Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add clamav #60

Merged
merged 21 commits into from
Aug 1, 2024
Prev Previous commit
Next Next commit
update lib
  • Loading branch information
stavros-k committed Jul 31, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 499acb95f61235c65bf2c5d48724dfc9db69a717
2 changes: 1 addition & 1 deletion ix-dev/community/clamav/app.yaml
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@ keywords:
- anti-virus
- clamav
lib_version: 1.0.0
lib_version_hash: 04058cefffe4eeadb07035ab157987492a31d5708705d6b7153d262beb75a796
lib_version_hash: 66c98111180da566a3bcc9ee1d1be4f673356f453b5d97ee7c784c9a38ee9999
maintainers:
- email: [email protected]
name: truenas
7 changes: 7 additions & 0 deletions ix-dev/community/clamav/ix_values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
images:
image:
repository: clamav/clamav
tag: 1.0.1-2

consts:
clamav_container_name: clamav
Original file line number Diff line number Diff line change
@@ -51,7 +51,7 @@ def migrate_empty_dir_type(empty_dir):
"tmpfs_config": {"size": size},
}

return {"type": "anonymous"}
return {"type": "temporary"}


def migrate_ix_volume_type(ix_volume):
18 changes: 9 additions & 9 deletions ix-dev/community/clamav/templates/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -1,20 +1,16 @@

{% set clamav_container_name = "clamav" %}
{% set clamav_image = "clamav/clamav:1.0.1-2" %}

{# Stores storage items that contains info for volumes, vol mounts, perms dirs and perms mounts #}
{% set storage_items = namespace(items=[]) %}
{# Stores the top level volumes #}
{% set volumes = namespace(items={}) %}
{# Stores the container volume mounts #}
{% set volume_mounts = namespace(items=[]) %}

{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=dict(values.storage.sigdb, **{"mount_path": "/var/lib/clamav"}), ix_volumes=values.ix_volumes )) %}
{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=dict(values.storage.scandir, **{"mount_path": "/scandir"}), ix_volumes=values.ix_volumes )) %}
{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=dict(values.storage.sigdb, **{"mount_path": "/var/lib/clamav"}), values=values )) %}
{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=dict(values.storage.scandir, **{"mount_path": "/scandir"}), values=values )) %}
{% do storage_items.items.append(ix_lib.base.storage.storage_item(data={"type":"anonymous", "mount_path": "/tmp"})) %}

{% for store in values.storage.additional_storage %}
{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=store, ix_volumes=values.ix_volumes)) %}
{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=store, values=values)) %}
{% endfor %}

{# Add each item to the above lists #}
@@ -25,11 +21,12 @@

{# Containers #}
services:
{{ clamav_container_name }}:
image: {{ clamav_image }}
{{ values.consts.clamav_container_name }}:
image: {{ ix_lib.base.utils.get_image(images=values.images, name="image") }}
restart: unless-stopped
deploy:
resources: {{ ix_lib.base.resources.resources(values.resources) | tojson }}
devices: {{ ix_lib.base.resources.get_devices(values.resources) | tojson }}
{% if values.network.host_network %}
network_mode: host
{% endif %}
@@ -64,3 +61,6 @@ services:
{% if volumes.items %}
volumes: {{ volumes.items | tojson }}
{% endif %}

x-portals: {{ ix_lib.base.metadata.get_portals([]) | tojson }}
x-notes: {{ ix_lib.base.metadata.get_notes("ClamAV") | tojson }}
Original file line number Diff line number Diff line change
@@ -62,7 +62,6 @@ def get_portals(portals: list):
{
"name": name,
"scheme": scheme,
# TODO: Default to something else?
"host": portal.get("host", "0.0.0.0"),
"port": portal["port"],
"path": path,
68 changes: 47 additions & 21 deletions ix-dev/community/clamav/templates/library/base_v1_0_0/storage.py
Original file line number Diff line number Diff line change
@@ -4,14 +4,29 @@


BIND_TYPES = ["host_path", "ix_volume"]
VOL_TYPES = ["volume", "nfs", "cifs"]
VOL_TYPES = ["volume", "nfs", "cifs", "temporary"]
ALL_TYPES = BIND_TYPES + VOL_TYPES + ["tmpfs", "anonymous"]
PROPAGATION_TYPES = ["shared", "slave", "private", "rshared", "rslave", "rprivate"]


def _get_name_for_temporary(data):
if not data.get("mount_path"):
utils.throw_error("Expected [mount_path] to be set for temporary volume")

return (
data["mount_path"]
.lstrip("/")
.lower()
.replace("/", "_")
.replace(".", "_")
.replace(" ", "_")
)


