PR 53305 added @unexec rmuser -y clamav to pkg-plist. This deletes the clamav user and any additional files. This should *only* happen on complete deinstalls, with user confirmation, *never* on upgrades. The clamav user is subsequently re-added, with a possible different user id. Any other group memberships are lost, i.e. if clamav has been added to the group 'mail' it isn't after an upgrade. If I integrated clamav in exim following Sheldon Hearns excellent instructions (${PREFIX}/share/doc/exim/POST-INSTALL-NOTES.clamd in the exim port) my mail server will stop working as a result of the upgrade. A changing user id implies that clamav can't access /var/run/clamav and create a socket there. Fix: Remove @unexec rmuser -y clamav from pkg-plist. If necessary, add a message in pkg-deinstall, telling the user to do this step manually. How-To-Repeat: # portupgrade -f 'clamav-*' ---> Uninstalling the old version ---> Deinstalling 'clamav-0.60_1' ---> Preserving /usr/local/lib/libclamav.so.1 as /usr/local/lib/compat/pkg/libclamav.so.1 pkg_delete: '/usr/local/share/clamav/viruses.db' fails original MD5 checksum - deleted anyway. pkg_delete: '/usr/local/share/clamav/viruses.db2' fails original MD5 checksum - deleted anyway. /usr/sbin/rmuser: Informational: Home /nonexistent is not a directory, so it won't be removed Killed process(es) belonging to clamav. Updating password file, updating databases, done. Updating group file: mail (removing group clamav -- personal group is empty) done. Removing files belonging to clamav from /tmp: done. Removing files belonging to clamav from /var/tmp: done. Removing files belonging to clamav from /var/tmp/vi.recover: done. [Updating the pkgdb <format:bdb1_btree> in /var/db/pkg ... - 91 packages found (-1 +0) (...) done] ---> Installing the new version via the port ===> Installing for clamav-0.60_2 [...] ===> Creating custom user to run clamav... /bin/sh /usr/ports/security/clamav/pkg-install clamav-0.60_2 PRE-INSTALL => Added group "clamav". => Added user "clamav".
State Changed From-To: open->closed fix committed with ports/57254.
Responsible Changed From-To: freebsd-ports-bugs->dinoex I will take followups
State Changed From-To: closed->open Only fixed im clamav-devel, not in clamav
Proposed patch: - don't remove clamav account on deinstall - use included libtool (seems heavily patched) - make packageable and include a working configure file - add a rcNG start/stop script - added web site - don't install useless .la files - use DATADIR - 510001 is FreeBSD 5.10, 5.1-CURRENT is 501100 - minor cleanup I tried to mimic the existing style, change what you don't like. Oliver --- clamav.patch begins here --- diff -Nur clamav/Makefile.orig clamav/Makefile --- clamav/Makefile.orig Thu Sep 25 04:51:45 2003 +++ clamav/Makefile Sat Sep 27 07:07:59 2003 @@ -7,7 +7,7 @@ PORTNAME= clamav PORTVERSION= 0.60 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= clamav @@ -26,20 +26,43 @@ USE_GMAKE= yes GNU_CONFIGURE= yes CONFIGURE_TARGET=--build=${MACHINE_ARCH}-portbld-freebsd${OSREL} -USE_LIBTOOL= yes +#USE_LIBTOOL_VER=14 INSTALLS_SHLIB= yes -CONFIGURE_ARGS= --prefix=${PREFIX} \ +PKGINSTALL= ${WRKDIR}/pkg-install + +CONFIGURE_ARGS= --with-dbdir=${DATADIR} \ --disable-clamav --enable-bigstack CFLAGS+= -I${LOCALBASE}/include +LDFLAGS+= ${PTHREAD_LIBS} CONFIGURE_ENV+= LDFLAGS="${LDFLAGS}" MAN1= clamscan.1 freshclam.1 sigtool.1 clamdscan.1 clamav-milter.1 MAN5= clamav.conf.5 MAN8= clamd.8 +SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \ + -e 's|%%DATADIR%%|${DATADIR}|g' + +SED_CONF= -E -e 's|^\#?