[pve-devel] applied: [PATCH dab-pve-appliances v2] pmg: optionally verify cvd files with sigtool

[Thomas Lamprecht]

On 1/9/20 6:32 PM, Stoiko Ivanov wrote:
> sigtool (1)  is clamav's utility to manipulate and verify cvd files.
> It is shipped in the clamav package, which is not installed inside
> pmg (pmg uses the daemonized version - clamav-daemon).
> 
> This patch verifies the downloaded cvd-files if sigtool is installed on the
> build host and skips the verification if not (in order to not depend on an
> installed clamav package).
> 
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
> v1 -> v2
> * changed the check for sigtool's existence to the posix compatible
>   `command -v $cmd` instead of relying on hardcoded paths (and not using them
>   during the actual invocation) - Thanks @Thomas for spotting and suggesting
>   this!
> 
>  debian-10.0-pmg-64/Makefile | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/debian-10.0-pmg-64/Makefile b/debian-10.0-pmg-64/Makefile
> index 0e6efff..d12b4f4 100644
> --- a/debian-10.0-pmg-64/Makefile
> +++ b/debian-10.0-pmg-64/Makefile
> @@ -33,3 +33,4 @@ dist-clean:
>  ${CVD_FILES}:
>  	curl -L --silent --show-error --fail --time-cond $@ -o $@.tmp http://database.clamav.net/$@
>  	[ -f $@.tmp ] && mv $@.tmp $@ || true
> +	if command -v sigtool > /dev/null ; then sigtool -i $@; else echo "skipping verification of $@"; fi
> 

applied, thanks! side note: having the ClamAV stuff inside the appliance
almost doubles its size, from 238M to 445M .. holy moly..