From 7d7ca4f425909368cd78cd587120703754bcd608 Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Tue, 9 Feb 2021 14:24:09 -0500 Subject: [PATCH 1/1] Add OpenRC service scripts integrated with the build system. --- Makefile.am | 11 ++++++ clamav-milter/Makefile.am | 21 ++++++++++++ clamav-milter/openrc/clamav-milter.in.in | 34 +++++++++++++++++++ clamd/Makefile.am | 19 +++++++++++ clamd/openrc/clamd.in.in | 33 ++++++++++++++++++ clamonacc/Makefile.am | 19 +++++++++++ clamonacc/openrc/clamonacc.in.in | 18 ++++++++++ configure.ac | 16 ++++++++- etc/Makefile.am | 22 +++++++++++- ...sample => clamav-milter.conf.sample.in.in} | 5 +-- ...md.conf.sample => clamd.conf.sample.in.in} | 4 +-- ...onf.sample => freshclam.conf.sample.in.in} | 2 +- freshclam/Makefile.am | 20 +++++++++++ freshclam/openrc/freshclam.in.in | 8 +++++ m4/reorganization/libs/openrc.m4 | 8 +++++ 15 files changed, 233 insertions(+), 7 deletions(-) create mode 100644 clamav-milter/openrc/clamav-milter.in.in create mode 100644 clamd/openrc/clamd.in.in create mode 100644 clamonacc/openrc/clamonacc.in.in rename etc/{clamav-milter.conf.sample => clamav-milter.conf.sample.in.in} (98%) rename etc/{clamd.conf.sample => clamd.conf.sample.in.in} (99%) rename etc/{freshclam.conf.sample => freshclam.conf.sample.in.in} (99%) create mode 100644 freshclam/openrc/freshclam.in.in create mode 100644 m4/reorganization/libs/openrc.m4 diff --git a/Makefile.am b/Makefile.am index 42a58e7..c4d82ad 100644 --- a/Makefile.am +++ b/Makefile.am @@ -52,6 +52,17 @@ nodist_include_HEADERS = clamav-types.h clamav-version.h distuninstallcheck_listfiles = find . -type f ! -name clamd.conf ! -name freshclam.conf ! -name daily.cvd ! -name main.cvd -print DISTCLEANFILES = target.h DISTCHECK_CONFIGURE_FLAGS=--enable-milter --disable-clamav --enable-all-jit-targets --enable-llvm=yes --with-system-llvm=no --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir) CC="$(CC)" CXX="$(CXX)" YACC="$(YACC)" LEX="$(LEX)" AR="$(AR)" AS="$(AS)" + + +# This command allows us to replace bindir, libdir, etc. +# within our script and conf file. The example is taken +# from the autoconf documentation and can be found in the +# "Installation Directory Variables" section. +editgnudirs = sed -e 's|@BINDIR[@]|$(bindir)|g' \ + -e 's|@SBINDIR[@]|$(sbindir)|g' \ + -e 's|@RUNSTATEDIR[@]|$(runstatedir)|g' +export editgnudirs + lcov: ($(MAKE); cd unit_tests; $(MAKE) lcov) quick-check: diff --git a/clamav-milter/Makefile.am b/clamav-milter/Makefile.am index 38d9b94..46885a7 100644 --- a/clamav-milter/Makefile.am +++ b/clamav-milter/Makefile.am @@ -35,6 +35,27 @@ clamav_milter_SOURCES = \ man_MANS = $(top_builddir)/docs/man/clamav-milter.8 AM_CFLAGS=@WERR_CFLAGS_MILTER@ + +if INSTALL_OPENRC_SERVICES + +openrcdir = $(sysconfdir)/init.d + +# The next rule allows us to replace @RUNSTATEDIR@ and friends within +# our OpenRC service scripts. This example is taken from the autoconf +# documentation in the "Installation Directory Variables" section. +openrc_SCRIPTS_src = openrc/clamav-milter.in.in +openrc_SCRIPTS_intermediate = openrc/clamav-milter.in +nodist_openrc_SCRIPTS = openrc/clamav-milter +DISTCLEANFILES = $(nodist_openrc_SCRIPTS) $(openrc_SCRIPTS_intermediate) +$(nodist_openrc_SCRIPTS): $(openrc_SCRIPTS_src) $(openrc_SCRIPTS_intermediate) Makefile + rm -f $@ $@.tmp + $(editgnudirs) $@.in > $@.tmp + mv $@.tmp $@ + +endif +EXTRA_DIST = $(openrc_SCRIPTS_src) + + endif LIBS = $(top_builddir)/libclamav/libclamav.la $(top_builddir)/shared/libshared.la @CLAMAV_MILTER_LIBS@ @THREAD_LIBS@ diff --git a/clamav-milter/openrc/clamav-milter.in.in b/clamav-milter/openrc/clamav-milter.in.in new file mode 100644 index 0000000..7105356 --- /dev/null +++ b/clamav-milter/openrc/clamav-milter.in.in @@ -0,0 +1,34 @@ +#!