From 632b858c2e130fe1d6cf0677bee68b6a45b45d0a Mon Sep 17 00:00:00 2001 From: Stoiko Ivanov Date: Thu, 2 Jan 2020 17:53:37 +0100 Subject: [PATCH] pmg: include clamav cvd files in template pmg depends on clamav, which does not start upon first boot without the presence of it's virus database files. By downloading them on the host and shipping them with the template clamav-daemon starts up successfully. Since clamav-freshclam will start downloading any updated files upon booting and notify clamav-daemon the timeframe where the appliance runs with older virus defifinions is rather short. Additionally this follows the way we ship the cvd files in the ISO image. Downloading happens outside of the container, since it does not have access to the network. We download with curl, but only if the server files are newer than the local files, so test for file existence before moving the temporary file over. Tested by creating an image, starting a container from that image and verifying that clamav-daemon starts up upon first boot. Signed-off-by: Stoiko Ivanov --- debian-10.0-pmg-64/Makefile | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/debian-10.0-pmg-64/Makefile b/debian-10.0-pmg-64/Makefile index 9386972..b2ff0b0 100644 --- a/debian-10.0-pmg-64/Makefile +++ b/debian-10.0-pmg-64/Makefile @@ -1,6 +1,8 @@ BASEDIR:=$(shell dab basedir) -all: info/init_ok +CVD_FILES:=main.cvd bytecode.cvd daily.cvd safebrowsing.cvd + +all: info/init_ok ${CVD_FILES} dab bootstrap --minimal sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin yes/' ${BASEDIR}/etc/ssh/sshd_config dab exec /bin/systemctl enable systemd-timesyncd.service @@ -8,6 +10,7 @@ all: info/init_ok dab install libdbi-perl perl-openssl-defaults libcgi-pm-perl proxmox-mailgateway-container gpg rm ${BASEDIR}/proxmox_install_mode sed -i '/^deb.*\.proxmox\.com\/.*$$/d;$${/^$$/d;}' ${BASEDIR}/etc/apt/sources.list + cp ${CVD_FILES} ${BASEDIR}/var/lib/clamav/ dab finalize info/init_ok: dab.conf @@ -17,9 +20,16 @@ info/init_ok: dab.conf .PHONY: clean clean: dab clean + rm -f ${CVD_FILES} rm -f *~ .PHONY: dist-clean dist-clean: dab dist-clean + rm -f ${CVD_FILES} rm -f *~ + +.PHONY: ${CVD_FILES} +${CVD_FILES}: + curl -L --silent --show-error --fail --time-cond $@ -o $@.tmp http://database.clamav.net/$@ + [ -f $@.tmp ] && mv $@.tmp $@ || true -- 2.39.2