Remove Docker files from repository

The supported Docker files used to build the official clamav images are now located here: https://github.com/Cisco-Talos/clamav-docker Also fix some minor errors in the INSTALL.md file.
3 years ago · 2f0189759e
parent 1f5bf9f4a3
commit 2f0189759e
7 changed files with 21 additions and 374 deletions
--- a/116
+++ b/116
@ -1,116 +0,0 @@
-# SPDX-License-Identifier: GPL-2.0-or-later
-#
-# Copyright (C) 2020 Olliver Schinagl <oliver@schinagl.nl>
-# Copyright (C) 2021-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
-
-# hadolint ignore=DL3007  latest is the latest stable for alpine
-FROM index.docker.io/library/alpine:latest AS builder
-
-WORKDIR /src
-
-COPY . /src/
-
-# hadolint ignore=DL3008  We want the latest stable versions
-RUN apk add --no-cache \
-        bsd-compat-headers \
-        bzip2-dev \
-        check-dev \
-        cmake \
-        curl-dev \
-        file \
-        fts-dev \
-        g++ \
-        git \
-        json-c-dev \
-        libmilter-dev \
-        libtool \
-        libxml2-dev \
-        linux-headers \
-        make \
-        ncurses-dev \
-        openssl-dev \
-        pcre2-dev \
-        py3-pytest \
-        zlib-dev \
-        rust \
-        cargo \
-    && \
-    mkdir -p "./build" && cd "./build" && \
-    cmake .. \
-          -DCMAKE_BUILD_TYPE="Release" \
-          -DCMAKE_INSTALL_PREFIX="/usr" \
-          -DCMAKE_INSTALL_LIBDIR="/usr/lib" \
-          -DAPP_CONFIG_DIRECTORY="/etc/clamav" \
-          -DDATABASE_DIRECTORY="/var/lib/clamav" \
-          -DENABLE_CLAMONACC=OFF \
-          -DENABLE_EXAMPLES=OFF \
-          -DENABLE_JSON_SHARED=ON \
-          -DENABLE_MAN_PAGES=OFF \
-          -DENABLE_MILTER=ON \
-          -DENABLE_STATIC_LIB=OFF && \
-    make DESTDIR="/clamav" -j$(($(nproc) - 1)) install && \
-    rm -r \
-       "/clamav/usr/lib/pkgconfig/" \
-    && \
-    sed -e "s|^\(Example\)|\# \1|" \
-        -e "s|.*\(PidFile\) .*|\1 /run/lock/clamd.pid|" \
-        -e "s|.*\(LocalSocket\) .*|\1 /run/clamav/clamd.sock|" \
-        -e "s|.*\(TCPSocket\) .*|\1 3310|" \
-        -e "s|.*\(TCPAddr\) .*|#\1 0.0.0.0|" \
-        -e "s|.*\(User\) .*|\1 clamav|" \
-        -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/clamd.log|" \
-        -e "s|^\#\(LogTime\).*|\1 yes|" \
-        "/clamav/etc/clamav/clamd.conf.sample" > "/clamav/etc/clamav/clamd.conf" && \
-    sed -e "s|^\(Example\)|\# \1|" \
-        -e "s|.*\(PidFile\) .*|\1 /run/lock/freshclam.pid|" \
-        -e "s|.*\(DatabaseOwner\) .*|\1 clamav|" \
-        -e "s|^\#\(UpdateLogFile\) .*|\1 /var/log/clamav/freshclam.log|" \
-        -e "s|^\#\(NotifyClamd\).*|\1 /etc/clamav/clamd.conf|" \
-        -e "s|^\#\(ScriptedUpdates\).*|\1 yes|" \
-        "/clamav/etc/clamav/freshclam.conf.sample" > "/clamav/etc/clamav/freshclam.conf" && \
-    sed -e "s|^\(Example\)|\# \1|" \
-        -e "s|.*\(PidFile\) .*|\1 /run/lock/clamav-milter.pid|" \
-        -e "s|.*\(MilterSocket\) .*|\1 inet:7357|" \
-        -e "s|.*\(User\) .*|\1 clamav|" \
-        -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/milter.log|" \
-        -e "s|^\#\(LogTime\).*|\1 yes|" \
-        -e "s|.*\(\ClamdSocket\) .*|\1 unix:/run/clamav/clamd.sock|" \
-        "/clamav/etc/clamav/clamav-milter.conf.sample" > "/clamav/etc/clamav/clamav-milter.conf" || \
-    exit 1 && \
-    ctest -V
-
-FROM index.docker.io/library/alpine:latest
-
-LABEL maintainer="ClamAV bugs <clamav-bugs@external.cisco.com>"
-
-EXPOSE 3310
-EXPOSE 7357
-
-ENV TZ Etc/UTC
-
-RUN apk add --no-cache \
-        fts \
-        json-c \
-        libbz2 \
-        libcurl \
-        libltdl \
-        libmilter \
-        libstdc++ \
-        libxml2 \
-        ncurses-libs \
-        pcre2 \
-        tini \
-        tzdata \
-        zlib \
-    && \
-    addgroup -S "clamav" && \
-    adduser -D -G "clamav" -h "/var/lib/clamav" -s "/bin/false" -S "clamav" && \
-    install -d -m 755 -g "clamav" -o "clamav" "/var/log/clamav"
-
-COPY --from=builder "/clamav" "/"
-COPY "./dockerfiles/clamdcheck.sh" "/usr/local/bin/"
-COPY "./dockerfiles/docker-entrypoint.sh" "/init"
-
-HEALTHCHECK --start-period=6m CMD "clamdcheck.sh"
-
-ENTRYPOINT [ "/init" ]
--- a/INSTALL.md
+++ b/INSTALL.md
@ -58,11 +58,6 @@ configuration options.

