From ced636549725811047d523e53ddae998f6052dff Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Sun, 29 Jan 2017 19:39:52 -0800 Subject: [PATCH 01/17] Remove default helpers from the service resource --- libraries/resource_clamav_service.rb | 20 ++++++---- libraries/resource_clamav_service_debian.rb | 42 +++++++++++++++++++++ spec/resources/clamav_service.rb | 41 +++++++++++++++++--- spec/spec_helper.rb | 1 - 4 files changed, 90 insertions(+), 14 deletions(-) create mode 100644 libraries/resource_clamav_service_debian.rb diff --git a/libraries/resource_clamav_service.rb b/libraries/resource_clamav_service.rb index f0c24c7..ec5144d 100644 --- a/libraries/resource_clamav_service.rb +++ b/libraries/resource_clamav_service.rb @@ -20,7 +20,6 @@ # require 'chef/resource' -require_relative 'helpers_defaults' class Chef class Resource @@ -28,10 +27,6 @@ class Resource # # @author Jonathan Hartman class ClamavService < Resource - include ClamavCookbook::Helpers::Defaults - - provides :clamav_service - # # The service must be one of the recognized services: 'clamd' or # 'freshclam'. @@ -41,6 +36,17 @@ class ClamavService < Resource name_property: true, equal_to: %w(clamd freshclam) + # + # The 'clamd' or 'freshclam' service then gets translated into whatever + # name the specific platform's init system uses. + # + property :platform_service_name, + String, + required: true, + default: lazy { |r| + r.class.send("#{r.service_name}_service_name") + } + # # Iterate over every action available for a regular service resource and # pass the declared action on to one. @@ -50,10 +56,10 @@ class ClamavService < Resource if a == :start && new_resource.service_name == 'clamd' execute 'Ensure virus definitions exist so clamd can start' do command 'freshclam' - creates ::File.join(clamav_data_dir, 'main.cvd') + creates '/var/lib/clamav/main.cvd' end end - service send("#{new_resource.service_name}_service_name") do + service new_resource.platform_service_name do supports(status: true, restart: true) action a end diff --git a/libraries/resource_clamav_service_debian.rb b/libraries/resource_clamav_service_debian.rb new file mode 100644 index 0000000..e5c01b6 --- /dev/null +++ b/libraries/resource_clamav_service_debian.rb @@ -0,0 +1,42 @@ +# encoding: utf-8 +# frozen_string_literal: true +# +# Cookbook Name:: clamav +# Library:: resource_clamav_service_debian +# +# Copyright 2012-2016, Jonathan Hartman +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative 'resource_clamav_service' + +class Chef + class Resource + # A Debian implementation of the ClamAV service resource. + # + # @author Jonathan Hartman + class ClamavServiceDebian < ClamavService + provides :clamav_service, platform_family: 'debian' + + class << self + { + clamd_service_name: 'clamav-daemon', + freshclam_service_name: 'clamav-freshclam' + }.each do |k, v| + define_method(k) { v } + end + end + end + end +end diff --git a/spec/resources/clamav_service.rb b/spec/resources/clamav_service.rb index f232da3..b88a9c9 100644 --- a/spec/resources/clamav_service.rb +++ b/spec/resources/clamav_service.rb @@ -7,8 +7,13 @@ include_context 'resources' let(:resource) { 'clamav_service' } - %i(service_name).each { |p| let(p) { nil } } - let(:properties) { { service_name: service_name } } + %i(service_name platform_service_name).each { |p| let(p) { nil } } + let(:properties) do + { + service_name: service_name, + platform_service_name: platform_service_name + } + end let(:data_dir) { nil } let(:clamd_service) { nil } @@ -34,6 +39,12 @@ it_behaves_like 'any property set' end + + context 'an overridden platform_service_name property' do + let(:platform_service_name) { 'clamclamclam' } + + it_behaves_like 'any property set' + end end context 'a freshclam resource' do @@ -48,6 +59,12 @@ it_behaves_like 'any property set' end + + context 'an overridden platform_service_name property' do + let(:platform_service_name) { 'clamclamclam' } + + it_behaves_like 'any property set' + end end end @@ -66,9 +83,9 @@ end it 'passes the action on to a regular service resource' do - expect(chef_run).to send( - "#{a}_service", send("#{service_name || name}_service") - ).with(supports: { status: true, restart: true }) + svc = platform_service_name || send("#{service_name || name}_service") + expect(chef_run).to send("#{a}_service", svc) + .with(supports: { status: true, restart: true }) end end @@ -84,10 +101,16 @@ it_behaves_like 'any property set' end + + context 'an overridden platform_service_name property' do + let(:platform_service_name) { 'clamclamclam' } + + it_behaves_like 'any property set' + end end context 'a freshclam resource' do - let(:name) { 'clamd' } + let(:name) { 'freshclam' } context 'all default properties' do it_behaves_like 'any property set' @@ -98,6 +121,12 @@ it_behaves_like 'any property set' end + + context 'an overridden platform_service_name property' do + let(:platform_service_name) { 'clamclamclam' } + + it_behaves_like 'any property set' + end end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index d61c78c..420a3fe 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,7 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true -require 'chef' require 'chefspec' require 'chefspec/berkshelf' require 'simplecov' From 32356e11db2c5c1c7c450fca6482e634794cbab6 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Mon, 30 Jan 2017 21:57:12 -0800 Subject: [PATCH 02/17] Remove default helpers from the app resource --- libraries/resource_clamav_app.rb | 17 +++++----- libraries/resource_clamav_app_debian.rb | 42 +++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 10 deletions(-) create mode 100644 libraries/resource_clamav_app_debian.rb diff --git a/libraries/resource_clamav_app.rb b/libraries/resource_clamav_app.rb index 6c6a99c..ff47b58 100644 --- a/libraries/resource_clamav_app.rb +++ b/libraries/resource_clamav_app.rb @@ -20,7 +20,6 @@ # require 'chef/resource' -require_relative 'helpers_defaults' class Chef class Resource @@ -28,10 +27,6 @@ class Resource # # @author Jonathan Hartman class ClamavApp < Resource - include ClamavCookbook::Helpers::Defaults - - provides :clamav_app - default_action :install # @@ -51,12 +46,12 @@ class ClamavApp < Resource # Install the ClamAV packages. # action :install do - base_packages.each do |p| + new_resource.class.base_packages.each do |p| package p do version new_resource.version unless new_resource.version == 'latest' end end - new_resource.dev && dev_packages.each do |p| + new_resource.dev && new_resource.class.dev_packages.each do |p| package p do version new_resource.version unless new_resource.version == 'latest' end @@ -67,13 +62,13 @@ class ClamavApp < Resource # Upgrade the ClamAV packages. # action :upgrade do - base_packages.each do |p| + new_resource.class.base_packages.each do |p| package p do version new_resource.version unless new_resource.version == 'latest' action :upgrade end end - new_resource.dev && dev_packages.each do |p| + new_resource.dev && new_resource.class.dev_packages.each do |p| package p do version new_resource.version unless new_resource.version == 'latest' action :upgrade @@ -85,7 +80,9 @@ class ClamavApp < Resource # Remove the ClamAV packages # action :remove do - (dev_packages + base_packages).each do |p| + ( + new_resource.class.dev_packages + new_resource.class.base_packages + ).each do |p| package(p) { action :purge } end end diff --git a/libraries/resource_clamav_app_debian.rb b/libraries/resource_clamav_app_debian.rb new file mode 100644 index 0000000..bed892f --- /dev/null +++ b/libraries/resource_clamav_app_debian.rb @@ -0,0 +1,42 @@ +# encoding: utf-8 +# frozen_string_literal: true +# +# Cookbook Name:: clamav +# Library:: resource_clamav_app_debian +# +# Copyright 2012-2016, Jonathan Hartman +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative 'resource_clamav_app' + +class Chef + class Resource + # A Debian implemenation of the ClamAV app resource. + # + # @author Jonathan Hartman + class ClamavAppDebian < ClamavApp + provides :clamav_app, platform_family: 'debian' + + class << self + { + base_packages: %w(clamav clamav-daemon clamav-freshclam), + dev_packages: %w(libclamav-dev) + }.each do |k, v| + define_method(k) { v } + end + end + end + end +end From 4472ff32c0d0368e3407d84889630f3de6a7a742 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Tue, 31 Jan 2017 09:19:47 -0800 Subject: [PATCH 03/17] Switch from storing defaults in methods to a DEFAULTS constant Otherwise we start polluting the resource namespaces with too many methods and some collide with property names. --- libraries/resource_clamav_app.rb | 27 +++++++++------------ libraries/resource_clamav_app_debian.rb | 12 +++------ libraries/resource_clamav_service.rb | 2 +- libraries/resource_clamav_service_debian.rb | 12 +++------ 4 files changed, 20 insertions(+), 33 deletions(-) diff --git a/libraries/resource_clamav_app.rb b/libraries/resource_clamav_app.rb index ff47b58..7360662 100644 --- a/libraries/resource_clamav_app.rb +++ b/libraries/resource_clamav_app.rb @@ -46,12 +46,11 @@ class ClamavApp < Resource # Install the ClamAV packages. # action :install do - new_resource.class.base_packages.each do |p| - package p do - version new_resource.version unless new_resource.version == 'latest' - end + pkgs = new_resource.class::DEFAULTS[:base_packages] + if new_resource.dev + pkgs += new_resource.class::DEFAULTS[:dev_packages] end - new_resource.dev && new_resource.class.dev_packages.each do |p| + pkgs.each do |p| package p do version new_resource.version unless new_resource.version == 'latest' end @@ -62,13 +61,11 @@ class ClamavApp < Resource # Upgrade the ClamAV packages. # action :upgrade do - new_resource.class.base_packages.each do |p| - package p do - version new_resource.version unless new_resource.version == 'latest' - action :upgrade - end + pkgs = new_resource.class::DEFAULTS[:base_packages] + if new_resource.dev + pkgs += new_resource.class::DEFAULTS[:dev_packages] end - new_resource.dev && new_resource.class.dev_packages.each do |p| + pkgs.each do |p| package p do version new_resource.version unless new_resource.version == 'latest' action :upgrade @@ -80,11 +77,9 @@ class ClamavApp < Resource # Remove the ClamAV packages # action :remove do - ( - new_resource.class.dev_packages + new_resource.class.base_packages - ).each do |p| - package(p) { action :purge } - end + pkgs = new_resource.class::DEFAULTS[:dev_packages] + \ + new_resource.class::DEFAULTS[:base_packages] + pkgs.each { |p| package(p) { action :purge } } end end end diff --git a/libraries/resource_clamav_app_debian.rb b/libraries/resource_clamav_app_debian.rb index bed892f..7f58b36 100644 --- a/libraries/resource_clamav_app_debian.rb +++ b/libraries/resource_clamav_app_debian.rb @@ -29,14 +29,10 @@ class Resource class ClamavAppDebian < ClamavApp provides :clamav_app, platform_family: 'debian' - class << self - { - base_packages: %w(clamav clamav-daemon clamav-freshclam), - dev_packages: %w(libclamav-dev) - }.each do |k, v| - define_method(k) { v } - end - end + DEFAULTS ||= { + base_packages: %w(clamav clamav-daemon clamav-freshclam), + dev_packages: %w(libclamav-dev) + } end end end diff --git a/libraries/resource_clamav_service.rb b/libraries/resource_clamav_service.rb index ec5144d..830346a 100644 --- a/libraries/resource_clamav_service.rb +++ b/libraries/resource_clamav_service.rb @@ -44,7 +44,7 @@ class ClamavService < Resource String, required: true, default: lazy { |r| - r.class.send("#{r.service_name}_service_name") + r.class::DEFAULTS["#{r.service_name}_service_name".to_sym] } # diff --git a/libraries/resource_clamav_service_debian.rb b/libraries/resource_clamav_service_debian.rb index e5c01b6..499423e 100644 --- a/libraries/resource_clamav_service_debian.rb +++ b/libraries/resource_clamav_service_debian.rb @@ -29,14 +29,10 @@ class Resource class ClamavServiceDebian < ClamavService provides :clamav_service, platform_family: 'debian' - class << self - { - clamd_service_name: 'clamav-daemon', - freshclam_service_name: 'clamav-freshclam' - }.each do |k, v| - define_method(k) { v } - end - end + DEFAULTS ||= { + clamd_service_name: 