rpms
/
clamav
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Drop clamd@scan.service file (bz#1725810) 

Change /var/run to /run
This commit is contained in:
Orion Poplawski 2019-10-31 22:10:47 -06:00
parent 5b6ec7c15a
commit 234a5b82e7
5 changed files with 44 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
README.fedora
View File

@ -1,5 +1,5 @@
Please note since el7 and Fedora 15 or 19 we use only systemd.
upstart and sysv was dropped, this document may still applies to el6.
Please note for Fedora and EPEL 7+ we use only systemd.
upstart and sysvinit only apply to EPEL 6.
A clamav-milter setup consists of the following three components:
@ -11,18 +11,22 @@ A clamav-milter setup consists of the following three components:
The main configuration is in /etc/mail/clamav-milter.conf and MUST
be changed before first use.
This can be enabled with: 'systemctl enable clamav-milter.service'
The -sysvinit package is managed by the traditional tools, but
-upstart requires modification of /etc/event.d/clamav-milter to
enable automatic startup. See comments there for more details.
* a clamav scanner daemon
--> this package is called 'clamav-scanner' plus (alternatively)
'clamav-scanner-upstart' or 'clamav-scanner-sysvinit'
--> this is in the clamd package (or on EL6:
'clamav-scanner-upstart' or 'clamav-scanner-sysvinit')
The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
edited before first use).
This can be enabled with: 'systemctl enable clamd@scan.service'
The -sysvinit package is managed by the traditional tools, but
-upstart requires modification of /etc/event.d/clamd.scan to enable
automatic startup. See comments there for more details.
@ -32,19 +36,14 @@ A clamav-milter setup consists of the following three components:
--> you should know how to install this...
When communicating across unix sockets with the clamav-milter, it is
suggested to use the /var/run/clamav-milter/clamav-milter.socket
suggested to use the /run/clamav-milter/clamav-milter.socket
path. You have to add something like
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
to your sendmail.mc.
It is suggested that components communicate through TCP sockets as
this eases setup. Please add corresponding packet filter rules!
EXAMPLE
=======
@ -70,13 +69,13 @@ B) On the clamav-milter host (assumed hostname 'host-milter')
and all the other options which are required on your system
3. Edit /etc/event.d/clamav-milter and uncomment the
3. Enable clamav-milter.service:
| start on starting local
| systemctl enable clamav-milter.service
line. Restart your system or execute
Restart your system or execute
| initctl emit starting local
| systemctl start clamav-milter.service
4. Add something like
@ -90,7 +89,7 @@ B) On the clamav-milter host (assumed hostname 'host-milter')
C) On the clamav-scanner host (assumed hostname 'host-scanner')
1. Install clamav-scanner + clamav-scanner-upstart packages
1. Install clamd
2. Add to /etc/clamd.d/scan.conf
@ -100,13 +99,13 @@ C) On the clamav-scanner host (assumed hostname 'host-scanner')
comment out possible 'LocalSocket' lines and set all the other
options which are required on your system
3. Edit /etc/event.d/clamav-scanner and uncomment the
3. Enable clamd@scan.service:
| start on starting local
| systemctl enable clamd@scan.service
line. Restart your system or execute
Restart your system or execute
| initctl emit starting local
| systemctl start clamd@scan.service
4. Add something like

