update lib

ix-dev/community/clamav/app.yaml

@@ -20,7 +20,7 @@ keywords:
 - anti-virus
 - clamav
 lib_version: 1.0.0
-lib_version_hash: 04058cefffe4eeadb07035ab157987492a31d5708705d6b7153d262beb75a796
+lib_version_hash: 66c98111180da566a3bcc9ee1d1be4f673356f453b5d97ee7c784c9a38ee9999
 maintainers:
 - email: [email protected]
   name: truenas

ix-dev/community/clamav/ix_values.yaml

@@ -0,0 +1,7 @@
+images:
+  image:
+    repository: clamav/clamav
+    tag: 1.0.1-2
+
+consts:
+  clamav_container_name: clamav

ix-dev/community/clamav/migrations/migration_helpers/storage.py

@@ -51,7 +51,7 @@ def migrate_empty_dir_type(empty_dir):
             "tmpfs_config": {"size": size},
         }
 
-    return {"type": "anonymous"}
+    return {"type": "temporary"}
 
 
 def migrate_ix_volume_type(ix_volume):

ix-dev/community/clamav/templates/docker-compose.yaml

@@ -1,20 +1,16 @@
-
-{% set clamav_container_name = "clamav" %}
-{% set clamav_image = "clamav/clamav:1.0.1-2" %}
-
 {# Stores storage items that contains info for volumes, vol mounts, perms dirs and perms mounts #}
 {% set storage_items = namespace(items=[]) %}
 {# Stores the top level volumes #}
 {% set volumes = namespace(items={}) %}
 {# Stores the container volume mounts #}
 {% set volume_mounts = namespace(items=[]) %}
 
-{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=dict(values.storage.sigdb, **{"mount_path": "/var/lib/clamav"}), ix_volumes=values.ix_volumes )) %}
-{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=dict(values.storage.scandir, **{"mount_path": "/scandir"}), ix_volumes=values.ix_volumes )) %}
+{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=dict(values.storage.sigdb, **{"mount_path": "/var/lib/clamav"}), values=values )) %}
+{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=dict(values.storage.scandir, **{"mount_path": "/scandir"}), values=values )) %}
 {% do storage_items.items.append(ix_lib.base.storage.storage_item(data={"type":"anonymous", "mount_path": "/tmp"})) %}
 
 {% for store in values.storage.additional_storage %}
-  {% do storage_items.items.append(ix_lib.base.storage.storage_item(data=store, ix_volumes=values.ix_volumes)) %}
+  {% do storage_items.items.append(ix_lib.base.storage.storage_item(data=store, values=values)) %}
 {% endfor %}
 
 {# Add each item to the above lists #}
@@ -25,11 +21,12 @@
 
 {# Containers #}
 services:
-  {{ clamav_container_name }}:
-    image: {{ clamav_image }}
+  {{ values.consts.clamav_container_name }}:
+    image: {{ ix_lib.base.utils.get_image(images=values.images, name="image") }}
     restart: unless-stopped
     deploy:
       resources: {{ ix_lib.base.resources.resources(values.resources) | tojson }}
+    devices: {{ ix_lib.base.resources.get_devices(values.resources) | tojson }}
     {% if values.network.host_network %}
     network_mode: host
     {% endif %}
@@ -64,3 +61,6 @@ services:
 {% if volumes.items %}
 volumes: {{ volumes.items | tojson }}
 {% endif %}
+
+x-portals: {{ ix_lib.base.metadata.get_portals([]) | tojson }}
+x-notes: {{ ix_lib.base.metadata.get_notes("ClamAV") | tojson }}

ix-dev/community/clamav/templates/library/base_v1_0_0/metadata.py

@@ -62,7 +62,6 @@ def get_portals(portals: list):
             {
                 "name": name,
                 "scheme": scheme,
-                # TODO: Default to something else?
                 "host": portal.get("host", "0.0.0.0"),
                 "port": portal["port"],
                 "path": path,

ix-dev/community/clamav/templates/library/base_v1_0_0/storage.py

@@ -4,14 +4,29 @@
 
 
 BIND_TYPES = ["host_path", "ix_volume"]
-VOL_TYPES = ["volume", "nfs", "cifs"]
+VOL_TYPES = ["volume", "nfs", "cifs", "temporary"]
 ALL_TYPES = BIND_TYPES + VOL_TYPES + ["tmpfs", "anonymous"]
 PROPAGATION_TYPES = ["shared", "slave", "private", "rshared", "rslave", "rprivate"]
 
 
+def _get_name_for_temporary(data):
+    if not data.get("mount_path"):
+        utils.throw_error("Expected [mount_path] to be set for temporary volume")
+
+    return (
+        data["mount_path"]
+        .lstrip("/")
+        .lower()
+        .replace("/", "_")
+        .replace(".", "_")
+        .replace(" ", "_")
+    )
+
+
 # Returns a volume mount object (Used in container's "volumes" level)
-def vol_mount(data, ix_volumes=None):
-    ix_volumes = ix_volumes or []
+def vol_mount(data, values=None):
+    values = values or {}
+    ix_volumes = values.get("ix_volumes") or []
     vol_type = _get_docker_vol_type(data)
 
     volume = {
@@ -25,47 +40,59 @@ def vol_mount(data, ix_volumes=None):
         volume.update(_get_volume_vol_config(data))
     elif vol_type == "tmpfs":
         volume.update(_get_tmpfs_vol_config(data))
+    elif vol_type == "temporary":
+        volume["type"] = "volume"
+        volume.update(_get_volume_vol_config(data))
     elif vol_type == "anonymous":
         volume["type"] = "volume"
         volume.update(_get_anonymous_vol_config(data))
 
     return volume
 
 
-def storage_item(data, ix_volumes=None, perm_opts=None):
-    ix_volumes = ix_volumes or []
+def storage_item(data, values=None, perm_opts=None):
+    values = values or {}
     perm_opts = perm_opts or {}
+    if data.get("type") == "temporary":
+        data.update({"volume_name": _get_name_for_temporary(data)})
     return {
-        "vol_mount": vol_mount(data, ix_volumes),
+        "vol_mount": vol_mount(data, values),
         "vol": vol(data),
-        "perms_item": perms_item(data, ix_volumes, perm_opts) if perm_opts else {},
+        "perms_item": perms_item(data, values, perm_opts) if perm_opts else {},
     }
 
