Merge ~lvoytek/ubuntu/+source/clamav:clamav-sru-lp1925182-bionic into ubuntu/+source/clamav:ubuntu/bionic-devel
Status: | Merged |
---|---|
Merged at revision: | a1a2f8d4a90cd5e153cd41e6f1594f1a8e004a98 |
Proposed branch: | ~lvoytek/ubuntu/+source/clamav:clamav-sru-lp1925182-bionic |
Merge into: | ubuntu/+source/clamav:ubuntu/bionic-devel |
Diff against target: |
164 lines (+36/-60) 5 files modified
debian/changelog (+12/-0) debian/clamav-daemon.postinst.in (+0/-25) debian/clamav-freshclam.postinst.in (+18/-35) debian/control (+1/-0) debian/rules (+5/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Bryce Harrington (community) | Approve | ||
Canonical Server packageset reviewers | Pending | ||
Canonical Server | Pending | ||
Review via email: mp+411886@code.launchpad.net |
Description of the change
Cherry-picked from existing Debian fix for version 0.101.1+dfsg-1 at commit c284f2144560e84
* Deploy apparmor profile before first start of freshclam daemon.
- d/control: Add dh-apparmor as a build dependency
- d/rules: Add dh install override to deploy apparmor profiles
- d/clamav-
- d/clamav-
deployment
Thanks to Sebastian Andrzej Siewior <email address hidden>.
PPA: ppa:lvoytek/
Steps to test:
# lxc launch images:
# lxc exec test-failure bash
# apt update
# apt dist-upgrade
# apt install -y apparmor apparmor-utils wget software-
- Install clamav packages of version 1 before current in bionic
# wget https:/
# apt install -y ./*
- enforce apparmor profile for freshclam
# aa-enforce /usr/bin/freshclam
# apt update
# apt upgrade
- Check status of freshclam and notice that it was unable to restart
# systemctl status clamav-freshclam
clamav-
Loaded: loaded (/lib/systemd/
Drop-In: /run/systemd/
Active: failed (Result: exit-code) since Mon 2021-11-15 20:48:40 UTC; 34s ago
Docs: man:freshclam(1)
https:/
Main PID: 8785 (code=exited, status=2)
Nov 15 20:48:40 test-failure systemd[1]: Started ClamAV virus database updater.
Nov 15 20:48:40 test-failure freshclam[8785]: WARNING: Ignoring deprecated option SafeBrowsing at /etc/clamav/
Nov 15 20:48:40 test-failure freshclam[8785]: ERROR: Problem with internal logger (UpdateLogFile = /var/log/
Nov 15 20:48:40 test-failure freshclam[8785]: ERROR: initialize: libfreshclam init failed.
Nov 15 20:48:40 test-failure freshclam[8785]: ERROR: Initialization error!
Nov 15 20:48:40 test-failure freshclam[8785]: ERROR: Can't open /var/log/
Nov 15 20:48:40 test-failure systemd[1]: clamav-
Nov 15 20:48:40 test-failure systemd[1]: clamav-
- Recreate the container but this time include the updated ppa version
# lxc launch images:
# lxc exec test-success bash
# apt update
# apt dist-upgrade
# apt install -y apparmor apparmor-utils wget software-
- Install clamav packages of version 1 before current in bionic
# wget https:/
# apt install -y ./*
- enforce apparmor profile for freshclam
# aa-enforce /usr/bin/freshclam
- Add ppa and update
# add-apt-repository ppa:lvoytek/
# apt update
# apt upgrade
- Check status of freshclam and notice that it now starts properly
# systemctl status clamav-freshclam
clamav-
Loaded: loaded (/lib/systemd/
Drop-In: /run/systemd/
Active: active (running) since Mon 2021-11-15 20:53:17 UTC; 1min 22s ago
Docs: man:freshclam(1)
https:/
Main PID: 9122 (freshclam)
Tasks: 1 (limit: 19010)
CGroup: /system.
└─9122 /usr/bin/freshclam -d --foreground=true
Nov 15 20:53:26 test-success freshclam[9122]: Mon Nov 15 20:53:26 2021 -> daily.cvd updated (version: 26354, sigs: 1945178, f-level: 90, builder: raynman)
Nov 15 20:53:26 test-success freshclam[9122]: Mon Nov 15 20:53:26 2021 -> main database available for download (remote version: 62)
Nov 15 20:53:43 test-success freshclam[9122]: Mon Nov 15 20:53:43 2021 -> Testing database: '/var/lib/
Nov 15 20:53:48 test-success freshclam[9122]: Mon Nov 15 20:53:48 2021 -> Database test passed.
Nov 15 20:53:48 test-success freshclam[9122]: Mon Nov 15 20:53:48 2021 -> main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Nov 15 20:53:48 test-success freshclam[9122]: Mon Nov 15 20:53:48 2021 -> bytecode database available for download (remote version: 333)
Nov 15 20:53:48 test-success freshclam[9122]: Mon Nov 15 20:53:48 2021 -> Testing database: '/var/lib/
Nov 15 20:53:49 test-success freshclam[9122]: Mon Nov 15 20:53:49 2021 -> Database test passed.
Nov 15 20:53:49 test-success freshclam[9122]: Mon Nov 15 20:53:49 2021 -> bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Package Test Results:
autopkgtest [14:18:17]: @@@@@@@
clamd PASS
client PASS
milter PASS
Looks great, and thanks for the good paint-by-numbers test case.
I verified the d/rules change in the upstream commit is not needed for bionic's version of the package, and that the postinst change matches exactly with upstream's change. I ran through the test case and verified it is accurate and I got the expected results.
Since this is all technically correct I'm going to mark this approved, however I have one recommendation on the changelog entry, and there's a couple other steps that should be done first before this lands.
With changelog entries for SRUs in particular, I like to mention what the problem was that is being solved, for two reasons. First, for users experiencing this problem it helps clue them in that this version should fix their problem (they may not know what apparmor or daemons are). Second, if someone upgrades their system and experiences some weird unrelated fault, it lets them know your change was probably not what caused it. In this case, probably could simply say "Fixes failure restarting the clamav-freshclam service during upgrades."
One step to do before we land this, is to get it landed in jammy. The SRU process will reject fixes that are missing from the current devel release (or any intervening stable release). We also don't need to deal with SRU paperwork for things landing in -devel.
But the other step is that for landing in bionic, we do need to deal with the SRU paperwork. While that's not technically _required_ in order to upload the package to bionic-proposed, it'll allow it to be reviewed as part of the MP review. Especially for your first few SRUs there's some conventions and tips to pick up in how to craft good SRUs that sail through review.
So, LGTM, approved, but before landing this MP:
1. Update the changelog to make mention of the problem being fixed
2. Create MPs with these same changes for jammy, focal, hirsute, and impish
3. Fill in the SRU template