30
clamav.spec
View File

@ -54,7 +54,7 @@
Summary: End-user tools for the Clam Antivirus scanner
Name: clamav
Version: 0.101.4
Release: 2%{?dist}
Release: 3%{?dist}
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
URL: https://www.clamav.net/
%if %{with unrar}
@ -82,8 +82,6 @@ Source10: main-58.cvd
Source11: daily-25550.cvd
#http://database.clamav.net/bytecode.cvd
Source12: bytecode-330.cvd
#for devel
Source100: clamd-gen
#for update
Source200: freshclam-sleep
Source201: freshclam.sysconfig
@ -326,8 +324,8 @@ mkdir -p libclamunrar{,_iface}
sed -ri \
-e 's!^#?(LogFile ).*!#\1/var/log/clamd.<SERVICE>!g' \
-e 's!^#?(LocalSocket ).*!#\1/var/run/clamd.<SERVICE>/clamd.sock!g' \
-e 's!^(#?PidFile ).*!\1/var/run/clamd.<SERVICE>/clamd.pid!g' \
-e 's!^#?(LocalSocket ).*!#\1%{_rundir}/clamd.<SERVICE>/clamd.sock!g' \
-e 's!^(#?PidFile ).*!\1%{_rundir}/clamd.<SERVICE>/clamd.pid!g' \
-e 's!^#?(User ).*!\1<USER>!g' \
-e 's!^#?(AllowSupplementaryGroups|LogSyslog).*!\1 yes!g' \
-e 's! /usr/local/share/clamav,! %homedir,!g' \
@ -433,7 +431,6 @@ install -D -m 0644 -p etc/clamd.conf.sample _doc_server/clamd.conf
%if %{with sysv}
install -m 0644 -p %SOURCE520 $RPM_BUILD_ROOT%pkgdatadir/
%endif
install -m 0755 -p %SOURCE100 $RPM_BUILD_ROOT%pkgdatadir/
cp -pa _doc_server/* $RPM_BUILD_ROOT%pkgdatadir/template
%if %{with sysv}
@ -471,7 +468,6 @@ sed -e 's!<SERVICE>!scan!g;' $RPM_BUILD_ROOT%pkgdatadir/template/clamd.init \
%endif
install -D -p -m 0644 %SOURCE410 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf
install -D -p -m 0644 %SOURCE430 $RPM_BUILD_ROOT%_unitdir/clamd@scan.service
cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamd.scan.conf
d %scanstatedir 0710 %scanuser virusgroup
@ -553,8 +549,10 @@ exit 0
/usr/bin/killall -u %scanuser clamd 2>/dev/null || :
%endif
%if %{with systemd}
%systemd_post clamd@.service
%systemd_post clamd@scan.service
# Point to the new service unit
[ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] &&
ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || :
%systemd_post clamd@\*.service
%{?with_tmpfiles:/bin/systemd-tmpfiles --create %_tmpfilesdir/clamd.scan.conf || :}
%endif
@ -567,8 +565,7 @@ test "$1" != 0 || /sbin/chkconfig --del clamd.scan
test "$1" != "0" || /sbin/initctl -q stop clamd.scan || :
%endif
%if %{with systemd}
%systemd_preun clamd@.service
%systemd_preun clamd@scan.service
%systemd_preun clamd@\*.service
%endif
%postun -n clamd
@ -576,8 +573,7 @@ test "$1" != "0" || /sbin/initctl -q stop clamd.scan || :
test "$1" = 0 || %_initrddir/clamd.scan condrestart >/dev/null || :
%endif
%if %{with systemd}
%systemd_postun_with_restart clamd@.service
%systemd_postun_with_restart clamd@scan.service
%systemd_postun_with_restart clamd@\*.service
%endif
@ -670,7 +666,6 @@ test "$1" = 0 || %_initrddir/clamav-milter condrestart >/dev/null || :
%_includedir/*
%_libdir/*.so
%pkgdatadir/template
%pkgdatadir/clamd-gen
%_libdir/pkgconfig/*
%_bindir/clamav-config
@ -735,9 +730,6 @@ test "$1" = 0 || %_initrddir/clamav-milter condrestart >/dev/null || :
%if %{with upstart}
%config(noreplace) %_sysconfdir/init/clamd.scan*
%endif
%if %{with systemd}
%_unitdir/clamd@scan.service
%endif
## -----------------------
@ -769,6 +761,10 @@ test "$1" = 0 || %_initrddir/clamav-milter condrestart >/dev/null || :
%changelog
* Mon Nov 18 2019 Orion Poplawski <orion@nwra.com> - 0.101.4-3
- Drop clamd@scan.service file (bz#1725810)
- Change /var/run to /run
* Mon Nov 18 2019 Orion Poplawski <orion@nwra.com> - 0.101.4-2
- Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835)