/sbin/openrc-run + +# Note: the "Foreground" option in clamav-milter.conf MUST +# be set to "no". +command="@SBINDIR@/clamav-milter" + +# For now, must be manually synchronized with the PidFile +# variable in clamav-milter.conf. +# +# https://bugzilla.clamav.net/show_bug.cgi?id=12595 +# +pidfile="@RUNSTATEDIR@/${RC_SVCNAME}.pid" + +depend() { + # The milter can successfully launch without clamd, but it's not a + # great user experience to have the milter start accepting requests + # that it can't process. The "use" dependency below will start clamd + # before clamav-milter, so long as clamd is also present this runlevel. + use clamd +} + +start_pre() { + # This exists to support the (disabled) default MilterSocket setting + # within clamav-milter.conf. The "clamav" user and group agree with + # the (disabled) default "User" and "MilterSocketGroup" settings. + # + # Creating this directory is harmless even when a local socket is + # not used. In fact, the clamd service that we depend on should + # create it as well, to hold its own local socket (if enabled). + checkpath --directory \ + --mode 0755 \ + --owner clamav:clamav \ + "@RUNSTATEDIR@/clamav" +} diff --git a/clamd/Makefile.am b/clamd/Makefile.am index c161586..b59d94c 100644 --- a/clamd/Makefile.am +++ b/clamd/Makefile.am @@ -44,6 +44,25 @@ if INSTALL_SYSTEMD_UNITS systemdsystemunit_DATA = clamav-daemon.socket clamav-daemon.service endif +if INSTALL_OPENRC_SERVICES + +openrcdir = $(sysconfdir)/init.d + +# The next rule allows us to replace @RUNSTATEDIR@ and friends within +# our OpenRC service scripts. This example is taken from the autoconf +# documentation in the "Installation Directory Variables" section. +openrc_SCRIPTS_src = openrc/clamd.in.in +openrc_SCRIPTS_intermediate = openrc/clamd.in +nodist_openrc_SCRIPTS = openrc/clamd +DISTCLEANFILES = $(nodist_openrc_SCRIPTS) $(openrc_SCRIPTS_intermediate) +$(nodist_openrc_SCRIPTS): $(openrc_SCRIPTS_src) $(openrc_SCRIPTS_intermediate) Makefile + rm -f $@ $@.tmp + $(editgnudirs) $@.in > $@.tmp + mv $@.tmp $@ + +endif +EXTRA_DIST = $(openrc_SCRIPTS_src) + LIBS = $(top_builddir)/libclamav/libclamav.la $(top_builddir)/shared/libshared.la @CLAMD_LIBS@ @THREAD_LIBS@ AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/shared -I$(top_srcdir)/libclamav -I$(top_builddir)/libclamav -I$(top_srcdir)/libclamunrar_iface @SSL_CPPFLAGS@ @JSON_CPPFLAGS@ @PCRE_CPPFLAGS@ diff --git a/clamd/openrc/clamd.in.in b/clamd/openrc/clamd.in.in new file mode 100644 index 0000000..5d38f9a --- /dev/null +++ b/clamd/openrc/clamd.in.in @@ -0,0 +1,33 @@ +#!