clamd: Add devcontainers to project

ClamAV supports multiple platforms and sometimes requires the debugging of platform-specific bugs. This commit adds one devcontainer for debian and another for AlmaLinux so that the codebase can be reopened inside of a devcontainer for debugging/testing purposes. Jira: CLAM-2740
3 months ago · 9bb126464d
parent 1f214b268c
commit 9bb126464d
4 changed files with 327 additions and 0 deletions
--- a/.devcontainer/clamav-almalinux/Dockerfile
+++ b/.devcontainer/clamav-almalinux/Dockerfile
@ -0,0 +1,121 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# Copyright (C) 2020 Olliver Schinagl <oliver@schinagl.nl>
+# Copyright (C) 2021-2023 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
+
+FROM index.docker.io/library/almalinux:9.5 AS clamav-almalinux-devcontainer
+ARG REMOTE_USER
+ARG REMOTE_UID
+WORKDIR /src
+
+COPY . /src/
+
+ENV CARGO_HOME=/src/build
+
+ENV HOME /home/${REMOTE_USER}
+
+# Install and enable EPEL and CRB repositories
+RUN dnf -y install epel-release && dnf config-manager --set-enabled crb
+
+RUN dnf -y --allowerasing install \
+        cmake \
+        bison \
+        check \
+        curl \
+        flex \
+        gcc \
+        gcc-c++ \
+        git \
+        gdb \
+        glibc-all-langpacks \
+        make \
+        man-db \
+        net-tools \
+        psmisc \
+        pkg-config \
+        python3-pip \
+        python3-pytest \
+        sudo \
+        tcpdump \
+        valgrind \
+        wget \
+        zip \
+        bzip2-devel \
+        check-devel \
+        curl-devel \
+        json-c-devel \
+        sendmail-devel \
+        ncurses-devel \
+        pcre2-devel \
+        openssl-devel \
+        libxml2-devel \
+        zlib-devel \
+    && \
+    rm -rf /var/cache/apt/archives \
+    && \
+    # Add the user to the system and to sudoers
+    adduser --uid $REMOTE_UID $REMOTE_USER \
+    && \
+    echo "${REMOTE_USER} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers \
+    && \
+    # Using rustup to install Rust rather than rust:1.62.1-bullseye, because there is no rust:1.62.1-bullseye image for ppc64le at this time.
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
+    && \
+    . $CARGO_HOME/env \
+    && \
+    rustup update \
+    && \
+    mkdir -p "./build" && cd "./build" \
+    && \
+    ls /src \
+    && \
+    cmake .. \
+        -DCARGO_HOME=$CARGO_HOME \
+        -DCMAKE_BUILD_TYPE="Release" \
+        -DCMAKE_INSTALL_PREFIX="/usr" \
+        -DCMAKE_INSTALL_LIBDIR="/usr/lib" \
+        -DAPP_CONFIG_DIRECTORY="/etc/clamav" \
+        -DDATABASE_DIRECTORY="/var/lib/clamav" \
+        -DENABLE_CLAMONACC=OFF \
+        -DENABLE_EXAMPLES=OFF \
+        -DENABLE_JSON_SHARED=ON \
+        -DENABLE_MAN_PAGES=OFF \
+        -DENABLE_MILTER=ON \
+        -DENABLE_STATIC_LIB=OFF \
+    && \
+    make DESTDIR="/clamav" -j$(($(nproc) - 1)) install \
+    && \
+    rm -r \
+        "/clamav/usr/include" \
+        "/clamav/usr/lib/pkgconfig/" \
+    && \
+    sed -e "s|^\(Example\)|\# \1|" \
+        -e "s|.*\(LocalSocket\) .*|\1 /tmp/clamd.sock|" \
+        -e "s|.*\(TCPSocket\) .*|\1 3310|" \
+        -e "s|.*\(TCPAddr\) .*|#\1 0.0.0.0|" \
+        -e "s|.*\(User\) .*|\1 clamav|" \
+        -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/clamd.log|" \
+        -e "s|^\#\(LogTime\).*|\1 yes|" \
+        "/clamav/etc/clamav/clamd.conf.sample" > "/clamav/etc/clamav/clamd.conf" && \
+    sed -e "s|^\(Example\)|\# \1|" \
+        -e "s|.*\(DatabaseOwner\) .*|\1 clamav|" \
+        -e "s|^\#\(UpdateLogFile\) .*|\1 /var/log/clamav/freshclam.log|" \
+        -e "s|^\#\(NotifyClamd\).*|\1 /etc/clamav/clamd.conf|" \
+        -e "s|^\#\(ScriptedUpdates\).*|\1 yes|" \
+        "/clamav/etc/clamav/freshclam.conf.sample" > "/clamav/etc/clamav/freshclam.conf" && \
+    sed -e "s|^\(Example\)|\# \1|" \
+        -e "s|.*\(MilterSocket\) .*|\1 inet:7357|" \
+        -e "s|.*\(User\) .*|\1 clamav|" \
+        -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/milter.log|" \
+        -e "s|^\#\(LogTime\).*|\1 yes|" \
+        -e "s|.*\(\ClamdSocket\) .*|\1 unix:/tmp/clamd.sock|" \
+        "/clamav/etc/clamav/clamav-milter.conf.sample" > "/clamav/etc/clamav/clamav-milter.conf" || \
+    exit 1
+    # Currently Unit test 1 fails with:
+        # /src/unit_tests/check_clamav.c:1797:F:assorted functions:test_cli_codepage_to_utf8_jis:0: test_cli_codepage_to_utf8: Failed to convert CODEPAGE_JAPANESE_SHIFT_JIS to UTF8: ret != SUCCESS!
