pmg depends on clamav, which does not start upon first boot without the
presence of it's virus database files.
By downloading them on the host and shipping them with the template
clamav-daemon starts up successfully. Since clamav-freshclam will
start downloading any updated files upon booting and notify clamav-daemon
the timeframe where the appliance runs with older virus defifinions is rather
short.
Additionally this follows the way we ship the cvd files in the ISO image.
Downloading happens outside of the container, since it does not have access to
the network. We download with curl, but only if the server files are
newer than the local files, so test for file existence before moving
the temporary file over.
Tested by creating an image, starting a container from that image and
verifying that clamav-daemon starts up upon first boot.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
BASEDIR:=$(shell dab basedir)
-all: info/init_ok
+CVD_FILES:=main.cvd bytecode.cvd daily.cvd safebrowsing.cvd
+
+all: info/init_ok ${CVD_FILES}
dab bootstrap --minimal
sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin yes/' ${BASEDIR}/etc/ssh/sshd_config
dab exec /bin/systemctl enable systemd-timesyncd.service
dab install libdbi-perl perl-openssl-defaults libcgi-pm-perl proxmox-mailgateway-container gpg
rm ${BASEDIR}/proxmox_install_mode
sed -i '/^deb.*\.proxmox\.com\/.*$$/d;$${/^$$/d;}' ${BASEDIR}/etc/apt/sources.list
+ cp ${CVD_FILES} ${BASEDIR}/var/lib/clamav/
dab finalize
info/init_ok: dab.conf
.PHONY: clean
clean:
dab clean
+ rm -f ${CVD_FILES}
rm -f *~
.PHONY: dist-clean
dist-clean:
dab dist-clean
+ rm -f ${CVD_FILES}
rm -f *~
+
+.PHONY: ${CVD_FILES}
+${CVD_FILES}:
+ curl -L --silent --show-error --fail --time-cond $@ -o $@.tmp http://database.clamav.net/$@
+ [ -f $@.tmp ] && mv $@.tmp $@ || true