will connect to clamd in order to get recent statistics. | ||
172 | # Default: no | ||
173 | #SubmitDetectionStats /path/to/clamd.conf | ||
174 | |||
175 | # Country of origin of malware/detection statistics (for statistical | ||
176 | # purposes only). The statistics collector at ClamAV.net will look up | ||
177 | # your IP address to determine the geographical origin of the malware | ||
178 | # reported by your installation. If this installation is mainly used to | ||
179 | # scan data which comes from a different location, please enable this | ||
180 | # option and enter a two-letter code (see http://www.iana.org/domains/root/db/) | ||
181 | # of the country of origin. | ||
182 | # Default: disabled | ||
183 | #DetectionStatsCountry country-code | ||
184 | |||
185 | # This option enables support for our "Personal Statistics" service. | ||
186 | # When this option is enabled, the information on malware detected by | ||
187 | # your clamd installation is made available to you through our website. | ||
188 | # To get your HostID, log on http://www.stats.clamav.net and add a new | ||
189 | # host to your host list. Once you have the HostID, uncomment this option | ||
190 | # and paste the HostID here. As soon as your freshclam starts submitting | ||
191 | # information to our stats collecting service, you will be able to view | ||
192 | # the statistics of this clamd installation by logging into | ||
193 | # http://www.stats.clamav.net with the same credentials you used to | ||
194 | # generate the HostID. For more information refer to: | ||
195 | # http://www.clamav.net/documentation.html#cctts | ||
196 | # This feature requires SubmitDetectionStats to be enabled. | ||
197 | # Default: disabled | ||
198 | #DetectionStatsHostID unique-id | ||
199 | |||
200 | # This option enables support for Google Safe Browsing. When activated for | ||
201 | # the first time, freshclam will download a new database file (safebrowsing.cvd) | ||
202 | # which will be automatically loaded by clamd and clamscan during the next | ||
203 | # reload, provided that the heuristic phishing detection is turned on. This | ||
204 | # database includes information about websites that may be phishing sites or | ||
205 | # possible sources of malware. When using this option, it's mandatory to run | ||
206 | # freshclam at least every 30 minutes. | ||
207 | # Freshclam uses the ClamAV's mirror infrastructure to distribute the | ||
208 | # database and its updates but all the contents are provided under Google's | ||
209 | # terms of use. See http://www.google.com/transparencyreport/safebrowsing | ||
210 | # and http://www.clamav.net/documentation.html#safebrowsing | ||
211 | # for more information. | ||
212 | # Default: disabled | ||
213 | #SafeBrowsing yes | ||
214 | |||
215 | # This option enables downloading of bytecode.cvd, which includes additional | ||
216 | # detection mechanisms and improvements to the ClamAV engine. | ||
217 | # Default: enabled | ||
218 | #Bytecode yes | ||
219 | |||
220 | # Download an additional 3rd party signature database distributed through | ||
221 | # the ClamAV mirrors. | ||
222 | # This option can be used multiple times. | ||
223 | #ExtraDatabase dbname1 | ||
224 | #ExtraDatabase dbname2 | ||