Well, I have started moving all the software I use over to
solaris-userland builds so next in line after my
last blog of building FFmpeg is
ClamAV. The reason for this it speed the process of build, IPS Build and install for packages which have a quick release schedule.
- Check out FFmpeg on Solaris 11.4 using solaris-userland for solaris-userland setup instructions.
- Creates a clamd service which is disabled by default
- clamav user created via IPS
- freshclam will need to be run (manually) as clamav user after IPS install
- crontab entry needs to be created (manually) to update virus signatures
- /etc/clamav/{clamd.conf,freshclam.conf} needs to be altered to your setup
- Things to fix:
- start up script required to create log files and run freshclam for first time
- log files contain in package (see previous)
- uninstall should not remove virus signatures "/var/clamav"
- crontab entry to run freshclam needs to be moved to a SMF
- Update 2019 Aug 6th: --enable-strni removed from configure (0.101.3+)
$ mkdir components/clamav
$ cd components/clamav
$ cat Makefile
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
#
BUILD_BITS=64
COMPILER=gcc
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= clamav
COMPONENT_VERSION= 0.101.2
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
IPS_COMPONENT_VERSION= $(COMPONENT_VERSION)
BUILD_VERSION= 1
COMPONENT_PROJECT_URL= http://www.clamav.net
COMPONENT_ARCHIVE= clamav-$(COMPONENT_VERSION).tar.gz
COMPONENT_ARCHIVE_URL= http://www.clamav.net/downloads/production/$(COMPONENT_ARCHIVE)
COMPONENT_ARCHIVE_HASH=
COMPONENT_MAKE_JOBS= 1
BUILD_STYLE= configure
# configure does not accept many of the options set in
# configure.mk (CC=, CXX=, --bindir, --libdir, --sbindir).
#CONFIGURE_DEFAULT_DIRS set to NO since we need "--libdir=/usr/lib/amd64" set
# otherwise it could have been YES
CONFIGURE_DEFAULT_DIRS= no
CONFIGURE_OPTIONS += --prefix=/usr
CONFIGURE_OPTIONS += --mandir=/usr/share/man
CONFIGURE_OPTIONS += --bindir=/usr/bin
CONFIGURE_OPTIONS += --libdir=/usr/lib/amd64
# Need to add all config options by hand
CONFIGURE_OPTIONS += --with-user=defang8
CONFIGURE_OPTIONS += --with-group=nogroup
CONFIGURE_OPTIONS += --enable-readdir_r
CONFIGURE_OPTIONS += -enable-milter
#CONFIGURE_OPTIONS += --enable-strni # Not required 0.101.3+
CONFIGURE_OPTIONS += --sysconfdir=/etc/clamav
CONFIGURE_OPTIONS += --with-dbdir=/var/clamav
CONFIGURE_OPTIONS += --datarootdir=/var/clamav
CONFIGURE_OPTIONS += --sbindir=/usr/lib/inet
#CONFIGURE_OPTIONS += --enable-shared
#CONFIGURE_OPTIONS += --strip=gstrip
#CONFIGURE_OPTIONS += --disable-x86asm
#CONFIGURE_OPTIONS += --mandir=/usr/share/man
#CONFIGURE_OPTIONS += --bindir=/usr/bin
#CONFIGURE_OPTIONS += --libdir=/usr/lib/amd64
COMPONENT_POST_BUILD_ACTION= \
(cd $(PROTO_DIR) ; $(MKDIR) -p var/spool/MIMEDefang var/clamav)
TEST_TARGET= $(NO_TESTS)
include $(WS_MAKE_RULES)/common.mk
# remove warnings that packages are missing
IPS_PKG_NAME= storage/clamav
REQUIRED_PACKAGES += library/security/openssl
REQUIRED_PACKAGES += library/libxml2
REQUIRED_PACKAGES += system/library/gcc/gcc-c-runtime
REQUIRED_PACKAGES += library/zlib
REQUIRED_PACKAGES += system/library/gcc/gcc-c++-runtime
REQUIRED_PACKAGES += library/json-c
REQUIRED_PACKAGES += web/curl
REQUIRED_PACKAGES += library/ncurses
REQUIRED_PACKAGES += library/libmilter
REQUIRED_PACKAGES += system/library/math
REQUIRED_PACKAGES += library/pcre
$ gmake install
Now we need to create a sample-manifest which I will use as a starting point, but you will need to edit it to get it to work. Downloadable version is
here
$ gmake sample-manifest
$ cat clamav.p5m
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
#
default mangler.man.stability volatile>
set name=pkg.fmri \
value=pkg:/storage/clamav@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
set name=pkg.summary value=clamav
set name=com.oracle.info.description \
value="ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats"
set name=info.classification \
value="org.opensolaris.category.2008:Applications/System Utilities"
set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
set name=org.opensolaris.arc-caseid value=PSARC/YYYY/XXX
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
#
dir path=etc/clamav
file path=etc/clamav/clamav-milter.conf.sample
#
# config. file
file clamd.conf path=etc/clamav/clamd.conf mode=0644 overlay=allow preserve=true
file path=etc/clamav/clamd.conf.sample
