Ubuntu
clamav package

Merge ~sergiodj/ubuntu/+source/clamav:ifupdown-replacement into ubuntu/+source/clamav:ubuntu/devel

  1. Git
  2. lp:~sergiodj/ubuntu/+source/clamav
  3. ifupdown-replacement
  4. Merge into ubuntu/devel
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: db8e0afc1fed692a5656954eb20500a341bd5d7f
Proposed branch: ~sergiodj/ubuntu/+source/clamav:ifupdown-replacement
Merge into: ubuntu/+source/clamav:ubuntu/devel
Diff against target: 217 lines (+119/-52)
3 files modified
debian/changelog (+13/-0)
debian/clamav-freshclam-ifupdown (+104/-52)
debian/clamav-freshclam.links (+2/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Bryce Harrington (community) Approve
Canonical Server Reporter Pending
Review via email: mp+442791@code.launchpad.net

Description of the change

This MP implements support for the networkd-dispatcher utility on clamav.

This feature request has been file in bug #1718227 and opened for quite a while now. I submitted a Merge Request to Debian's clamav 2 years ago, but unfortunately it hasn't been reviewed/accepted yet. You can see it here:

https://salsa.debian.org/clamav-team/clamav/-/merge_requests/4

There's also a bug that proposes the same patch:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999869

networkd-dispatcher is a modern (TM) replacement for the ifupdown scripts. It basically detects changes in the network configuration and executes certain scripts based on these changes. For clamav, we're only interested in running specific script snippets when the network is off, or when it becomes online (which, in networkd-dispatcher's parlance, means "routable").

I'm taking the opportunity to modernize the script a little bit, because it uses old and non-idiomatic shell expressions.

An easy way to test these scripts is to echo something when they start and then bring the ethernet interface down/up. You can monitor the "journalctl -u networkd-dispatcher" output and confirm that the messages show up. Don't forget to start the service beforehand. This has to be done inside a VM. In order to manipulate the network interface, you can use:

# ip link set <INTERFACE> [down|up]

There's a PPA with the proposed change here: https://launchpad.net/~sergiodj/+archive/ubuntu/clamav

To post a comment you must log in.
Revision history for this message
Steve Langasek (vorlon) :
Revision history for this message
Sergio Durigan Junior (sergiodj) :
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

dep8 tests:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-mantic-sergiodj-clamav/?format=plain)
  clamav @ amd64:
    15.05.23 02:53:16 Log 🗒️ ✅ Triggers: clamav/0.103.8+dfsg-0ubuntu2~ppa1
  clamav @ arm64:
    12.05.23 21:41:02 Log 🗒️ ✅ Triggers: clamav/0.103.8+dfsg-0ubuntu2~ppa1
  clamav @ armhf:
    12.05.23 21:09:01 Log 🗒️ ✅ Triggers: clamav/0.103.8+dfsg-0ubuntu2~ppa1
  clamav @ ppc64el:
    12.05.23 21:13:01 Log 🗒️ ✅ Triggers: clamav/0.103.8+dfsg-0ubuntu2~ppa1
  clamav @ s390x:
    12.05.23 21:58:26 Log 🗒️ ✅ Triggers: clamav/0.103.8+dfsg-0ubuntu2~ppa1

Revision history for this message
Bryce Harrington (bryce) wrote :

I set up a vm and did the suggested test of adding debugging to clamav-freshclam:

set -e

echo "Running clamav-freshclam-ifupdown ${*}" >&2

[ -f /var/lib/clamav/interface ] || exit 0

if [ -d /run/systemd/system ]; then
    ...

I guess the test for the interface file causes the script to exit early so the debug statement seems to need to precede it, however it does appear to get called:

May 26 05:42:27 clamav-test-mantic systemd-timesyncd[11333]: No network connectivity, watching for changes.
May 26 05:42:33 clamav-test-mantic systemd-networkd[11337]: enp5s0: Link UP
May 26 05:42:33 clamav-test-mantic systemd-networkd[11337]: enp5s0: Gained carrier
May 26 05:42:33 clamav-test-mantic systemd-networkd[11337]: enp5s0: DHCPv4 address 10.69.244.74/24, gateway 10.69.244.1 acquired from 10.69.244.1
May 26 05:42:33 clamav-test-mantic systemd-timesyncd[11333]: Network configuration changed, trying to establish connection.
May 26 05:42:33 clamav-test-mantic networkd-dispatcher[15544]: Running clamav-freshclam-ifupdown
May 26 05:42:33 clamav-test-mantic systemd-timesyncd[11333]: Contacted time server 185.125.190.56:123 (ntp.ubuntu.com).
May 26 05:42:34 clamav-test-mantic systemd-networkd[11337]: enp5s0: Gained IPv6LL

I verified also the autopkgtests run fine, and did a cursory skim through the script's code. It all looks pretty straightforward and standardish, so +1 LGTM.