'clamav-daemon', + freshclam_service_name: 'clamav-freshclam' + } end end end From 0ef04f14c98200655912736b8a1af65f95a0f50b Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Wed, 1 Feb 2017 10:47:14 -0800 Subject: [PATCH 04/17] Make the config resource default to the platform's default config To start, for a "Debian" config, we've pulled the default config files off a base Ubuntu 16.04 instance. --- libraries/helpers_config.rb | 1 + libraries/helpers_defaults.rb | 144 --------------- libraries/resource_clamav_config.rb | 37 ++-- libraries/resource_clamav_config_debian.rb | 195 +++++++++++++++++++++ spec/resources/clamav_config.rb | 73 +++++--- spec/resources/clamav_config/debian.rb | 71 +++++++- 6 files changed, 335 insertions(+), 186 deletions(-) delete mode 100644 libraries/helpers_defaults.rb create mode 100644 libraries/resource_clamav_config_debian.rb diff --git a/libraries/helpers_config.rb b/libraries/helpers_config.rb index 097164c..cc42853 100644 --- a/libraries/helpers_config.rb +++ b/libraries/helpers_config.rb @@ -44,6 +44,7 @@ class Config class << self include Chef::Mixin::ConvertToClassName + # # Read in an already-existing ClamAV config file and generate a Config # object based on it. diff --git a/libraries/helpers_defaults.rb b/libraries/helpers_defaults.rb deleted file mode 100644 index f7d888e..0000000 --- a/libraries/helpers_defaults.rb +++ /dev/null @@ -1,144 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true -# -# Cookbook Name:: clamav -# Library:: helpers_defaults -# -# Copyright 2012-2016, Jonathan Hartman -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -module ClamavCookbook - module Helpers - # A set of helpers for some of the assorted default properties that vary - # from one platform to another. - # - # @author Jonathan Hartman - module Defaults - # - # The name of the ClamAV daemon service. - # - # @return [String] the service name - # - def clamd_service_name - case node['platform_family'] - when 'debian' - 'clamav-daemon' - end - end - - # - # The name of the ClamAV freshclam service. - # - # @return [String] the service name - # - def freshclam_service_name - case node['platform_family'] - when 'debian' - 'clamav-freshclam' - end - end - - # - # The bare minimum freshclam.conf required for it to function. - # - # @return [Hash] a barebones freshclam config - # - def freshclam_config - { database_mirror: %w(db.local.clamav.net database.clamav.net) } - end - - # - # The bare minimum clamd.conf required for it to function. - # - # @return [Hash] a barebones clamd config - # - def clamd_config - { local_socket: '/var/run/clamav/clamd.sock' } - end - - # - # The directory containing ClamAV's virus definition files. - # - # @return [String] the data directory - # - def clamav_data_dir - case node['platform_family'] - when 'debian' - '/var/lib/clamav' - end - end - - # - # The directory containing the platform's ClamAV config files. - # - # @return [String] the config directory - # - def clamav_conf_dir - case node['platform_family'] - when 'debian' - '/etc/clamav' - end - end - - # - # The platform's ClamAV user. - # - # @return [String] the user - # - def clamav_user - case node['platform_family'] - when 'debian' - 'clamav' - end - end - - # - # The platform's ClamAV group. - # - # @return [String] the group - # - def clamav_group - case node['platform_family'] - when 'debian' - 'clamav' - end - end - - # - # The list of packages that constitute a "base" install. - # - # @return [Array] a list of base packages - # - def base_packages - case node['platform_family'] - when 'debian' - %w(clamav clamav-daemon clamav-freshclam) - end - end - - # - # The list of packages that constitute the development libraries. - # - # @return [Array] a list of dev packages - # - def dev_packages - case node['platform_family'] - when 'debian' - %w(libclamav-dev) - end - end - end - end -end diff --git a/libraries/resource_clamav_config.rb b/libraries/resource_clamav_config.rb index 60ab1bb..e8edeca 100644 --- a/libraries/resource_clamav_config.rb +++ b/libraries/resource_clamav_config.rb @@ -20,7 +20,6 @@ # require 'chef/resource' -require_relative 'helpers_defaults' class Chef class Resource @@ -28,10 +27,6 @@ class Resource # # @author Jonathan Hartman class ClamavConfig < Resource - include ClamavCookbook::Helpers::Defaults - - provides :clamav_config - default_action :create # @@ -46,14 +41,27 @@ class ClamavConfig < Resource # # Allow the user to override the path of the config dir (at their peril). # - property :path, String, default: lazy { clamav_conf_dir } + property :path, + String, + default: lazy { |r| r.class::DEFAULTS[:conf_dir] } + # + # The name of the ClamAV user. + # + property :user, String, default: lazy { |r| r.class::DEFAULTS[:user] } + + # + # The name of the ClamAV group. + # + property :group, String, default: lazy { |r| r.class::DEFAULTS[:group] } # # A hash of config values. # property :config, Hash, - default: {}, + default: lazy { |r| + r.class::DEFAULTS["#{r.service_name}_config".to_sym] + }, coerce: proc { |val| val.each_with_object({}) { |(k, v), hsh| hsh[k.to_sym] = v } } @@ -87,18 +95,15 @@ def method_missing(method_symbol, *args, &block) # action :create do directory new_resource.path do - owner clamav_user - group clamav_group + owner new_resource.user + group new_resource.group recursive true end file ::File.join(new_resource.path, "#{new_resource.service_name}.conf") do - owner clamav_user - group clamav_group - content ClamavCookbook::Helpers::Config.new( - send("#{new_resource.service_name}_config") - .merge(new_resource.config.to_h) - ).to_s + owner new_resource.user + group new_resource.group + content ClamavCookbook::Helpers::Config.new(new_resource.config).to_s end end @@ -110,7 +115,7 @@ def method_missing(method_symbol, *args, &block) "#{new_resource.service_name}.conf") do action :delete end - directory new_resource.path do + directory(new_resource.path) do action :delete end end diff --git a/libraries/resource_clamav_config_debian.rb b/libraries/resource_clamav_config_debian.rb new file mode 100644 index 0000000..06c2044 --- /dev/null +++ b/libraries/resource_clamav_config_debian.rb @@ -0,0 +1,195 @@ +# encoding: utf-8 +# frozen_string_literal: true +# +# Cookbook Name:: clamav +# Library:: resource_clamav_config_debian +# +# Copyright 2012-2016, Jonathan Hartman +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative 'resource_clamav_config' + +class Chef + class Resource + # A Debian implemenation of the ClamAV config resource. The default configs + # installed by Ubuntu 16.04 look like (defaults that we can thus ignore are + # marked): + # + # /etc/clamav/clamd.conf: + # + # #Automatically Generated by clamav-daemon postinst + # #To reconfigure clamd run #dpkg-reconfigure clamav-daemon + # #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details + # LocalSocket /var/run/clamav/clamd.ctl + # FixStaleSocket true # The ClamAV default + # LocalSocketGroup clamav # The ClamAV default + # LocalSocketMode 666 # The ClamAV default + # # TemporaryDirectory is not set to its default /tmp here to make overriding + # # the default with environment variables TMPDIR/TMP/TEMP possible + # User clamav + # AllowSupplementaryGroups false # The ClamAV default + # ScanMail true # The ClamAV default + # ScanArchive true # The ClamAV default + # ArchiveBlockEncrypted false # The ClamAV default + # MaxDirectoryRecursion 15 # The ClamAV default + # FollowDirectorySymlinks false # The ClamAV default + # FollowFileSymlinks false # The ClamAV default + # ReadTimeout 180 + # MaxThreads 12 + # MaxConnectionQueueLength 15 + # LogSyslog false # The ClamAV default + # LogRotate true + # LogFacility LOG_LOCAL6 # The ClamAV default + # LogClean false # The ClamAV default + # LogVerbose false # The ClamAV default + # DatabaseDirectory /var/lib/clamav + # OfficialDatabaseOnly false # The ClamAV default + # SelfCheck 3600 + # Foreground false # The ClamAV default + # Debug false # The ClamAV default + # ScanPE true # The ClamAV default + # MaxEmbeddedPE 10M # The ClamAV default + # ScanOLE2 true # The ClamAV default + # ScanPDF true # The ClamAV default + # ScanHTML true # The ClamAV default + # MaxHTMLNormalize 10M # The ClamAV default + # MaxHTMLNoTags 2M # The ClamAV default + # MaxScriptNormalize 5M # The ClamAV default + # MaxZipTypeRcg 1M # The ClamAV default + # ScanSWF true # The ClamAV default + # DetectBrokenExecutables false # The ClamAV default + # ExitOnOOM false # The ClamAV default + # LeaveTemporaryFiles false # The ClamAV default + # AlgorithmicDetection true # The ClamAV default + # ScanELF true # The ClamAV default + # IdleTimeout 30 # The ClamAV default + # CrossFilesystems true # The ClamAV default + # PhishingSignatures true # The ClamAV default + # PhishingScanURLs true # The ClamAV default + # PhishingAlwaysBlockSSLMismatch false # The ClamAV default + # PhishingAlwaysBlockCloak false # The ClamAV default + # PartitionIntersection false # The ClamAV default + # DetectPUA false # The ClamAV default + # ScanPartialMessages false # The ClamAV default + # HeuristicScanPrecedence false # The ClamAV default + # StructuredDataDetection false # The ClamAV default + # CommandReadTimeout 5 # The ClamAV default + # SendBufTimeout 200 + # MaxQueue 100 # The ClamAV default + # ExtendedDetectionInfo true + # OLE2BlockMacros false # The ClamAV default + # ScanOnAccess false # The ClamAV default + # AllowAllMatchScan true # The ClamAV default + # ForceToDisk false # The ClamAV default + # DisableCertCheck false # The ClamAV default + # DisableCache false # The ClamAV default + # MaxScanSize 100M # The ClamAV default + # MaxFileSize 25M # The ClamAV default + # MaxRecursion 16 # The ClamAV default + # MaxFiles 10000 # The ClamAV default + # MaxPartitions 50 # The ClamAV default + # MaxIconsPE 100 # The ClamAV default + # PCREMatchLimit 10000 # The ClamAV default + # PCRERecMatchLimit 5000 # The ClamAV default + # PCREMaxFileSize 25M # The ClamAV default + # ScanXMLDOCS true # The ClamAV default + # ScanHWP3 true # The ClamAV default + # MaxRecHWP3 16 # The ClamAV default + # StatsEnabled false # The ClamAV default + # StatsPEDisabled true # The ClamAV default + # StatsHostID auto # The ClamAV default + # StatsTimeout 10 # The ClamAV default + # StreamMaxLength 25M # The ClamAV default + # LogFile /var/log/clamav/clamav.log + # LogTime true + # LogFileUnlock false # The ClamAV default + # LogFileMaxSize 0 + # Bytecode true # The ClamAV default + # BytecodeSecurity TrustSigned # The ClamAV default + # BytecodeTimeout 60000 + # + # /etc/clamav/freshclam.conf: + # + # # Automatically created by the clamav-freshclam postinst + # # Comments will get lost when you reconfigure the clamav-freshclam package + # + # DatabaseOwner clamav + # UpdateLogFile /var/log/clamav/freshclam.log + # LogVerbose false # The ClamAV default + # LogSyslog false # The ClamAV default + # LogFacility LOG_LOCAL6 # The ClamAV default + # LogFileMaxSize 0 + # LogRotate true + # LogTime true + # Foreground false # The ClamAV default + # Debug false # The ClamAV default + # MaxAttempts 5 + # DatabaseDirectory /var/lib/clamav # The ClamAV default + # DNSDatabaseInfo current.cvd.clamav.net # The ClamAV default + # AllowSupplementaryGroups false # The ClamAV default + # ConnectTimeout 30 + # ReceiveTimeout 30 # The ClamAV default + # TestDatabases yes # The ClamAV default + # ScriptedUpdates yes # The ClamAV default + # CompressLocalDatabase no # The ClamAV default + # SafeBrowsing false # The ClamAV default + # Bytecode true # The ClamAV default + # NotifyClamd /etc/clamav/clamd.conf + # # Check for new database 24 times a day + # Checks 24 + # DatabaseMirror db.local.clamav.net + # DatabaseMirror database.clamav.net + # + # @author Jonathan Hartman + class ClamavConfigDebian < ClamavConfig + provides :clamav_config, platform_family: 'debian' + + DEFAULTS ||= { + data_dir: '/var/lib/clamav', + conf_dir: '/etc/clamav', + user: 'clamav', + group: 'clamav', + clamd_config: { + bytecode_timeout: 60_000, + database_directory: '/var/lib/clamav', + extended_detection_info: