launchpad-buildd

Merge ~cjwatson/launchpad-buildd:doc-malware-scanning into launchpad-buildd:master

  1. Git
  2. lp:~cjwatson/launchpad-buildd
  3. doc-malware-scanning
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: e6e05b6e82bd4f748b42ca709204b478bb556f22
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad-buildd:doc-malware-scanning
Merge into: launchpad-buildd:master
Diff against target: 60 lines (+38/-0)
3 files modified
debian/changelog (+6/-0)
docs/explanation/malware-scanning.rst (+31/-0)
docs/index.rst (+1/-0)
Reviewer Review Type Date Requested Status
Guruprasad Approve
Review via email: mp+444168@code.launchpad.net

Commit message

Add basic documentation of malware scanning for CI builds

To post a comment you must log in.
Revision history for this message
Guruprasad (lgp171188) wrote :

LGTM 👍

review: Approve
Revision history for this message
Jürgen Gmach (jugmac00) wrote :

Thanks!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 547f256..905f523 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
1launchpad-buildd (234) UNRELEASED; urgency=medium
2
3 * Add basic documentation of malware scanning for CI builds.
4
5 -- Colin Watson <cjwatson@ubuntu.com> Tue, 06 Jun 2023 11:42:23 +0100
6
1launchpad-buildd (233) focal; urgency=medium7launchpad-buildd (233) focal; urgency=medium
28
3 * Only create /dev/dm-* in LXD containers if they don't already exist9 * Only create /dev/dm-* in LXD containers if they don't already exist
diff --git a/docs/explanation/malware-scanning.rst b/docs/explanation/malware-scanning.rst
4new file mode 10064410new file mode 100644
index 0000000..dfbecdc
--- /dev/null
+++ b/docs/explanation/malware-scanning.rst
@@ -0,0 +1,31 @@
1Malware scanning
2****************
3
4Certain CI builds can be configured with ClamAV integration, so that builds
5have a basic malware scan performed on their output files. This is not yet
6very generalized (it currently only works for builds in the private ``soss``
7distribution), and should not be expected to be robust.
8
9To enable this in a local Launchpad installation, set this in
10``launchpad-lazr.conf`` (or otherwise arrange for ``"scan_malware": true``
11to be included in the arguments dispatched to the builder)::
12
13 [cibuild.soss]
14 scan_malware: True
15
16``database.clamav.net`` rate-limits clients. To avoid this, and generally
17to be good citizens, we maintain a `private mirror
18<https://docs.clamav.net/appendix/CvdPrivateMirror.html>`_ of the ClamAV
19database. This is organized using the `clamav-database-mirror
20<https://charmhub.io/clamav-database-mirror>`_ charm, deployed via the
21`vbuilder
22<https://git.launchpad.net/~launchpad/launchpad-mojo-specs/+git/private/tree/vbuilder?h=vbuilder>`_
23Mojo spec (Canonical-internal); on production, this is exposed to builders
24as ``clamav-database-mirror.lp.internal``. `launchpad-buildd-image-modifier
25<https://git.launchpad.net/charm-launchpad-buildd-image-modifier>`_ is
26configured to pass a suitable local URL on to ``launchpad-buildd``, but you
27can also do this in a local installation by adding something like the
28following to ``/etc/launchpad-buildd/default``::
29
30 [proxy]
31 clamavdatabase = http://clamav-database-mirror.test/
diff --git a/docs/index.rst b/docs/index.rst
index f8ae1de..a80b2b3 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -41,3 +41,4 @@ Explanation
41 :maxdepth: 141 :maxdepth: 1
4242
43 explanation/deployment43 explanation/deployment
44 explanation/malware-scanning

Subscribers

People subscribed via source and target branches