clammit: new software release

Clammit is an HTTP interface to the ClamAV virus scanner

clammit: new software release
Clammit is an HTTP interface to the ClamAV virus scanner
aef9c84f · Nicolas Wavrant · 8e217ba2 · aef9c84f · aef9c84f · aef9c84f
Commit aef9c84f authored Jul 11, 2024 by Nicolas Wavrant
7 changed files
--- a/component/clammit/buildout.cfg
+++ b/component/clammit/buildout.cfg
+[buildout]
+extends =
+  ../git/buildout.cfg
+  ../golang/buildout.cfg
+
+parts =
+  clammit
+
+[clammit-repository]
+<= go-git-package
+go.importpath = github.com/ifad/clammit
+repository    = https://github.com/ifad/clammit.git
+revision      = v0.8.1
+
+[gowork]
+install =
+# We need a repository here, instead of a URL
+# (github.com/ifad/clammit@v0.8.1), as the module
+# definition in the go.mod is wrong (see
+# https://github.com/ifad/clammit/pull/38)
+    ${clammit-repository:location}:./...
--- a/software/clammit/buildout.hash.cfg
+++ b/software/clammit/buildout.hash.cfg
+# THIS IS NOT A BUILDOUT FILE, despite purposedly using a compatible syntax.
+# The only allowed lines here are (regexes):
+# - "^#" comments, copied verbatim
+# - "^[" section beginings, copied verbatim
+# - lines containing an "=" sign which must fit in the following categorie.
+#   - "^\s*filename\s*=\s*path\s*$" where "path" is relative to this file
+#     Copied verbatim.
+#   - "^\s*hashtype\s*=.*" where "hashtype" is one of the values supported
+#     by the re-generation script.
+#     Re-generated.
+# - other lines are copied verbatim
+# Substitution (${...:...}), extension ([buildout] extends = ...) and
+# section inheritance (< = ...) are NOT supported (but you should really
+# not need these here).
+
+[instance.cfg.in]
+filename = instance.cfg.in
+md5sum = 4cb16b15f88d7afd50a72fe7c0e175da
+
+[clamd.conf.in]
+filename = clamd.conf.in
+md5sum = ea04b5aab8ae5302d16227d5121af256
+
+[freshclam.conf.in]
+filename = freshclam.conf.in
+md5sum = fb87755b97e230e5d499c1d8fb9762a9
+
+[clammit.conf.in]
+filename = clammit.conf.in
+md5sum = b32336982401088d58b9a9938c37742f
--- a/software/clammit/clamd.conf.in
+++ b/software/clammit/clamd.conf.in
+Foreground yes
+LogFile {{ clamconfig["clamd-log-file"] }}
+LogRotate no
+LogTime yes
+PidFile {{ clamconfig["clamd-pid-file"] }}
+LocalSocket {{ clamconfig["clamd-socket-file"] }}
+DatabaseDirectory {{ clamconfig["clam-database-directory"] }}
+TemporaryDirectory {{ clamconfig["clamd-temporary-directory"] }}
+LocalSocketMode 660
+ReadTimeout 30
+# MaxScanTime is in milliseconds.