Regarding Steve's feedback to just make the script be networkd-only, honestly it may not be a terrible idea. Certainly a single codepath is going to be more testable and less code to maintain. If the goal is to avoid delta with debian, then an alternative might be to carry both versions of the script and then have the packaging system install the proper one based on the system configuration, rather than having the script heuristically guess which codepath to use. Anyway, I don't have a firm opinion on what would be better, either approach should work out ok.

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, bryce
Uploaders: sergiodj, bryce
MP auto-approved

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the review, Bryce.

I talked to Steve on #ubuntu-devel and he gave me a +1 there. I'm going to upload the package as is, and defer the discussion regarding the implementation of the feature for Debian.

Uploaded:

$ dput clamav_0.103.8+dfsg-0ubuntu2_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/clamav/clamav_0.103.8+dfsg-0ubuntu2_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/clamav/clamav_0.103.8+dfsg-0ubuntu2.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading clamav_0.103.8+dfsg-0ubuntu2.dsc: done.
  Uploading clamav_0.103.8+dfsg-0ubuntu2.debian.tar.xz: done.
  Uploading clamav_0.103.8+dfsg-0ubuntu2_source.buildinfo: done.
  Uploading clamav_0.103.8+dfsg-0ubuntu2_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 172f5e5..ec359bf 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,16 @@
6+clamav (0.103.8+dfsg-0ubuntu2) mantic; urgency=medium
7+
8+ * Extend ifupdown script to support networkd-dispatcher.
9+ - d/clamav-freshclam-ifupdown: Modernize some parts of
10+ the script. Implement support for networkd-dispatcher.
11+ - d/clamav-freshclam.links: Install the
12+ clamav-freshclam-ifupdown script inside the proper
13+ /usr/lib/networkd-dispatcher/{off,routable}.d/
14+ directories.
15+ (LP: #1718227)
16+
17+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 May 2023 15:58:29 -0400
18+
19 clamav (0.103.8+dfsg-0ubuntu1) lunar; urgency=medium
20
21 * Updated to version 0.103.8 to fix security issues.
22diff --git a/debian/clamav-freshclam-ifupdown b/debian/clamav-freshclam-ifupdown
23index 875c0cc..232fd79 100755
24--- a/debian/clamav-freshclam-ifupdown
25+++ b/debian/clamav-freshclam-ifupdown
26@@ -1,16 +1,25 @@
27 #!/bin/sh
28 # 2004-01-25, Thomas Lamy <thomas.lamy@in-online.net>
29 # From Magnus Ekdahl's <magnus@debian.org> clamav-freshclam-handledaemon(8)
30+# Adjust to be networkd-dispatcher compatible by
31+# Sergio Durigan Junior <sergiodj@debian.org>
32
33 set -e
34
35-[ -e /var/lib/clamav/interface ] || exit 0
36+[ -f /var/lib/clamav/interface ] || exit 0
37+
38+if [ -d /run/systemd/system ]; then
39+ INIT='systemctl'
40+ INIT_SUFFIX='clamav-freshclam'
41+else
42+ INIT='invoke-rc.d clamav-freshclam'
43+ INIT_SUFFIX=''
44+fi
45
46-INIT=invoke-rc.d clamav-freshclam
47 CLAMAV_CONF_FILE=/etc/clamav/clamd.conf
48 FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf
49
50-INTERNETIFACE=`cat /var/lib/clamav/interface`
51+INTERNETIFACE=$(cat /var/lib/clamav/interface)
52
53 if grep -q freshclam /proc/*/stat 2>/dev/null; then
54 IS_RUNNING=true
55@@ -18,61 +27,104 @@ else
56 IS_RUNNING=false
57 fi
58
59-# $IFACE is set by ifup/down, $PPP_IFACE by pppd
60-[ -n "$PPP_IFACE" ] && IFACE=$PPP_IFACE
61+handle_ifupdown ()
62+{
63+ # $IFACE is set by ifup/down, $PPP_IFACE by pppd
64+ [ -n "$PPP_IFACE" ] && IFACE=$PPP_IFACE
65
66-# This is sloppy - woody's pppd exports variables, while sid's passes them as
