Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update clamav database before running rpminspect #4

Closed
wants to merge 1 commit into from
Closed

Update clamav database before running rpminspect #4

wants to merge 1 commit into from

Conversation

jimbair
Copy link
Contributor

@jimbair jimbair commented Apr 16, 2021

If running the virus scan in rpminspect, it will throw an error like this:

LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************

Running freshclam, as we do in GHA here, solves this error:
https://github.com/rpminspect/rpminspect/blob/master/osdeps/fedora/post.sh#L29

I'm guessing we'll need to make a similar fix in downstream in the Dockerfile, though I know you are working on an update to this script so you tell me the best way to proceed. :) @msrb

thrix
thrix reviewed Apr 17, 2021
View reviewed changes
rpminspect_runner.sh
# Update the clamav database
freshclam
if [ $? -ne 0 ]; then
echo "ERROR: Updating the ClamAV database failed."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rather a warning? Errors are usually fatal, but we just continue here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script runs with set -e, so it will bail out immediately if freshclam commands returns a non-zero status code -- this line won't be executed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, we should only update the database if the script was executed without the third optional "$test_name" parameter, or if "$test_name" = "virus" (i.e. not when we run any other inspection).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Solid feedback; we can remove the $? check entire if using set -e to validate our outputs.

If we agree this is the proper route to go, I can add the logic around the $test_name - I just wanted to make sure the logic/place makes sense. If so, I can update it. Is the rebase still being worked on?

#2 (comment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the question is what should happen if the update fails. Should we just print warning and continue? Or should the test fail?

I'd probably vote for printing a warning.

Is the rebase still being worked on?

I dropped the ball there :/ I was actually thinking about ditching bash completely and rewriting the runner script in Python as it is getting more and more complicated: #3

@msrb
Copy link
Member

msrb commented Apr 19, 2021

This is OSCI-1769.

@msrb
Copy link
Member

msrb commented Apr 19, 2021

Thanks for the pull request. Please see the comments above.

@msrb
Copy link
Member

msrb commented May 6, 2021

I was rewriting the script today and I squeezed this change in in the following commit: 5b9c459

Thanks ;)

@msrb msrb closed this May 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msrb msrb msrb left review comments

@thrix thrix thrix left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jimbair @msrb @thrix