 
-def perms_item(data, ix_volumes, opts=None):
+def perms_item(data, values=None, opts=None):
     opts = opts or {}
+    values = values or {}
+    ix_context = values.get("ix_context") or {}
+    vol_type = data.get("type", "")
+
+    # Temp volumes are always auto permissions
+    if vol_type == "temporary":
+        data.update({"auto_permissions": True})
+
+    # If its ix_volume and we are installing, we need to set auto permissions
+    if vol_type == "ix_volume" and ix_context.get("is_install", False):
+        data.update({"auto_permissions": True})
+
     if not data.get("auto_permissions"):
         return {}
 
-    if data.get("type") == "host_path":
+    if vol_type == "host_path":
         if data.get("host_path_config", {}).get("acl_enable", False):
             return {}
-    if data.get("type") == "ix_volume":
+    if vol_type == "ix_volume":
         if data.get("ix_volume_config", {}).get("acl_enable", False):
             return {}
 
-    if not ix_volumes:
-        ix_volumes = []
-
     req_keys = ["mount_path", "mode", "uid", "gid"]
     for key in req_keys:
         if not opts.get(key):
-            utils.throw_error(
-                f"Expected opts passed to [perms_item] to have [{key}] key"
-            )
+            utils.throw_error(f"Expected opts passed to [perms_item] to have [{key}] key")
 
     data.update({"mount_path": opts["mount_path"]})
-    volume_mount = vol_mount(data, ix_volumes)
+    volume_mount = vol_mount(data, values)
 
     return {
         "vol_mount": volume_mount,
@@ -74,7 +101,8 @@ def perms_item(data, ix_volumes, opts=None):
             "mode": opts["mode"],
             "uid": opts["uid"],
             "gid": opts["gid"],
-            "chmod": opts.get("chmod", ""),
+            "chmod": opts.get("chmod", "false"),
+            "is_temporary": data["type"] == "temporary",
         },
     }
 
@@ -306,9 +334,7 @@ def _process_nfs(data):
     opts = [f"addr={data['nfs_config']['server']}"]
     if data["nfs_config"].get("options"):
         if not isinstance(data["nfs_config"]["options"], list):
-            utils.throw_error(
-                "Expected [nfs_config.options] to be a list for [nfs] type"
-            )
+            utils.throw_error("Expected [nfs_config.options] to be a list for [nfs] type")
 
         disallowed_opts = ["addr"]
         for opt in data["nfs_config"]["options"]:

ix-dev/community/clamav/templates/library/base_v1_0_0/utils.py

@@ -57,3 +57,14 @@ def is_number(string):
         return True
     except ValueError:
         return False
+
+
+def get_image(images={}, name=""):
+    if not images:
+        throw_error("Expected [images] to be set")
+    if name not in images:
+        throw_error(f"Expected [images.{name}] to be set")
+    if not images[name].get("repository") or not images[name].get("tag"):
+        throw_error(f"Expected [images.{name}.repository] and [images.{name}.tag] to be set")
+
+    return f"{images[name]['repository']}:{images[name]['tag']}"

ix-dev/community/clamav/templates/macros/global/perms/container.yaml.jinja

@@ -25,7 +25,7 @@ command:
   - |
     {{- process_dir_func() | indent(4) }}
     {%- for item in items %}
-    process_dir {{ item.dir }} {{ item.mode }} {{ item.uid }} {{ item.gid }} {{ item.chmod }}
+    process_dir {{ item.dir }} {{ item.mode }} {{ item.uid }} {{ item.gid }} {{ item.chmod }} {{ item.is_temporary|lower }}
     {%- endfor %}
 {% endmacro %}
 

ix-dev/community/clamav/templates/macros/global/perms/script.sh.jinja

@@ -10,6 +10,7 @@ function process_dir() {
   local uid=$$3
   local gid=$$4
   local chmod=$$5
+  local is_temporary=$$6
 
   local fix_owner="false"
   local fix_perms="false"
@@ -19,6 +20,11 @@ function process_dir() {
     exit 0
   fi
 
+  if [ "$$is_temporary" = "true" ]; then
+    echo "Path [$$dir] is a temporary directory, ensuring it is empty..."
+    rm -rf "$$dir/{*,.*}"
+  fi
+
   echo "Current Ownership and Permissions on [$$dir]:"
   echo "chown: $$(stat -c "%u %g" "$$dir")"
   echo "chmod: $$(stat -c "%a" "$$dir")"
@@ -37,7 +43,9 @@ function process_dir() {
       fix_owner="true"
     fi
 
-    if [ -n "$$chmod" ]; then
+    if [ "$$chmod" = "false" ]; then
+      echo "Skipping permissions check, chmod is false"
+    elif [ -n "$$chmod" ]; then
       if [ $$(stat -c %a "$$dir") -eq $$chmod ]; then
         echo "Permissions are correct. Skipping..."
         fix_perms="false"
@@ -47,6 +55,7 @@ function process_dir() {
       fi
     fi
   fi
+
   if [ "$$fix_owner" = "true" ]; then
     echo "Changing ownership to $$uid:$$gid on: [$$dir]"
     chown -R "$$uid:$$gid" "$$dir"