true, + local_socket: '/var/run/clamav/clamd.ctl', + log_file: '/var/log/clamav/clamav.log', + log_file_max_size: 0, + log_rotate: true, + log_time: true, + max_connection_queue_length: 15, + max_threads: 12, + read_timeout: 180, + self_check: 3600, + send_buf_timeout: 200, + user: 'clamav' + }, + freshclam_config: { + checks: 24, + connect_timeout: 30, + database_mirror: %w(db.local.clamav.net database.clamav.net), + database_owner: 'clamav', + log_file_max_size: 0, + log_rotate: true, + log_time: true, + max_attempts: 5, + notify_clamd: '/etc/clamav/clamd.conf', + update_log_file: '/var/log/clamav/freshclam.log' + } + } + end + end +end diff --git a/spec/resources/clamav_config.rb b/spec/resources/clamav_config.rb index 2e775df..0c33780 100644 --- a/spec/resources/clamav_config.rb +++ b/spec/resources/clamav_config.rb @@ -7,32 +7,41 @@ include_context 'resources' let(:resource) { 'clamav_config' } - %i(service_name path config).each do |p| + %i(service_name path user group config).each do |p| let(p) { nil } end let(:properties) do - { service_name: service_name, path: path, config: config } + { + service_name: service_name, + path: path, + user: user, + group: group, + config: config + } end - let(:config_dir) { nil } - let(:user) { nil } - let(:group) { nil } + let(:defaults) { nil } shared_examples_for 'any platform' do - context 'the default action (:create)' do + context 'the :create action' do shared_examples_for 'any property set' do it 'creates the config directory' do - expect(chef_run).to create_directory(path || config_dir).with( - owner: user, - group: group, + expect(chef_run).to create_directory(path || defaults[:conf_dir]).with( + owner: user || defaults[:user], + group: group || defaults[:group], recursive: true ) end it 'creates the config file' do + props = { + owner: user || defaults[:user], + group: group || defaults[:group] + } expect(chef_run).to create_file( - "#{path || config_dir}/#{service_name || name}.conf" - ) + "#{path || defaults[:conf_dir]}/#{service_name || name}.conf" + ).with(owner: user || defaults[:user], + group: group || defaults[:group]) end end @@ -55,6 +64,18 @@ it_behaves_like 'any property set' end + context 'an overridden user property' do + let(:user) { 'mememe' } + + it_behaves_like 'any property set' + end + + context 'an overridden group property' do + let(:group) { 'youyouyou' } + + it_behaves_like 'any property set' + end + context 'an overridden config property' do let(:config) do { max_threads: 42, read_timeout: 200, scan_s_w_f: true } @@ -66,12 +87,11 @@ # This file generated automatically by Chef. # # Any local changes will be overwritten. # ############################################## - LocalSocket /var/run/clamav/clamd.sock MaxThreads 42 ReadTimeout 200 ScanSWF true EOH - expect(chef_run).to create_file("#{path || config_dir}/clamd.conf") + expect(chef_run).to create_file("#{path || defaults[:conf_dir]}/clamd.conf") .with(content: expected) end end @@ -90,14 +110,13 @@ # This file generated automatically by Chef. # # Any local changes will be overwritten. # ############################################## - LocalSocket /var/run/clamav/clamd.sock MaxThreads 42 ReadTimeout 200 ScanOnAccess true ScanSWF true SelfCheck 3600 EOH - expect(chef_run).to create_file("#{path || config_dir}/clamd.conf") + expect(chef_run).to create_file("#{path || defaults[:conf_dir]}/clamd.conf") .with(content: expected) end end @@ -122,6 +141,18 @@ it_behaves_like 'any property set' end + context 'an overridden user property' do + let(:user) { 'mememe' } + + it_behaves_like 'any property set' + end + + context 'an overridden group property' do + let(:group) { 'youyouyou' } + + it_behaves_like 'any property set' + end + context 'an overridden config property' do let(:config) do { database_owner: 'clamav', max_attempts: 5 } @@ -133,13 +164,11 @@ # This file generated automatically by Chef. # # Any local changes will be overwritten. # ############################################## - DatabaseMirror db.local.clamav.net - DatabaseMirror database.clamav.net DatabaseOwner clamav MaxAttempts 5 EOH expect(chef_run).to create_file( - "#{path || config_dir}/freshclam.conf" + "#{path || defaults[:conf_dir]}/freshclam.conf" ).with(content: expected) end end @@ -158,15 +187,13 @@ # This file generated automatically by Chef. # # Any local changes will be overwritten. # ############################################## - DatabaseMirror db.local.clamav.net - DatabaseMirror database.clamav.net DatabaseOwner clamav LogFacility LOG_LOCAL6 LogSyslog true MaxAttempts 5 EOH expect(chef_run).to create_file( - "#{path || config_dir}/freshclam.conf" + "#{path || defaults[:conf_dir]}/freshclam.conf" ).with(content: expected) end end @@ -179,12 +206,12 @@ shared_examples_for 'any property set' do it 'deletes the config file' do expect(chef_run).to delete_file( - "#{path || config_dir}/#{service_name || name}.conf" + "#{path || defaults[:conf_dir]}/#{service_name || name}.conf" ) end it 'deletes the config directory' do - expect(chef_run).to delete_directory(path || config_dir) + expect(chef_run).to delete_directory(path || defaults[:conf_dir]) end it 'deletes the config directory conditionally' do diff --git a/spec/resources/clamav_config/debian.rb b/spec/resources/clamav_config/debian.rb index 2062dbb..fb88935 100644 --- a/spec/resources/clamav_config/debian.rb +++ b/spec/resources/clamav_config/debian.rb @@ -6,11 +6,76 @@ shared_context 'resources::clamav_config::debian' do include_context 'resources::clamav_config' - let(:config_dir) { '/etc/clamav' } - let(:user) { 'clamav' } - let(:group) { 'clamav' } + let(:defaults) do + { + conf_dir: '/etc/clamav', + user: 'clamav', + group: 'clamav' + } + end shared_examples_for 'any Debian platform' do it_behaves_like 'any platform' + + context 'the :create action' do + context 'a clamd resource' do + let(:name) { 'clamd' } + + context 'all default properties' do + it 'renders the default clamd config' do + expected = <<-EOH.gsub(/^ +/, '').strip + ############################################## + # This file generated automatically by Chef. # + # Any local changes will be overwritten. # + ############################################## + BytecodeTimeout 60000 + DatabaseDirectory /var/lib/clamav + ExtendedDetectionInfo true + LocalSocket /var/run/clamav/clamd.ctl + LogFile /var/log/clamav/clamav.log + LogFileMaxSize 0 + LogRotate true + LogTime true + MaxConnectionQueueLength 15 + MaxThreads 12 + ReadTimeout 180 + SelfCheck 3600 + SendBufTimeout 200 + User clamav + EOH + expect(chef_run).to create_file('/etc/clamav/clamd.conf') + .with(owner: 'clamav', group: 'clamav', content: expected) + end + end + end + + context 'a freshclam resource' do + let(:name) { 'freshclam' } + + context 'all default properties' do + it 'renders the default freshclam config' do + expected = <<-EOH.gsub(/^ +/, '').strip + ############################################## + # This file generated automatically by Chef. # + # Any local changes will be overwritten. # + ############################################## + Checks 24 + ConnectTimeout 30 + DatabaseMirror db.local.clamav.net + DatabaseMirror database.clamav.net + DatabaseOwner clamav + LogFileMaxSize 0 + LogRotate true + LogTime true + MaxAttempts 5 + NotifyClamd /etc/clamav/clamd.conf + UpdateLogFile /var/log/clamav/freshclam.log + EOH + expect(chef_run).to create_file('/etc/clamav/freshclam.conf') + .with(owner: 'clamav', group: 'clamav', content: expected) + end + end + end + end end end From c102bc90c4de0b0ba5f9e1984a23aa40b9694c40 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Thu, 2 Feb 2017 11:35:22 -0800 Subject: [PATCH 05/17] Convert int tests to kitchen-dokken and Inspec --- .kitchen.travis.yml | 13 ----- .kitchen.yml | 52 +++++++++++++++--- .travis.yml | 3 +- Berksfile | 4 ++ Gemfile | 18 +++---- libraries/resource_clamav.rb | 2 +- .../cookbooks/clamav_test/recipes/default.rb | 36 +++---------- .../cookbooks/clamav_test/recipes/remove.rb | 8 +++ test/integration/default/cucumber/Gemfile | 5 -- .../default/cucumber/simple_scan.feature | 14 ----- .../cucumber/step_definitions/clamav_steps.rb | 33 ------------ .../default/serverspec/localhost/app_spec.rb | 27 ---------- .../serverspec/localhost/config_spec.rb | 14 ----- .../serverspec/localhost/service_spec.rb | 18 ------- .../default/serverspec/spec_helper.rb | 13 ----- .../enabled/serverspec/localhost/app_spec.rb | 27 ---------- .../serverspec/localhost/config_spec.rb | 14 ----- .../serverspec/localhost/service_spec.rb | 18 ------- .../enabled/serverspec/spec_helper.rb | 13 ----- .../remove/serverspec/localhost/app_spec.rb | 20 ------- .../serverspec/localhost/config_spec.rb | 14 ----- .../remove/serverspec/spec_helper.rb | 13 ----- test/smoke/base/app_test.rb | 13 +++++ test/smoke/base/config_test.rb | 14 +++++ test/smoke/base/scan_test.rb | 20 +++++++ test/smoke/default/app_test.rb | 13 +++++ test/smoke/default/config_test.rb | 54 +++++++++++++++++++ test/smoke/default/service_test.rb | 12 +++++ test/smoke/enabled/service_test.rb | 14 +++++ test/smoke/remove/app_test.rb | 13 +++++ test/smoke/remove/config_test.rb | 13 +++++ .../remove/service_test.rb} | 0 32 files changed, 240 insertions(+), 305 deletions(-) delete mode 100644 .kitchen.travis.yml create mode 100644 test/fixtures/cookbooks/clamav_test/recipes/remove.rb delete mode 100644 test/integration/default/cucumber/Gemfile delete mode 100644 test/integration/default/cucumber/simple_scan.feature delete mode 100644 test/integration/default/cucumber/step_definitions/clamav_steps.rb delete mode 100644 test/integration/default/serverspec/localhost/app_spec.rb delete mode 100644 test/integration/default/serverspec/localhost/config_spec.rb delete mode 100644 test/integration/default/serverspec/localhost/service_spec.rb delete mode 100644 test/integration/default/serverspec/spec_helper.rb delete mode 100644 test/integration/enabled/serverspec/localhost/app_spec.rb delete mode 100644 test/integration/enabled/serverspec/localhost/config_spec.rb delete mode 100644 test/integration/enabled/serverspec/localhost/service_spec.rb delete mode 100644 test/integration/enabled/serverspec/spec_helper.rb delete mode 100644 test/integration/remove/serverspec/localhost/app_spec.rb delete mode 100644 test/integration/remove/serverspec/localhost/config_spec.rb delete mode 100644 test/integration/remove/serverspec/spec_helper.rb create mode 100644 test/smoke/base/app_test.rb create mode 100644 test/smoke/base/config_test.rb create mode 100644 test/smoke/base/scan_test.rb create mode 100644 test/smoke/default/app_test.rb create mode 100644 test/smoke/default/config_test.rb create mode 100644 test/smoke/default/service_test.rb create mode 100644 test/smoke/enabled/service_test.rb create mode 100644 test/smoke/remove/app_test.rb create mode 100644 test/smoke/remove/config_test.rb rename test/{integration/remove/serverspec/localhost/service_spec.rb => smoke/remove/service_test.rb} (100%) diff --git a/.kitchen.travis.yml b/.kitchen.travis.yml deleted file mode 100644 index 14d0a72..0000000 --- a/.kitchen.travis.