[pve-devel] [PATCH dab-pve-appliances 1/2] pmg: include clamav cvd files in template

Stoiko Ivanov s.ivanov at proxmox.com
Thu Jan 2 17:53:37 CET 2020 

pmg depends on clamav, which does not start upon first boot without the
presence of it's virus database files.

By downloading them on the host and shipping them with the template
clamav-daemon starts up successfully. Since clamav-freshclam will
start downloading any updated files upon booting and notify clamav-daemon
the timeframe where the appliance runs with older virus defifinions is rather
short.

Additionally this follows the way we ship the cvd files in the ISO image.

Downloading happens outside of the container, since it does not have access to
the network.

Tested by creating an image, starting a container from that image and
verifying that clamav-daemon starts up upon first boot.

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 debian-10.0-pmg-64/Makefile | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/debian-10.0-pmg-64/Makefile b/debian-10.0-pmg-64/Makefile
index 9386972..b2ff0b0 100644
--- a/debian-10.0-pmg-64/Makefile
+++ b/debian-10.0-pmg-64/Makefile
@@ -1,6 +1,8 @@
 BASEDIR:=$(shell dab basedir)
 
-all: info/init_ok
+CVD_FILES:=main.cvd bytecode.cvd daily.cvd safebrowsing.cvd
+
+all: info/init_ok ${CVD_FILES}
 	dab bootstrap --minimal
 	sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin yes/' ${BASEDIR}/etc/ssh/sshd_config
 	dab exec /bin/systemctl enable systemd-timesyncd.service
@@ -8,6 +10,7 @@ all: info/init_ok
 	dab install libdbi-perl perl-openssl-defaults libcgi-pm-perl proxmox-mailgateway-container gpg
 	rm ${BASEDIR}/proxmox_install_mode
 	sed -i '/^deb.*\.proxmox\.com\/.*$$/d;$${/^$$/d;}' ${BASEDIR}/etc/apt/sources.list
+	cp ${CVD_FILES} ${BASEDIR}/var/lib/clamav/
 	dab finalize
 
 info/init_ok: dab.conf
@@ -17,9 +20,16 @@ info/init_ok: dab.conf
 .PHONY: clean
 clean:
 	dab clean
+	rm -f ${CVD_FILES}
 	rm -f *~
 
 .PHONY: dist-clean
 dist-clean:
 	dab dist-clean
+	rm -f ${CVD_FILES}
 	rm -f *~
+
+.PHONY: ${CVD_FILES}
+${CVD_FILES}:
+	curl -L --silent --show-error --fail  --time-cond $@ -o $@.tmp http://database.clamav.net/$@
+	[ -f $@.tmp ] && mv $@.tmp $@ || true
-- 
2.20.1

More information about the pve-devel mailing list