67-# arguments and exports them.
68+ # This is sloppy - woody's pppd exports variables, while sid's passes them as
69+ # arguments and exports them.
70
71-if [ "$1" = "$IFACE" ]; then # We're called by sid's pppd
72- shift 6 # and we already know the interface
73-fi # Dump the arguments passed.
74+ if [ "$1" = "$IFACE" ]; then # We're called by sid's pppd
75+ shift 6 # and we already know the interface
76+ fi # Dump the arguments passed.
77+
78+ if [ -z "$1" ]; then
79+ case $(dirname "$0") in
80+ */if-up.d|*/ip-up.d)
81+ # Short circuit and exit early if freshclam is already running
82+ [ "$IS_RUNNING" = 'true' ] && exit 0
83+ for interface in $INTERNETIFACE; do
84+ if [ "$interface" = "$IFACE" ]; then
85+ FMODE=start
86+ break
87+ else
88+ FMODE=skip
89+ fi
90+ done
91+ ;;
92+ */if-down.d|*/ip-down.d)
93+ # Short circuit and exit early if freshclam is not already running
94+ [ "$IS_RUNNING" = 'false' ] && exit 0
95+ for interface in $INTERNETIFACE; do
96+ if [ "$interface" = "$IFACE" ]; then
97+ FMODE=stop
98+ break
99+ else
100+ FMODE=skip
101+ fi
102+ done
103+ ;;
104+ *)
105+ FMODE=skip
106+ ;;
107+ esac
108+ else
109+ FMODE="$1"
110+ fi
111+
112+ case "$FMODE" in
113+ start|stop)
114+ IFACE="$IFACE" $INIT $FMODE $INIT_SUFFIX
115+ ;;
116+ skip)
117+ ;;
118+ *)
119+ echo "Usage: $0 {start|stop|skip}" >&2
120+ exit 1
121+ ;;
122+ esac
123+}
124+
125+handle_networkd_dispatcher ()
126+{
127+ FOUND_IFACE=false
128
129-if [ -z "$1" ]; then
130- case $(dirname "$0") in
131- */if-up.d|*/ip-up.d)
132- # Short circuit and exit early if freshclam is already running
133- [ "$IS_RUNNING" = 'true' ] && exit 0
134- for interface in $INTERNETIFACE; do
135- if [ "$interface" = "$IFACE" ]; then
136- FMODE=start
137- break
138- else
139- FMODE=skip
140- fi
141- done
142- ;;
143- */if-down.d|*/ip-down.d)
144- # Short circuit and exit early if freshclam is not already running
145- [ "$IS_RUNNING" = 'false' ] && exit 0
146 for interface in $INTERNETIFACE; do
147- if [ "$interface" = "$IFACE" ]; then
148- FMODE=stop
149- break
150- else
151- FMODE=skip
152- fi
153+ if [ "$interface" = "$IFACE" ]; then
154+ FOUND_IFACE=true
155+ break
156+ fi
157 done
158- ;;
159- *)
160- FMODE=skip
161- ;;
162- esac
163+
164+ [ "$FOUND_IFACE" = 'false' ] && return
165+
166+ FMODE=""
167+
168+ case "$STATE" in
169+ "off")
170+ if [ "$IS_RUNNING" = 'true' ]; then
171+ FMODE="stop"
172+ fi
173+ ;;
174+ "routable")
175+ if [ "$IS_RUNNING" = 'false' ]; then
176+ FMODE="start"
177+ fi
178+ ;;
179+ *)
180+ return
181+ esac
182+
183+ if [ -n "$FMODE" ]; then
184+ IFACE="$IFACE" $INIT $FMODE $INIT_SUFFIX
185+ fi
186+}
187+
188+if [ -n "$STATE" ]; then
189+ handle_networkd_dispatcher "$@"
190 else
191- FMODE="$1"
192+ handle_ifupdown "$@"
193 fi
194
195-case "$FMODE" in
196- start|stop)
197- IFACE="$IFACE" $INIT $FMODE
198- ;;
199- skip)
200- ;;
201- *)
202- echo "Usage: $0 {start|stop|skip}" >&2
203- exit 1
204- ;;
205-esac
206-
207 exit 0
208-
209diff --git a/debian/clamav-freshclam.links b/debian/clamav-freshclam.links
210index 04ad83d..3f0cfff 100644
211--- a/debian/clamav-freshclam.links
212+++ b/debian/clamav-freshclam.links
213@@ -1,2 +1,4 @@
214 /usr/share/doc/clamav-base/README.Debian.gz /usr/share/doc/clamav-freshclam/README.Debian.gz
215 /usr/share/doc/clamav-base/NEWS.gz /usr/share/doc/clamav-freshclam/NEWS.gz
216+/etc/network/if-up.d/clamav-freshclam-ifupdown /usr/lib/networkd-dispatcher/routable.d/clamav-freshclam
217+/etc/network/if-down.d/clamav-freshclam-ifupdown /usr/lib/networkd-dispatcher/off.d/clamav-freshclam

Subscribers

People subscribed via source and target branches