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -driver: - name: docker - privileged: true - -platforms: - - name: ubuntu-14.04 - - name: ubuntu-12.04 - - name: centos-7 - driver: - image: roboticcheese/centos-7-systemd - - name: centos-6 - - name: centos-5 diff --git a/.kitchen.yml b/.kitchen.yml index 3c60f0d..79d7819 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -1,28 +1,64 @@ --- driver: - name: vagrant + name: dokken + privileged: true + chef_version: latest + +transport: + name: dokken + +provisioner: + name: dokken + +verifier: + name: inspec + root_path: /opt/verifier + sudo: true platforms: + - name: ubuntu-16.04 + driver: + image: ubuntu:16.04 + pid_one_command: /lib/systemd/systemd - name: ubuntu-14.04 - # - name: ubuntu-12.04 - # - name: debian-8.2 - # - name: centos-7.2 - # - name: centos-6.7 - # - name: centos-5.11 + driver: + image: ubuntu:14.04 + pid_one_command: /sbin/init + - name: ubuntu-16.04-chef-12 + driver: + image: ubuntu:16.04 + chef_version: 12.21.1 + pid_one_command: /lib/systemd/systemd + - name: ubuntu-14.04-chef-12 + driver: + image: ubuntu:14.04 + chef_version: 12.21.1 + pid_one_command: /sbin/init suites: - name: default run_list: - - recipe[clamav] + - recipe[clamav_test] + verifier: + inspec_tests: + - test/smoke/base + - test/smoke/default - name: enabled run_list: - - recipe[clamav] + - recipe[clamav_test] attributes: clamav: clamd: enabled: true freshclam: enabled: true + verifier: + inspec_tests: + - test/smoke/base + - test/smoke/enabled - name: remove run_list: - recipe[clamav_test::remove] + verifier: + inspec_tests: + - test/smoke/remove diff --git a/.travis.yml b/.travis.yml index 4a85e38..66bfa72 100755 --- a/.travis.yml +++ b/.travis.yml @@ -18,14 +18,13 @@ env: install: - curl -L https://www.chef.io/chef/install.sh | sudo bash -s -- -P chefdk - - chef exec bundle install --without=development integration + - chef exec bundle install --without=development before_script: - mkdir -p $CVD_PATH - "[ -e $CVD_PATH/main.cvd ] || wget -P $CVD_PATH http://database.clamav.net/main.cvd" - "[ -e $CVD_PATH/daily.cvd ] || wget -P $CVD_PATH http://database.clamav.net/daily.cvd" - "[ -e $CVD_PATH/bytecode.cvd ] || wget -P $CVD_PATH http://database.clamav.net/bytecode.cvd" - - cp .kitchen.travis.yml .kitchen.local.yml script: - chef exec rake && chef exec kitchen test diff --git a/Berksfile b/Berksfile index 22e277a..8a73d50 100644 --- a/Berksfile +++ b/Berksfile @@ -8,3 +8,7 @@ metadata group :unit do cookbook 'resource_test', path: 'spec/support/cookbooks/resource_test' end + +group :integration do + cookbook 'clamav_test', path: 'test/fixtures/cookbooks/clamav_test' +end diff --git a/Gemfile b/Gemfile index 86d8e1f..9ac664e 100644 --- a/Gemfile +++ b/Gemfile @@ -4,23 +4,21 @@ source 'https://rubygems.org' group :test do - gem 'rake' - gem 'rubocop' + gem 'chefspec' + gem 'coveralls' + gem 'fauxhai' gem 'foodcritic' + gem 'kitchen-dokken' + gem 'rake' gem 'rspec' - gem 'chefspec' + gem 'rubocop' gem 'simplecov' gem 'simplecov-console' - gem 'coveralls' - gem 'fauxhai' gem 'test-kitchen' - gem 'kitchen-vagrant' - gem 'kitchen-docker' end group :integration do - gem 'serverspec' - gem 'cucumber' + gem 'kitchen-inspec' end group :deploy do @@ -28,6 +26,6 @@ group :deploy do end group :production do - gem 'chef', '>= 12.5' gem 'berkshelf' + gem 'chef', '>= 12.5' end diff --git a/libraries/resource_clamav.rb b/libraries/resource_clamav.rb index 5387fb6..6246da2 100644 --- a/libraries/resource_clamav.rb +++ b/libraries/resource_clamav.rb @@ -66,7 +66,7 @@ class Clamav < Resource # action :create do clamav_app new_resource.name do - version new_resource.version + version new_resource.version unless new_resource.version.nil? dev new_resource.dev end clamav_config 'clamd' do diff --git a/test/fixtures/cookbooks/clamav_test/recipes/default.rb b/test/fixtures/cookbooks/clamav_test/recipes/default.rb index c6834b5..e7dd917 100644 --- a/test/fixtures/cookbooks/clamav_test/recipes/default.rb +++ b/test/fixtures/cookbooks/clamav_test/recipes/default.rb @@ -1,44 +1,24 @@ # encoding: utf-8 # frozen_string_literal: true -# Ensure rsyslog is installed and running, regardless of whether the build -# environment is a Vagrant box or a Docker container with no init system. +apt_update 'periodic' + +# Ensure rsyslog is installed and running so we can smoke test ClamAV logging +# configs. package 'rsyslog' -file '/etc/rsyslog.conf' do - content <<-EOH.gsub(/^ {4}/, '') - $ModLoad imuxsock - $WorkDirectory /var/lib/rsyslog - $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - $OmitLocalLogging off - *.info;mail.none;authpriv.none;cron.none /var/log/messages - authpriv.* /var/log/secure - mail.* -/var/log/maillog - cron.* /var/log/cron - *.emerg :omusrmsg:* - uucp,news.crit /var/log/spooler - local7.* /var/log/boot.log - EOH - only_if do - node['platform_family'] == 'rhel' && \ - node['platform_version'].to_i >= 7 && \ - File.open('/proc/1/cmdline').read.start_with?('/usr/sbin/sshd') - end +service 'rsyslog' do + action %i(enable start) end -execute 'rsyslogd' do - not_if 'pidof rsyslogd' -end - -directory '/etc/cron.d' # Speed up Travis builds by dropping in some shared .cvd files instead of # downloading them from the DB server on each test platform. if ::File.exist?(::File.expand_path('../../files/main.cvd', __FILE__)) - directory node['clamav']['database_directory'] do + directory '/var/lib/clamav' do recursive true end %w(main.cvd daily.cvd bytecode.cvd).each do |f| - cookbook_file ::File.join(node['clamav']['database_directory'], f) + cookbook_file ::File.join('/var/lib/clamav', f) end end diff --git a/test/fixtures/cookbooks/clamav_test/recipes/remove.rb b/test/fixtures/cookbooks/clamav_test/recipes/remove.rb new file mode 100644 index 0000000..006ce68 --- /dev/null +++ b/test/fixtures/cookbooks/clamav_test/recipes/remove.rb @@ -0,0 +1,8 @@ +# encoding: utf-8 +# frozen_string_literal: true + +include_recipe '::default' + +clamav 'default' do + action :remove +end diff --git a/test/integration/default/cucumber/Gemfile b/test/integration/default/cucumber/Gemfile deleted file mode 100644 index 6d9e2e0..0000000 --- a/test/integration/default/cucumber/Gemfile +++ /dev/null @@ -1,5 +0,0 @@ -source 'https://rubygems.org' - -# TODO: The cucumber driver doesn't install Cucumber unless it's listed here -gem 'cucumber' -gem 'rspec' diff --git a/test/integration/default/cucumber/simple_scan.feature b/test/integration/default/cucumber/simple_scan.feature deleted file mode 100644 index bde4396..0000000 --- a/test/integration/default/cucumber/simple_scan.feature +++ /dev/null @@ -1,14 +0,0 @@ -Feature: Simple virus scan - In order to keep my system safe and secure - As a sysadmin - I want to run virus scans on files - - Scenario: Scan a clean file with clamscan - Given a new server with ClamAV installed - When I manually scan a clean file - Then ClamAV detects nothing - - Scenario: Scan a virus file with clamscan - Given a new server with ClamAV installed - When I manually scan a virus file - Then ClamAV detects a virus diff --git a/test/integration/default/cucumber/step_definitions/clamav_steps.rb b/test/integration/default/cucumber/step_definitions/clamav_steps.rb deleted file mode 100644 index dafd749..0000000 --- a/test/integration/default/cucumber/step_definitions/clamav_steps.rb +++ /dev/null @@ -1,33 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require 'tempfile' - -Given 'a new server with ClamAV installed' do -end - -When(/^I manually scan a (\w+) file$/) do |file_type| - @f = Tempfile.new('clamtesting') - case file_type - when 'clean' - @f.write('This file is clean') - when 'virus' - @f.write('X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-' \ - 'TEST-FILE!$H+H*') - end - @f.rewind - @f.close - File.chmod('0777', @f) - @res = `clamscan #{@f.path}` - @f.unlink -end - -Then 'ClamAV detects nothing' do - expect(@res).to include("#{@f.path}: OK") - expect(@res).to include("\nInfected files: 0\n") -end - -Then 'ClamAV detects a virus' do - expect(@res).to include("#{@f.path}: Eicar-Test-Signature FOUND\n") - expect(@res).to include("\nInfected files: 1\n") -end diff --git a/test/integration/default/serverspec/localhost/app_spec.rb b/test/integration/default/serverspec/localhost/app_spec.rb deleted file mode 100644 index bebd026..0000000 --- a/test/integration/default/serverspec/localhost/app_spec.rb +++ /dev/null @@ -1,27 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require_relative '../spec_helper' - -describe 'clamav::default::app' do - describe package('clamav') do - it 'is installed' do - expect(subject).to be_installed - end - end - - %w(clamav-daemon clamav-freshclam).each do |p| - describe package(p), if: %w(ubuntu debian).include?(os[:family]) do - it 'is installed' do - expect(subject).to be_installed - end - end - end - - describe package('libclamav-dev'), - if: %w(ubuntu debian).include?(os[:family]) do - it 'is not installed' do - expect(subject).to_not be_installed - end - end -end diff --git a/test/integration/default/serverspec/localhost/config_spec.rb b/test/integration/default/serverspec/localhost/config_spec.rb deleted file mode 100644 index 31b16ca..0000000 --- a/test/integration/default/serverspec/localhost/config_spec.rb +++ /dev/null @@ -1,14 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require_relative '../spec_helper' - -describe 'clamav::default::config' do - %w(/etc/clamav/clamd.conf /etc/clamav/freshclam.conf).each do |f| - describe file(f), if: %w(ubuntu debian).include?(os[:family]) do - it 'exists' do - expect(subject).to be_file - end - end - end -end diff --git a/test/integration/default/serverspec/localhost/service_spec.rb b/test/integration/default/serverspec/localhost/service_spec.rb deleted file mode 100644 index f94a8ee..0000000 --- a/test/integration/default/serverspec/localhost/service_spec.rb +++ /dev/null @@ -1,18 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require_relative '../spec_helper' - -describe 'clamav::default::service' do - %w(clamav-daemon clamav-freshclam).each do |s| - describe service(s), if: %w(ubuntu debian).include?(os[:family]) do - it 'is not enabled' do - expect(subject).to_not be_enabled - end - - it 'is not running' do - expect(subject).to_not be_running - end - end - end -end diff --git a/test/integration/default/serverspec/spec_helper.rb b/test/integration/default/serverspec/spec_helper.rb deleted file mode 100644 index eb685fb..0000000 --- a/test/integration/default/serverspec/spec_helper.rb +++ /dev/null @@ -1,13 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require 'serverspec' - -ENV['PATH'] = (ENV['PATH'].split(':') + %w(/sbin /usr/sbin)).uniq.join(':') - -if RUBY_PLATFORM =~ /mswin|mingw32|windows/ - set :os, family: 'windows' - set :backend, :cmd -else - set :backend, :exec -end diff --git a/test/integration/enabled/serverspec/localhost/app_spec.rb b/test/integration/enabled/serverspec/localhost/app_spec.rb deleted file mode 100644 index e679caa..0000000 --- a/test/integration/enabled/serverspec/localhost/app_spec.rb +++ /dev/null @@ -1,27 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require_relative '../spec_helper' - -describe 'clamav::enabled::app' do - describe package('clamav') do - it 'is installed' do - expect(subject).to be_installed - end - end - - %w(clamav-daemon clamav-freshclam).each do |p| - describe package(p), if: %w(ubuntu debian).include?(os[:family]) do - it 'is installed' do - expect(subject).to be_installed - end - end - end - - describe package('libclamav-dev'), - if: %w(ubuntu debian).include?(os[:family]) do - it 'is not installed' do - expect(subject).to_not be_installed - end - end -end diff --git a/test/integration/enabled/serverspec/localhost/config_spec.rb b/test/integration/enabled/serverspec/localhost/config_spec.rb deleted file mode 100644 index 7223c86..0000000 --- a/test/integration/enabled/serverspec/localhost/config_spec.rb +++ /dev/null @@ -1,14 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require_relative '../spec_helper' - -describe 'clamav::enabled::config' do - %w(/etc/clamav/clamd.conf /etc/clamav/freshclam.conf).each do |f| - describe file(f), if: %w(ubuntu debian).include?(os[:family]) do - it 'exists' do - expect(subject).to be_file - end - end - end -end diff --git a/test/integration/enabled/serverspec/localhost/service_spec.rb b/test/integration/enabled/serverspec/localhost/service_spec.rb deleted file mode 100644 index fe64957..0000000 --- a/test/integration/enabled/serverspec/localhost/service_spec.rb +++ /dev/null @@ -1,18 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require_relative '../spec_helper' - -describe 'clamav::enabled::service' do - %w(clamav-daemon clamav-freshclam).each do |s| - describe service(s), if: %w(ubuntu debian).include?