/sbin/openrc-run + +# Note: the "Foreground" option in clamd.conf must be set to "no" +command="@SBINDIR@/clamd" +extra_started_commands="reload" + +# For now, must be manually synchronized with the PidFile variable +# in clamd.conf. +# +# https://bugzilla.clamav.net/show_bug.cgi?id=12595 +# +pidfile="@RUNSTATEDIR@/${RC_SVCNAME}.pid" + +start_pre() { + # This exists to support the (disabled) default LocalSocket setting + # within clamd.conf. The "clamav" user and group agree with the + # (disabled) default "User" and "LocalSocketGroup" settings in + # clamd.conf. And everything here agrees with the + # clamav-daemon.socket systemd service. + # + # Creating this directory is harmless even when a local socket is + # not used. + checkpath --directory \ + --mode 0755 \ + --owner clamav:clamav \ + "@RUNSTATEDIR@/clamav" +} + +reload() { + ebegin "Reloading ${RC_SVCNAME}" + "@BINDIR@/clamdscan" --reload + eend $? +} diff --git a/clamonacc/Makefile.am b/clamonacc/Makefile.am index 4cb4886..39c2e5d 100644 --- a/clamonacc/Makefile.am +++ b/clamonacc/Makefile.am @@ -58,6 +58,25 @@ if INSTALL_SYSTEMD_UNITS systemdsystemunit_DATA = clamav-clamonacc.service endif +if INSTALL_OPENRC_SERVICES + +openrcdir = $(sysconfdir)/init.d + +# The next rules allow us to replace @RUNSTATEDIR@ and friends within +# our OpenRC service scripts. This example is taken from the autoconf +# documentation in the "Installation Directory Variables" section. +openrc_SCRIPTS_src = openrc/clamonacc.in.in +openrc_SCRIPTS_intermediate = openrc/clamonacc.in +nodist_openrc_SCRIPTS = openrc/clamonacc +DISTCLEANFILES = $(nodist_openrc_SCRIPTS) $(openrc_SCRIPTS_intermediate) +$(nodist_openrc_SCRIPTS): $(openrc_SCRIPTS_src) $(openrc_SCRIPTS_intermediate) Makefile + rm -f $@ $@.tmp + $(editgnudirs) $@.in > $@.tmp + mv $@.tmp $@ + +endif +EXTRA_DIST = $(openrc_SCRIPTS_src) + LIBS = $(top_builddir)/shared/libshared.la $(top_builddir)/libclamav/libclamav.la @CURL_LIBS@ @CLAMONACC_LIBS@ @THREAD_LIBS@ AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/clamonacc -I$(top_srcdir)/shared -I$(top_srcdir)/clamd -I$(top_srcdir)/libclamav -I$(top_builddir)/libclamav -I$(top_srcdir)/libclamunrar_iface @CURL_CPPFLAGS@ @SSL_CPPFLAGS@ @CLAMONACC_CPPFLAGS@ @JSON_CPPFLAGS@ @PCRE_CPPFLAGS@ diff --git a/clamonacc/openrc/clamonacc.in.in b/clamonacc/openrc/clamonacc.in.in new file mode 100644 index 0000000..844cd49 --- /dev/null +++ b/clamonacc/openrc/clamonacc.in.in @@ -0,0 +1,18 @@ +#!/sbin/openrc-run + +command="@SBINDIR@/clamonacc" +pidfile="@RUNSTATEDIR@/${RC_SVCNAME}.pid" + +# clamonacc doesn't support a PID file at the moment, so we +# run it in the foreground and let OpenRC background it. +# +# https://bugzilla.clamav.net/show_bug.cgi?id=12595 +# +command_args="--foreground" +command_background=true + +depend() { + # Unlike the milter, the on-access scanner will simply fail to start + # until clamd is available. + need clamd +} diff --git a/configure.ac b/configure.ac index 33e252e..c8cd60f 100644 --- a/configure.ac +++ b/configure.ac @@ -79,6 +79,12 @@ if test "$enable_experimental" = "yes"; then VERSION_SUFFIX="$VERSION_SUFFIX-exp" fi +# Autoconf 2.70 will support this, and many distros patch it in, +# but Autoconf 2.70 hasn't actually been released yet (it's in beta). +AS_IF([test -z "${runstatedir}"], [runstatedir='${localstatedir}/run']) +AC_SUBST([runstatedir]) + + build_configure_args=`echo "$ac_configure_args" | sed -e 's/[\"]//g'` AC_SUBST([BUILD_CONFIGURE_FLAGS], [$build_configure_args]) @@ -105,6 +111,7 @@ m4_include([m4/reorganization/libs/libz.m4]) m4_include([m4/reorganization/libs/bzip.m4]) m4_include([m4/reorganization/libs/unrar.m4]) m4_include([m4/reorganization/libs/systemd.m4]) +m4_include([m4/reorganization/libs/openrc.m4]) m4_include([m4/reorganization/code_checks/ipv6.m4]) m4_include([m4/reorganization/code_checks/dns.m4]) m4_include([m4/reorganization/code_checks/fanotify.m4]) @@ -193,7 +200,10 @@ AC_CONFIG_FILES([ libclamav.pc platform.h clamav-types.h - clamav-version.h]) + clamav-version.h + etc/clamd.conf.sample.in + etc/clamav-milter.conf.sample.in + etc/freshclam.conf.sample.in]) if test "x$enable_libclamav_only" != "xyes"; then if test "$have_curl" = "no"; then AC_MSG_ERROR([libcurl not found. libcurl (e.g. libcurl-devel) is required in order to build freshclam and clamsubmit.]) @@ -207,10 +217,14 @@ if test "x$enable_libclamav_only" != "xyes"; then clamd/Makefile clamd/clamav-daemon.service clamd/clamav-daemon.socket + clamd/openrc/clamd.in clamdscan/Makefile clamsubmit/Makefile + clamonacc/openrc/clamonacc.in clamav-milter/Makefile + clamav-milter/openrc/clamav-milter.in freshclam/clamav-freshclam.service + freshclam/openrc/freshclam.in freshclam/Makefile sigtool/Makefile clamconf/Makefile diff --git a/etc/Makefile.am b/etc/Makefile.am index c694856..213a978 100644 --- a/etc/Makefile.am +++ b/etc/Makefile.am @@ -18,11 +18,31 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. -EXTRA_DIST = clamd.conf.sample freshclam.conf.sample clamav-milter.conf.sample +EXTRA_DIST = clamd.conf.sample.in.in \ + freshclam.conf.sample.in.in \ + clamav-milter.conf.sample.in.in CFGINST = @CFGDIR@ sysconf_DATA = clamd.conf.sample freshclam.conf.sample +# Custom variable to simplify the "edit" rule below. +sysconf_DATA_intermediate = clamd.conf.sample.in freshclam.conf.sample.in + if HAVE_MILTER sysconf_DATA += clamav-milter.conf.sample +sysconf_DATA_intermediate += clamav-milter.conf.sample.in endif + +# Otherwise these don't get cleaned up by "make distclean", +# even though they are auto-generated. +DISTCLEANFILES = $(sysconf_DATA) $(sysconf_DATA_intermediate) + +# This rule includes EVERY source/intermediate file as a dependency of +# EVERY output file, which is clearly wrong, but it may be the best we +# can do without duplication. At least it's the right kind of wrong, +# and rebuilds too often rather than not often enough. +$(sysconf_DATA): $(sysconf_DATA_intermediate) $(EXTRA_DIST) Makefile + rm -f $@ $@.tmp + $(editgnudirs) $@.in > $@.tmp + mv $@.tmp $@ + diff --git a/etc/clamav-milter.conf.sample b/etc/clamav-milter.conf.sample.in.in similarity index 98% rename from etc/clamav-milter.conf.sample rename to etc/clamav-milter.conf.sample.in.in index bf46b4f..c3c5d20 100644 --- a/etc/clamav-milter.conf.sample +++ b/etc/clamav-milter.conf.sample.in.in @@ -17,7 +17,7 @@ Example # inet6:port@[hostname|ip-address] - to specify an ipv6 socket # # Default: no default -#MilterSocket /tmp/clamav-milter.socket +#MilterSocket unix:@RUNSTATEDIR@/clamav/clamav-milter.socket #MilterSocket inet:7357 # Define the group ownership for the (unix) milter socket. @@ -64,7 +64,7 @@ Example # also owned by root to keep other users from tampering with it. # # Default: disabled -#PidFile /var/run/clamav-milter.pid +#PidFile @RUNSTATEDIR@/clamav-milter.