(Example)$$|\#\1|' \ + -e 's|^\#?(LogFile) .*$$|\1 /var/log/clamav/clamd.log|' \ + -e 's|^\#?(PidFile) .*$$|\1 /var/run/clamav/clamd.pid|' \ + -e 's|^\#?(LocalSocket) .*$$|\1 /var/run/clamav/clamd|' \ + -e 's|^\#?(User) .*$$|\1 clamav|' \ + -e 's|^\#?(AllowSupplementaryGroups)$$|\1|' \ + -e 's|^\#?(ScanMail)$$|\1|' + .include <bsd.port.pre.mk> -.if ${OSVERSION} < 510001 +USE_RC_SUBR= yes +RC_DIR= ${PREFIX}/etc/rc.d +RC_SUFX= .sh +SED_SCRIPT+= -e 's|%%RC_SUBR%%|${RC_SUBR}|g' \ + -e 's|%%RC_DIR%%|${RC_DIR}|g' \ + -e 's|%%RC_SUFX%%|${RC_SUFX}|g' +PLIST_SUB+= RC_DIR=${RC_DIR} \ + RC_SUFX=${RC_SUFX} + +.if ${OSVERSION} < 501100 # compiles only with optimizer CFLAGS+= -O LDFLAGS+= -lcipher @@ -47,21 +70,40 @@ .if defined(WITH_MILTER) CONFIGURE_ARGS+= --enable-milter -PLIST_SUB+= CLAMAV-MILTER:="" +PLIST_SUB+= CLAMAV-MILTER="" .else -PLIST_SUB+= CLAMAV-MILTER:="@comment " +PLIST_SUB+= CLAMAV-MILTER="@comment " .endif post-patch: - @${REINPLACE_CMD} -e 's|-pthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure + @${REINPLACE_CMD} -e 's|-pthread|${PTHREAD_LIBS}|g' \ + ${CONFIGURE_WRKSRC}/${CONFIGURE_SCRIPT} + +pre-configure: + @${REINPLACE_CMD} -e 's|clamav.conf|&.default|' \ + ${CONFIGURE_WRKSRC}/${CONFIGURE_SCRIPT} \ + ${CONFIGURE_WRKSRC}/etc/Makefile.in +.ifdef USE_LIBTOOL_VER + @${REINPLACE_CMD} -e '/^LIBTOOL=/s|\$$(top_builddir)/libtool|${LIBTOOL}|' \ + ${CONFIGURE_WRKSRC}/${CONFIGURE_SCRIPT} +.endif + +post-build: + @${SED} ${SED_CONF} ${BUILD_WRKSRC}/etc/clamav.conf \ + >${BUILD_WRKSRC}/etc/clamav.conf.default + @${SED} ${SED_SCRIPT} ${PKGDIR}/pkg-install >${PKGINSTALL} + @${SED} ${SED_SCRIPT} ${FILESDIR}/clamd.sh >${WRKDIR}/clamd.sh pre-install: - @${ECHO} "===> Creating custom user to run clamav..." - ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL + @${SETENV} PKG_PREFIX=${PREFIX} \ + ${SH} ${PKGINSTALL} ${PREFIX} PRE-INSTALL post-install: - @${ECHO} "===> Setting permissions..." - @${SETENV} PKG_PREFIX=${PREFIX} ${sh} \ - ${SH} ${PKGINSTALL} ${PREFIX} POST-INSTALL + @${INSTALL_SCRIPT} ${WRKDIR}/clamd.sh ${RC_DIR}/clamd${RC_SUFX} + @${CHOWN} -R clamav:clamav ${DATADIR} + @[ -f ${PREFIX}/etc/clamav.conf ] || \ + ${CP} ${PREFIX}/etc/clamav.conf.default ${PREFIX}/etc/clamav.conf + @${SETENV} PKG_PREFIX=${PREFIX} \ + ${SH} ${PKGINSTALL} ${PREFIX} POST-INSTALL .include <bsd.port.post.mk> diff -Nur clamav/files/clamd.sh.orig clamav/files/clamd.sh --- clamav/files/clamd.sh.orig Thu Jan 1 01:00:00 1970 +++ clamav/files/clamd.sh Sat Sep 27 03:59:42 2003 @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: clamd +# REQUIRE: LOGIN +# BEFORE: mail +# KEYWORD: FreeBSD shutdown + +# +# Add the following lines to /etc/rc.conf to enable clamd: +# +#clamd_enable="YES" +# +# See clamd(8) for flags +# + +. %%RC_SUBR%% + +name=clamd +rcvar=`set_rcvar` + +command=%%PREFIX%%/sbin/clamd +pidfile=/var/run/clamav/clamd.pid +required_dirs=%%DATADIR%% +required_files=%%PREFIX%%/etc/clamav.conf + +stop_postcmd=stop_postcmd + +stop_postcmd() +{ + rm -f $pidfile +} + +# set defaults + +clamd_enable=${clamd_enable:-"NO"} +clamd_flags=${clamd_flags:-""} + +load_rc_config $name +run_rc_command "$1" diff -Nur clamav/files/patch-ltmain.sh.orig clamav/files/patch-ltmain.sh --- clamav/files/patch-ltmain.sh.orig Thu Jan 1 01:00:00 1970 +++ clamav/files/patch-ltmain.sh Sat Sep 27 05:24:03 2003 @@ -0,0 +1,23 @@ +--- ltmain.sh.orig Sat Sep 27 05:20:20 2003 ++++ ltmain.sh Sat Sep 27 05:24:02 2003 +@@ -4259,10 +4259,16 @@ + fi + + # Install the pseudo-library for information purposes. +- name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` +- instname="$dir/$name"i +- $show "$install_prog $instname $destdir/$name" +- $run eval "$install_prog $instname $destdir/$name" || exit $? ++ case $host in ++ *-*-freebsd*) ++ # Do not install the useless pseudo-library ++ ;; ++ *) ++ name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` ++ instname="$dir/$name"i ++ $show "$install_prog $instname $destdir/$name" ++ $run eval "$install_prog $instname $destdir/$name" || exit $? ++ esac + + # Maybe install the static library, too. + test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library" diff -Nur clamav/pkg-descr.orig clamav/pkg-descr --- clamav/pkg-descr.orig Mon Jul 7 09:37:08 2003 +++ clamav/pkg-descr Sat Sep 27 04:45:44 2003 @@ -3,3 +3,5 @@ viruses, scans compressed files and supported by AMaViS. On FreeBSD 4.X the milter interface isn't built by default because it needs gcc30 or higher. + +WWW: http://clamav.sourceforge.net/ diff -Nur clamav/pkg-install.orig clamav/pkg-install --- clamav/pkg-install.orig Wed Jun 18 11:43:05 2003 +++ clamav/pkg-install Sat Sep 27 07:08:10 2003 @@ -1,10 +1,15 @@ #!/bin/sh -if [ "$2" = "PRE-INSTALL" ]; then +PREFIX=${PKG_PREFIX:-%%PREFIX%%} USER=clamav GROUP=clamav +CLAMRUN=/var/run/clamav +CLAMLOG=/var/log/clamav + +if [ "$2" = "PRE-INSTALL" ]; then + if ! pw groupshow "$GROUP" 2>/dev/null 1>&2; then if pw groupadd $GROUP; then echo "=> Added group \"$GROUP\"." @@ -19,20 +24,20 @@ -s "/sbin/nologin" -d "/nonexistent" \ -c "Clam Antivirus"; \ then + pw groupmod mail -m $USER echo "=> Added user \"$USER\"." else echo "=> Adding user \"$USER\" failed..." exit 1 fi fi -fi -if [ "$2" = "POST-INSTALL" ]; then - chown -R clamav:clamav ${PKG_PREFIX}/share/clamav -fi +mkdir -p "$CLAMRUN" +chown "$USER:$GROUP" "$CLAMRUN" -if [ "$2" != "POST-INSTALL" ] && [ "$2" != "PRE-INSTALL" ]; then - exit 0 -fi +mkdir -p "$CLAMLOG" +chown "$USER:$GROUP" "$CLAMLOG" + +fi # PRE-INSTALL exit 0 diff -Nur clamav/pkg-plist.orig clamav/pkg-plist --- clamav/pkg-plist.orig Mon Jul 7 09:37:08 2003 +++ clamav/pkg-plist Sat Sep 27 07:30:30 2003 @@ -1,16 +1,25 @@ +@comment $FreeBSD$ +@unexec [ ! -f /var/run/clamav/clamd.pid ] || %%RC_DIR%%/clamd%%RC_SUFX%% stop || true bin/clamscan bin/clamdscan bin/freshclam bin/sigtool -%%CLAMAV-MILTER:%%sbin/clamav-milter +%%CLAMAV-MILTER%%sbin/clamav-milter sbin/clamd include/clamav.h lib/libclamav.so.1 lib/libclamav.so -lib/libclamav.la lib/libclamav.a -share/clamav/mirrors.txt -share/clamav/viruses.db -share/clamav/viruses.db2 -@dirrm share/clamav -@unexec rmuser -y clamav +@unexec if cmp -s %D/etc/clamav.conf %D/etc/clamav.conf.default; then rm -f %D/etc/clamav.conf; fi +etc/clamav.conf.default +@exec [ -f %B/clamav.conf ] || cp %B/%f %B/clamav.conf +etc/rc.d/clamd%%RC_SUFX%% +@owner clamav +@group clamav +%%DATADIR%%/mirrors.txt +%%DATADIR%%/viruses.db +%%DATADIR%%/viruses.db2 +@exec chown clamav:clamav %B +@dirrm %%DATADIR%% +@unexec rmdir /var/run/clamav 2>/dev/null || true +@unexec rmdir /var/log/clamav 2>/dev/null || true --- clamav.patch ends here ---
Hi Thanks for your nice patch. It works fine. I will announce to clamav-announce when this patch is committed. Thank you. -- TERAMOTO Masahiro markun@onohara.to
State Changed From-To: open->closed committed, thanks.