(os[:family]) do - it 'is enabled' do - expect(subject).to be_enabled - end - - it 'is running' do - expect(subject).to be_running - end - end - end -end diff --git a/test/integration/enabled/serverspec/spec_helper.rb b/test/integration/enabled/serverspec/spec_helper.rb deleted file mode 100644 index eb685fb..0000000 --- a/test/integration/enabled/serverspec/spec_helper.rb +++ /dev/null @@ -1,13 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require 'serverspec' - -ENV['PATH'] = (ENV['PATH'].split(':') + %w(/sbin /usr/sbin)).uniq.join(':') - -if RUBY_PLATFORM =~ /mswin|mingw32|windows/ - set :os, family: 'windows' - set :backend, :cmd -else - set :backend, :exec -end diff --git a/test/integration/remove/serverspec/localhost/app_spec.rb b/test/integration/remove/serverspec/localhost/app_spec.rb deleted file mode 100644 index 9cbc9f8..0000000 --- a/test/integration/remove/serverspec/localhost/app_spec.rb +++ /dev/null @@ -1,20 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require_relative '../spec_helper' - -describe 'clamav::remove::app' do - describe package('clamav') do - it 'is not installed' do - expect(subject).to_not be_installed - end - end - - %w(clamav-daemon clamav-freshclam libclamav-dev).each do |p| - describe package(p), if: %w(ubuntu debian).include?(os[:family]) do - it 'is not installed' do - expect(subject).to_not be_installed - end - end - end -end diff --git a/test/integration/remove/serverspec/localhost/config_spec.rb b/test/integration/remove/serverspec/localhost/config_spec.rb deleted file mode 100644 index 155d090..0000000 --- a/test/integration/remove/serverspec/localhost/config_spec.rb +++ /dev/null @@ -1,14 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require_relative '../spec_helper' - -describe 'clamav::remove::config' do - %w(/etc/clamav/clamd.conf /etc/clamav/freshclam.conf).each do |f| - describe file(f), if: %w(ubuntu debian).include?(os[:family]) do - it 'does not exist' do - expect(subject).to_not be_file - end - end - end -end diff --git a/test/integration/remove/serverspec/spec_helper.rb b/test/integration/remove/serverspec/spec_helper.rb deleted file mode 100644 index eb685fb..0000000 --- a/test/integration/remove/serverspec/spec_helper.rb +++ /dev/null @@ -1,13 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require 'serverspec' - -ENV['PATH'] = (ENV['PATH'].split(':') + %w(/sbin /usr/sbin)).uniq.join(':') - -if RUBY_PLATFORM =~ /mswin|mingw32|windows/ - set :os, family: 'windows' - set :backend, :cmd -else - set :backend, :exec -end diff --git a/test/smoke/base/app_test.rb b/test/smoke/base/app_test.rb new file mode 100644 index 0000000..4aa198a --- /dev/null +++ b/test/smoke/base/app_test.rb @@ -0,0 +1,13 @@ +# encoding: utf-8 +# frozen_string_literal: true + +pkgs = case os[:family] + when 'debian' + %w(clamav clamav-daemon clamav-freshclam) + end + +pkgs.each do |p| + describe package(p) do + it { should be_installed } + end +end diff --git a/test/smoke/base/config_test.rb b/test/smoke/base/config_test.rb new file mode 100644 index 0000000..762a659 --- /dev/null +++ b/test/smoke/base/config_test.rb @@ -0,0 +1,14 @@ +# encoding: utf-8 +# frozen_string_literal: true + +case os[:family] +when 'debian' + %w(/etc/clamav/clamd.conf /etc/clamav/freshclam.conf).each do |f| + describe file(f) do + it { should exist } + its(:owner) { should eq('clamav') } + its(:group) { should eq('clamav') } + its(:mode) { should cmp('0644') } + end + end +end diff --git a/test/smoke/base/scan_test.rb b/test/smoke/base/scan_test.rb new file mode 100644 index 0000000..972a7cc --- /dev/null +++ b/test/smoke/base/scan_test.rb @@ -0,0 +1,20 @@ +# encoding: utf-8 +# frozen_string_literal: true + +inspec.command('echo "This file is clean" > /tmp/clamtest_clean').stdout +inspec.command('echo \'X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-' \ + 'ANTIVIRUS-TEST-FILE!$H+H*\' > /tmp/clamtest_infected').stdout + +describe command('clamscan /tmp/clamtest_clean') do + its(:exit_status) { should eq(0) } + its(:stdout) { should match(%r{^/tmp/clamtest_clean: OK$}) } + its(:stdout) { should match(/^Infected files: 0$/) } +end + +describe command('clamscan /tmp/clamtest_infected') do + its(:exit_status) { should eq(1) } + its(:stdout) do + should match(%r{/tmp/clamtest_infected: Eicar-Test-Signature FOUND$}) + end + its(:stdout) { should match(/^Infected files: 1$/) } +end diff --git a/test/smoke/default/app_test.rb b/test/smoke/default/app_test.rb new file mode 100644 index 0000000..2009a24 --- /dev/null +++ b/test/smoke/default/app_test.rb @@ -0,0 +1,13 @@ +# encoding: utf-8 +# frozen_string_literal: true + +pkgs = case os[:family] + when 'debian' + %w(libclamav-dev) + end + +pkgs.each do |p| + describe package(p) do + it { should be_installed } + end +end diff --git a/test/smoke/default/config_test.rb b/test/smoke/default/config_test.rb new file mode 100644 index 0000000..6b49a2a --- /dev/null +++ b/test/smoke/default/config_test.rb @@ -0,0 +1,54 @@ +# encoding: utf-8 +# frozen_string_literal: true + +case os[:family] +when 'debian' + describe file('/etc/clamav/clamd.conf) do + its(:content) do + expected = <<-EOH.gsub(/^ +/, '').strip + ############################################## + # This file generated automatically by Chef. # + # Any local changes will be overwritten. # + ############################################## + BytecodeTimeout 60000 + DatabaseDirectory /var/lib/clamav + ExtendedDetectionInfo true + LocalSocket /var/run/clamav/clamd.ctl + LogFile /var/log/clamav/clamav.log + LogFileMaxSize 0 + LogRotate true + LogTime true + MaxConnectionQueueLength 15 + MaxThreads 12 + ReadTimeout 180 + SelfCheck 3600 + SendBufTimeout 200 + User clamav + EOH + should { eq(expected) } + end + end + + describe file('/etc/clamav/freshclam.conf') do + its(:content) do + expected = <<-EOH.gsub(/^ +/, '').strip + ############################################## + # This file generated automatically by Chef. # + # Any local changes will be overwritten. # + ############################################## + Checks 24 + ConnectTimeout 30 + DatabaseMirror db.local.clamav.net + DatabaseMirror database.clamav.net + DatabaseOwner clamav + LogFileMaxSize 0 + LogRotate true + LogTime true + MaxAttempts 5 + NotifyClamd /etc/clamav/clamd.conf + UpdateLogFile /var/log/clamav/freshclam.log + EOH + should { eq(expected) } + end + end +end diff --git a/test/smoke/default/service_test.rb b/test/smoke/default/service_test.rb new file mode 100644 index 0000000..ca2de44 --- /dev/null +++ b/test/smoke/default/service_test.rb @@ -0,0 +1,12 @@ +# encoding: utf-8 +# frozen_string_literal: true + +case os[:family] +when 'debian' + %w(clamav-daemon clamav-freshclam).each do |s| + describe service(s) do + it { should_not be_enabled } + it { should_not be_running } + end + end +end diff --git a/test/smoke/enabled/service_test.rb b/test/smoke/enabled/service_test.rb new file mode 100644 index 0000000..af0bc21 --- /dev/null +++ b/test/smoke/enabled/service_test.rb @@ -0,0 +1,14 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative '../spec_helper' + +case os[:family] +when 'debian' + %w(clamav-daemon clamav-freshclam).each do |s| + describe service(s) + it { should be_enabled } + it { should be_running } + end + end +end diff --git a/test/smoke/remove/app_test.rb b/test/smoke/remove/app_test.rb new file mode 100644 index 0000000..5ad7cb3 --- /dev/null +++ b/test/smoke/remove/app_test.rb @@ -0,0 +1,13 @@ +# encoding: utf-8 +# frozen_string_literal: true + +pkgs = case os[:family] + when 'debian' + %w(clamav clamav-daemon clamav-freshclam libclamav-dev) + end + +pkgs.each do |p| + describe package(p) do + it { should_not be_installed } + end +end diff --git a/test/smoke/remove/config_test.rb b/test/smoke/remove/config_test.rb new file mode 100644 index 0000000..62c55a0 --- /dev/null +++ b/test/smoke/remove/config_test.rb @@ -0,0 +1,13 @@ +# encoding: utf-8 +# frozen_string_literal: true + +files = case os[:family] + when 'debian' + %w(/etc/clamav/clamd.conf /etc/clamav/freshclam.conf) + end + +files.each do |f| + describe file(f) do + it { should_not exist } + end +end diff --git a/test/integration/remove/serverspec/localhost/service_spec.rb b/test/smoke/remove/service_test.rb similarity index 100% rename from test/integration/remove/serverspec/localhost/service_spec.rb rename to test/smoke/remove/service_test.rb From 543bbec3417ee12ba2e5a406d9d498bf24c9cd5d Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Fri, 3 Feb 2017 09:06:04 -0800 Subject: [PATCH 06/17] Simplify the config resource's method_missing implementation --- libraries/resource_clamav_config.rb | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/libraries/resource_clamav_config.rb b/libraries/resource_clamav_config.rb index e8edeca..0e9191f 100644 --- a/libraries/resource_clamav_config.rb +++ b/libraries/resource_clamav_config.rb @@ -83,9 +83,9 @@ def method_missing(method_symbol, *args, &block) raise if !block.nil? || args.length > 1 case args.length when 1 - config(config.merge(method_symbol => args[0])) + config[method_symbol] = args[0] when 0 - config[method_symbol] + config[method_symbol] || raise end end @@ -121,6 +121,4 @@ def method_missing(method_symbol, *args, &block) end end end -end unless defined?(Chef::Resource::ClamavConfig) -# Don't let this class be reloaded or strange things happen to the custom -# properties we've loaded in via `method_missing`. +end From 4a81f94b827eb8a6f8d55877a037c49560cd046e Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Sat, 4 Feb 2017 13:01:43 -0800 Subject: [PATCH 07/17] Update the year to 2017 --- README.md | 2 +- attributes/default.rb | 2 +- libraries/helpers_config.rb | 2 +- libraries/matchers.rb | 2 +- libraries/resource_clamav.rb | 2 +- libraries/resource_clamav_app.rb | 2 +- libraries/resource_clamav_app_debian.rb | 2 +- libraries/resource_clamav_config.rb | 2 +- libraries/resource_clamav_config_debian.rb | 2 +- libraries/resource_clamav_cron.rb | 2 +- libraries/resource_clamav_service.rb | 2 +- libraries/resource_clamav_service_debian.rb | 2 +- recipes/default.rb | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 1f9ad9e..c4cf08f 100644 --- a/README.md +++ b/README.md @@ -198,7 +198,7 @@ License & Authors ================= - Author: Jonathan Hartman -Copyright 2012-2016, Jonathan Hartman +Copyright 2012-2017, Jonathan Hartman Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/attributes/default.rb b/attributes/default.rb index 4a8ce29..d95f769 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Attributes:: default # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the 'License'); # you may not use this file except in compliance with the License. diff --git a/libraries/helpers_config.rb b/libraries/helpers_config.rb index cc42853..c2c108e 100644 --- a/libraries/helpers_config.rb +++ b/libraries/helpers_config.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Library:: helpers_config # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/matchers.rb b/libraries/matchers.rb index 3979b51..4db1fcf 100644 --- a/libraries/matchers.rb +++ b/libraries/matchers.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Library:: matchers # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/resource_clamav.rb b/libraries/resource_clamav.rb index 6246da2..485fb7e 100644 --- a/libraries/resource_clamav.rb +++ b/libraries/resource_clamav.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Library:: resource_clamav # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/resource_clamav_app.rb b/libraries/resource_clamav_app.rb index 7360662..e259496 100644 --- a/libraries/resource_clamav_app.rb +++ b/libraries/resource_clamav_app.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Library:: resource_clamav_app # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/resource_clamav_app_debian.rb b/libraries/resource_clamav_app_debian.rb index 7f58b36..e1d13c8 100644 --- a/libraries/resource_clamav_app_debian.rb +++ b/libraries/resource_clamav_app_debian.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Library:: resource_clamav_app_debian # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/resource_clamav_config.rb b/libraries/resource_clamav_config.rb index 0e9191f..bf81fff 100644 --- a/libraries/resource_clamav_config.rb +++ b/libraries/resource_clamav_config.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Library:: resource_clamav_config # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/resource_clamav_config_debian.rb b/libraries/resource_clamav_config_debian.rb index 06c2044..4c67bad 100644 --- a/libraries/resource_clamav_config_debian.rb +++ b/libraries/resource_clamav_config_debian.