+        # Todo: Investigate and fix this issue
+    # \
+    # && \
+    # ctest -V --timeout 3000
+
+USER ${REMOTE_USER}
--- a/.devcontainer/clamav-almalinux/devcontainer.json
+++ b/.devcontainer/clamav-almalinux/devcontainer.json
@ -0,0 +1,50 @@
+//devcontainer.json
+{
+    "name": "ClamAV AlmaLinux Development Container",
+    "build": {
+        "dockerfile": "Dockerfile",
+        "context": "../..",
+        "args": {
+            "REMOTE_USER": "${localEnv:USER}",
+            // This requires UID to be exported in your shell profile. See https://aka.ms/vscode-remote/containers/non-root-user.
+            "REMOTE_UID": "${localEnv:UID}"
+        },
+        "options": [
+            "--ssh=default"
+        ]
+    },
+    "postCreateCommand": "echo 'Welcome to your ClamAV AlmaLinux development container!'",
+    "postStartCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
+    "mounts": [
+        "source=${localEnv:HOME}/data/cvd,target=/var/lib/clamav,type=bind,consistency=cached"
+    ],
+    "runArgs": [
+        "--cap-add=SYS_PTRACE",
+        "--security-opt",
+        "seccomp=unconfined",
+        // Set the SSH_AUTH_SOCK environment variable
+        "-e",
+        "SSH_AUTH_SOCK=/ssh-agent.sock",
+        // Mount the SSH agent socket
+        "--mount=type=bind,src=${localEnv:SSH_AUTH_SOCK},target=/ssh-agent.sock",
+        // Add host.docker.internal to /etc/hosts to enable container to reach host machine so that it can reach test Kafka broker running in docker on host machine
+        "--add-host=host.docker.internal:host-gateway"
+    ],
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "rust-lang.rust-analyzer",
+                "ms-azuretools.vscode-docker",
+                "eamodio.gitlens",
+                "vadimcn.vscode-lldb",
+                "webfreak.debug",
+                "ms-vscode-remote.remote-containers",
+                "ms-vscode.cpptools-extension-pack",
+                "ms-vscode.cpptools"
+            ],
+            "settings": {
+                "terminal.integrated.shell.linux": "/bin/bash"
+            }
+        }
+    }
+}
--- a/.devcontainer/clamav-debian/Dockerfile
+++ b/.devcontainer/clamav-debian/Dockerfile
@ -0,0 +1,106 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# Copyright (C) 2020 Olliver Schinagl <oliver@schinagl.nl>
+# Copyright (C) 2021-2023 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
+
+FROM index.docker.io/library/debian:12-slim AS clamav-debian-devcontainer
+ARG REMOTE_USER
+ARG REMOTE_UID
+WORKDIR /src
+
+COPY . /src/
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV CARGO_HOME=/src/build
+
+ENV HOME /home/${REMOTE_USER}
+
+RUN apt update && apt install -y \
+        cmake \
+        bison \
+        flex \
+        gcc \
+        gdb \
+        git \
+        make \
+        man-db \
+        net-tools \
+        pkg-config \
+        python3 \
+        python3-pip \
+        python3-pytest \
+        check \
+        libbz2-dev \
+        libcurl4-openssl-dev \
+        libjson-c-dev \
+        libmilter-dev \
+        libncurses-dev \
+        libpcre2-dev \
+        libssl-dev \
+        libxml2-dev \
+        sudo \
+        zlib1g-dev \
+        curl \
+    && \
+    rm -rf /var/cache/apt/archives \
+    && \
+    # Add the user to the system and to sudoers
+    adduser --disabled-password --uid $REMOTE_UID $REMOTE_USER \
+    && \
+    echo "${REMOTE_USER} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers \
+    && \
+    # Using rustup to install Rust rather than rust:1.62.1-bullseye, because there is no rust:1.62.1-bullseye image for ppc64le at this time.