 ## Known Issues / To-do's:

- The newest LLVM version supported is 3.6.2. We ran out of time during 0.104
-  development to add support for newer versions of LLVM.
-  The bytecode interpreter is therefore the default option for the bytecode
-  signature runtime in this release.
-
 - Complete the `MAINTAINER_MODE` option to generate jsparse files with GPerf.

 - The test suite will fail to run if you have `pytest` from Python2 installed
@ -93,7 +88,6 @@ For Maintainer-mode only (not recommended):
 - Flex
 - Bison
 - Gperf
- Rust bindgen

 ### External Library Dependencies

@ -159,7 +153,7 @@ mkdir build && cd build

 ## CMake Basics

-CMake isn't actually a built system. It's a meta-build system. In other words,
+CMake isn't actually a build system. It is a meta-build system. In other words,
 CMake is a build system *generator*.

 On Unix systems, CMake generates Makefiles by default, just like Autotools.
--- a/NEWS.md
+++ b/NEWS.md
@ -95,6 +95,13 @@ ClamAV 1.0.0 includes the following improvements and changes.
  compatibility issues. Patch courtesy of Matt Jolly.
  - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/692

+- Moved the ClamAV Docker files for building containers to a new Git repository.
+  The Docker files are now in https://github.com/Cisco-Talos/clamav-docker.
+  This change enables us to fix issues with the images and with the supporting
+  scripts used to publish and update the images without committing changes
+  directly to files in the ClamAV release branches.
+  - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/764
+
 ### Bug fixes

 - Assorted code quality fixes. These are not security issues and will not be
--- a/README.Docker.md
+++ b/README.Docker.md
@ -35,7 +35,19 @@ You can use the `unstable` version (i.e. `clamav/clamav:unstable` or

