[meta-security][PATCH] clamav: Move /var/lib/clamav to the main package


Zoltan Boszormenyi <zboszor@...>
 

From: Zoltán Böszörményi <zboszor@...>

Previously, clamav-freshclam shipped /var/lib/clamav.

The main clamav package used chown in pkg_postinst to set
the ownership of this directory but pkg_postinst was not
marked as "ontarget" so this chown only took effect when
upgrading or reinstalling the package.

As a result, when clamav is part of an OS image out of the box,
freshclamd (running under the clamav user) cannot populate
this directory.

Fix this by creating /var/lib/clamav with the proper ownership
in do_install and move /var/lib/clamav to the main clamav package.
This will also avoid this warning, because clamav has RDEPENDS
on clamav-freshclam, not the other way around:

Installing : clamav-freshclam-... 487/1954
warning: user clamav does not exist - using root
warning: group clamav does not exist - using root
warning: user clamav does not exist - using root
warning: group clamav does not exist - using root

Signed-off-by: Zoltán Böszörményi <zboszor@...>
---
recipes-scanners/clamav/clamav_0.104.0.bb | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.0.bb
index 0d3a678..e821ff1 100644
--- a/recipes-scanners/clamav/clamav_0.104.0.bb
+++ b/recipes-scanners/clamav/clamav_0.104.0.bb
@@ -54,7 +54,7 @@ export OECMAKE_C_FLAGS += " -I${STAGING_INCDIR} -L ${RECIPE_SYSROOT}${nonarch_li

do_install:append () {
install -d ${D}/${sysconfdir}
- install -d ${D}/${localstatedir}/lib/clamav
+ install -d -o ${CLAMAV_UID} -g ${CLAMAV_GID} ${D}/${localstatedir}/lib/clamav
install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles

install -m 644 ${WORKDIR}/clamd.conf ${D}/${prefix}/${sysconfdir}
@@ -83,7 +83,6 @@ pkg_postinst:${PN} () {
elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
${sysconfdir}/init.d/populate-volatile.sh update
fi
- chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav
fi
}

@@ -92,6 +91,7 @@ PACKAGES += "${PN}-daemon ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav"
FILES:${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit ${sbindir}/clamonacc \
${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \
${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \
+ ${localstatedir}/lib/clamav \
${docdir}/clamav/*"

FILES:${PN}-clamdscan = " ${bindir}/clamdscan \
@@ -116,7 +116,6 @@ FILES:${PN}-freshclam = "${bindir}/freshclam \
/usr/etc/freshclam.conf* \
${sysconfdir}/clamav ${sysconfdir}/default/volatiles \
${sysconfdir}/tmpfiles.d/*.conf \
- ${localstatedir}/lib/clamav \
${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \
${mandir}/man5/freshclam.conf.* \
${systemd_system_unitdir}/clamav-freshclam.service"
--
2.31.1

Join yocto@lists.yoctoproject.org to automatically receive all group messages.