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Library:: resource_clamav_config_debian # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/resource_clamav_cron.rb b/libraries/resource_clamav_cron.rb index af7ca0f..f8decfc 100644 --- a/libraries/resource_clamav_cron.rb +++ b/libraries/resource_clamav_cron.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Library:: resource_clamav_cron # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/resource_clamav_service.rb b/libraries/resource_clamav_service.rb index 830346a..1bb5e64 100644 --- a/libraries/resource_clamav_service.rb +++ b/libraries/resource_clamav_service.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Library:: resource_clamav_service # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/libraries/resource_clamav_service_debian.rb b/libraries/resource_clamav_service_debian.rb index 499423e..a93d90f 100644 --- a/libraries/resource_clamav_service_debian.rb +++ b/libraries/resource_clamav_service_debian.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Library:: resource_clamav_service_debian # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/recipes/default.rb b/recipes/default.rb index dea3a33..52f4ed4 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -4,7 +4,7 @@ # Cookbook Name:: clamav # Recipe:: default # -# Copyright 2012-2016, Jonathan Hartman +# Copyright 2012-2017, Jonathan Hartman # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. From 4ee15ccb4bc325eb9e4a9de9ed5f5497209e8e26 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Sun, 5 Feb 2017 13:09:12 -0800 Subject: [PATCH 08/17] Fix some errors in the smoke tests --- test/smoke/base/scan_test.rb | 2 +- test/smoke/default/app_test.rb | 2 +- test/smoke/default/config_test.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/smoke/base/scan_test.rb b/test/smoke/base/scan_test.rb index 972a7cc..3768f30 100644 --- a/test/smoke/base/scan_test.rb +++ b/test/smoke/base/scan_test.rb @@ -14,7 +14,7 @@ describe command('clamscan /tmp/clamtest_infected') do its(:exit_status) { should eq(1) } its(:stdout) do - should match(%r{/tmp/clamtest_infected: Eicar-Test-Signature FOUND$}) + should match(%r{/tmp/clamtest_infected: Win\.Test\.EICAR_NDB-1 FOUND$}) end its(:stdout) { should match(/^Infected files: 1$/) } end diff --git a/test/smoke/default/app_test.rb b/test/smoke/default/app_test.rb index 2009a24..dc3e1fd 100644 --- a/test/smoke/default/app_test.rb +++ b/test/smoke/default/app_test.rb @@ -8,6 +8,6 @@ pkgs.each do |p| describe package(p) do - it { should be_installed } + it { should_not be_installed } end end diff --git a/test/smoke/default/config_test.rb b/test/smoke/default/config_test.rb index 6b49a2a..9e01245 100644 --- a/test/smoke/default/config_test.rb +++ b/test/smoke/default/config_test.rb @@ -3,7 +3,7 @@ case os[:family] when 'debian' - describe file('/etc/clamav/clamd.conf) do + describe file('/etc/clamav/clamd.conf') do its(:content) do expected = <<-EOH.gsub(/^ +/, '').strip ############################################## From 48863dcf95cf372441be35b8ba6168a4512c1e3e Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Mon, 6 Feb 2017 16:01:47 -0800 Subject: [PATCH 09/17] Do a config merge from the clamav to clamav_config resources Also reorder operations so freshclam is ready before clamd is. --- libraries/resource_clamav.rb | 36 ++++++++--------- spec/resources/clamav.rb | 41 ++++++++++---------- spec/resources/clamav/debian.rb | 45 ++++++++++++++++++++++ spec/resources/clamav/ubuntu/14_04_spec.rb | 6 +-- 4 files changed, 87 insertions(+), 41 deletions(-) create mode 100644 spec/resources/clamav/debian.rb diff --git a/libraries/resource_clamav.rb b/libraries/resource_clamav.rb index 485fb7e..429ecd0 100644 --- a/libraries/resource_clamav.rb +++ b/libraries/resource_clamav.rb @@ -31,26 +31,26 @@ class Clamav < Resource default_action :create - # - # Should we enable the clamd service? - # - property :enable_clamd, [TrueClass, FalseClass], default: false - # # Should we enable the freshclam service? # property :enable_freshclam, [TrueClass, FalseClass], default: false # - # Property for a config hash to pass on to the clamd config. + # Should we enable the clamd service? # - property :clamd_config, Hash, default: {} + property :enable_clamd, [TrueClass, FalseClass], default: false # # Property for a config hash to pass on to the freshclam config. # property :freshclam_config, Hash, default: {} + # + # Property for a config hash to pass on to the clamd config. + # + property :clamd_config, Hash, default: {} + # # Optionally install a specific version of the ClamAV packages. # @@ -69,27 +69,27 @@ class Clamav < Resource version new_resource.version unless new_resource.version.nil? dev new_resource.dev end - clamav_config 'clamd' do - config new_resource.clamd_config - if new_resource.enable_clamd - notifies :restart, 'clamav_service[clamd]' - end - end clamav_config 'freshclam' do - config new_resource.freshclam_config + new_resource.freshclam_config.each { |k, v| send(k, v) } if new_resource.enable_freshclam notifies :restart, 'clamav_service[freshclam]' end end - clamav_service 'clamd' do - action(if new_resource.enable_clamd + clamav_config 'clamd' do + new_resource.clamd_config.each { |k, v| send(k, v) } + if new_resource.enable_clamd + notifies :restart, 'clamav_service[clamd]' + end + end + clamav_service 'freshclam' do + action(if new_resource.enable_freshclam %i(enable start) else %i(stop disable) end) end - clamav_service 'freshclam' do - action(if new_resource.enable_freshclam + clamav_service 'clamd' do + action(if new_resource.enable_clamd %i(enable start) else %i(stop disable) diff --git a/spec/resources/clamav.rb b/spec/resources/clamav.rb index 9622bf7..7dda629 100644 --- a/spec/resources/clamav.rb +++ b/spec/resources/clamav.rb @@ -41,21 +41,10 @@ .with(version: version, dev: dev || false) end - it 'configures clamd' do - expect(chef_run).to create_clamav_config('clamd') - .with(config: Mash.new(clamd_config)) - if enable_clamd - expect(chef_run.clamav_config('clamd')) - .to notify('clamav_service[clamd]').to(:restart) - else - expect(chef_run.clamav_config('clamd')) - .to_not notify('clamav_service[clamd]').to(:restart) - end - end - it 'configures freshclam' do expect(chef_run).to create_clamav_config('freshclam') - .with(config: Mash.new(freshclam_config)) + .with(config: defaults[:freshclam_config] + .merge(freshclam_config.to_h)) if enable_freshclam expect(chef_run.clamav_config('freshclam')) .to notify('clamav_service[freshclam]').to(:restart) @@ -65,13 +54,15 @@ end end - it 'manages the clamd service' do + it 'configures clamd' do + expect(chef_run).to create_clamav_config('clamd') + .with(config: defaults[:clamd_config].merge(clamd_config.to_h)) if enable_clamd - expect(chef_run).to start_clamav_service('clamd') - expect(chef_run).to enable_clamav_service('clamd') + expect(chef_run.clamav_config('clamd')) + .to notify('clamav_service[clamd]').to(:restart) else - expect(chef_run).to stop_clamav_service('clamd') - expect(chef_run).to disable_clamav_service('clamd') + expect(chef_run.clamav_config('clamd')) + .to_not notify('clamav_service[clamd]').to(:restart) end end @@ -84,6 +75,16 @@ expect(chef_run).to disable_clamav_service('freshclam') end end + + it 'manages the clamd service' do + if enable_clamd + expect(chef_run).to start_clamav_service('clamd') + expect(chef_run).to enable_clamav_service('clamd') + else + expect(chef_run).to stop_clamav_service('clamd') + expect(chef_run).to disable_clamav_service('clamd') + end + end end context 'all default attributes' do @@ -103,13 +104,13 @@ end context 'an overridden clamd config attribute' do - let(:clamd_config) { { test: 'abcd' } } + let(:clamd_config) { { testopolis: 'abcd' } } it_behaves_like 'any attribute set' end context 'an overridden freshclam config attribute' do - let(:freshclam_config) { { test: 'abcd' } } + let(:freshclam_config) { { testopolis: 'abcd' } } it_behaves_like 'any attribute set' end diff --git a/spec/resources/clamav/debian.rb b/spec/resources/clamav/debian.rb new file mode 100644 index 0000000..b232004 --- /dev/null +++ b/spec/resources/clamav/debian.rb @@ -0,0 +1,45 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative '../clamav' + +shared_context 'resources::clamav::debian' do + include_context 'resources::clamav' + + let(:defaults) do + { + clamd_config: { + bytecode_timeout: 60_000, + database_directory: '/var/lib/clamav', + extended_detection_info: true, + local_socket: '/var/run/clamav/clamd.ctl', + log_file: '/var/log/clamav/clamav.log', + log_file_max_size: 0, + log_rotate: true, + log_time: true, + max_connection_queue_length: 15, + max_threads: 12, + read_timeout: 180, + self_check: 3600, + send_buf_timeout: 200, + user: 'clamav' + }, + freshclam_config: { + checks: 24, + connect_timeout: 30, + database_mirror: %w(db.local.clamav.net database.clamav.net), + database_owner: 'clamav', + log_file_max_size: 0, + log_rotate: true, + log_time: true, + max_attempts: 5, + notify_clamd: '/etc/clamav/clamd.conf', + update_log_file: '/var/log/clamav/freshclam.log' + } + } + end + + shared_examples_for 'any Debian platform' do + it_behaves_like 'any platform' + end +end diff --git a/spec/resources/clamav/ubuntu/14_04_spec.rb b/spec/resources/clamav/ubuntu/14_04_spec.rb index fb91dc1..f0c9d3d 100644 --- a/spec/resources/clamav/ubuntu/14_04_spec.rb +++ b/spec/resources/clamav/ubuntu/14_04_spec.rb @@ -1,13 +1,13 @@ # encoding: utf-8 # frozen_string_literal: true -require_relative '../../clamav' +require_relative '../debian' describe 'resources::clamav::ubuntu::14_04' do - include_context 'resources::clamav' + include_context 'resources::clamav::debian' let(:platform) { 'ubuntu' } let(:platform_version) { '14.04' } - it_behaves_like 'any platform' + it_behaves_like 'any Debian platform' end From 0fd31e521d886bbf8a4f0c763ca0f42f45e49863 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Tue, 7 Feb 2017 13:33:18 -0800 Subject: [PATCH 10/17] Default the version to nil instead of latest --- libraries/resource_clamav_app.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libraries/resource_clamav_app.rb b/libraries/resource_clamav_app.rb index e259496..37e57f6 100644 --- a/libraries/resource_clamav_app.rb +++ b/libraries/resource_clamav_app.rb @@ -35,7 +35,7 @@ class ClamavApp < Resource # Different distros use vastly different version strings in their # packages, so type checking is about the only validation we can do. # - property :version, String, default: 'latest' + property :version, String # # Optionally install the dev in addition to base packages. @@ -52,7 +52,7 @@ class ClamavApp < Resource end pkgs.each do |p| package p do - version new_resource.version unless new_resource.version == 'latest' + version new_resource.version unless new_resource.version.nil? end end end @@ -67,7 +67,7 @@ class ClamavApp < Resource end pkgs.each do |p| package p do - version new_resource.version unless new_resource.version == 'latest' + version new_resource.version unless new_resource.version.nil? action :upgrade end end From 4b33a660cefac76cf5ceae5a2b5a32679fb62800 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Wed, 8 Feb 2017 13:09:56 -0800 Subject: [PATCH 11/17] Speed up the build with multiple test suites and more .cvd hacking --- .travis.yml | 11 ++++++---- .../cookbooks/clamav_test/recipes/default.rb | 20 ++++++++++--------- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/.travis.yml b/.travis.yml index 66bfa72..f6976c6 100755 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,12 @@ cache: - test/fixtures/cookbooks/clamav_test/files env: - - CVD_PATH=test/fixtures/cookbooks/clamav_test/files + global: + - CVD_PATH=test/fixtures/cookbooks/clamav_test/files + matrix: + - SUITE=default PLATFORM=ubuntu + - SUITE=enabled PLATFORM=ubuntu + - SUITE=remove PLATFORM=ubuntu install: - curl -L https://www.chef.io/chef/install.sh | sudo bash -s -- -P chefdk @@ -23,8 +28,6 @@ install: before_script: - mkdir -p $CVD_PATH - "[ -e $CVD_PATH/main.cvd ] || wget -P $CVD_PATH http://database.clamav.net/main.cvd" - - "[ -e $CVD_PATH/daily.cvd ] || wget -P $CVD_PATH http://database.clamav.net/daily.cvd" - - "[ -e $CVD_PATH/bytecode.cvd ] || wget -P $CVD_PATH http://database.clamav.net/bytecode.cvd" script: - - chef exec rake && chef exec kitchen test + - chef exec rake && chef exec kitchen test $SUITE-$PLATFORM diff --git a/test/fixtures/cookbooks/clamav_test/recipes/default.rb b/test/fixtures/cookbooks/clamav_test/recipes/default.rb index e7dd917..6dd5578 100644 --- a/test/fixtures/cookbooks/clamav_test/recipes/default.rb +++ b/test/fixtures/cookbooks/clamav_test/recipes/default.rb @@ -3,6 +3,9 @@ apt_update 'periodic' +# Delete the policy file that blocks postinst scripts on Docker containers. +file('/usr/sbin/policy-rc.d') { action :delete } + # Ensure rsyslog is installed and running so we can smoke test ClamAV logging # configs. package 'rsyslog' @@ -10,15 +13,14 @@ action %i(enable start) end -# Speed up Travis builds by dropping in some shared .cvd files instead of -# downloading them from the DB server on each test platform. -if ::File.exist?