15
clamd-README
View File

@ -1,10 +1,9 @@
To create individual clamd-instance take the following files and
modify/copy them in the suggested way:
clamd.conf:
* set LocalSocket (or better: TCPSocket) and User to suitable values;
avoid PidFile unless it is required by system monitoring or something
else. Logging through syslog is usually better than an individual
/etc/clamd/scan.conf:
* set LocalSocket for localhost access or TCPSocket for network access
and User to suitable values. Logging through syslog is usually better than an individual
Logfile.
* place this file into /etc/clamd.d with an unique service-name;
e.g. as /etc/clamd.d/<SERVICE>.conf
@ -40,10 +39,10 @@ clamd@<SERVICE>.service: (systemd instance)
Additionally, when using LocalSocket instead of TCPSocket, the directory
for the socket file must be created. For tmpfiles based systems, you
might want to create a file /usr/lib/tmpfiles.d/clamd.<SERVICE>.conf
might want to create a file /etc/tmpfiles.d/clamd.<SERVICE>.conf
with a content of
| d /var/run/clamd.<SERVICE> <MODE> <USER> <GROUP>
| d /run/clamd.<SERVICE> <MODE> <USER> <GROUP>
Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
so that the socket can be accessed by clamd and by the applications
@ -53,9 +52,9 @@ DOS attacks or worse are trivial.
After emulating these steps by hand (or else rebooting), you still need set
SELinux:
chcon -t clamd_var_run_t /var/run/clamd.<SERVICE>
chcon -t clamd_var_run_t /run/clamd.<SERVICE>
or
restorecon -R -v "/var/run/clamd.<SERVICE>"
restorecon -R -v "/run/clamd.<SERVICE>"
More SELinux notes:
you may need run:

