diff options
-rw-r--r-- | .SRCINFO | 11 | ||||
-rw-r--r-- | PKGBUILD | 12 | ||||
-rw-r--r-- | eea.install | 144 | ||||
-rw-r--r-- | linux-5.10.patch | 77 |
4 files changed, 126 insertions, 118 deletions
@@ -1,7 +1,7 @@ pkgbase = eea-dkms pkgdesc = ESET Endpoint Antivirus Business for Linux (DKMS) - pkgver = 7.1.9.0 - pkgrel = 7 + pkgver = 8.1.3.0 + pkgrel = 1 url = https://www.eset.com/int/business/endpoint-antivirus-linux/ install = eea.install arch = x86_64 @@ -13,14 +13,11 @@ pkgbase = eea-dkms depends = openssl-1.0 conflicts = esets conflicts = eea - source = https://download.eset.com/com/eset/apps/business/eea/linux/g2/v7/7.1.9.0/eeau.x86_64.bin + source = https://download.eset.com/com/eset/apps/business/eea/linux/g2/v8/8.1.3.0/eeau.x86_64.bin source = dkms.conf source = dkms_postinst - source = linux-5.10.patch - sha256sums = 59e6ad38eb3809997e2d5eb91a0195a3c321656f5e8e8c64e61a02a9ac8c922e + sha256sums = 932d6cef253d4c7d4d5484911889f19a51fe268201ef8a50e40ddb7f4b3741ed sha256sums = 0ff7dd79c8811afbc95b121f322bbec4839d7ce7334e5825fa447e3f3ad129e7 sha256sums = 29108ffcfd83fc9e1b5cdfd6b7a06143f213466a7bfa0222b07490d04900e641 - sha256sums = fb0ce96e2586ff6d41e2d707c8738d3ecc14a5b1072bd8973c7a11af647c2f4d pkgname = eea-dkms - @@ -5,9 +5,9 @@ _pkgname=eea pkgname="${_pkgname}-dkms" -_pkgver_major=7 -pkgver=7.1.9.0 -pkgrel=7 +_pkgver_major=8 +pkgver=8.1.3.0 +pkgrel=1 arch=('x86_64') pkgdesc='ESET Endpoint Antivirus Business for Linux (DKMS)' url='https://www.eset.com/int/business/endpoint-antivirus-linux/' @@ -32,13 +32,11 @@ _deb=${_pkgname}-${pkgver}-${_distro}.${arch}.deb source=("${_bundle_url}/${_bundle_file}" "dkms.conf" "dkms_postinst" - "linux-5.10.patch" ) -sha256sums=('59e6ad38eb3809997e2d5eb91a0195a3c321656f5e8e8c64e61a02a9ac8c922e' +sha256sums=('932d6cef253d4c7d4d5484911889f19a51fe268201ef8a50e40ddb7f4b3741ed' '0ff7dd79c8811afbc95b121f322bbec4839d7ce7334e5825fa447e3f3ad129e7' - '29108ffcfd83fc9e1b5cdfd6b7a06143f213466a7bfa0222b07490d04900e641' - 'fb0ce96e2586ff6d41e2d707c8738d3ecc14a5b1072bd8973c7a11af647c2f4d') + '29108ffcfd83fc9e1b5cdfd6b7a06143f213466a7bfa0222b07490d04900e641') _kernel_module_dir=/var/opt/eset/${_pkgname}/eventd diff --git a/eea.install b/eea.install index 94e552a07805..00f37a415943 100644 --- a/eea.install +++ b/eea.install @@ -2,16 +2,34 @@ pre_install() { # Script to be run before package is installed / upgraded - SYSTEMD_CAT="`which systemd-cat 2>/dev/null || true`" + SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)" print_error() { errorstr="ESET Endpoint Antivirus error: $1" if [ -n "$SYSTEMD_CAT" ]; then - echo -n "$errorstr" | $SYSTEMD_CAT -t "eea" -p err + printf "%s" "$errorstr" | $SYSTEMD_CAT -t "eea" -p err else echo "$errorstr" 1>&2 fi } + # Check for UTF-8 support + if ! localectl list-locales | grep -i "UTF-8\|UTF8" 1>/dev/null ; then + print_error 'UTF-8 support is not installed in the system. Please install a UTF-8 locale first. Aborting installation.' + exit 1 + fi + + # Check noexec flag for /var/opt /tmp and MODMAPDIR + if findmnt -n --target /var/opt | grep "noexec" 1>/dev/null && \ + findmnt -n --target /tmp | grep "noexec" 1>/dev/null ; then + if [ -z "$MODMAPDIR" ] ; then + print_error '"/var/opt" and "/tmp" are both mounted as NOEXEC. Please disable NOEXEC flag for one of them or set variable MODMAPIDR according to documentation.' + exit 1 + elif findmnt -n --target "$MODMAPDIR" | grep "noexec" 1>/dev/null ; then + print_error '"/var/opt", "/tmp" and directory specified in MODMAPDIR are all mounted as NOEXEC. Please disable NOEXEC flag for one of them or set variable MODMAPIDR according to documentation.' + exit 1 + fi + fi + # Check for previous product if [ -d "/opt/eset/esets/" ] || [ -f "/opt/eset/efs/etc/pkgid" ] || [ -f "/etc/opt/eset/esets/info/pkgid" ] || [ -f "/etc/opt/eset/esets/esets.cfg" ]; then print_error 'Previous ESET Security product must be uninstalled first, package won'\''t be installed.' @@ -24,16 +42,34 @@ pre_upgrade() { # Script to be run before package is installed / upgraded - SYSTEMD_CAT="`which systemd-cat 2>/dev/null || true`" + SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)" print_error() { errorstr="ESET Endpoint Antivirus error: $1" if [ -n "$SYSTEMD_CAT" ]; then - echo -n "$errorstr" | $SYSTEMD_CAT -t "eea" -p err + printf "%s" "$errorstr" | $SYSTEMD_CAT -t "eea" -p err else echo "$errorstr" 1>&2 fi } + # Check for UTF-8 support + if ! localectl list-locales | grep -i "UTF-8\|UTF8" 1>/dev/null ; then + print_error 'UTF-8 support is not installed in the system. Please install a UTF-8 locale first. Aborting installation.' + exit 1 + fi + + # Check noexec flag for /var/opt /tmp and MODMAPDIR + if findmnt -n --target /var/opt | grep "noexec" 1>/dev/null && \ + findmnt -n --target /tmp | grep "noexec" 1>/dev/null ; then + if [ -z "$MODMAPDIR" ] ; then + print_error '"/var/opt" and "/tmp" are both mounted as NOEXEC. Please disable NOEXEC flag for one of them or set variable MODMAPIDR according to documentation.' + exit 1 + elif findmnt -n --target "$MODMAPDIR" | grep "noexec" 1>/dev/null ; then + print_error '"/var/opt", "/tmp" and directory specified in MODMAPDIR are all mounted as NOEXEC. Please disable NOEXEC flag for one of them or set variable MODMAPIDR according to documentation.' + exit 1 + fi + fi + # Check for previous product if [ -d "/opt/eset/esets/" ] || [ -f "/opt/eset/efs/etc/pkgid" ] || [ -f "/etc/opt/eset/esets/info/pkgid" ] || [ -f "/etc/opt/eset/esets/esets.cfg" ]; then print_error 'Previous ESET Security product must be uninstalled first, package won'\''t be installed.' @@ -43,10 +79,28 @@ pre_upgrade() { #################################### Upgrade #################################### if true; then # stop and unregister old product - /opt/eset/eea/lib/install_scripts/unregister_service.sh + '/opt/eset/eea/lib/install_scripts/unregister_service.sh' + # export configuration from old product to xml # this path must be into old product - /opt/eset/eea/lib/cfg-upgrade --export-xml /var/opt/eset/eea/confd/exported.xml + if [ -f '/var/opt/eset/eea/confd/settings.json' ]; then + confd_ug='eset-eea-confd:eset-eea-daemons' + sudo -u ${confd_ug%:*} -- '/opt/eset/eea/lib/cfg-upgrade' --export-xml '/var/opt/eset/eea/confd/exported.xml' + fi + + # convert product license file name to newer format + if [ -f /var/opt/eset/eea/licensed/license.lf ]; then + mv /var/opt/eset/eea/licensed/license.lf /var/opt/eset/eea/licensed/license_113.lf + fi + if [ -f /var/opt/eset/eea/licensed/license_cfg.json ]; then + mv /var/opt/eset/eea/licensed/license_cfg.json /var/opt/eset/eea/licensed/license_cfg_113.json + fi + + # remove potential upgrade package already prepared in product, as we are upgrading first + # because /var/opt/eset is left intact during upgrade, prepared upgrade + # package can be present there, which would cause "pcu update when product starts" during this + # upgrade + rm -f '/var/opt/eset/eea/updated/app/eea.bin' fi } @@ -54,17 +108,26 @@ post_install() { # Script to be run after package is installed + SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)" + print_error() { + errorstr="ESET Endpoint Antivirus error: $1" + if [ -n "$SYSTEMD_CAT" ]; then + printf "%s" "$errorstr" | $SYSTEMD_CAT -t "eea" -p err + else + echo "$errorstr" 1>&2 + fi + } # import config engine configuration from old product import_configuration() { # import only if we have exported xml from old product - if [ -f /var/opt/eset/eea/confd/exported.xml ]; then + if [ -f '/var/opt/eset/eea/confd/exported.xml' ]; then # we don't want to leave old settings.json, all information is # in exported xml - rm -f /var/opt/eset/eea/confd/settings.json + rm -f '/var/opt/eset/eea/confd/settings.json' confd_ug='eset-eea-confd:eset-eea-daemons' - sudo -u ${confd_ug%:*} /opt/eset/eea/lib/cfg-upgrade --import-xml /var/opt/eset/eea/confd/exported.xml - rm /var/opt/eset/eea/confd/exported.xml + sudo -u ${confd_ug%:*} -- '/opt/eset/eea/lib/cfg-upgrade' --import-xml '/var/opt/eset/eea/confd/exported.xml' + rm -f '/var/opt/eset/eea/confd/exported.xml' fi } @@ -78,7 +141,7 @@ post_install() { groupadd -r $g done - for ug in eset-eea-licensed:eset-eea-daemons eset-eea-logd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-scand:eset-eea-daemons eset-eea-confd:eset-eea-daemons; do + for ug in eset-eea-scand:eset-eea-daemons eset-eea-licensed:eset-eea-daemons eset-eea-confd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-logd:eset-eea-daemons; do useradd -d '/opt/eset/eea' -M -N -r -s /sbin/nologin -g "${ug#*:}" "${ug%:*}" done fi @@ -93,8 +156,9 @@ post_install() { chown -R ${logd_ug%:*} '/var/log/eset/eea' chmod -R 700 '/var/log/eset/eea' mkdir -p '/var/opt/eset/eea/cache/data/Logs' + mkdir -p '/var/opt/eset/eea/cache/data/Diagnostics' - chgrp -R 'eset-eea-daemons' '/var/opt/eset/eea/cache' '/var/opt/eset/eea/cache/data' '/var/opt/eset/eea/modules_notice' + chgrp -R 'eset-eea-daemons' '/var/opt/eset/eea/cache' '/var/opt/eset/eea/cache/data' '/var/opt/eset/eea/modules_notice' '/var/opt/eset/eea/dumps' for dir in /var/opt/eset/eea/cache /var/opt/eset/eea/cache/data; do chmod -R 770 "$dir" chmod 1770 "$dir" @@ -105,9 +169,12 @@ post_install() { chown -R ${scand_ug%:*} /var/opt/eset/eea/cache # extract modules from tar - tar -xf /var/opt/eset/eea/lib/modules.tar -C /var/opt/eset/eea/lib + tar -xf /var/opt/eset/eea/lib/modules_eea.tar -C /var/opt/eset/eea/lib # compile modules - /opt/eset/eea/bin/upd --compile-nups + if ! /opt/eset/eea/bin/upd --compile-nups ; then + print_error 'Module compilation failed.' + fi + # set correct user to compiled modules updated_ug='eset-eea-updated:eset-eea-daemons' chown -R ${updated_ug} /var/opt/eset/eea/lib @@ -123,24 +190,38 @@ post_install() { fi # register and start service - /opt/eset/eea/lib/install_scripts/register_service.sh + '/opt/eset/eea/lib/install_scripts/register_service.sh' + + # add current eula info into CE path AcceptedEulas + # esmc may have already modified this by policy, in that case it is locked, so + # ignore error here and leave esmc to manage this setting + '/opt/eset/eea/lib/cfg' --eula-tag "EULA-BUS-STANDARD" --eula-version "2020.1" > /dev/null || true } post_upgrade() { # Script to be run after package is installed + SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)" + print_error() { + errorstr="ESET Endpoint Antivirus error: $1" + if [ -n "$SYSTEMD_CAT" ]; then + printf "%s" "$errorstr" | $SYSTEMD_CAT -t "eea" -p err + else + echo "$errorstr" 1>&2 + fi + } # import config engine configuration from old product import_configuration() { # import only if we have exported xml from old product - if [ -f /var/opt/eset/eea/confd/exported.xml ]; then + if [ -f '/var/opt/eset/eea/confd/exported.xml' ]; then # we don't want to leave old settings.json, all information is # in exported xml - rm -f /var/opt/eset/eea/confd/settings.json + rm -f '/var/opt/eset/eea/confd/settings.json' confd_ug='eset-eea-confd:eset-eea-daemons' - sudo -u ${confd_ug%:*} /opt/eset/eea/lib/cfg-upgrade --import-xml /var/opt/eset/eea/confd/exported.xml - rm /var/opt/eset/eea/confd/exported.xml + sudo -u ${confd_ug%:*} -- '/opt/eset/eea/lib/cfg-upgrade' --import-xml '/var/opt/eset/eea/confd/exported.xml' + rm -f '/var/opt/eset/eea/confd/exported.xml' fi } @@ -154,7 +235,7 @@ post_upgrade() { groupadd -r $g done - for ug in eset-eea-licensed:eset-eea-daemons eset-eea-logd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-scand:eset-eea-daemons eset-eea-confd:eset-eea-daemons; do + for ug in eset-eea-scand:eset-eea-daemons eset-eea-licensed:eset-eea-daemons eset-eea-confd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-logd:eset-eea-daemons; do useradd -d '/opt/eset/eea' -M -N -r -s /sbin/nologin -g "${ug#*:}" "${ug%:*}" done fi @@ -169,8 +250,9 @@ post_upgrade() { chown -R ${logd_ug%:*} '/var/log/eset/eea' chmod -R 700 '/var/log/eset/eea' mkdir -p '/var/opt/eset/eea/cache/data/Logs' + mkdir -p '/var/opt/eset/eea/cache/data/Diagnostics' - chgrp -R 'eset-eea-daemons' '/var/opt/eset/eea/cache' '/var/opt/eset/eea/cache/data' '/var/opt/eset/eea/modules_notice' + chgrp -R 'eset-eea-daemons' '/var/opt/eset/eea/cache' '/var/opt/eset/eea/cache/data' '/var/opt/eset/eea/modules_notice' '/var/opt/eset/eea/dumps' for dir in /var/opt/eset/eea/cache /var/opt/eset/eea/cache/data; do chmod -R 770 "$dir" chmod 1770 "$dir" @@ -181,9 +263,12 @@ post_upgrade() { chown -R ${scand_ug%:*} /var/opt/eset/eea/cache # extract modules from tar - tar -xf /var/opt/eset/eea/lib/modules.tar -C /var/opt/eset/eea/lib + tar -xf /var/opt/eset/eea/lib/modules_eea.tar -C /var/opt/eset/eea/lib # compile modules - /opt/eset/eea/bin/upd --compile-nups + if ! /opt/eset/eea/bin/upd --compile-nups ; then + print_error 'Module compilation failed.' + fi + # set correct user to compiled modules updated_ug='eset-eea-updated:eset-eea-daemons' chown -R ${updated_ug} /var/opt/eset/eea/lib @@ -199,18 +284,23 @@ post_upgrade() { fi # register and start service - /opt/eset/eea/lib/install_scripts/register_service.sh + '/opt/eset/eea/lib/install_scripts/register_service.sh' + + # add current eula info into CE path AcceptedEulas + # esmc may have already modified this by policy, in that case it is locked, so + # ignore error here and leave esmc to manage this setting + '/opt/eset/eea/lib/cfg' --eula-tag "EULA-BUS-STANDARD" --eula-version "2020.1" > /dev/null || true } pre_remove() { # Script to be run before package is uninstalled - SYSTEMD_CAT="`which systemd-cat 2>/dev/null || true`" + SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)" print_error() { errorstr="ESET Endpoint Antivirus error: $1" if [ -n "$SYSTEMD_CAT" ]; then - echo -n "$errorstr" | $SYSTEMD_CAT -t "eea" -p err + printf "%s" "$errorstr" | $SYSTEMD_CAT -t "eea" -p err else echo "$errorstr" 1>&2 fi @@ -261,7 +351,7 @@ post_remove() { #################################### Uninstall #################################### # remove users and groups - for ug in eset-eea-licensed:eset-eea-daemons eset-eea-logd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-scand:eset-eea-daemons eset-eea-confd:eset-eea-daemons; do + for ug in eset-eea-scand:eset-eea-daemons eset-eea-licensed:eset-eea-daemons eset-eea-confd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-logd:eset-eea-daemons; do usr=${ug%:*} userdel $usr 2>/dev/null || true done diff --git a/linux-5.10.patch b/linux-5.10.patch deleted file mode 100644 index bcf192348ab9..000000000000 --- a/linux-5.10.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff --git a/eset_rtp/ertp_handlers.c b/eset_rtp/ertp_handlers.c -index 7410bbe..12cb688 100755 ---- a/eset_rtp/ertp_handlers.c -+++ b/eset_rtp/ertp_handlers.c -@@ -178,14 +178,71 @@ ERTP_SYSCALL_HANDLER3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags - } - - /***************************** sys_unlink*() handlers ************************/ -+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,10,0)) -+/** -+ * vfs_statx - Get basic and extra attributes by filename -+ * @dfd: A file descriptor representing the base dir for a relative filename -+ * @filename: The name of the file of interest -+ * @flags: Flags to control the query -+ * @stat: The result structure to fill in. -+ * @request_mask: STATX_xxx flags indicating what the caller wants -+ * -+ * This function is a wrapper around vfs_getattr(). The main difference is -+ * that it uses a filename and base directory to determine the file location. -+ * Additionally, the use of AT_SYMLINK_NOFOLLOW in flags will prevent a symlink -+ * at the given name from being referenced. -+ * -+ * 0 will be returned on success, and a -ve error code if unsuccessful. -+ */ -+static inline int ertp_vfs_statx(int dfd, const char __user *filename, int flags, -+ struct kstat *stat, u32 request_mask) -+{ -+ struct path path; -+ unsigned lookup_flags = 0; -+ int error; -+ -+ if (flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT | AT_EMPTY_PATH | -+ AT_STATX_SYNC_TYPE)) -+ return -EINVAL; -+ -+ if (!(flags & AT_SYMLINK_NOFOLLOW)) -+ lookup_flags |= LOOKUP_FOLLOW; -+ if (!(flags & AT_NO_AUTOMOUNT)) -+ lookup_flags |= LOOKUP_AUTOMOUNT; -+ if (flags & AT_EMPTY_PATH) -+ lookup_flags |= LOOKUP_EMPTY; -+ -+retry: -+ error = user_path_at(dfd, filename, lookup_flags, &path); -+ if (error) -+ goto out; -+ -+ error = vfs_getattr(&path, stat, request_mask, flags); -+// stat->mnt_id = real_mount(path.mnt)->mnt_id; -+ stat->result_mask |= STATX_MNT_ID; -+ if (path.mnt->mnt_root == path.dentry) -+ stat->attributes |= STATX_ATTR_MOUNT_ROOT; -+ stat->attributes_mask |= STATX_ATTR_MOUNT_ROOT; -+ path_put(&path); -+ if (retry_estale(error, lookup_flags)) { -+ lookup_flags |= LOOKUP_REVAL; -+ goto retry; -+ } -+out: -+ return error; -+} -+#endif -+ - static inline int ertp_vfs_fstatat(int dfd, const char __user *filename, - struct kstat *stat, int flag) - { - // mute warnings on older kernels, where filename was (char __user *) - #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,36)) - return vfs_fstatat(dfd, (char __user *)filename, stat, flag); --#else -+#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5,10,0)) - return vfs_fstatat(dfd, filename, stat, flag); -+#else -+ return ertp_vfs_statx(dfd, filename, flag | AT_NO_AUTOMOUNT, stat, STATX_BASIC_STATS); - #endif - } - |