(::File.expand_path('../../files/main.cvd', __FILE__)) - directory '/var/lib/clamav' do - recursive true - end - - %w(main.cvd daily.cvd bytecode.cvd).each do |f| - cookbook_file ::File.join('/var/lib/clamav', f) +# Speed up the build by circumventing the initial freshclam run and pulling in +# main.cvd, either as a cookbook_file or remote_file resource. +directory('/var/lib/clamav') { recursive true } +if File.exist?(::File.expand_path('../../files/main.cvd', __FILE__)) + cookbook_file '/var/lib/clamav/main.cvd' +else + remote_file '/var/lib/clamav/main.cvd' do + source 'http://database.clamav.net/main.cvd' end end From 8ea974bde357fc2c706927986f1877ccfbd1f4e4 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Thu, 9 Feb 2017 13:39:25 -0800 Subject: [PATCH 12/17] Unit test against both Ubuntu 16.04 and 14.04 --- spec/resources/clamav/ubuntu.rb | 14 +++++++++++++ spec/resources/clamav/ubuntu/14_04_spec.rb | 7 +++---- spec/resources/clamav/ubuntu/16_04_spec.rb | 12 +++++++++++ spec/resources/clamav_app/ubuntu.rb | 14 +++++++++++++ .../resources/clamav_app/ubuntu/16_04_spec.rb | 12 +++++++++++ spec/resources/clamav_config.rb | 1 + spec/resources/clamav_config/ubuntu.rb | 14 +++++++++++++ .../clamav_config/ubuntu/14_04_spec.rb | 7 +++---- .../clamav_config/ubuntu/16_04_spec.rb | 12 +++++++++++ spec/resources/clamav_service.rb | 21 +++++++++++-------- spec/resources/clamav_service/ubuntu.rb | 14 +++++++++++++ .../clamav_service/ubuntu/14_04_spec.rb | 7 +++---- .../clamav_service/ubuntu/16_04_spec.rb | 12 +++++++++++ 13 files changed, 126 insertions(+), 21 deletions(-) create mode 100644 spec/resources/clamav/ubuntu.rb create mode 100644 spec/resources/clamav/ubuntu/16_04_spec.rb create mode 100644 spec/resources/clamav_app/ubuntu.rb create mode 100644 spec/resources/clamav_app/ubuntu/16_04_spec.rb create mode 100644 spec/resources/clamav_config/ubuntu.rb create mode 100644 spec/resources/clamav_config/ubuntu/16_04_spec.rb create mode 100644 spec/resources/clamav_service/ubuntu.rb create mode 100644 spec/resources/clamav_service/ubuntu/16_04_spec.rb diff --git a/spec/resources/clamav/ubuntu.rb b/spec/resources/clamav/ubuntu.rb new file mode 100644 index 0000000..fe29a7d --- /dev/null +++ b/spec/resources/clamav/ubuntu.rb @@ -0,0 +1,14 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative 'debian' + +shared_context 'resources::clamav::ubuntu' do + include_context 'resources::clamav::debian' + + let(:platform) { 'ubuntu' } + + shared_examples_for 'any Ubuntu platform' do + it_behaves_like 'any Debian platform' + end +end diff --git a/spec/resources/clamav/ubuntu/14_04_spec.rb b/spec/resources/clamav/ubuntu/14_04_spec.rb index f0c9d3d..a78e86a 100644 --- a/spec/resources/clamav/ubuntu/14_04_spec.rb +++ b/spec/resources/clamav/ubuntu/14_04_spec.rb @@ -1,13 +1,12 @@ # encoding: utf-8 # frozen_string_literal: true -require_relative '../debian' +require_relative '../ubuntu' describe 'resources::clamav::ubuntu::14_04' do - include_context 'resources::clamav::debian' + include_context 'resources::clamav::ubuntu' - let(:platform) { 'ubuntu' } let(:platform_version) { '14.04' } - it_behaves_like 'any Debian platform' + it_behaves_like 'any Ubuntu platform' end diff --git a/spec/resources/clamav/ubuntu/16_04_spec.rb b/spec/resources/clamav/ubuntu/16_04_spec.rb new file mode 100644 index 0000000..d6f12e8 --- /dev/null +++ b/spec/resources/clamav/ubuntu/16_04_spec.rb @@ -0,0 +1,12 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative '../ubuntu' + +describe 'resources::clamav::ubuntu::16_04' do + include_context 'resources::clamav::ubuntu' + + let(:platform_version) { '16.04' } + + it_behaves_like 'any Ubuntu platform' +end diff --git a/spec/resources/clamav_app/ubuntu.rb b/spec/resources/clamav_app/ubuntu.rb new file mode 100644 index 0000000..cf06c10 --- /dev/null +++ b/spec/resources/clamav_app/ubuntu.rb @@ -0,0 +1,14 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative 'debian' + +shared_context 'resources::clamav_app::ubuntu' do + include_context 'resources::clamav_app::debian' + + let(:platform) { 'ubuntu' } + + shared_examples_for 'any Ubuntu platform' do + it_behaves_like 'any Debian platform' + end +end diff --git a/spec/resources/clamav_app/ubuntu/16_04_spec.rb b/spec/resources/clamav_app/ubuntu/16_04_spec.rb new file mode 100644 index 0000000..b5d5736 --- /dev/null +++ b/spec/resources/clamav_app/ubuntu/16_04_spec.rb @@ -0,0 +1,12 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative '../ubuntu' + +describe 'resources::clamav_app::ubuntu::16_04' do + include_context 'resources::clamav_app::ubuntu' + + let(:platform_version) { '16.04' } + + it_behaves_like 'any Ubuntu platform' +end diff --git a/spec/resources/clamav_config.rb b/spec/resources/clamav_config.rb index 0c33780..cae8312 100644 --- a/spec/resources/clamav_config.rb +++ b/spec/resources/clamav_config.rb @@ -29,6 +29,7 @@ expect(chef_run).to create_directory(path || defaults[:conf_dir]).with( owner: user || defaults[:user], group: group || defaults[:group], + mode: '0644', recursive: true ) end diff --git a/spec/resources/clamav_config/ubuntu.rb b/spec/resources/clamav_config/ubuntu.rb new file mode 100644 index 0000000..984ed8e --- /dev/null +++ b/spec/resources/clamav_config/ubuntu.rb @@ -0,0 +1,14 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative 'debian' + +shared_context 'resources::clamav_config::ubuntu' do + include_context 'resources::clamav_config::debian' + + let(:platform) { 'ubuntu' } + + shared_examples_for 'any Ubuntu platform' do + it_behaves_like 'any Debian platform' + end +end diff --git a/spec/resources/clamav_config/ubuntu/14_04_spec.rb b/spec/resources/clamav_config/ubuntu/14_04_spec.rb index 3046060..e6ce8e2 100644 --- a/spec/resources/clamav_config/ubuntu/14_04_spec.rb +++ b/spec/resources/clamav_config/ubuntu/14_04_spec.rb @@ -1,13 +1,12 @@ # encoding: utf-8 # frozen_string_literal: true -require_relative '../debian' +require_relative '../ubuntu' describe 'resources::clamav_config::ubuntu::14_04' do - include_context 'resources::clamav_config::debian' + include_context 'resources::clamav_config::ubuntu' - let(:platform) { 'ubuntu' } let(:platform_version) { '14.04' } - it_behaves_like 'any Debian platform' + it_behaves_like 'any Ubuntu platform' end diff --git a/spec/resources/clamav_config/ubuntu/16_04_spec.rb b/spec/resources/clamav_config/ubuntu/16_04_spec.rb new file mode 100644 index 0000000..9f2a246 --- /dev/null +++ b/spec/resources/clamav_config/ubuntu/16_04_spec.rb @@ -0,0 +1,12 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative '../ubuntu' + +describe 'resources::clamav_config::ubuntu::16_04' do + include_context 'resources::clamav_config::ubuntu' + + let(:platform_version) { '16.04' } + + it_behaves_like 'any Ubuntu platform' +end diff --git a/spec/resources/clamav_service.rb b/spec/resources/clamav_service.rb index b88a9c9..cc9beb5 100644 --- a/spec/resources/clamav_service.rb +++ b/spec/resources/clamav_service.rb @@ -73,20 +73,23 @@ let(:action) { a } shared_examples_for 'any property set' do - it 'runs freshclam if it needs to' do - if a == :start && (service_name || name) == 'clamd' - expect(chef_run).to run_execute( - 'Ensure virus definitions exist so clamd can start' - ).with(command: 'freshclam', - creates: "#{data_dir}/main.cvd") - end - end - it 'passes the action on to a regular service resource' do svc = platform_service_name || send("#{service_name || name}_service") expect(chef_run).to send("#{a}_service", svc) .with(supports: { status: true, restart: true }) end + + it 'waits for freshclam if it needs to' do + if a == :start && (service_name || name) == 'freshclam' + expect(chef_run).to run_ruby_block( + 'Wait for freshclam to do its initial update' + ).with(retries: 12, retry_delay: 10) + else + expect(chef_run).to_not run_ruby_block( + 'Wait for freshclam to do its initial update' + ) + end + end end context 'a clamd resource' do diff --git a/spec/resources/clamav_service/ubuntu.rb b/spec/resources/clamav_service/ubuntu.rb new file mode 100644 index 0000000..034a3b1 --- /dev/null +++ b/spec/resources/clamav_service/ubuntu.rb @@ -0,0 +1,14 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative 'debian' + +shared_context 'resources::clamav_service::ubuntu' do + include_context 'resources::clamav_service::debian' + + let(:platform) { 'ubuntu' } + + shared_examples_for 'any Ubuntu platform' do + it_behaves_like 'any Debian platform' + end +end diff --git a/spec/resources/clamav_service/ubuntu/14_04_spec.rb b/spec/resources/clamav_service/ubuntu/14_04_spec.rb index 348551f..3de0f24 100644 --- a/spec/resources/clamav_service/ubuntu/14_04_spec.rb +++ b/spec/resources/clamav_service/ubuntu/14_04_spec.rb @@ -1,13 +1,12 @@ # encoding: utf-8 # frozen_string_literal: true -require_relative '../debian' +require_relative '../ubuntu' describe 'resources::clamav_service::ubuntu::14_04' do - include_context 'resources::clamav_service::debian' + include_context 'resources::clamav_service::ubuntu' - let(:platform) { 'ubuntu' } let(:platform_version) { '14.04' } - it_behaves_like 'any Debian platform' + it_behaves_like 'any Ubuntu platform' end diff --git a/spec/resources/clamav_service/ubuntu/16_04_spec.rb b/spec/resources/clamav_service/ubuntu/16_04_spec.rb new file mode 100644 index 0000000..3e5f4a0 --- /dev/null +++ b/spec/resources/clamav_service/ubuntu/16_04_spec.rb @@ -0,0 +1,12 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative '../ubuntu' + +describe 'resources::clamav_service::ubuntu::16_04' do + include_context 'resources::clamav_service::ubuntu' + + let(:platform_version) { '16.04' } + + it_behaves_like 'any Ubuntu platform' +end From 0cc9ee26ffc6cf52e1d1d858982d2fac1199ef94 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Fri, 10 Feb 2017 14:45:29 -0800 Subject: [PATCH 13/17] Wait for freshclam to update when first starting, but make it optional --- libraries/resource_clamav_service.rb | 32 ++++++++++++--- spec/resources/clamav_service.rb | 58 ++++++++++++++++++++++++++-- 2 files changed, 80 insertions(+), 10 deletions(-) diff --git a/libraries/resource_clamav_service.rb b/libraries/resource_clamav_service.rb index 1bb5e64..12b0c04 100644 --- a/libraries/resource_clamav_service.rb +++ b/libraries/resource_clamav_service.rb @@ -47,22 +47,42 @@ class ClamavService < Resource r.class::DEFAULTS["#{r.service_name}_service_name".to_sym] } + # + # Whether to wait for Freshclam to do its initial update when starting it + # for the first time. This can be disabled, but doing so will result in + # errors if trying to start the clamd service before freshclam has put + # any virus definitions in place. + # + property :wait_for_freshclam, + [TrueClass, FalseClass], + default: lazy { |r| + r.service_name == 'freshclam' && \ + r.action.include?(:start) && \ + !::File.exist?