# Returns a volume mount object (Used in container's "volumes" level)
def vol_mount(data, ix_volumes=None):
ix_volumes = ix_volumes or []
def vol_mount(data, values=None):
values = values or {}
ix_volumes = values.get("ix_volumes") or []
vol_type = _get_docker_vol_type(data)

volume = {
@@ -25,47 +40,59 @@ def vol_mount(data, ix_volumes=None):
volume.update(_get_volume_vol_config(data))
elif vol_type == "tmpfs":
volume.update(_get_tmpfs_vol_config(data))
elif vol_type == "temporary":
volume["type"] = "volume"
volume.update(_get_volume_vol_config(data))
elif vol_type == "anonymous":
volume["type"] = "volume"
volume.update(_get_anonymous_vol_config(data))

return volume


def storage_item(data, ix_volumes=None, perm_opts=None):
ix_volumes = ix_volumes or []
def storage_item(data, values=None, perm_opts=None):
values = values or {}
perm_opts = perm_opts or {}
if data.get("type") == "temporary":
data.update({"volume_name": _get_name_for_temporary(data)})
return {
"vol_mount": vol_mount(data, ix_volumes),
"vol_mount": vol_mount(data, values),
"vol": vol(data),
"perms_item": perms_item(data, ix_volumes, perm_opts) if perm_opts else {},
"perms_item": perms_item(data, values, perm_opts) if perm_opts else {},
}


def perms_item(data, ix_volumes, opts=None):
def perms_item(data, values=None, opts=None):
opts = opts or {}
values = values or {}
ix_context = values.get("ix_context") or {}
vol_type = data.get("type", "")

# Temp volumes are always auto permissions
if vol_type == "temporary":
data.update({"auto_permissions": True})

# If its ix_volume and we are installing, we need to set auto permissions
if vol_type == "ix_volume" and ix_context.get("is_install", False):
data.update({"auto_permissions": True})

if not data.get("auto_permissions"):
return {}

if data.get("type") == "host_path":
if vol_type == "host_path":
if data.get("host_path_config", {}).get("acl_enable", False):
return {}
if data.get("type") == "ix_volume":
if vol_type == "ix_volume":
if data.get("ix_volume_config", {}).get("acl_enable", False):
return {}

if not ix_volumes:
ix_volumes = []

req_keys = ["mount_path", "mode", "uid", "gid"]
for key in req_keys:
if not opts.get(key):
utils.throw_error(
f"Expected opts passed to [perms_item] to have [{key}] key"
)
utils.throw_error(f"Expected opts passed to [perms_item] to have [{key}] key")

data.update({"mount_path": opts["mount_path"]})
volume_mount = vol_mount(data, ix_volumes)
volume_mount = vol_mount(data, values)

return {
"vol_mount": volume_mount,
@@ -74,7 +101,8 @@ def perms_item(data, ix_volumes, opts=None):
"mode": opts["mode"],
"uid": opts["uid"],
"gid": opts["gid"],
"chmod": opts.get("chmod", ""),
"chmod": opts.get("chmod", "false"),
"is_temporary": data["type"] == "temporary",
},
}

@@ -306,9 +334,7 @@ def _process_nfs(data):
opts = [f"addr={data['nfs_config']['server']}"]
if data["nfs_config"].get("options"):
if not isinstance(data["nfs_config"]["options"], list):
utils.throw_error(
"Expected [nfs_config.options] to be a list for [nfs] type"
)
utils.throw_error("Expected [nfs_config.options] to be a list for [nfs] type")

disallowed_opts = ["addr"]
for opt in data["nfs_config"]["options"]:
11 changes: 11 additions & 0 deletions ix-dev/community/clamav/templates/library/base_v1_0_0/utils.py
Original file line number Diff line number Diff line change
@@ -57,3 +57,14 @@ def is_number(string):
return True
except ValueError:
return False


def get_image(images={}, name=""):
if not images:
throw_error("Expected [images] to be set")
if name not in images:
throw_error(f"Expected [images.{name}] to be set")
if not images[name].get("repository") or not images[name].get("tag"):
throw_error(f"Expected [images.{name}.repository] and [images.{name}.tag] to be set")

return f"{images[name]['repository']}:{images[name]['tag']}"
Original file line number Diff line number Diff line change
@@ -25,7 +25,7 @@ command:
- |
{{- process_dir_func() | indent(4) }}
{%- for item in items %}
process_dir {{ item.dir }} {{ item.mode }} {{ item.uid }} {{ item.gid }} {{ item.chmod }}
process_dir {{ item.dir }} {{ item.mode }} {{ item.uid }} {{ item.gid }} {{ item.chmod }} {{ item.is_temporary|lower }}
{%- endfor %}
{% endmacro %}

Original file line number Diff line number Diff line change
@@ -10,6 +10,7 @@ function process_dir() {
local uid=$$3
local gid=$$4
local chmod=$$5
local is_temporary=$$6

local fix_owner="false"
local fix_perms="false"
@@ -19,6 +20,11 @@ function process_dir() {
exit 0
fi

if [ "$$is_temporary" = "true" ]; then
echo "Path [$$dir] is a temporary directory, ensuring it is empty..."
rm -rf "$$dir/{*,.*}"
fi

echo "Current Ownership and Permissions on [$$dir]:"
echo "chown: $$(stat -c "%u %g" "$$dir")"
echo "chmod: $$(stat -c "%a" "$$dir")"
@@ -37,7 +43,9 @@ function process_dir() {
fix_owner="true"
fi

if [ -n "$$chmod" ]; then
if [ "$$chmod" = "false" ]; then
echo "Skipping permissions check, chmod is false"
elif [ -n "$$chmod" ]; then
if [ $$(stat -c %a "$$dir") -eq $$chmod ]; then
echo "Permissions are correct. Skipping..."
fix_perms="false"
@@ -47,6 +55,7 @@ function process_dir() {
fi
fi
fi

if [ "$$fix_owner" = "true" ]; then
echo "Changing ownership to $$uid:$$gid on: [$$dir]"
chown -R "$$uid:$$gid" "$$dir"
Loading