diff options
-rw-r--r-- | app-antivirus/skyldav/Manifest | 1 | ||||
-rw-r--r-- | app-antivirus/skyldav/files/skyldav-0.5-conf.patch | 27 | ||||
-rw-r--r-- | app-antivirus/skyldav/files/skyldav-0.5-examples.patch | 11 | ||||
-rw-r--r-- | app-antivirus/skyldav/files/skyldav-0.5-syslog.patch | 22 | ||||
-rw-r--r-- | app-antivirus/skyldav/files/skyldav.confd | 11 | ||||
-rwxr-xr-x | app-antivirus/skyldav/files/skyldav.initd | 26 | ||||
-rw-r--r-- | app-antivirus/skyldav/files/skyldav.service-r1 | 15 | ||||
-rw-r--r-- | app-antivirus/skyldav/files/skyldav.service.conf | 3 | ||||
-rw-r--r-- | app-antivirus/skyldav/files/skyldav.tmpfilesd | 2 | ||||
-rw-r--r-- | app-antivirus/skyldav/metadata.xml | 11 | ||||
-rw-r--r-- | app-antivirus/skyldav/skyldav-0.5-r1.ebuild | 109 |
11 files changed, 238 insertions, 0 deletions
diff --git a/app-antivirus/skyldav/Manifest b/app-antivirus/skyldav/Manifest new file mode 100644 index 000000000000..f729e27f856f --- /dev/null +++ b/app-antivirus/skyldav/Manifest @@ -0,0 +1 @@ +DIST skyldav-0.5.tar.gz 105274 SHA256 308b7a15b920a33c2c381aeb607db5bece9560e0a85e3e65c2df0d153413f4cc SHA512 24b9e3805574a2498b1e250cde790d6263f6f751546ad906303099bad5e722430568b1081764843a3c52f38730e8f26132f32058bea33c18f19673ac9147c323 WHIRLPOOL 77e77c25eaf3d0d3add4e1b03366c75dd1acdf8152d2987af61418a4793b1b0873cd0088e2bfd00c9864316e3b6e068c4bc96bc064cfec706a1b1b0c318d3aa1 diff --git a/app-antivirus/skyldav/files/skyldav-0.5-conf.patch b/app-antivirus/skyldav/files/skyldav-0.5-conf.patch new file mode 100644 index 000000000000..8255f7a20d12 --- /dev/null +++ b/app-antivirus/skyldav/files/skyldav-0.5-conf.patch @@ -0,0 +1,27 @@ +diff -urN skyldav-0.5.orig/examples/etc/skyldav.conf skyldav-0.5/examples/etc/skyldav.conf +--- skyldav-0.5.orig/examples/etc/skyldav.conf 2015-02-15 20:32:57.000000000 +0100 ++++ skyldav-0.5/examples/etc/skyldav.conf 2016-01-21 14:02:27.656666425 +0100 +@@ -19,14 +19,21 @@ + + # Directories that shall not be scanned (including subdirectories) + # EXCLUDE_PATH = /var/noscan, /opt/noscan ++EXCLUDE_PATH = /usr/portage, /var/db/pkg, /var/tmp/portage, /var/tmp/binpkgs + + # File systems that are local, virus scan results may be cached. + # LOCAL_FS = ext3, ext4, iso9660, tmpfs, vfat +-LOCAL_FS = ext3, ext4, iso9660, tmpfs, vfat ++LOCAL_FS = ext2, ext3, ext4, xfs, zfs, btrfs, reiserfs, vfat, ntfs, iso9660, tmpfs + + # File systems that shall not be marked for virus scan. + # NOMARK_FS = proc, sysfs +-NOMARK_FS = proc, sysfs, cifs ++# ++# Do not exclude devtmpfs and configs, as userspace could write malware onto them. ++# CIFS is also known to cause problems due to a background daemon, so we exclude it here ++# (https://github.com/xypron/skyldav/commit/63b01b912d3eed80f3db92aec8647770546f5c1c). ++# Note that FUSE file systems are automatically excluded from scanning ++# (https://github.com/xypron/skyldav/issues/3). ++NOMARK_FS = proc, sysfs, devpts, debugfs, securityfs, cgroup, rpc_pipefs, mqueue, autofs, cifs + + # Mounts that shall not be marked for virus scan. + # NOMARK_MNT = /mnt/noscan diff --git a/app-antivirus/skyldav/files/skyldav-0.5-examples.patch b/app-antivirus/skyldav/files/skyldav-0.5-examples.patch new file mode 100644 index 000000000000..5c614685749e --- /dev/null +++ b/app-antivirus/skyldav/files/skyldav-0.5-examples.patch @@ -0,0 +1,11 @@ +diff -urN skyldav-0.5.orig/Makefile.am skyldav-0.5/Makefile.am +--- skyldav-0.5.orig/Makefile.am 2015-02-15 20:32:57.000000000 +0100 ++++ skyldav-0.5/Makefile.am 2016-01-21 14:11:14.883632470 +0100 +@@ -9,7 +9,6 @@ + rm -rf doc/doxygen + + install-data-local: \ +- install-skyldav-examples \ + install-skyldav-conf \ + install-skyldavnotify-desktop + diff --git a/app-antivirus/skyldav/files/skyldav-0.5-syslog.patch