+MaxScanTime 60000
--- a/software/clammit/clammit.conf.in
+++ b/software/clammit/clammit.conf.in
+[ application ]
+listen            = {{ clamconfig["clammit-listen-address"] }}:{{ clamconfig["clammit-listen-port"] }}
+clamd-url         = {{ clamconfig["clamd-socket-file"] }}
+virus-status-code = 418
+log-file          = {{ clamconfig["clammit-log-file"] }}
--- a/software/clammit/freshclam.conf.in
+++ b/software/clammit/freshclam.conf.in
+Foreground yes
+DatabaseDirectory {{ clamconfig["clam-database-directory"] }}
+UpdateLogFile {{ clamconfig["freshclam-log-file"] }}
+LogRotate no
+LogTime yes
+PidFile {{ clamconfig["freshclam-pid-file"] }}
+DatabaseMirror database.clamav.net
+NotifyClamd {{ clamd_config_file }}
--- a/software/clammit/instance.cfg.in
+++ b/software/clammit/instance.cfg.in
+[buildout]
+
+extends =
+  {{ template_logrotate_base }}
+
+parts =
+  ${:clamd-parts}
+  ${:freshclam-parts}
+  ${:clammit-parts}
+  ${:frontend-parts}
+  cron-entry-logrotate
+  publish-connection-parameter
+
+clamd-parts =
+  clamd
+  clamd-logrotate
+freshclam-parts =
+  freshclam
+  freshclam-cron
+  freshclam-logrotate
+clammit-parts =
+  clammit
+  clammit-port-listening-promise
+frontend-parts =
+  frontend
+  frontend-promise
+
+eggs-directory = {{ buildout['eggs-directory'] }}
+develop-eggs-directory = {{ buildout['develop-eggs-directory'] }}
+offline = true
+
+[instance-parameter]
+recipe = slapos.cookbook:slapconfiguration
+computer = ${slap-connection:computer-id}
+partition = ${slap-connection:partition-id}
+url = ${slap-connection:server-url}
+key = ${slap-connection:key-file}
+cert = ${slap-connection:cert-file}
+
+[publish-connection-parameter]
+recipe = slapos.cookbook:publish
+url = ${frontend-config:url}
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+home = ${buildout:directory}
+etc = ${:home}/etc
+etc.promise = ${:etc}/promise
+etc.run = ${:etc}/run
+etc.service = ${:etc}/service
+srv = ${:home}/srv
+tmp = ${:home}/tmp
+var = ${:home}/var
+var.clamdb = ${:var}/clamdb
+var.log = ${:var}/log
+var.run = ${:var}/run
+
+[clam-config]
+clam-database-directory = ${directory:var.clamdb}
+clamd-log-file = ${directory:var.log}/clamd.log
+clamd-pid-file = ${directory:var.run}/clamd.pid
+clamd-socket-file = ${directory:var.run}/clamd.sock
+clamd-temporary-directory = ${directory:tmp}
+freshclam-log-file = ${directory:var.log}/freshclam.log
+freshclam-pid-file = ${directory:var.run}/freshclam.pid
+clammit-log-file = ${directory:var.log}/clammit.log
+clammit-listen-address = ${instance-parameter:ipv4-random}
+clammit-listen-port = 8438
+clammit-url = http://${:clammit-listen-address}:${:clammit-listen-port}
+
+################################################################################
+# Clamd
+################################################################################
+
+[clamd.conf]
+recipe = slapos.recipe.template:jinja2
+output = ${directory:etc}/clamd.conf
+url = {{ clamd_conf_path }}
+context =
+  section clamconfig clam-config
+
+[clamd]
+recipe = slapos.cookbook:wrapper
+command-line = {{ clamav.location }}/sbin/clamd --config-file ${clamd.conf:output}
+wrapper-path = ${directory:etc.service}/${:_buildout_section_name_}
+hash-files =
+  ${clamd.conf:output}
+hash-existing-files =
+  {{ buildout.directory }}/.completed
+
+[clamd-logrotate]
+<= logrotate-entry-base
+name = clamd
+log = ${clam-config:clamd-log-file}
+post = {{ buildout.directory }}/bin/slapos-kill --pidfile ${clam-config:clamd-pid-file} -s SIGHUP
+
+################################################################################
+# Freshclam
+################################################################################
+
+[freshclam.conf]
+recipe = slapos.recipe.template:jinja2
+output = ${directory:etc}/freshclam.conf
+url = {{ freshclam_conf_path }}
+context =
+  section clamconfig clam-config
+  key clamd_config_file clamd.conf:output
+
+[freshclam]
+recipe = slapos.cookbook:wrapper
+command-line = {{ clamav.location }}/bin/freshclam --config-file ${freshclam.conf:output}
+wrapper-path = ${directory:etc.run}/${:_buildout_section_name_}
+
+[freshclam-cron]
+recipe = slapos.cookbook:cron.d
+time = daily
+cron-entries = ${cron:cron-entries}
+name = freshclam
+command = {{ clamav.location }}/bin/freshclam --config-file ${freshclam.conf:output}
