From 9488b6fd43de9a9274b0dbd36e2758550dd7cad3 Mon Sep 17 00:00:00 2001 From: Ruben Maher Date: Sat, 18 Aug 2018 13:41:48 +0930 Subject: ci: store Clamav DB in LFS Fix #136 (stop pulling the files from @griff's poor server), also add a script to update the files. The fun thing about this is that due to sourcing the files from `https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/raw/master/tests/clamav` during the tests, updates to the `hashes.json` and `*.cvd` files will always fail CI. I guess this is a reasonable tradeoff as long as people are aware of it. --- .gitattributes | 1 - shell.nix | 9 +++++++++ tests/clamav.nix | 20 ++++++++++++-------- tests/clamav/.gitattributes | 1 + tests/clamav/.gitignore | 1 + tests/clamav/bytecode.cvd | 3 +++ tests/clamav/daily.cvd | 3 +++ tests/clamav/freshclam.conf | 1 + tests/clamav/hashes.json | 5 +++++ tests/clamav/main.cvd | 3 +++ tests/clamav/update-clamav-database.sh | 15 +++++++++++++++ 11 files changed, 53 insertions(+), 9 deletions(-) delete mode 100644 .gitattributes create mode 100644 shell.nix create mode 100644 tests/clamav/.gitattributes create mode 100644 tests/clamav/.gitignore create mode 100644 tests/clamav/bytecode.cvd create mode 100644 tests/clamav/daily.cvd create mode 100644 tests/clamav/freshclam.conf create mode 100644 tests/clamav/hashes.json create mode 100644 tests/clamav/main.cvd create mode 100755 tests/clamav/update-clamav-database.sh diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index 2e6588b..0000000 --- a/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.cvd filter=lfs diff=lfs merge=lfs -text diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..2c0d7f6 --- /dev/null +++ b/shell.nix @@ -0,0 +1,9 @@ +{ nixpkgs ? , system ? builtins.currentSystem }: + +with (import nixpkgs { inherit system; }); stdenv.mkDerivation rec { + name = "nixos-mailserver-env"; + env = buildEnv { name = name; paths = buildInputs; }; + buildInputs = with pkgs; [ + jq clamav + ]; +} diff --git a/tests/clamav.nix b/tests/clamav.nix index 166a5f8..49f3c07 100644 --- a/tests/clamav.nix +++ b/tests/clamav.nix @@ -19,13 +19,17 @@ import { nodes = { server = { config, pkgs, lib, ... }: let - clamav-db = pkgs.srcOnly { - name = "ClamAV-db"; + clamav-db-files = lib.mapAttrs (name: value: pkgs.stdenv.mkDerivation rec { + inherit name; + src = pkgs.fetchurl { - url = "https://files.griff.name/ClamAV-db.tar"; - sha256 = "eecad99f4c071d216bd91565f84c0d90a1f93e5e3e22d8f3087686ba3bd219e7"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/raw/master/tests/clamav/${name}"; + sha256 = value; }; - }; + + unpackPhase = "true"; # don't try to unpack the raw .cvd files + installPhase = "cp $src $out"; + }) (builtins.fromJSON (builtins.readFile ./clamav/hashes.json)); in { imports = [ @@ -53,9 +57,9 @@ import { ''; script = '' - cp ${clamav-db}/bytecode.cvd /var/lib/clamav/ - cp ${clamav-db}/main.cvd /var/lib/clamav/ - cp ${clamav-db}/daily.cvd /var/lib/clamav/ + cp ${clamav-db-files."bytecode.cvd"} /var/lib/clamav/ + cp ${clamav-db-files."main.cvd"} /var/lib/clamav/ + cp ${clamav-db-files."daily.cvd"} /var/lib/clamav/ chown clamav:clamav /var/lib/clamav/* ''; diff --git a/tests/clamav/.gitattributes b/tests/clamav/.gitattributes new file mode 100644 index 0000000..054ac19 --- /dev/null +++ b/tests/clamav/.gitattributes @@ -0,0 +1 @@ +*cvd filter=lfs diff=lfs merge=lfs -text diff --git a/tests/clamav/.gitignore b/tests/clamav/.gitignore new file mode 100644 index 0000000..c5797d6 --- /dev/null +++ b/tests/clamav/.gitignore @@ -0,0 +1 @@ +mirrors.dat diff --git a/tests/clamav/bytecode.cvd b/tests/clamav/bytecode.cvd new file mode 100644 index 0000000..c0f3ab6 --- /dev/null +++ b/tests/clamav/bytecode.cvd @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a6800da4e3740b611e4f8a8e835be4a867abf8009af502e5bbf038d3ad162fa8 +size 187426 diff --git a/tests/clamav/daily.cvd b/tests/clamav/daily.cvd new file mode 100644 index 0000000..309e02a --- /dev/null +++ b/tests/clamav/daily.cvd @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:da96006e191412806bac1a2cef5d48ed0ec1b46efa150cf0aa6c27e734f4c4f8 +size 49476126 diff --git a/tests/clamav/freshclam.conf b/tests/clamav/freshclam.conf new file mode 100644 index 0000000..3d9ca5f --- /dev/null +++ b/tests/clamav/freshclam.conf @@ -0,0 +1 @@ +DatabaseMirror database.clamav.net diff --git a/tests/clamav/hashes.json b/tests/clamav/hashes.json new file mode 100644 index 0000000..54895d3 --- /dev/null +++ b/tests/clamav/hashes.json @@ -0,0 +1,5 @@ +{ + "bytecode.cvd": "a6800da4e3740b611e4f8a8e835be4a867abf8009af502e5bbf038d3ad162fa8", + "daily.cvd": "da96006e191412806bac1a2cef5d48ed0ec1b46efa150cf0aa6c27e734f4c4f8", + "main.cvd": "081884225087021e718599e8458ff6c9ee3cdebed8775dd8e445fc7b589d88a6" +} diff --git a/tests/clamav/main.cvd b/tests/clamav/main.cvd new file mode 100644 index 0000000..50b4ac5 --- /dev/null +++ b/tests/clamav/main.cvd @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:081884225087021e718599e8458ff6c9ee3cdebed8775dd8e445fc7b589d88a6 +size 117892267 diff --git a/tests/clamav/update-clamav-database.sh b/tests/clamav/update-clamav-database.sh new file mode 100755 index 0000000..91f1ce1 --- /dev/null +++ b/tests/clamav/update-clamav-database.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +cd "$(dirname "${0}")" + +rm ./*.cvd hashes.json || : + +freshclam --datadir=. --config-file=freshclam.conf +(for i in ./*.cvd; + do echo '{}' | + jq --arg path "$(basename "${i}")" \ + --arg sha256sum "$(sha256sum "${i}" | awk '{ print $1; }')" \ + '.[$path] = $sha256sum'; done) | + jq -s add > hashes.json -- cgit v1.2.3