b/app-antivirus/skyldav/files/skyldav-0.5-syslog.patch new file mode 100644 index 000000000000..2e72ce2ab58b --- /dev/null +++ b/app-antivirus/skyldav/files/skyldav-0.5-syslog.patch @@ -0,0 +1,22 @@ +diff -urN skyldav-0.5.orig/src/skyldav/Messaging.cc skyldav-0.5/src/skyldav/Messaging.cc +--- skyldav-0.5.orig/src/skyldav/Messaging.cc 2015-02-15 20:32:57.000000000 +0100 ++++ skyldav-0.5/src/skyldav/Messaging.cc 2016-01-21 14:17:12.492010594 +0100 +@@ -118,15 +118,17 @@ + break; + case INFORMATION: + type = "I"; +- syslog(LOG_NOTICE, "%s", message.c_str()); ++ syslog(LOG_INFO, "%s", message.c_str()); + std::cout << message << std::endl; + break; + case DEBUG: + type = "D"; ++ syslog(LOG_DEBUG, "%s", message.c_str()); + std::cout << message << std::endl; + return; + default: + type = " "; ++ syslog(LOG_NOTICE, "%s", message.c_str()); + std::cout << message << std::endl; + break; + } diff --git a/app-antivirus/skyldav/files/skyldav.confd b/app-antivirus/skyldav/files/skyldav.confd new file mode 100644 index 000000000000..aad4d2305900 --- /dev/null +++ b/app-antivirus/skyldav/files/skyldav.confd @@ -0,0 +1,11 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +# Config file for /etc/init.d/skyldav + +# Options to pass to the skyldav daemon. +# Option -d for daemonizing is always passed! +# See the skyldav(1) man page for more info. + +#SKYLDAV_OPTS="-m 1" diff --git a/app-antivirus/skyldav/files/skyldav.initd b/app-antivirus/skyldav/files/skyldav.initd new file mode 100755 index 000000000000..fd4bf09f7e33 --- /dev/null +++ b/app-antivirus/skyldav/files/skyldav.initd @@ -0,0 +1,26 @@ +#!/sbin/runscript +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +SKYLDAV_BIN="/usr/sbin/skyldav" +SKYLDAV_OPTS="${SKYLDAV_OPTS:--m 2}" +SKYLDAV_CONFIGFILE="/etc/skyldav.conf" +SKYLDAV_PIDFILE_DIR="${SKYLDAV_PIDFILE_DIR:-/var/run/${RC_SVCNAME}}" +SKYLDAV_PIDFILE="${SKYLDAV_PIDFILE:-${SKYLDAV_PIDFILE_DIR}/${RC_SVCNAME}.pid}" + +name="${SKYLDAV_BIN##*/}" +command="${SKYLDAV_BIN}" +command_args="-d ${SKYLDAV_OPTS}" +pidfile="${SKYLDAV_PIDFILE}" +description="Skyld AV is an anti-virus on-access scanner based upon Clam AV and fanotify" +required_files="${SKYLDAV_CONFIG}" + +depend() { + use logger + need localmount +} + +start_pre() { + checkpath -d -m 0755 -o root:root "${SKYLDAV_PIDFILE_DIR}" +} diff --git a/app-antivirus/skyldav/files/skyldav.service-r1 b/app-antivirus/skyldav/files/skyldav.service-r1 new file mode 100644 index 000000000000..decd788a9f83 --- /dev/null +++ b/app-antivirus/skyldav/files/skyldav.service-r1 @@ -0,0 +1,15 @@ +[Unit] +Description=SkyldAV anti-virus on-access scanning daemon based upon Clam AV and fanotify +Requires=local-fs.target clamd.service +After=local-fs.target clamd.service +Before=multi-user.target + +[Service] +Type=simple +Environment="SKYLDAV_MESSAGE_LEVEL=2" +ExecStart=/usr/sbin/skyldav -d -m ${SKYLDAV_MESSAGE_LEVEL} +#KillMode=process +#KillSignal=SIGTERM + +[Install] +WantedBy=multi-user.target diff --git a/app-antivirus/skyldav/files/skyldav.service.conf b/app-antivirus/skyldav/files/skyldav.service.conf new file mode 100644 index 000000000000..79c23a3ff05d --- /dev/null +++ b/app-antivirus/skyldav/files/skyldav.service.conf @@ -0,0 +1,3 @@ +[Service] +# skyldav message level (-m) +#Environment="SKYLDAV_MESSAGE_LEVEL=1" diff --git a/app-antivirus/skyldav/files/skyldav.tmpfilesd b/app-antivirus/skyldav/files/skyldav.tmpfilesd new file mode 100644 index 000000000000..a4f7cdc47423 --- /dev/null +++ b/app-antivirus/skyldav/files/skyldav.tmpfilesd @@ -0,0 +1,2 @@ +# skyldav runtime directory for skyldav.pid and log (used by skyldavnotify) +d /run/skyldav 0755 root root - diff --git a/app-antivirus/skyldav/metadata.xml b/app-antivirus/skyldav/metadata.xml