+
+[freshclam-logrotate]
+<= logrotate-entry-base
+name = freshclam
+log = ${clam-config:freshclam-log-file}
+
+################################################################################
+# Clammit
+################################################################################
+
+[clammit.conf]
+recipe = slapos.recipe.template:jinja2
+output = ${directory:etc}/clammit.conf
+url = {{ clammit_conf_path }}
+context =
+  section clamconfig clam-config
+  key database_directory directory:var.clamdb
+
+[clammit]
+recipe = slapos.cookbook:wrapper
+command-line = {{ clammit_bin }} -config ${clammit.conf:output}
+wrapper-path = ${directory:etc.service}/${:_buildout_section_name_}
+hash-files =
+  ${clammit.conf:output}
+hash-existing-files =
+  {{ buildout.directory }}/.completed
+
+[clammit-port-listening-promise]
+recipe = slapos.cookbook:check_port_listening
+path = ${directory:etc.promise}/${:_buildout_section_name_}
+hostname= ${clam-config:clammit-listen-address}
+port = ${clam-config:clammit-listen-port}
+
+################################################################################
+# Local frontend
+################################################################################
+
+[frontend-config]
+address = ${instance-parameter:ipv6-random}
+port = 3000
+url = https://[${:address}]:${:port}
+socket = ${directory:var.run}/haproxy.sock
+user = admin
+password = ${frontend-password:passwd}
+
+[frontend-password]
+recipe = slapos.cookbook:generate.password
+username = admin
+
+[frontend-certificate]
+recipe = plone.recipe.command
+command =
+  if [ ! -e ${:cert-file} ]
+  then
+    {{ openssl.location }}/bin/openssl req -x509 -nodes -sha256 -days 3650 \
+      -subj "/C=AA/ST=X/L=X/O=Dis/CN=${:common-name}" \
+      -newkey rsa -keyout ${:cert-file} \
+      -out ${:cert-file}
+  fi
+update-command = ${:command}
+cert-file = ${directory:var}/${:_buildout_section_name_}.pem
+common-name = ${frontend-config:address}
+location =
+  ${:cert-file}
+
+[haproxy.conf]
+recipe = slapos.recipe.template:jinja2
+url = {{ haproxy_conf_path }}
+output = ${directory:etc}/${:_buildout_section_name_}
+context =
+  key pidfile :pidfile
+  key content :content
+content =
+  frontend listener
+    mode http
+    bind [${frontend-config:address}]:${frontend-config:port} ssl crt ${frontend-certificate:cert-file} alpn h2,http/1.1
+    default_backend servers
+  backend servers
+    server app ${clam-config:clammit-listen-address}:${clam-config:clammit-listen-port} check
+pidfile = ${directory:var.run}/haproxy.pid
+
+[frontend]
+recipe = slapos.cookbook:wrapper
+wrapper-path = ${directory:etc.service}/${:_buildout_section_name_}
+command-line =
+  {{ haproxy.location }}/sbin/haproxy -f ${haproxy.conf:output}
+hash-files = ${haproxy.conf:output}
+
+[frontend-promise]
+recipe = slapos.cookbook:check_url_available
+path = ${directory:etc.promise}/${:_buildout_section_name_}.py
+url = ${frontend-config:url}/clammit/readyz
+dash_path = {{ dash.location }}/bin/dash
+curl_path = {{ curl.location }}/bin/curl
--- a/software/clammit/software.cfg
+++ b/software/clammit/software.cfg
+[buildout]
+extends =
+  ../../component/clamav/buildout.cfg
+  ../../component/clammit/buildout.cfg
+  ../../component/curl/buildout.cfg
+  ../../component/dash/buildout.cfg
+  ../../stack/haproxy/default-backend.cfg
+  ../../stack/logrotate/buildout.cfg
+  ../../stack/slapos.cfg
+  buildout.hash.cfg
+
+parts =
+  slapos-cookbook
+  instance.cfg.in
+
+[instance.cfg.in]
+recipe = slapos.recipe.template:jinja2
+output = ${buildout:directory}/instance.cfg
+url = ${:_profile_base_location_}/${:filename}
+context =
+  section buildout buildout
+  section openssl openssl
+  section clamav clamav
+  section haproxy haproxy
+  section curl curl
+  section dash dash
+  raw clammit_bin ${gowork:bin}/clammit
+  key clamd_conf_path clamd.conf.in:target
+  key freshclam_conf_path freshclam.conf.in:target
+  key clammit_conf_path clammit.conf.in:target
+  key template_logrotate_base template-logrotate-base:output
+  key haproxy_conf_path stack-haproxy-default-backend-config:target
+
+[download-base]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/${:filename}
+
+[clamd.conf.in]
+<= download-base
+
+[freshclam.conf.in]
+<= download-base
+
+[clammit.conf.in]
+<= download-base