diff options
| author |   Matt Jolly <kangie@gentoo.org> | 2024-06-29 18:14:03 +1000 |
|---|---|---|
| committer | Matt Jolly <kangie@gentoo.org> | 2024-06-29 18:33:18 +1000 |
| commit | 89533ae52db8767ae8b0306c6f91b1f015fa71d0 (patch) | |
| tree | b77d99a121fae66680f0b813b48cafa8c3c97cf6 /app-antivirus | |
| parent | dev-python/pillow: fix build with USE="-truetype" (diff) | |
| download | gentoo-89533ae52db8767ae8b0306c6f91b1f015fa71d0.tar.gz gentoo-89533ae52db8767ae8b0306c6f91b1f015fa71d0.tar.bz2 gentoo-89533ae52db8767ae8b0306c6f91b1f015fa71d0.zip | |
app-antivirus/clamav: update tmpfiles configuration
The previous configuration was overly strict, making it
impossible for appliations to connect to the socket.
Historically this was not an issue as guidance was to
just add these other apps to the clamav group, but this
is no longer the case.
Bug: https://bugs.gentoo.org/921617
Signed-off-by: Matt Jolly <kangie@gentoo.org>
Diffstat (limited to 'app-antivirus')
| -rw-r--r-- | app-antivirus/clamav/clamav-1.0.5.ebuild | 10 | ||||
| -rw-r--r-- | app-antivirus/clamav/clamav-1.3.1-r2.ebuild (renamed from app-antivirus/clamav/clamav-1.3.1-r1.ebuild) | 14 |
2 files changed, 7 insertions, 17 deletions
diff --git a/app-antivirus/clamav/clamav-1.0.5.ebuild b/app-antivirus/clamav/clamav-1.0.5.ebuild index 8995c36a41b5..5759a6890ff1 100644 --- a/app-antivirus/clamav/clamav-1.0.5.ebuild +++ b/app-antivirus/clamav/clamav-1.0.5.ebuild @@ -291,14 +291,8 @@ src_install() { if ! use libclamav-only ; then if use systemd ; then - # The tmpfiles entry is behind USE=systemd because the - # upstream OpenRC service files should (and do) ensure that - # the directories they need exist and have the correct - # permissions without the help of opentmpfiles. There are - # years-old root exploits in opentmpfiles, the design is - # fundamentally flawed, and the maintainer is not up to - # the task of fixing it. - dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf" + # OpenRC services do not need tmpfiles + dotmpfiles "${FILESDIR}/tmpfiles.d/clamav-r1.conf" systemd_newunit "${FILESDIR}/clamd_at.service-0.104.0" "clamd@.service" systemd_dounit "${FILESDIR}/clamd.service" systemd_newunit "${FILESDIR}/freshclamd.service-r1" \ diff --git a/app-antivirus/clamav/clamav-1.3.1-r1.ebuild b/app-antivirus/clamav/clamav-1.3.1-r2.ebuild index 04fcfda4d498..58e80f89a976 100644 --- a/app-antivirus/clamav/clamav-1.3.1-r1.ebuild +++ b/app-antivirus/clamav/clamav-1.3.1-r2.ebuild @@ -296,14 +296,10 @@ src_install() { if ! use libclamav-only ; then if use systemd ; then - # The tmpfiles entry is behind USE=systemd because the - # upstream OpenRC service files should (and do) ensure that - # the directories they need exist and have the correct - # permissions without the help of opentmpfiles. There are - # years-old root exploits in opentmpfiles, the design is - # fundamentally flawed, and the maintainer is not up to - # the task of fixing it. - dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf" + # OpenRC services ensure their own permissions, so we can avoid + # a dependency on sys-apps/systemd-utils[tmpfiles] here, though + # we can change our minds and use it if we want to. + dotmpfiles "${FILESDIR}/tmpfiles.d/clamav-r1.conf" fi if use clamapp ; then @@ -373,7 +369,7 @@ src_install() { pkg_postinst() { if ! use libclamav-only ; then if use systemd ; then - tmpfiles_process clamav.conf + tmpfiles_process clamav-r1.conf fi fi |