 While it is recommended to pull the image from our
 [Docker Hub registry](https://hub.docker.com/u/clamav/clamav), some may want
-to build the image locally instead. All that is needed is:
+to build the image locally instead.
+
+To do this, you will need to get the  `Dockerfile` and the supporting `scripts/`
+directory from the
+[clamav-docker Git repository](https://github.com/Cisco-Talos/clamav-docker).
+Be sure to select the correct one for this ClamAV release.
+
+> _Tip_: For unreleased ClamAV versions, such as when building from the `main`
+> git branch, you should select the files from the
+> `clamav-docker/clamav/unstable/<distro>` directory.
+
+Place the `Dockerfile` and `scripts/` directory in the ClamAV source directory.
+Then you can build the image. For example, run:
 ```bash
 docker build --tag "clamav:TICKET-123" .
 ```
--- a/dockerfiles/clamdcheck.sh
+++ b/dockerfiles/clamdcheck.sh
@ -1,14 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-if [ "${CLAMAV_NO_CLAMD:-}" != "false" ]; then
-	if [ "$(echo "PING" | nc localhost 3310)" != "PONG" ]; then
-		echo "ERROR: Unable to contact server"
-		exit 1
-	fi
-
-	echo "Clamd is up"
-fi
-
-exit 0
--- a/dockerfiles/docker-entrypoint.sh
+++ b/dockerfiles/docker-entrypoint.sh
@ -1,83 +0,0 @@
-#!/sbin/tini /bin/sh
-# SPDX-License-Identifier: GPL-2.0-or-later
-#
-# Copyright (C) 2021 Olliver Schinagl <oliver@schinagl.nl>
-# Copyright (C) 2021-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
-#
-# A beginning user should be able to docker run image bash (or sh) without
-# needing to learn about --entrypoint
-# https://github.com/docker-library/official-images#consistency
-
-set -eu
-
-if [ ! -d "/run/clamav" ]; then
-	install -d -g "clamav" -m 775 -o "clamav" "/run/clamav"
-fi
-
-# Assign ownership to the database directory, just in case it is a mounted volume
-chown -R clamav:clamav /var/lib/clamav
-
-# run command if it is not starting with a "-" and is an executable in PATH
-if [ "${#}" -gt 0 ] && \
-   [ "${1#-}" = "${1}" ] && \
-   command -v "${1}" > "/dev/null" 2>&1; then
-	# Ensure healthcheck always passes
-	CLAMAV_NO_CLAMD="true" exec "${@}"
-else
-	if [ "${#}" -ge 1 ] && \
-	   [ "${1#-}" != "${1}" ]; then
-		# If an argument starts with "-" pass it to clamd specifically
-		exec clamd "${@}"
-	fi
-	# else default to running clamav's servers
-
-	# Help tiny-init a little
-	mkdir -p "/run/lock"
-	ln -f -s "/run/lock" "/var/lock"
-
-	# Ensure we have some virus data, otherwise clamd refuses to start
-	if [ ! -f "/var/lib/clamav/main.cvd" ]; then
-		echo "Updating initial database"
-		freshclam --foreground --stdout
-	fi
-
-	if [ "${CLAMAV_NO_CLAMD:-false}" != "true" ]; then
-		echo "Starting ClamAV"
-		if [ -S "/run/clamav/clamd.sock" ]; then
-			unlink "/run/clamav/clamd.sock"
-		fi
-		clamd --foreground &
-		while [ ! -S "/run/clamav/clamd.sock" ]; do
-			if [ "${_timeout:=0}" -gt "${CLAMD_STARTUP_TIMEOUT:=1800}" ]; then
-				echo
-				echo "Failed to start clamd"
-				exit 1
-			fi
-			printf "\r%s" "Socket for clamd not found yet, retrying (${_timeout}/${CLAMD_STARTUP_TIMEOUT}) ..."
-			sleep 1
-			_timeout="$((_timeout + 1))"
-		done
-		echo "socket found, clamd started."
-	fi
-
-	if [ "${CLAMAV_NO_FRESHCLAMD:-false}" != "true" ]; then
-		echo "Starting Freshclamd"
-		freshclam \
-		          --checks="${FRESHCLAM_CHECKS:-1}" \
-		          --daemon \
-		          --foreground \
-		          --stdout \
-		          --user="clamav" \
-			  &
-	fi
-
-	if [ "${CLAMAV_NO_MILTERD:-true}" != "true" ]; then
-		echo "Starting clamav milterd"
-		clamav-milter &
-	fi
-
-	# Wait forever (or until canceled)
-	exec tail -f "/dev/null"
-fi
-
-exit 0
--- a/dockerfiles/update_db_image.sh
+++ b/dockerfiles/update_db_image.sh
@ -1,153 +0,0 @@
-#!/bin/sh
-# SPDX-License-Identifier: GPL-2.0-or-later
-#
-# Copyright (C) 2021 Olliver Schinagl <oliver@schinagl.nl>
