** Description changed: * Note that the FFe sections outlined in https://documentation.ubuntu.com/project/release-team/request-a-freeze- exception/#what-to-include (description of the proposed changes, benefits of the change, testing performed, output of seeded-in-ubuntu) are present below [IMPACT] clamav-daemon won't listen on TCP sockets when reconfiguring the package. This is not an upstream clamav bug, it is a packaging one. When `sudo dpkg-reconfigure clamav-daemon` is run, the postinst script correctly updates the main configuration file (clamd.conf). In Ubuntu, clamav-daemon is integrated as a systemd service. Whether clamav listens to a unix file of a TCP socket is configured in clamd.conf (upstream bit). In Ubuntu this is passed to systemd service by making the service depend on a systemd socket: root@jammy:/usr/lib/systemd/system# cat clamav-daemon.socket [Unit] Description=Socket for Clam AntiVirus userspace daemon Documentation=man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/ # Check for database existence ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc} ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} [Socket] ListenStream=/run/clamav/clamd.ctl #ListenStream=1024 SocketUser=clamav SocketGroup=clamav RemoveOnStop=True [Install] WantedBy=sockets.target The problem is that when reconfiguring the package to make clamav listen to a TCP socket, this change is never reflected in the systemd socket file which keeps the old config (unix file). - - To address this I can think of 2 ways: - a) Modify the postinst script to also update the systemd socket file. - b) Modify the systemd service to read its configuration directly from clamd.conf, making the socket file's configuration redundant. [Description of the Proposed Changes] * Add systemd socket generator for clamav-daemon (LP: #2129160) - debian/clamav-daemon-socket-generator: Implement clamav-daemon-socket-generator to align clamav-daemon.socket with clamd.conf. - debian/clamav-daemon.postinst.in: Execute daemon-reload to regenerate configuration. - debian/clamav-daemon.install: Install clamav-daemon-socket-generator The socket generator allows for configurability of both LocalSocket and TCPSocket (IPv4 or IPv6) ListenStreams, as well as configurability over the LocalSocketMode and LocalSocketGroup. [Benefits of the proposed change] This will fix a packaging issue that prevents customization and reconfiguration of clamav. [TEST CASE] Run "sudo apt install clamav-daemon" Run "sudo dpkg-reconfigure clamav-daemon" Select "Socket type" as "TCP" Leave everything else as defaults and finish the config setup Run "sudo systemctl restart clamav-daemon" Check for the daemon running on a TCP socket (it won't be): sudo ss -pln | grep 3310 [Testing Performed Against Devel Release] The above test plan has been executed with the proposed changes on Resolute to verify the changes work as intended (service is listening on the expected port, and or local socket) The package builds on all architectures against -updates [1] and -proposed [2] [1] https://launchpad.net/~bryanfraschetti/+archive/ubuntu/lp2129160-updates [2] https://launchpad.net/~bryanfraschetti/+archive/ubuntu/lp2129160-proposed The package successfully upgrades from 1.4.3+dfsg-2ubuntu2 (the current version in Resolute) [Seeded in Ubuntu] seeded-in-ubuntu clamav-daemon The source package 'clamav-daemon' does not exist in the Ubuntu primary archive in resolute for pockets Release, Security, Updates, Proposed with status in Pending, Published [Where problems could occur] - While the proposed changes resolve all problems that we identified such as the inability to reconfigure the package, set the port, IPv4 or IPv6 address on which the clamav-daemon listens, or the local socket path, it is possible that this is not a comprehensive list of the upstream features. That is to say, there may be additional configurability not yet captured in the generator. - Given the current broken behaviour, users may have defined systemd overrides and workarounds in place and should be careful when reconfiguring the package to avoid conflicting configurations. For example, they may want to remove custom overrides before or after upgrading [Other] Upstream related bug: https://github.com/Cisco-Talos/clamav/issues/1464
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2129160 Title: [FFe] dpkg-reconfigure clamav-daemon does not respect TCP configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2129160/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