file freshclam.conf path=etc/clamav/freshclam.conf mode=0644 overlay=allow \
preserve=true
file path=etc/clamav/freshclam.conf.sample
#
# SMF(5)
#file prof_service-network-clamd path=etc/security/prof_attr.d/service-network-clamd
file clamd.xml path=lib/svc/manifest/network/clamd.xml \
disable_fmri=svc:/application/clamd:default
file path=usr/bin/clamav-config
file path=usr/bin/clambc
file path=usr/bin/clamconf
file path=usr/bin/clamdscan
file path=usr/bin/clamdtop
file path=usr/bin/clamscan
file path=usr/bin/clamsubmit
file path=usr/bin/freshclam
file path=usr/bin/sigtool
file path=usr/include/clamav-types.h
file path=usr/include/clamav.h
link path=usr/lib/$(MACH64)/libclamav.so target=libclamav.so.9.0.2
link path=usr/lib/$(MACH64)/libclamav.so.9 target=libclamav.so.9.0.2
file path=usr/lib/$(MACH64)/libclamav.so.9.0.2
link path=usr/lib/$(MACH64)/libclammspack.so target=libclammspack.so.0.1.0
link path=usr/lib/$(MACH64)/libclammspack.so.0 target=libclammspack.so.0.1.0
file path=usr/lib/$(MACH64)/libclammspack.so.0.1.0
link path=usr/lib/$(MACH64)/libclamunrar.so target=libclamunrar.so.9.0.2
link path=usr/lib/$(MACH64)/libclamunrar.so.9 target=libclamunrar.so.9.0.2
file path=usr/lib/$(MACH64)/libclamunrar.so.9.0.2
link path=usr/lib/$(MACH64)/libclamunrar_iface.so \
target=libclamunrar_iface.so.9.0.2
link path=usr/lib/$(MACH64)/libclamunrar_iface.so.9 \
target=libclamunrar_iface.so.9.0.2
file path=usr/lib/$(MACH64)/libclamunrar_iface.so.9.0.2
file path=usr/lib/$(MACH64)/pkgconfig/libclamav.pc
file path=usr/lib/inet/clamd
file path=usr/sbin/clamav-milter
file path=usr/share/man/man1/clambc.1
file path=usr/share/man/man1/clamconf.1
file path=usr/share/man/man1/clamdscan.1
file path=usr/share/man/man1/clamdtop.1
file path=usr/share/man/man1/clamscan.1
file path=usr/share/man/man1/clamsubmit.1
file path=usr/share/man/man1/freshclam.1
file path=usr/share/man/man1/sigtool.1
file path=usr/share/man/man5/clamav-milter.conf.5
file path=usr/share/man/man5/clamd.conf.5
file path=usr/share/man/man5/freshclam.conf.5
file path=usr/share/man/man8/clamav-milter.8
file path=usr/share/man/man8/clamd.8
dir path=var/clamav owner=clamav group=clamav mode=0755
#
# Add log files (not a good way of doing it)
file clamd.log path=var/log/clamd.log owner=clamav group=clamav mode=0640 \
overlay=allow preserve=true
file freshclam.log path=var/log/freshclam.log owner=clamav group=clamav \
mode=0640 overlay=allow preserve=true
#
dir path=var/spool/MIMEDefang owner=clamav group=clamav mode=0700
#
# user/group (added by pkg)
group groupname=clamav gid=76
user username=clamav ftpuser=false gcos-field="CLAMAV Reserved UID" \
group=clamav uid=76
#
license COPYING.all license=COPYING.all
$ rm ./build/manifest-i386-generated.p5m
$ gmake publish
Now lets see if the pkg has been built:
$ pkg info -r -g file:/scratch/solaris-userland/i386/repo clamav
Name: storage/clamav
Summary: clamav
Category: Applications/System Utilities
State: Installed
Publisher: nightly
Version: 0.101.2
Branch: None
Packaging Date: May 7, 2019 at 4:13:52 PM
Last Install Time: May 7, 2019 at 4:15:27 PM
Size: 4.99 MB
FMRI: pkg://nightly/storage/clamav@0.101.2:20190507T161352Z
Project URL: http://www.clamav.net
Source URL: http://www.clamav.net/downloads/production/clamav-0.101.2.tar.gz
$ pkg install -v -g file:/scratch/solaris-userland/i386/repo storage/clamav
Packages to install: 1
Services to change: 1
Estimated space available: 248.60 GB
Estimated space to be consumed: 371.50 MB
Create boot environment: No
Create backup boot environment: No
Rebuild boot archive: No
Changed packages:
nightly
storage/clamav
None -> 0.101.2
Services:
restart_fmri:
svc:/system/manifest-import:default
Editable files to change:
Install:
etc/clamav/clamd.conf
etc/clamav/freshclam.conf
var/log/clamd.log
var/log/freshclam.log
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 1/1 40/40 1.9/1.9 47.6M/s
PHASE ITEMS
Installing new actions 81/81
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Reading search index Done
Updating search index 1/1
Updating package cache 5/5
$ clamscan --version
ClamAV 0.101.2/25442/Tue May 7 09:01:24 2019
$ su - clamav -c "/usr/bin/freshclam"
$ crontab -l clamav
## Format( minutes hours day-of-month month day-of-week command
#
03 11 * * * find /var/spool/MD-Quarantine -name "qdir*" -type d -mtime +7 -exec rm -rf {} \;
10 * * * * /usr/bin/freshclam --quiet
No comments:
Post a Comment