app-antivirus/clamav-unofficial-sigs: new revision with a cron job.

This update script needs to run as a restricted user, with bash as its
shell, and with a real home directory to prevent cron errors in the
logs. The best way to do that seems to be to install a custom job
into /etc/cron.d that sets the HOME and SHELL variables.

This new revision provides a cron job that works as documentation, and
adds a new USE=cron flag to install it. The default is NOT to install
it because /etc/cron.d is not 100% standard, and the update script
needs to be configured before it will work.

Closes: https://bugs.gentoo.org/694054
Package-Manager: Portage-2.3.76, Repoman-2.3.16
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>

diff --git a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
similarity index 80%
rename from app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild
rename to app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
index 6fc6ec0b574c7fe5c625af3e1957e38ca1c3e644..34c988c3a2f193c5214afd3c8a914431e11f46fb 100644 (file)
--- a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild
+++ b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
@@ -7,12 +7,12 @@ inherit user
 
 DESCRIPTION="Download and install third-party clamav signatures"
 HOMEPAGE="https://github.com/extremeshok/${PN}"
-SRC_URI="https://github.com/extremeshok/clamav-unofficial-sigs/archive/${PV}.tar.gz -> ${P}.tar.gz"
+SRC_URI="${HOMEPAGE}/archive/${PV}.tar.gz -> ${P}.tar.gz"
 
 LICENSE="BSD"
 SLOT="0"
 KEYWORDS="~amd64 ~x86"
-IUSE=""
+IUSE="cron"
 
 # The script relies on either net-misc/socat, or Perl's
 # IO::Socket::UNIX. We already depend on Perl, and Gentoo's Perl ships
@@ -41,6 +41,17 @@ src_install() {
 
        doman "${FILESDIR}/${PN}.8"
        dodoc README.md
+
+       if use cron; then
+               # Beware, this directory is not completely standard. However,
+               # we need this to run as "clamav" with a non-default shell and
+               # home directory (bug 694054), and this seems like the most
+               # reliable way to accomplish that.
+               insinto "/etc/cron.d"
+               newins "${FILESDIR}/${PN}.crond" "${PN}"
+       else
+               dodoc "${FILESDIR}/${PN}.crond"
+       fi
 }
 
 pkg_preinst() {

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
new file mode 100644 (file)
index 0000000..49ef1db
--- /dev/null
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
@@ -0,0 +1,19 @@
+#
+# Run clamav-unofficial-sigs hourly.
+#
+# This file should be copied to /etc/cron.d rather than, say,
+# /etc/cron.hourly because it needs to run as the clamav user (to
+# alter the databases), but the default settings for that user in
+# Gentoo are insufficient (see bug 694054).
+#
+# In particular, the clamav user needs a Bash shell and a home
+# directory since clamav-unofficial-sigs is written in Bash and
+# because otherwise cron will complain about trying to chdir to a
+# nonexistent home directory. When run out of /etc/cron.d, we can set
+# HOME and SHELL to appropriate values, unlike with scripts in
+# /etc/cron.hourly.
+#
+HOME=/var/lib/clamav-unofficial-sigs
+SHELL=/bin/bash
+
+01 * * * * clamav /usr/sbin/clamav-unofficial-sigs.sh

diff --git a/app-antivirus/clamav-unofficial-sigs/metadata.xml b/app-antivirus/clamav-unofficial-sigs/metadata.xml
index cb13edbbb596c207519f608f9478b62cda7de3f4..828e566ffcab05cbed1b34dadb48580cb64763a2 100644 (file)
--- a/app-antivirus/clamav-unofficial-sigs/metadata.xml
+++ b/app-antivirus/clamav-unofficial-sigs/metadata.xml
@@ -4,6 +4,14 @@
   <maintainer type="person">
     <email>mjo@gentoo.org</email>
   </maintainer>
+    <use>
+      <flag name="cron">
+        Install an hourly cron job to /etc/cron.d that runs the
+        updates as the clamav user (instead of root), with an
+        appropriate home directory and shell. The same cron job
+        is installed as documentation when this flag is disabled.
+      </flag>
+    </use>
   <upstream>
     <remote-id type="sourceforge">unofficial-sigs</remote-id>
     <remote-id type="github">extremeshok/clamav-unofficial-sigs</remote-id>