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). @@ -91,6 +91,7 @@ Example # fashion. # # Default: no default +#ClamdSocket unix:@RUNSTATEDIR@/clamav/clamd.ctl #ClamdSocket tcp:scanner.mydomain:7357 diff --git a/etc/clamd.conf.sample b/etc/clamd.conf.sample.in.in similarity index 99% rename from etc/clamd.conf.sample rename to etc/clamd.conf.sample.in.in index a1ca9ec..82ef42c 100644 --- a/etc/clamd.conf.sample +++ b/etc/clamd.conf.sample.in.in @@ -74,7 +74,7 @@ Example # It is recommended that the directory where this file is stored is # also owned by root to keep other users from tampering with it. # Default: disabled -#PidFile /var/run/clamd.pid +#PidFile @RUNSTATEDIR@/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). @@ -93,7 +93,7 @@ Example # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) -#LocalSocket /tmp/clamd.socket +#LocalSocket @RUNSTATEDIR@/clamav/clamd.ctl # Sets the group ownership on the unix socket. # Default: disabled (the primary group of the user running clamd) diff --git a/etc/freshclam.conf.sample b/etc/freshclam.conf.sample.in.in similarity index 99% rename from etc/freshclam.conf.sample rename to etc/freshclam.conf.sample.in.in index 8f4dd49..5a5c42b 100644 --- a/etc/freshclam.conf.sample +++ b/etc/freshclam.conf.sample.in.in @@ -51,7 +51,7 @@ Example # It is recommended that the directory where this file is stored is # also owned by root to keep other users from tampering with it. # Default: disabled -#PidFile /var/run/freshclam.pid +#PidFile @RUNSTATEDIR@/freshclam.pid # By default when started freshclam drops privileges and switches to the # "clamav" user. This directive allows you to change the database owner. diff --git a/freshclam/Makefile.am b/freshclam/Makefile.am index 9e48119..46ef224 100644 --- a/freshclam/Makefile.am +++ b/freshclam/Makefile.am @@ -32,6 +32,26 @@ if INSTALL_SYSTEMD_UNITS systemdsystemunit_DATA = clamav-freshclam.service endif +if INSTALL_OPENRC_SERVICES + +openrcdir = $(sysconfdir)/init.d + +# The next rule allows us to replace @RUNSTATEDIR@ and friends within +# our OpenRC service scripts. This example is taken from the autoconf +# documentation in the "Installation Directory Variables" section. +openrc_SCRIPTS_src = openrc/freshclam.in.in +openrc_SCRIPTS_intermediate = openrc/freshclam.in +nodist_openrc_SCRIPTS = openrc/freshclam +DISTCLEANFILES = $(nodist_openrc_SCRIPTS) $(openrc_SCRIPTS_intermediate) +$(nodist_openrc_SCRIPTS): $(openrc_SCRIPTS_src) $(openrc_SCRIPTS_intermediate) Makefile + rm -f $@ $@.tmp + $(editgnudirs) $@.in > $@.tmp + mv $@.tmp $@ + +endif +EXTRA_DIST = $(openrc_SCRIPTS_src) + + AM_CFLAGS=@WERR_CFLAGS@ DEFS = @DEFS@ AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/shared -I$(top_srcdir)/libclamav -I$(top_builddir)/libclamav -I$(top_srcdir)/libclamunrar_iface -I$(top_srcdir)/libfreshclam @CURL_CPPFLAGS@ @SSL_CPPFLAGS@ @FRESHCLAM_CPPFLAGS@ @ZLIB_CFLAGS@ @JSON_CPPFLAGS@ @PCRE_CPPFLAGS@ diff --git a/freshclam/openrc/freshclam.in.in b/freshclam/openrc/freshclam.in.in new file mode 100644 index 0000000..9feb737 --- /dev/null +++ b/freshclam/openrc/freshclam.in.in @@ -0,0 +1,8 @@ +#!/sbin/openrc-run + +command="@BINDIR@/freshclam" +pidfile="@RUNSTATEDIR@/${RC_SVCNAME}.pid" + +# Ignore the value of "PidFile" set in freshclam.conf. +command_args="-p ${pidfile}" +command_args_background="--daemon" diff --git a/m4/reorganization/libs/openrc.m4 b/m4/reorganization/libs/openrc.m4 new file mode 100644 index 0000000..1a73d15 --- /dev/null +++ b/m4/reorganization/libs/openrc.m4 @@ -0,0 +1,8 @@ +dnl Should we install our OpenRC service files? +AC_ARG_ENABLE([openrc], + AS_HELP_STRING([--enable-openrc], + [Install OpenRC service files]), + [], + [enable_openrc=no]) +AM_CONDITIONAL(INSTALL_OPENRC_SERVICES, + [test "x$enable_openrc" = "xyes"]) -- 2.26.2