-# Copyright (C) 2021-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
-
-set -eu
-
-DEF_CLAMAV_DOCKER_IMAGE="clamav/clamav"
-DEF_DOCKER_REGISTRY="registry.hub.docker.com"
-
-
-usage()
-{
-	echo "Usage: ${0} [OPTIONS]"
-	echo "Update docker images with latest clamav database."
-	echo "    -h  Print this usage"
-	echo "    -i  Image to use to use (default: '${DEF_CLAMAV_DOCKER_IMAGE}') [CLAMAV_DOCKER_IMAGE]"
-	echo "    -p  Password for docker registry (file or string) [CLAMAV_DOCKER_PASSWD]"
-	echo "    -r  Registry to use to push docker images to (default: '${DEF_DOCKER_REGISTRY}') [DOCKER_REGISTRY]"
-	echo "    -t  Tag(s) to update (default: all tags)"
-	echo "    -u  Username for docker registry [CLAMAV_DOCKER_USER]"
-	echo
-	echo "Options that can also be passed in environment variables listed between [BRACKETS]."
-}
-
-init()
-{
-	if [ -z "${clamav_docker_user:-}" ] ||
-           [ -z "${clamav_docker_passwd:-}" ]; then
-		echo "No username or password set, skipping login"
-		return
-	fi
-
-	docker --version
-
-	if [ -f "${clamav_docker_passwd}" ]; then
-		_passwd="$(cat "${clamav_docker_passwd}")"
-	fi
-	echo "${_passwd:-${clamav_docker_passwd}}" | \
-	docker login \
-	             --password-stdin \
-	             --username "${clamav_docker_user}" \
-	             "${docker_registry}"
-}
-
-cleanup()
-{
-	if [ -z "${clamav_docker_user:-}" ]; then
-		echo "No username set, skipping logout"
-		return
-	fi
-
-	docker logout "${docker_registry:-}"
-}
-
-docker_tags_get()
-{
-	if [ -n "${clamav_docker_tags:-}" ]; then
-		return
-	fi
-
-	_tags="$(wget -q -O - "https://${docker_registry}/v1/repositories/${clamav_docker_image}/tags" |
-	         sed -e 's|[][]||g' -e 's|"||g' -e 's| ||g' | \
-		 tr '}' '\n' | \
-		 sed -n -e 's|.*name:\(.*\)$|\1|p')"
-
-	for _tag in ${_tags}; do
-		if [ "${_tag%%_base}" != "${_tag}" ]; then
-			clamav_docker_tags="${_tag} ${clamav_docker_tags:-}"
-		fi
-	done
-}
-
-clamav_db_update()
-{
-	if [ -z "${clamav_docker_tags:-}" ]; then
-		echo "No tags to update with, cannot continue."
-		exit 1
-	fi
-
-	for _tag in ${clamav_docker_tags}; do
-		{
-			echo "FROM ${docker_registry}/${clamav_docker_image}:${_tag}"
-			echo "RUN freshclam --foreground --stdout && rm /var/lib/clamav/freshclam.dat || rm /var/lib/clamav/mirrors.dat || true"
-		} | docker image build --pull --rm --tag "${docker_registry}/${clamav_docker_image}:${_tag%%_base}" -
-		docker image push "${docker_registry}/${clamav_docker_image}:${_tag%%_base}"
-	done
-}
-
-main()
-{
-	_start_time="$(date "+%s")"
-
-	while getopts ":hi:p:r:t:u:" _options; do
-		case "${_options}" in
-		h)
-			usage
-			exit 0
-			;;
-		i)
-			clamav_docker_image="${OPTARG}"
-			;;
-		p)
-			clamav_docker_passwd="${OPTARG}"
-			;;
-		r)
-			docker_registry="${OPTARG}"
-			;;
-		t)
-			clamav_docker_tag="${OPTARG}"
-			;;
-		u)
-			clamav_docker_user="${OPTARG}"
-			;;
-		:)
-			e_err "Option -${OPTARG} requires an argument."
-			exit 1
-			;;
-		?)
-			e_err "Invalid option: -${OPTARG}"
-			exit 1
-			;;
-		esac
-	done
-	shift "$((OPTIND - 1))"
-
-	clamav_docker_image="${clamav_docker_image:-${CLAMAV_DOCKER_IMAGE:-${DEF_CLAMAV_DOCKER_IMAGE}}}"
-	clamav_docker_passwd="${clamav_docker_passwd:-${CLAMAV_DOCKER_PASSWD:-}}"
-	clamav_docker_tag="${clamav_docker_tag:-}"
-	clamav_docker_user="${clamav_docker_user:-${CLAMAV_DOCKER_USER:-}}"
-	docker_registry="${docker_registry:-${DOCKER_REGISTRY:-${DEF_DOCKER_REGISTRY}}}"
-
-	init
-
-	docker_tags_get
-	clamav_db_update
-
-	echo "==============================================================================="
-	echo "Build report for $(date -u)"
-	echo
-	echo "Updated database for image tags ..."
-	echo "${clamav_docker_tags:-}"
-	echo
-	echo "... successfully in $(($(date "+%s") - _start_time)) seconds"
-	echo "==============================================================================="
-
-	cleanup
-}
-
-main "${@}"
-
-exit 0