Upgrade macOS OpenSSL dependency to use 3 instead of 1.1.
Python's pip from Homebrew now refuses to isntall globally:
error: externally-managed-environment
× This environment is externally managed
╰─> To install Python packages system-wide, try brew install
xyz, where xyz is the package you are trying to
install.
If you wish to install a Python library that isn't in Homebrew,
use a virtual environment:
python3 -m venv path/to/venv
source path/to/venv/bin/activate
python3 -m pip install xyz
If you wish to install a Python application that isn't in Homebrew,
it may be easiest to use 'pipx install xyz', which will manage a
virtual environment for you. You can install pipx with
brew install pipx
You may restore the old behavior of pip by passing
the '--break-system-packages' flag to pip, or by adding
'break-system-packages = true' to your pip.conf file. The latter
will permanently disable this error.
If you disable this error, we STRONGLY recommend that you additionally
pass the '--user' flag to pip, or set 'user = true' in your pip.conf
file. Failure to do this can result in a broken Homebrew installation.
Read more about this behavior here: <https://peps.python.org/pep-0668/>
Using Pipx instead. Making the same change for Ubuntu just in case.
The 'windows-latest' image is now windows-2022, but the vcpkg we're
using doesn't know to look for visual studio 2022. Reverting to use
windows-2019 so vcpkg works with it.
Also switching to the run-vcpkg v7.4. Not going with the new v10 series
because that changes the inputs and I'm not ready to figure out how to
change the params to make it work.
The CIFuzz tool was observed detecting an issue in code unrelated to a
pull request. While it was relatively benign in this case, it has the
potential to accidentally disclose a vulnerability publicly without
allowing a non-disclosure period for us to publish a fixed patch
version.
I'm not comfortable with this risk, so I'm removing the workflow.
Adds a basic test to validate that ExcludePath correctly excludes a
subdirectory but does not exclude subsequent files. As with the other
ClamD/Scan tests, it will test in each mode: regular, stream, and
fdpass (if available).
Unlike the other tests, this one tests ClamDScan with Valgrind instead
of ClamD.
Refactored the clamd_test.py file to reduce duplicate code, and support
enabling and disabling valgrind when running ClamDScan and ClamD.
Add pytest to the github actions environments because the results when
using pytest are far easier to read.
The template includes a comment block at the top to direct security
issue reports towards the SECURITY.md instructions.
A comment block at the bottom provides instructions for how to share
files needed to reproduce the bug.
These comments blocks disappear when the report is submitted.
The older style markdown headers are used to match the headers printed
by the ClamConf tool, so that copy-pasted output from ClamConf looks
good in the bug report.
The milter default was not set correctly so it was starting
clamav-milter by default. Added default true/false settings for each of
the docker daemon environment variables.
Added command to entrypoint to change database directory ownership to
the clamav user, in case it is a mounted volume (which get root ownership
by default).
Removed the clamav user & group from the build image, as it isn't needed
until the base image.
Added announcement details and acknowledgements to the News document.
Added details to the Docker Readme describing:
- the tag naming convention
- how to mount database volumes
- various other tweaks
Fixed the path for the update script in the GitHub Action, and changed
from alpine-latest to ubuntu-latest, because alpine-latest doesn't seem
to be an option.
To reduce the need for constant database updates, also push a docker
image containing the virus database.
Ideally, this script is called every time a major virus database update
happens, but as that requires integration with other systems, lets start
by having a scheduled update.
To do this a github action workflow was added on a schedule that runs
once a month. It does require the proper secrets to be setup however and
made accessible.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Updates to fix issues in the CMake install instructions.
Updates the README.md to indicate that CMake is now preferred
Adds a GitHub Actions badge, Discord badge, and logo to the README.md.
CMake:
- Renamed ENABLE_DOCS to ENABLE_MAN_PAGES.
- Fixed build issue when milter isn't enabled on Linux. Changed the
default to build milter on non-macOS, non-Windows operating systems.
- Fix LD_LIBRARY_PATH for tests including on macOS where LD_LIBRARY_PATH
and DYLD_LIBRARY_PATH must be manually propagated to subprocesses.
- Use UNKNOWN IMPORTED library instead of INTERFACE IMPORTED library for
pdcurses, but still use INTERFACE IMPORTED for ncurses.
UNKNOWN IMPORTED appears to be required so that we can use
$<TARGET_FILE_DIR:Curses::curses> to collected the pdcurses library at
install time on Windows.
- When building with vcpkg on Windows, CMake will automatically install
your app local dependencies (aka the DLL runtime dependencies).
Meanwhile, file(GET_RUNTIME_DEPENDENCIES ...) doesn't appear to work
correctly with vcpkg packages. The solution is to use a custom target
that has CMake perform a local install to the unit_tests directory
when using vcpkg.
This is in fact far easier than using GET_RUNTIME_DEPENDENCIES in the
unit_tests for assembling the test environment but we can't use this
method for the non-vcpkg install because it won't collect
checkDynamic.dll for us because we don't install our tests.
We also can't link with the static check.lib because the static
check.lib has pthreads symbols linked in and will conflict with our
pthread.dll.
TL;DR: We'll continue to use file(GET_RUNTIME_DEPENDENCIES ...) for
assembling the test enviornment on non-vcpkg builds, and use the local
install method for vcpkg builds.
testcase.py: Wrapped a Pathlib.unlink() call in exception handling as
the missing_ok optional parameter requires a Python version too new for
common use.
Remove localtime_r from win32 compat lib.
localtime_r may be present in libcheck when building with vcpkg and
while making it a static function would also solve the issue, using
localtime_s instead like we do everywhere else should work just fine.
check_clamd: Limited the max # of connections for the stress test on Mac
to 850, to address issues found testing on macos-latest on GitHub Actions.
Micah Snyder