commit: 89533ae52db8767ae8b0306c6f91b1f015fa71d0 Author: Matt Jolly <kangie <AT> gentoo <DOT> org> AuthorDate: Sat Jun 29 08:14:03 2024 +0000 Commit: Matt Jolly <kangie <AT> gentoo <DOT> org> CommitDate: Sat Jun 29 08:33:18 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89533ae5
app-antivirus/clamav: update tmpfiles configuration The previous configuration was overly strict, making it impossible for appliations to connect to the socket. Historically this was not an issue as guidance was to just add these other apps to the clamav group, but this is no longer the case. Bug: https://bugs.gentoo.org/921617 Signed-off-by: Matt Jolly <kangie <AT> gentoo.org> app-antivirus/clamav/clamav-1.0.5.ebuild | 10 ++-------- .../{clamav-1.3.1-r1.ebuild => clamav-1.3.1-r2.ebuild} | 14 +++++--------- 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/app-antivirus/clamav/clamav-1.0.5.ebuild b/app-antivirus/clamav/clamav-1.0.5.ebuild index 8995c36a41b5..5759a6890ff1 100644 --- a/app-antivirus/clamav/clamav-1.0.5.ebuild +++ b/app-antivirus/clamav/clamav-1.0.5.ebuild @@ -291,14 +291,8 @@ src_install() { if ! use libclamav-only ; then if use systemd ; then - # The tmpfiles entry is behind USE=systemd because the - # upstream OpenRC service files should (and do) ensure that - # the directories they need exist and have the correct - # permissions without the help of opentmpfiles. There are - # years-old root exploits in opentmpfiles, the design is - # fundamentally flawed, and the maintainer is not up to - # the task of fixing it. - dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf" + # OpenRC services do not need tmpfiles + dotmpfiles "${FILESDIR}/tmpfiles.d/clamav-r1.conf" systemd_newunit "${FILESDIR}/clamd_at.service-0.104.0" "[email protected]" systemd_dounit "${FILESDIR}/clamd.service" systemd_newunit "${FILESDIR}/freshclamd.service-r1" \ diff --git a/app-antivirus/clamav/clamav-1.3.1-r1.ebuild b/app-antivirus/clamav/clamav-1.3.1-r2.ebuild similarity index 95% rename from app-antivirus/clamav/clamav-1.3.1-r1.ebuild rename to app-antivirus/clamav/clamav-1.3.1-r2.ebuild index 04fcfda4d498..58e80f89a976 100644 --- a/app-antivirus/clamav/clamav-1.3.1-r1.ebuild +++ b/app-antivirus/clamav/clamav-1.3.1-r2.ebuild @@ -296,14 +296,10 @@ src_install() { if ! use libclamav-only ; then if use systemd ; then - # The tmpfiles entry is behind USE=systemd because the - # upstream OpenRC service files should (and do) ensure that - # the directories they need exist and have the correct - # permissions without the help of opentmpfiles. There are - # years-old root exploits in opentmpfiles, the design is - # fundamentally flawed, and the maintainer is not up to - # the task of fixing it. - dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf" + # OpenRC services ensure their own permissions, so we can avoid + # a dependency on sys-apps/systemd-utils[tmpfiles] here, though + # we can change our minds and use it if we want to. + dotmpfiles "${FILESDIR}/tmpfiles.d/clamav-r1.conf" fi if use clamapp ; then @@ -373,7 +369,7 @@ src_install() { pkg_postinst() { if ! use libclamav-only ; then if use systemd ; then - tmpfiles_process clamav.conf + tmpfiles_process clamav-r1.conf fi fi
