[pmg-devel] [PATCH proxmox-mailgateway 4/4] add initial-freshclam.service to pmg-container

Thu Jan 2 10:32:25 CET 2020

Am 12/27/19 um 7:36 PM schrieb Stoiko Ivanov:
> the proxmox-mailgateway-container metapackage is used to build our
> Mailgateway container template with 'dab'. When creating the template
> clamav-freshclam gets installed, but does not download the virus-definitions
> resulting in 'clamav-daemon' not starting upon first boot of the PMG
> container.
> 
> By adding a service file which invokes 'freshclam' and blocks until the files
> are downloaded, which adds a dependency on itself to clamav-daemon the daemon
> starts successfully on the first boot of a container.
> 
> Not needed for non-container installations.
> 
> Tested by adding and enabling the service file on a freshly created (and never
> started) pmg-6.1 container and booting it - clamav was running happily after
> the download. After a reboot the service did not run because
> of the ConditionPathExistsGlob
> 

This should be done by the dab PMG appliance makefile. Makes it more
equivalent to the ISO (i.e., ships with definitions from appliance/iso build time)
and does not messes with the start up of the CT without bringing other gain.

Simply add an initial update at [1] between bootstrap and finalize, maybe with an
`dab exec` to avoid the need of clamav on the builder host (not sure from top
of my head if the CT has internet access at this stage, so just an idea)

[0]: https://git.proxmox.com/?p=dab-pve-appliances.git;a=blob;f=debian-10.0-pmg-64/Makefile;h=9386972931ff19236f7fd46218350523d0ffbd1d;hb=2885dfc17f43f0c02a9d6dbe375eac532f5671fb#l10

> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
>  ...gateway-container.initial-freshclam.service | 18 ++++++++++++++++++
>  ...mox-mailgateway-container.lintian-overrides |  1 +
>  debian/rules                                   |  2 ++
>  3 files changed, 21 insertions(+)
>  create mode 100644 debian/proxmox-mailgateway-container.initial-freshclam.service
> 
> diff --git a/debian/proxmox-mailgateway-container.initial-freshclam.service b/debian/proxmox-mailgateway-container.initial-freshclam.service
> new file mode 100644
> index 0000000..58a7ba0
> --- /dev/null
> +++ b/debian/proxmox-mailgateway-container.initial-freshclam.service
> @@ -0,0 +1,18 @@
> +[Unit]
> +Description=Initial download of ClamAV defintion files
> +#inverted to the one in clamav-daemon.service
> +ConditionPathExistsGlob=!/var/lib/clamav/main.{c[vl]d,inc}
> +ConditionPathExistsGlob=!/var/lib/clamav/daily.{c[vl]d,inc}
> +Before=clamav-daemon.service clamav-freshclam.service
> +After=network-online.target
> +Wants=network-online.target
> +
> +
> +[Service]
> +Type=oneshot
> +RemainAfterExit=yes
> +ExecStart=/usr/bin/freshclam --quiet
> +
> +[Install]
> +WantedBy=multi-user.target clamav-daemon.service clamav-freshclam.service
> +
> diff --git a/debian/proxmox-mailgateway-container.lintian-overrides b/debian/proxmox-mailgateway-container.lintian-overrides
> index d324f05..c85797e 100644
> --- a/debian/proxmox-mailgateway-container.lintian-overrides
> +++ b/debian/proxmox-mailgateway-container.lintian-overrides
> @@ -1 +1,2 @@
>  proxmox-mailgateway-container: package-installs-apt-keyring etc/apt/trusted.gpg.d/proxmox-ve-release-*
> +proxmox-mailgateway-container: systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/initial-freshclam.service clamav-*.service
> diff --git a/debian/rules b/debian/rules
> index 0c06312..d985472 100644
> --- a/debian/rules
> +++ b/debian/rules
> @@ -7,3 +7,5 @@
>  %:
>  	dh $@
>  
> +override_dh_installsystemd:
> +	dh_installsystemd --no-start --name=initial-freshclam
> 