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
+    && \
+    . $CARGO_HOME/env \
+    && \
+    rustup update \
+    && \
+    mkdir -p "./build" && cd "./build" \
+    && \
+    cmake .. \
+        -DCARGO_HOME=$CARGO_HOME \
+        -DCMAKE_BUILD_TYPE="Release" \
+        -DCMAKE_INSTALL_PREFIX="/usr" \
+        -DCMAKE_INSTALL_LIBDIR="/usr/lib" \
+        -DAPP_CONFIG_DIRECTORY="/etc/clamav" \
+        -DDATABASE_DIRECTORY="/var/lib/clamav" \
+        -DENABLE_CLAMONACC=OFF \
+        -DENABLE_EXAMPLES=OFF \
+        -DENABLE_JSON_SHARED=ON \
+        -DENABLE_MAN_PAGES=OFF \
+        -DENABLE_MILTER=ON \
+        -DENABLE_STATIC_LIB=OFF \
+    && \
+    make DESTDIR="/clamav" -j$(($(nproc) - 1)) install \
+    && \
+    rm -r \
+        "/clamav/usr/include" \
+        "/clamav/usr/lib/pkgconfig/" \
+    && \
+    sed -e "s|^\(Example\)|\# \1|" \
+        -e "s|.*\(LocalSocket\) .*|\1 /tmp/clamd.sock|" \
+        -e "s|.*\(TCPSocket\) .*|\1 3310|" \
+        -e "s|.*\(TCPAddr\) .*|#\1 0.0.0.0|" \
+        -e "s|.*\(User\) .*|\1 clamav|" \
+        -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/clamd.log|" \
+        -e "s|^\#\(LogTime\).*|\1 yes|" \
+        "/clamav/etc/clamav/clamd.conf.sample" > "/clamav/etc/clamav/clamd.conf" && \
+    sed -e "s|^\(Example\)|\# \1|" \
+        -e "s|.*\(DatabaseOwner\) .*|\1 clamav|" \
+        -e "s|^\#\(UpdateLogFile\) .*|\1 /var/log/clamav/freshclam.log|" \
+        -e "s|^\#\(NotifyClamd\).*|\1 /etc/clamav/clamd.conf|" \
+        -e "s|^\#\(ScriptedUpdates\).*|\1 yes|" \
+        "/clamav/etc/clamav/freshclam.conf.sample" > "/clamav/etc/clamav/freshclam.conf" && \
+    sed -e "s|^\(Example\)|\# \1|" \
+        -e "s|.*\(MilterSocket\) .*|\1 inet:7357|" \
+        -e "s|.*\(User\) .*|\1 clamav|" \
+        -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/milter.log|" \
+        -e "s|^\#\(LogTime\).*|\1 yes|" \
+        -e "s|.*\(\ClamdSocket\) .*|\1 unix:/tmp/clamd.sock|" \
+        "/clamav/etc/clamav/clamav-milter.conf.sample" > "/clamav/etc/clamav/clamav-milter.conf" || \
+    exit 1 \
+    && \
+    ctest -V --timeout 3000
+
+USER ${REMOTE_USER}
--- a/.devcontainer/clamav-debian/devcontainer.json
+++ b/.devcontainer/clamav-debian/devcontainer.json
@ -0,0 +1,50 @@
+//devcontainer.json
+{
+    "name": "ClamAV Debian Development Container",
+    "build": {
+        "dockerfile": "Dockerfile",
+        "context": "../..",
+        "args": {
+            "REMOTE_USER": "${localEnv:USER}",
+            // This requires UID to be exported in your shell profile. See https://aka.ms/vscode-remote/containers/non-root-user.
+            "REMOTE_UID": "${localEnv:UID}"
+        },
+        "options": [
+            "--ssh=default"
+        ]
+    },
+    "postCreateCommand": "echo 'Welcome to your ClamAV Debian development container!'",
+    "postStartCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
+    "mounts": [
+        "source=${localEnv:HOME}/data/cvd,target=/var/lib/clamav,type=bind,consistency=cached"
+    ],
+    "runArgs": [
+        "--cap-add=SYS_PTRACE",
+        "--security-opt",
+        "seccomp=unconfined",
+        // Set the SSH_AUTH_SOCK environment variable
+        "-e",
+        "SSH_AUTH_SOCK=/ssh-agent.sock",
+        // Mount the SSH agent socket
+        "--mount=type=bind,src=${localEnv:SSH_AUTH_SOCK},target=/ssh-agent.sock",
+        // Add host.docker.internal to /etc/hosts to enable container to reach host machine so that it can reach test Kafka broker running in docker on host machine
+        "--add-host=host.docker.internal:host-gateway"
+    ],
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "rust-lang.rust-analyzer",
+                "ms-azuretools.vscode-docker",
+                "eamodio.gitlens",
+                "vadimcn.vscode-lldb",
+                "webfreak.debug",
+                "ms-vscode-remote.remote-containers",
+                "ms-vscode.cpptools-extension-pack",
+                "ms-vscode.cpptools"
+            ],
+            "settings": {
+                "terminal.integrated.shell.linux": "/bin/bash"
+            }
+        }
+    }
+}