commit: 2637f7bdf5ca4b984e24294ff39ceedb5cfbea58 Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> AuthorDate: Wed Nov 6 15:10:57 2019 +0000 Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> CommitDate: Wed Nov 6 15:56:54 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2637f7bd
app-antivirus/clamav-unofficial-sigs: new revision with a cron job. This update script needs to run as a restricted user, with bash as its shell, and with a real home directory to prevent cron errors in the logs. The best way to do that seems to be to install a custom job into /etc/cron.d that sets the HOME and SHELL variables. This new revision provides a cron job that works as documentation, and adds a new USE=cron flag to install it. The default is NOT to install it because /etc/cron.d is not 100% standard, and the update script needs to be configured before it will work. Closes: https://bugs.gentoo.org/694054 Package-Manager: Portage-2.3.76, Repoman-2.3.16 Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org> ....ebuild => clamav-unofficial-sigs-6.0.1-r1.ebuild} | 15 +++++++++++++-- .../files/clamav-unofficial-sigs.crond | 19 +++++++++++++++++++ app-antivirus/clamav-unofficial-sigs/metadata.xml | 8 ++++++++ 3 files changed, 40 insertions(+), 2 deletions(-) diff --git a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild similarity index 80% rename from app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild rename to app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild index 6fc6ec0b574..34c988c3a2f 100644 --- a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild +++ b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild @@ -7,12 +7,12 @@ inherit user DESCRIPTION="Download and install third-party clamav signatures" HOMEPAGE="https://github.com/extremeshok/${PN}"; -SRC_URI="https://github.com/extremeshok/clamav-unofficial-sigs/archive/${PV}.tar.gz -> ${P}.tar.gz" +SRC_URI="${HOMEPAGE}/archive/${PV}.tar.gz -> ${P}.tar.gz" LICENSE="BSD" SLOT="0" KEYWORDS="~amd64 ~x86" -IUSE="" +IUSE="cron" # The script relies on either net-misc/socat, or Perl's # IO::Socket::UNIX. We already depend on Perl, and Gentoo's Perl ships @@ -41,6 +41,17 @@ src_install() { doman "${FILESDIR}/${PN}.8" dodoc README.md + + if use cron; then + # Beware, this directory is not completely standard. However, + # we need this to run as "clamav" with a non-default shell and + # home directory (bug 694054), and this seems like the most + # reliable way to accomplish that. + insinto "/etc/cron.d" + newins "${FILESDIR}/${PN}.crond" "${PN}" + else + dodoc "${FILESDIR}/${PN}.crond" + fi } pkg_preinst() { diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond new file mode 100644 index 00000000000..49ef1db3034 --- /dev/null +++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond @@ -0,0 +1,19 @@ +# +# Run clamav-unofficial-sigs hourly. +# +# This file should be copied to /etc/cron.d rather than, say, +# /etc/cron.hourly because it needs to run as the clamav user (to +# alter the databases), but the default settings for that user in +# Gentoo are insufficient (see bug 694054). +# +# In particular, the clamav user needs a Bash shell and a home +# directory since clamav-unofficial-sigs is written in Bash and +# because otherwise cron will complain about trying to chdir to a +# nonexistent home directory. When run out of /etc/cron.d, we can set +# HOME and SHELL to appropriate values, unlike with scripts in +# /etc/cron.hourly. +# +HOME=/var/lib/clamav-unofficial-sigs +SHELL=/bin/bash + +01 * * * * clamav /usr/sbin/clamav-unofficial-sigs.sh diff --git a/app-antivirus/clamav-unofficial-sigs/metadata.xml b/app-antivirus/clamav-unofficial-sigs/metadata.xml index cb13edbbb59..828e566ffca 100644 --- a/app-antivirus/clamav-unofficial-sigs/metadata.xml +++ b/app-antivirus/clamav-unofficial-sigs/metadata.xml @@ -4,6 +4,14 @@ <maintainer type="person"> <email>[email protected]</email> </maintainer> + <use> + <flag name="cron"> + Install an hourly cron job to /etc/cron.d that runs the + updates as the clamav user (instead of root), with an + appropriate home directory and shell. The same cron job + is installed as documentation when this flag is disabled. + </flag> + </use> <upstream> <remote-id type="sourceforge">unofficial-sigs</remote-id> <remote-id type="github">extremeshok/clamav-unofficial-sigs</remote-id>