new file mode 100644 index 000000000000..63306ff3a6d0 --- /dev/null +++ b/app-antivirus/skyldav/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>wschlich@gentoo.org</email> + <name>Wolfram Schlich</name> + </maintainer> + <upstream> + <remote-id type="github">xypron/skyldav</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-antivirus/skyldav/skyldav-0.5-r1.ebuild b/app-antivirus/skyldav/skyldav-0.5-r1.ebuild new file mode 100644 index 000000000000..3175fc8e1c82 --- /dev/null +++ b/app-antivirus/skyldav/skyldav-0.5-r1.ebuild @@ -0,0 +1,109 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit flag-o-matic linux-info linux-mod autotools-utils readme.gentoo-r1 systemd + +DESCRIPTION="Skyld AV: on-access scanning daemon for ClamAV using fanotify" +HOMEPAGE="http://xypron.github.io/skyldav/" + +## github release tarball +MY_PV=${PV/_rc/rc} +MY_P="${PN}-${MY_PV}" +SRC_URI="https://github.com/xypron/skyldav/archive/${MY_PV}.tar.gz -> ${MY_P}.tar.gz" + +## selfmade tarball +#MY_PVR=${PVR/_rc/rc} +#MY_P="${PN}-${MY_PVR}" +#SRC_URI="http://dev.gentoo.org/~wschlich/src/${CATEGORY}/${PN}/${MY_P}.tar.gz" + +## github commit tarball +#MY_GIT_COMMIT="49bdb5e710b5a77c38ceb87da6015afb7009f1f9" +#MY_P="xypron-${PN}-${MY_GIT_COMMIT:0:7}" +#SRC_URI="https://github.com/xypron/${PN}/tarball/${MY_GIT_COMMIT} -> ${PF}.tar.gz" + +S="${WORKDIR}/${MY_P}" + +KEYWORDS="~amd64 ~x86" +SLOT="0" +LICENSE="Apache-2.0" +IUSE="libnotify systemd" + +RDEPEND=">=app-antivirus/clamav-0.97.8 + sys-apps/util-linux + sys-libs/libcap + libnotify? ( + media-libs/libcanberra[gtk] + x11-libs/libnotify + x11-libs/gtk+:2 + )" +DEPEND="${RDEPEND} + sys-devel/autoconf-archive" + +## autotools-utils.eclass settings +AUTOTOOLS_AUTORECONF="1" +AUTOTOOLS_IN_SOURCE_BUILD="1" +DOCS=( AUTHORS NEWS README ) +PATCHES=( + "${FILESDIR}/${P}-syslog.patch" + "${FILESDIR}/${P}-examples.patch" + "${FILESDIR}/${P}-conf.patch" +) + +pkg_setup() { + linux-info_pkg_setup + kernel_is ge 3 8 0 || die "Linux 3.8.0 or newer recommended" + CONFIG_CHECK="FANOTIFY FANOTIFY_ACCESS_PERMISSIONS" + check_extra_config + + ## define contents for README.gentoo + if use systemd; then + DOC_CONTENTS='SkyldAV provides a systemd service.'$'\n' + DOC_CONTENTS+='Please edit the systemd service config file to match your needs:'$'\n' + DOC_CONTENTS+='/etc/systemd/system/skyldav.service.d/00gentoo.conf'$'\n' + DOC_CONTENTS+='# systemctl daemon-reload'$'\n' + DOC_CONTENTS+='# systemctl restart skyldav.service'$'\n' + DOC_CONTENTS+='Example for enabling the SkyldAV service:'$'\n' + DOC_CONTENTS+='# systemctl enable skyldav.service'$'\n' + else + DOC_CONTENTS='SkyldAV provides an init script for OpenRC.'$'\n' + DOC_CONTENTS+='Please edit the init script config file to match your needs:'$'\n' + DOC_CONTENTS+='/etc/conf.d/skyldav'$'\n' + DOC_CONTENTS+='Example for enabling the SkyldAV init script:'$'\n' + DOC_CONTENTS+='# rc-update add skyldav default'$'\n' + fi +} + +src_configure() { + local myeconfargs=( + $(use_with libnotify notification) + ) + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + + ## install systemd service or OpenRC init scripts + if use systemd; then + systemd_newunit "${FILESDIR}/skyldav.service-r1" skyldav.service + systemd_install_serviced "${FILESDIR}"/skyldav.service.conf + systemd_newtmpfilesd "${FILESDIR}"/skyldav.tmpfilesd skyldav.conf + else + newinitd "${FILESDIR}/${PN}.initd" ${PN} + newconfd "${FILESDIR}/${PN}.confd" ${PN} + fi + + ## create README.gentoo from ${DOC_CONTENTS} + DISABLE_AUTOFORMATTING=1 readme.gentoo_create_doc +} + +pkg_postinst() { + ## workaround for /usr/lib/tmpfiles.d/skyldav.conf + ## not getting processed until the next reboot + if use systemd; then + install -d -m 0755 -o root -g root /run/skyldav + fi +} |