269
clamd-gen
View File

@ -1,269 +0,0 @@
#! /bin/bash
# Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
function showHelp()
{
echo \
$"Usage: clamd-gen --service=<SERVICE> --version=<VERSION> --release=<RELEASE>
--license=<LICENSE> --username=>USERNAME>
"
exit 0
}
function rpm.generatePreamble()
{
cat <<EOF
%{!?release_func:%define release_func() %1%{?dist}}
# The name of the minit service
%define minitsvcdir %minitdir/services/%name
# The configuration file for the SysV initservice
%define conffile %_sysconfdir/clamd.d/%service.conf
# The directory, where the milter socket will be placed into; this
# socket will be named clamd.sock
%define rundir /var/run/clamd.%service
# The name of the logfile
%define logfile /var/log/clamd.%service
# The user under whose id, the clamd shall be running. This user must
# be able to read the files from the base-service and is usually
# created there.
%define username $USERNAME
# The packagename of the service
%define service $SERVICE
# The service name as used by the system's initscripts; usually this
# is %service
%define baseservice %service
%define __chkconfig /sbin/chkconfig
%define minitdir %_sysconfdir/minit
EOF
}
function rpm.generateHeader()
{
cat <<EOF
Summary: Clamav server for '%service'
Name: clamd.%service
Version: $VERSION
Release: %release_func $RELEASE
Epoch: 0
License: $LICENSE
Group: System Environment/Daemons
BuildRoot: %_tmppath/%name-%version-%release-root
BuildArch: noarch
Requires: init(%name)
Requires(pre): %service
Requires: clamav-server
BuildRequires: clamav-devel
%package sysv
Summary: SysV initscripts for a %service clamav-server
Group: System Environment/Daemons
Provides: init(%name) = sysv
Conflicts: init(%name) < sysv
Conflicts: init(%name) > sysv
Requires: clamav-server-sysv
Requires(post): %name = %epoch:%version-%release
Requires(post): diffutils mktemp %__chkconfig
Requires(preun): %__chkconfig
Requires(pre): %_initrddir
Requires(postun): %_initrddir
%package minit
Summary: minit initscripts for a %service clamav-server
Group: System Environment/Daemons
Provides: init(%name) = minit
Conflicts: init(%name) < minit
Conflicts: init(%name) > minit
Requires(post): %name = %epoch:%version-%release
Requires(post): diffutils mktemp
Requires(pre): minit-setup
Requires(postun): minit-setup
Requires(triggers): minit-tools
%description
Basic setup for a clamav server for '%service'.
%description sysv
Basic setup for a clamav server for '%service'.
This package contains initscripts for SysV based systems.
%description minit
Basic setup for a clamav server for '%service'.
This package contains initscripts for minit based systems.
EOF
}
function rpm.genBody()
{
cat <<"XEOFX"
%prep
%build
%install
rm -rf $RPM_BUILD_ROOT
%__install -d -m755 $RPM_BUILD_ROOT{%minitsvcdir,%_sbindir,%rundir,/var/log}
d=/usr/share/clamav/template
function subst
{
src=$d/$1
dst=$RPM_BUILD_ROOT$2
%__install -d -m755 $(dirname "$dst")
sed -e 's!^\(#?LogFile \).*!\1%logfile!g;
s!^#?\(LocalSocket \).*!\1%rundir/clamd.sock!g;
s!^#?\(PidFile \).*!\1%rundir/clamd.pid!g;
s!<SERVICE>!%service!g;
s!<USER>!%username!g;' "$src" >"$dst"
chmod --reference "$src" "$dst"
}
subst clamd.conf %conffile
subst clamd.logrotate %_sysconfdir/logrotate.d/clamd.%service
%if 0%{!?_without_sysv:1}
subst clamd.sysconfig %_sysconfdir/sysconfig/clamd.%service
subst clamd.init %_initrddir/clamd.%service
%endif
ln -s clamd $RPM_BUILD_ROOT%_sbindir/clamd.%service
touch $RPM_BUILD_ROOT%logfile
touch $RPM_BUILD_ROOT%rundir/clamd.sock
%if 0%{!?_without_minit:1}
ln -s %_sbindir/clamd.%service $RPM_BUILD_ROOT%minitsvcdir/run
touch $RPM_BUILD_ROOT%minitsvcdir/respawn
cat <<EOF >$RPM_BUILD_ROOT%minitsvcdir/params
-c
%conffile
EOF
%endif
%clean
rm -rf $RPM_BUILD_ROOT
%triggerin minit -- %baseservice
minit-svc add services/clamd.%service services/%baseservice/
%triggerun minit -- %baseservice
test "$1" != 0 -a "$2" != 0 || \
minit-svc del services/clamd.%service services/%baseservice/
%post minit
d=$(mktemp /tmp/clamd.%service.XXXXXX)
sed -e 's!^#Foreground!Foreground!' "%conffile" >"$d"
grep -q '^Foreground' $d || echo 'Foreground' >>$d
cmp -s "$d" %conffile || cat "$d" >"%conffile"
rm -f "$d"
%post sysv
d=$(mktemp /tmp/clamd.%service.XXXXXX)
sed -e 's!^Foreground!#Foreground!' "%conffile" >"$d"
cmp -s "$d" %conffile || cat "$d" >"%conffile"
rm -f "$d"
%__chkconfig --add %name
%preun sysv
test "$1" != 0 || %__chkconfig --del %name
XEOFX
}
function rpm.genFiles
{
cat <<"EOF"
%files
%defattr(-,root,root,-)
%doc
%config(noreplace) %verify(not size md5 mtime) %attr(0620,root,%username) %logfile
%config(noreplace) %verify(not mtime) %conffile
%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/clamd.%service
%_sbindir/clamd.%service
%dir %attr(0700,%username,root) %rundir
%ghost %rundir/clamd.sock
%if 0%{!?_without_sysv:1}
%files sysv
%defattr(-,root,root,-)
%config %verify(not mtime) %_initrddir/clamd.%service
%config(noreplace) %verify(not mtime) %_sysconfdir/sysconfig/clamd.%service
%endif
%if 0%{!?_without_minit:1}
%files minit
%defattr(-,root,root,-)
%dir %minitsvcdir
%config(noreplace) %verify(not mtime) %minitsvcdir/params
%config %minitsvcdir/run
%minitsvcdir/respawn
%endif
EOF
}
SERVICE=
VERSION=
RELEASE=
LICENSE=
USERNAME=
tmp=$(getopt -o '' --long service:,version:,release:,license:,username:,help -n "$0" -- "$@") || exit 1
eval set -- "$tmp"
while true; do
case "$1" in
(--help) showHelp $0;;
(--service) SERVICE=$2; shift;;
(--version) VERSION=$2; shift;;
(--release) RELEASE=$2; shift;;
(--license) LICENSE=$2; shift;;
(--username) USERNAME=$2; shift;;
(--) shift; break;;
esac
shift
done
for i in SERVICE VERSION RELEASE LICENSE USERNAME; do
eval tmp=\$${i}
test "$tmp" || {
echo $"No value for $i specified; assuming @${i}@" >&2;
eval $i=@${i}@;
}
done
rpm.generatePreamble
rpm.generateHeader
rpm.genBody
rpm.genFiles

8
clamd@.service
View File

@ -1,13 +1,15 @@
[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
# Check for database existence
# ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}
# ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc}
After = syslog.target nss-lookup.target network.target
[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec=420
[Install]
WantedBy = multi-user.target