From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1120711-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id B0D8C138335
	for <garchives@archives.gentoo.org>; Wed,  6 Nov 2019 15:58:02 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id DA49FE0A0B;
	Wed,  6 Nov 2019 15:58:01 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id B1619E0A0B
	for <gentoo-commits@lists.gentoo.org>; Wed,  6 Nov 2019 15:58:01 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 707F134C997
	for <gentoo-commits@lists.gentoo.org>; Wed,  6 Nov 2019 15:58:00 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 95ABC7F9
	for <gentoo-commits@lists.gentoo.org>; Wed,  6 Nov 2019 15:57:58 +0000 (UTC)
From: "Michael Orlitzky" <mjo@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Michael Orlitzky" <mjo@gentoo.org>
Message-ID: <1573055814.2637f7bdf5ca4b984e24294ff39ceedb5cfbea58.mjo@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav-unofficial-sigs/files/, ...
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond app-antivirus/clamav-unofficial-sigs/metadata.xml
X-VCS-Directories: app-antivirus/clamav-unofficial-sigs/ app-antivirus/clamav-unofficial-sigs/files/
X-VCS-Committer: mjo
X-VCS-Committer-Name: Michael Orlitzky
X-VCS-Revision: 2637f7bdf5ca4b984e24294ff39ceedb5cfbea58
X-VCS-Branch: master
Date: Wed,  6 Nov 2019 15:57:58 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: be37c1e1-6993-494b-8304-f581b9568d46
X-Archives-Hash: 6df8c3f2aea43e71ae43ea07f4416492

commit:     2637f7bdf5ca4b984e24294ff39ceedb5cfbea58
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  6 15:10:57 2019 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Nov  6 15:56:54 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2637f7bd

app-antivirus/clamav-unofficial-sigs: new revision with a cron job.

This update script needs to run as a restricted user, with bash as its
shell, and with a real home directory to prevent cron errors in the
logs. The best way to do that seems to be to install a custom job
into /etc/cron.d that sets the HOME and SHELL variables.

This new revision provides a cron job that works as documentation, and
adds a new USE=cron flag to install it. The default is NOT to install
it because /etc/cron.d is not 100% standard, and the update script
needs to be configured before it will work.

Closes: https://bugs.gentoo.org/694054
Package-Manager: Portage-2.3.76, Repoman-2.3.16
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 ....ebuild => clamav-unofficial-sigs-6.0.1-r1.ebuild} | 15 +++++++++++++--
 .../files/clamav-unofficial-sigs.crond                | 19 +++++++++++++++++++
 app-antivirus/clamav-unofficial-sigs/metadata.xml     |  8 ++++++++
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
similarity index 80%
rename from app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild
rename to app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
index 6fc6ec0b574..34c988c3a2f 100644
--- a/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1.ebuild
+++ b/app-antivirus/clamav-unofficial-sigs/clamav-unofficial-sigs-6.0.1-r1.ebuild
@@ -7,12 +7,12 @@ inherit user
 
 DESCRIPTION="Download and install third-party clamav signatures"
 HOMEPAGE="https://github.com/extremeshok/${PN}"
-SRC_URI="https://github.com/extremeshok/clamav-unofficial-sigs/archive/${PV}.tar.gz -> ${P}.tar.gz"
+SRC_URI="${HOMEPAGE}/archive/${PV}.tar.gz -> ${P}.tar.gz"
 
 LICENSE="BSD"
 SLOT="0"
 KEYWORDS="~amd64 ~x86"
-IUSE=""
+IUSE="cron"
 
 # The script relies on either net-misc/socat, or Perl's
 # IO::Socket::UNIX. We already depend on Perl, and Gentoo's Perl ships
@@ -41,6 +41,17 @@ src_install() {
 
 	doman "${FILESDIR}/${PN}.8"
 	dodoc README.md
+
+	if use cron; then
+		# Beware, this directory is not completely standard. However,
+		# we need this to run as "clamav" with a non-default shell and
+		# home directory (bug 694054), and this seems like the most
+		# reliable way to accomplish that.
+		insinto "/etc/cron.d"
+		newins "${FILESDIR}/${PN}.crond" "${PN}"
+	else
+		dodoc "${FILESDIR}/${PN}.crond"
+	fi
 }
 
 pkg_preinst() {

diff --git a/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
new file mode 100644
index 00000000000..49ef1db3034
--- /dev/null
+++ b/app-antivirus/clamav-unofficial-sigs/files/clamav-unofficial-sigs.crond
@@ -0,0 +1,19 @@
+#
+# Run clamav-unofficial-sigs hourly.
+#
+# This file should be copied to /etc/cron.d rather than, say,
+# /etc/cron.hourly because it needs to run as the clamav user (to
+# alter the databases), but the default settings for that user in
+# Gentoo are insufficient (see bug 694054).
+#
+# In particular, the clamav user needs a Bash shell and a home
+# directory since clamav-unofficial-sigs is written in Bash and
+# because otherwise cron will complain about trying to chdir to a
+# nonexistent home directory. When run out of /etc/cron.d, we can set
+# HOME and SHELL to appropriate values, unlike with scripts in
+# /etc/cron.hourly.
+#
+HOME=/var/lib/clamav-unofficial-sigs
+SHELL=/bin/bash
+
+01 * * * * clamav /usr/sbin/clamav-unofficial-sigs.sh

diff --git a/app-antivirus/clamav-unofficial-sigs/metadata.xml b/app-antivirus/clamav-unofficial-sigs/metadata.xml
index cb13edbbb59..828e566ffca 100644
--- a/app-antivirus/clamav-unofficial-sigs/metadata.xml
+++ b/app-antivirus/clamav-unofficial-sigs/metadata.xml
@@ -4,6 +4,14 @@
   <maintainer type="person">
     <email>mjo@gentoo.org</email>
   </maintainer>
+    <use>
+      <flag name="cron">
+        Install an hourly cron job to /etc/cron.d that runs the
+        updates as the clamav user (instead of root), with an
+        appropriate home directory and shell. The same cron job
+        is installed as documentation when this flag is disabled.
+      </flag>
+    </use>
   <upstream>
     <remote-id type="sourceforge">unofficial-sigs</remote-id>
     <remote-id type="github">extremeshok/clamav-unofficial-sigs</remote-id>