Package Details: python-fangfrisch 1.9.0-3

Git Clone URL: https://aur.archlinux.org/python-fangfrisch.git (read-only, click to copy)
Package Base: python-fangfrisch
Description: Freshclam like utility that allows downloading unofficial virus definition files
Upstream URL: https://rseichter.github.io/fangfrisch/
Licenses: GPL
Conflicts: clamav-unofficial-sigs
Provides: clamav-unofficial-sigs
Submitter: amish
Maintainer: amish (Morbius)
Last Packager: amish
Votes: 27
Popularity: 2.22
First Submitted: 2020-02-22 16:48 (UTC)
Last Updated: 2024-03-13 14:02 (UTC)

Latest Comments

1 2 3 4 5 6 .. 8 Next › Last »

Morbius commented on 2024-04-10 22:25 (UTC)

@samuel.jimenez Thanks, I am aware of this. It is also stated in the official Fangfrisch documentation. 😉

samuel.jimenez commented on 2024-04-10 17:07 (UTC) (edited on 2024-04-10 17:10 (UTC) by samuel.jimenez)

To integrate with journald, the following lines need to be added to fangfrisch.conf:

#log_level = DEBUG
log_method = syslog
log_target = /dev/log

To enable InterServer (which was added in the same release as Fangfrisch News):

[interserver]
enabled = yes

bsdice commented on 2024-03-13 13:25 (UTC)

I do read https://wiki.archlinux.org/title/Arch_Linux from time to time. To remind myself why Arch is so popular. ;-)

So may I suggest to just take the pragmatic approach and fix the package to just work with or without clamav installed. I think best way is to skip any chown in PKGBUILD and use the modern tmpfiles approach as suggested by Taijian, plus steal clamav.sysusers from clamav package, name it python-fangfrisch.sysusers and keep the content as per https://gitlab.archlinux.org/archlinux/packaging/packages/clamav/-/blob/main/clamav.sysusers?ref_type=heads:

u clamav 64 "Clam AntiVirus" -

Package tmpfiles file /usr/lib/tmpfiles.d/python-fangfrisch.conf should also contain:

d /var/lib/clamav 0755 clamav clamav

To set everything up bare-bones. Here is the documentation von tmpfiles: https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html

Taijian commented on 2024-03-12 23:58 (UTC)

@Morbius: The way I suggested is how packages in core and extra deal with these issues, I would therefore assume, that this is the "correct" way to do it.

My suggestion would help insofar, as the absence of the clamav user in the build chroot would no longer matter, but the file ownership would still be changed at boot/install time, via systemd.

Morbius commented on 2024-03-12 16:59 (UTC) (edited on 2024-03-12 17:03 (UTC) by Morbius)

Is there specific documentation available about what PKGBUILD is not supposed/permitted to do? I am new to the AUR packaging subject and don't recall having read about constraints of PKGBUILD yet. Edit: How would your suggestion help with the absence of the "clamav" user?

Taijian commented on 2024-03-12 16:32 (UTC)

@Morbius: Au contraire!

You should definitely adress this, because setting file ownership in the PKGBUILD is definitely not the right way of doing things. What this package should do is install a file to /usr/lib/tmpfiles.d/python-fangfrisch.conf with the content:

    z /etc/fangfrisch/fangfrisch-has-news.sh 750 root clamav

That would be the right way to go about this.

Morbius commented on 2024-03-12 16:25 (UTC)

In other words, it is not something the Fangfrisch package needs to address. I appreciate that.

Taijian commented on 2024-03-12 15:15 (UTC)

Building in a clean chroot is recommended by the DeveloperWiki, amongst other reasons for doing so. It also helps keep the system clean of makedepends and other cruft.

And yes, the build chroot does install clamav (and all other dependencies), but makechrootpkg does not execute the systemd functions that a 'regular' install initializes, so the clamav user is never created in the chroot.

What you can do instead is create your own '/usr/lib/tmpfiles.d/$pkgname.conf' tmpfile and put the access restriction in there.

amish commented on 2024-03-12 07:01 (UTC)

Clean chroot is supposed to have clamav group. I do not know why it is not there. (I dont use clean chroot)

When clean chroot installs clamav package - it is supposed to run systemd-sysusers which will create clamav user and group before the package fangfrisch built.

Morbius commented on 2024-03-12 05:34 (UTC)

The permissions 0750 and ownership root:clamav of fangfrisch-has-news.sh were deliberately chosen. Only clamav should execute the script (but not be able to change it). That's also why it is not placed in /usr/local/bin or similar; the script is not meant for general use.

It all works as designed, with the exception of a "build chroot", which I don't know why somebody would need? If it is in fact needed, it has to be fully populated in terms of ClamAV related user accounts, files and directories.