ci: store Clamav DB in LFS
Fix #136 (stop pulling the files from @griff's poor server), also add a script to update the files. The fun thing about this is that due to sourcing the files from `https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/raw/master/tests/clamav` during the tests, updates to the `hashes.json` and `*.cvd` files will always fail CI. I guess this is a reasonable tradeoff as long as people are aware of it.
This commit is contained in:
parent
817d84d36d
commit
9488b6fd43
11 changed files with 53 additions and 9 deletions
1
.gitattributes
vendored
1
.gitattributes
vendored
|
@ -1 +0,0 @@
|
||||||
*.cvd filter=lfs diff=lfs merge=lfs -text
|
|
9
shell.nix
Normal file
9
shell.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ nixpkgs ? <nixpkgs>, system ? builtins.currentSystem }:
|
||||||
|
|
||||||
|
with (import nixpkgs { inherit system; }); stdenv.mkDerivation rec {
|
||||||
|
name = "nixos-mailserver-env";
|
||||||
|
env = buildEnv { name = name; paths = buildInputs; };
|
||||||
|
buildInputs = with pkgs; [
|
||||||
|
jq clamav
|
||||||
|
];
|
||||||
|
}
|
|
@ -19,13 +19,17 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
nodes = {
|
nodes = {
|
||||||
server = { config, pkgs, lib, ... }:
|
server = { config, pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
clamav-db = pkgs.srcOnly {
|
clamav-db-files = lib.mapAttrs (name: value: pkgs.stdenv.mkDerivation rec {
|
||||||
name = "ClamAV-db";
|
inherit name;
|
||||||
|
|
||||||
src = pkgs.fetchurl {
|
src = pkgs.fetchurl {
|
||||||
url = "https://files.griff.name/ClamAV-db.tar";
|
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/raw/master/tests/clamav/${name}";
|
||||||
sha256 = "eecad99f4c071d216bd91565f84c0d90a1f93e5e3e22d8f3087686ba3bd219e7";
|
sha256 = value;
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
unpackPhase = "true"; # don't try to unpack the raw .cvd files
|
||||||
|
installPhase = "cp $src $out";
|
||||||
|
}) (builtins.fromJSON (builtins.readFile ./clamav/hashes.json));
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -53,9 +57,9 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
'';
|
'';
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
cp ${clamav-db}/bytecode.cvd /var/lib/clamav/
|
cp ${clamav-db-files."bytecode.cvd"} /var/lib/clamav/
|
||||||
cp ${clamav-db}/main.cvd /var/lib/clamav/
|
cp ${clamav-db-files."main.cvd"} /var/lib/clamav/
|
||||||
cp ${clamav-db}/daily.cvd /var/lib/clamav/
|
cp ${clamav-db-files."daily.cvd"} /var/lib/clamav/
|
||||||
chown clamav:clamav /var/lib/clamav/*
|
chown clamav:clamav /var/lib/clamav/*
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
1
tests/clamav/.gitattributes
vendored
Normal file
1
tests/clamav/.gitattributes
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*cvd filter=lfs diff=lfs merge=lfs -text
|
1
tests/clamav/.gitignore
vendored
Normal file
1
tests/clamav/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
mirrors.dat
|
BIN
tests/clamav/bytecode.cvd
(Stored with Git LFS)
Normal file
BIN
tests/clamav/bytecode.cvd
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
tests/clamav/daily.cvd
(Stored with Git LFS)
Normal file
BIN
tests/clamav/daily.cvd
(Stored with Git LFS)
Normal file
Binary file not shown.
1
tests/clamav/freshclam.conf
Normal file
1
tests/clamav/freshclam.conf
Normal file
|
@ -0,0 +1 @@
|
||||||
|
DatabaseMirror database.clamav.net
|
5
tests/clamav/hashes.json
Normal file
5
tests/clamav/hashes.json
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{
|
||||||
|
"bytecode.cvd": "a6800da4e3740b611e4f8a8e835be4a867abf8009af502e5bbf038d3ad162fa8",
|
||||||
|
"daily.cvd": "da96006e191412806bac1a2cef5d48ed0ec1b46efa150cf0aa6c27e734f4c4f8",
|
||||||
|
"main.cvd": "081884225087021e718599e8458ff6c9ee3cdebed8775dd8e445fc7b589d88a6"
|
||||||
|
}
|
BIN
tests/clamav/main.cvd
(Stored with Git LFS)
Normal file
BIN
tests/clamav/main.cvd
(Stored with Git LFS)
Normal file
Binary file not shown.
15
tests/clamav/update-clamav-database.sh
Executable file
15
tests/clamav/update-clamav-database.sh
Executable file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
cd "$(dirname "${0}")"
|
||||||
|
|
||||||
|
rm ./*.cvd hashes.json || :
|
||||||
|
|
||||||
|
freshclam --datadir=. --config-file=freshclam.conf
|
||||||
|
(for i in ./*.cvd;
|
||||||
|
do echo '{}' |
|
||||||
|
jq --arg path "$(basename "${i}")" \
|
||||||
|
--arg sha256sum "$(sha256sum "${i}" | awk '{ print $1; }')" \
|
||||||
|
'.[$path] = $sha256sum'; done) |
|
||||||
|
jq -s add > hashes.json
|
Loading…
Reference in a new issue