('/var/lib/clamav/main.cvd') + } + # # Iterate over every action available for a regular service resource and # pass the declared action on to one. # Resource::Service.allowed_actions.each do |a| action a do - if a == :start && new_resource.service_name == 'clamd' - execute 'Ensure virus definitions exist so clamd can start' do - command 'freshclam' - creates '/var/lib/clamav/main.cvd' - end - end service new_resource.platform_service_name do supports(status: true, restart: true) action a end + + if new_resource.wait_for_freshclam + ruby_block 'Wait for freshclam to do its initial update' do + block do + raise unless ::File.exist?('/var/lib/clamav/main.cvd') + raise if Dir.glob('/var/lib/clamav/daily.c[vl]d').empty? + raise unless ::File.exist?('/var/lib/clamav/bytecode.cvd') + end + retries 180 + retry_delay 10 + end + end end end diff --git a/spec/resources/clamav_service.rb b/spec/resources/clamav_service.rb index cc9beb5..13183f7 100644 --- a/spec/resources/clamav_service.rb +++ b/spec/resources/clamav_service.rb @@ -7,11 +7,14 @@ include_context 'resources' let(:resource) { 'clamav_service' } - %i(service_name platform_service_name).each { |p| let(p) { nil } } + %i(service_name platform_service_name wait_for_freshclam).each do |p| + let(p) { nil } + end let(:properties) do { service_name: service_name, - platform_service_name: platform_service_name + platform_service_name: platform_service_name, + wait_for_freshclam: wait_for_freshclam } end @@ -19,6 +22,14 @@ let(:clamd_service) { nil } let(:freshclam_service) { nil } + let(:main_cvd_exist?) { nil } + + before do + allow(File).to receive(:exist?).and_call_original + allow(File).to receive(:exist?).with('/var/lib/clamav/main.cvd') + .and_return(main_cvd_exist?) + end + shared_examples_for 'any platform' do context 'the default action (:nothing)' do shared_examples_for 'any property set' do @@ -80,10 +91,13 @@ end it 'waits for freshclam if it needs to' do - if a == :start && (service_name || name) == 'freshclam' + if (service_name || name) == 'freshclam' && \ + !main_cvd_exist? && \ + Array(action).include?(:start) && \ + wait_for_freshclam != false expect(chef_run).to run_ruby_block( 'Wait for freshclam to do its initial update' - ).with(retries: 12, retry_delay: 10) + ).with(retries: 180, retry_delay: 10) else expect(chef_run).to_not run_ruby_block( 'Wait for freshclam to do its initial update' @@ -110,6 +124,24 @@ it_behaves_like 'any property set' end + + context 'an overridden wait_for_freshclam property' do + let(:wait_for_freshclam) { false } + + it_behaves_like 'any property set' + end + + context 'a non-existent main.cvd file' do + let(:main_cvd_exist?) { false } + + it_behaves_like 'any property set' + end + + context 'an already existing main.cvd file' do + let(:main_cvd_exist?) { true } + + it_behaves_like 'any property set' + end end context 'a freshclam resource' do @@ -130,6 +162,24 @@ it_behaves_like 'any property set' end + + context 'an overridden wait_for_freshclam property' do + let(:wait_for_freshclam) { false } + + it_behaves_like 'any property set' + end + + context 'a non-existent main.cvd file' do + let(:main_cvd_exist?) { false } + + it_behaves_like 'any property set' + end + + context 'an already existing main.cvd file' do + let(:main_cvd_exist?) { true } + + it_behaves_like 'any property set' + end end end end From 15e2f1dfa5e70b4fadddb5a85ca5d722ebd77150 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Sat, 11 Feb 2017 14:55:02 -0800 Subject: [PATCH 14/17] Define a helper resource for doing updates outside of the freshclam service --- libraries/resource_clamav_update.rb | 74 +++++++++++++++++++ spec/resources/clamav_update.rb | 57 ++++++++++++++ spec/resources/clamav_update/debian.rb | 14 ++++ spec/resources/clamav_update/ubuntu.rb | 14 ++++ .../clamav_update/ubuntu/14_04_spec.rb | 12 +++ .../clamav_update/ubuntu/16_04_spec.rb | 12 +++ 6 files changed, 183 insertions(+) create mode 100644 libraries/resource_clamav_update.rb create mode 100644 spec/resources/clamav_update.rb create mode 100644 spec/resources/clamav_update/debian.rb create mode 100644 spec/resources/clamav_update/ubuntu.rb create mode 100644 spec/resources/clamav_update/ubuntu/14_04_spec.rb create mode 100644 spec/resources/clamav_update/ubuntu/16_04_spec.rb diff --git a/libraries/resource_clamav_update.rb b/libraries/resource_clamav_update.rb new file mode 100644 index 0000000..cdcb500 --- /dev/null +++ b/libraries/resource_clamav_update.rb @@ -0,0 +1,74 @@ +# encoding: utf-8 +# frozen_string_literal: true +# +# Cookbook Name:: clamav +# Library:: resource_clamav_update +# +# Copyright 2012-2017, Jonathan Hartman +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/resource' + +class Chef + class Resource + # A Chef resource for doing a one-time virus definition update. This + # resource should be useful only in limited circumstances, since one would + # normally enable the freshclam service and let it do all the updating. + # This resource will fail to run if freshclam is enabled. + # + # @author Jonathan Hartman + class ClamavUpdate < Resource + provides :clamav_update + + default_action :run + + # + # Updates can be done via shelling out to freshclam (`:freshclam`, the + # default), downloading the files from database.clamav.net (`:direct`) + # or from any `file://` or `http://` remote path that the files exist in. + # + property :source, + [Symbol, String], + default: :freshclam, + regex: [/^freshclam$/, %r{^file://}, %r{https?://}], + coerce: proc { |v| + case v.to_sym + when :freshclam + v.to_sym + when :direct + 'http://database.clamav.net' + else + v.to_s + end + } + + # + # Run the desired update operation. + # + action :run do + case new_resource.source + when :freshclam + execute 'freshclam' + else + %w(main.cvd daily.cvd bytecode.cvd).each do |f| + remote_file ::File.join('/var/lib/clamav', f) do + source ::File.join(new_resource.source, f) + end + end + end + end + end + end +end diff --git a/spec/resources/clamav_update.rb b/spec/resources/clamav_update.rb new file mode 100644 index 0000000..f8028a9 --- /dev/null +++ b/spec/resources/clamav_update.rb @@ -0,0 +1,57 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative '../resources' + +shared_context 'resources::clamav_update' do + include_context 'resources' + + let(:resource) { 'clamav_update' } + %i(source).each { |p| let(p) { nil } } + let(:properties) { { source: source } } + let(:name) { 'default' } + + shared_examples_for 'any platform' do + context 'the default action (:run)' do + shared_examples_for 'any property set' do + it 'runs a clamav_update resource' do + expect(chef_run).to run_clamav_update(name) + end + end + + context 'all default properties' do + it_behaves_like 'any property set' + + it 'shells out to run freshclam' do + expect(chef_run).to run_execute('freshclam') + end + end + + context 'an overridden source property' do + let(:source) { :direct } + + it_behaves_like 'any property set' + + %w(main.cvd daily.cvd bytecode.cvd).each do |f| + it "downloads #{f} from database.clamav.net" do + expect(chef_run).to create_remote_file("/var/lib/clamav/#{f}") + .with(source: "http://database.clamav.net/#{f}") + end + end + end + + context 'another overridden source property' do + let(:source) { 'file:///tmp/cache' } + + it_behaves_like 'any property set' + + %w(main.cvd daily.cvd bytecode.cvd).each do |f| + it "downloads #{f} from the custom source" do + expect(chef_run).to create_remote_file("/var/lib/clamav/#{f}") + .with(source: "file:///tmp/cache/#{f}") + end + end + end + end + end +end diff --git a/spec/resources/clamav_update/debian.rb b/spec/resources/clamav_update/debian.rb new file mode 100644 index 0000000..d5ef09c --- /dev/null +++ b/spec/resources/clamav_update/debian.rb @@ -0,0 +1,14 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative '../clamav_update' + +shared_context 'resources::clamav_update::debian' do + include_context 'resources::clamav_update' + + let(:platform) { 'debian' } + + shared_examples_for 'any Debian platform' do + it_behaves_like 'any platform' + end +end diff --git a/spec/resources/clamav_update/ubuntu.rb b/spec/resources/clamav_update/ubuntu.rb new file mode 100644 index 0000000..0f96aee --- /dev/null +++ b/spec/resources/clamav_update/ubuntu.rb @@ -0,0 +1,14 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative 'debian' + +shared_context 'resources::clamav_update::ubuntu' do + include_context 'resources::clamav_update::debian' + + let(:platform) { 'ubuntu' } + + shared_examples_for 'any Ubuntu platform' do + it_behaves_like 'any Debian platform' + end +end diff --git a/spec/resources/clamav_update/ubuntu/14_04_spec.rb b/spec/resources/clamav_update/ubuntu/14_04_spec.rb new file mode 100644 index 0000000..3359c53 --- /dev/null +++ b/spec/resources/clamav_update/ubuntu/14_04_spec.rb @@ -0,0 +1,12 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative '../ubuntu' + +describe 'resources::clamav_update::ubuntu::14_04' do + include_context 'resources::clamav_update::ubuntu' + + let(:platform_version) { '14.04' } + + it_behaves_like 'any Ubuntu platform' +end diff --git a/spec/resources/clamav_update/ubuntu/16_04_spec.rb b/spec/resources/clamav_update/ubuntu/16_04_spec.rb new file mode 100644 index 0000000..cb1c48e --- /dev/null +++ b/spec/resources/clamav_update/ubuntu/16_04_spec.rb @@ -0,0 +1,12 @@ +# encoding: utf-8 +# frozen_string_literal: true + +require_relative '../ubuntu' + +describe 'resources::clamav_update::ubuntu::16_04' do + include_context 'resources::clamav_update::ubuntu' + + let(:platform_version) { '16.04' } + + it_behaves_like 'any Ubuntu platform' +end From c3a740fbafd7bdca36e13b22026ace925d3fbfb2 Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Sun, 12 Feb 2017 16:04:57 -0800 Subject: [PATCH 15/17] Smoke test the update resource by using it as part of the build process --- .travis.yml | 2 ++ .../cookbooks/clamav_test/recipes/default.rb | 17 ++++++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index f6976c6..e134aab 100755 --- a/.travis.yml +++ b/.travis.yml @@ -28,6 +28,8 @@ install: before_script: - mkdir -p $CVD_PATH - "[ -e $CVD_PATH/main.cvd ] || wget -P $CVD_PATH http://database.clamav.net/main.cvd" + - "[ -e $CVD_PATH/daily.cvd ] || wget -P $CVD_PATH http://database.clamav.net/daily.cvd" + - "[ -e $CVD_PATH/bytecode.cvd ] || wget -P $CVD_PATH http://database.clamav.net/bytecode.cvd" script: - chef exec rake && chef exec kitchen test $SUITE-$PLATFORM diff --git a/test/fixtures/cookbooks/clamav_test/recipes/default.rb b/test/fixtures/cookbooks/clamav_test/recipes/default.rb index 6dd5578..c74e963 100644 --- a/test/fixtures/cookbooks/clamav_test/recipes/default.rb +++ b/test/fixtures/cookbooks/clamav_test/recipes/default.rb @@ -14,14 +14,17 @@ end # Speed up the build by circumventing the initial freshclam run and pulling in -# main.cvd, either as a cookbook_file or remote_file resource. +# main.cvd and daily.cvd, either as a cookbook_file or remote_file resource. directory('/var/lib/clamav') { recursive true } -if File.exist?(::File.expand_path('../../files/main.cvd', __FILE__)) - cookbook_file '/var/lib/clamav/main.cvd' -else - remote_file '/var/lib/clamav/main.cvd' do - source 'http://database.clamav.net/main.cvd' - end +clamav_update 'prep' do + source(if File.exist?(File.expand_path('../../files/main.cvd', __FILE__)) + File.expand_path('../../files/main.cvd', __FILE__) + else + :direct + end) end +# The intentionally delete the bytecode.cvd so we still put the cookbook's +# wait logic through its paces. +file('/var/lib/clamav/bytecode.cvd') { action :delete } include_recipe 'clamav' From 8a57c1bdc9b9ce8e959cfc2f4904ece216c3825e Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Mon, 13 Feb 2017 11:13:46 -0800 Subject: [PATCH 16/17] Run clamav child resources in the parent run_context This should make it easier to add custom notifications between the different child resources, i.e. in a recipe that just does an `include_recipe 'clamav'`. --- libraries/resource_clamav.rb | 72 ++++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 32 deletions(-) diff --git a/libraries/resource_clamav.rb b/libraries/resource_clamav.rb index 429ecd0..a2ff9e1 100644 --- a/libraries/resource_clamav.rb +++ b/libraries/resource_clamav.rb @@ -65,35 +65,41 @@ class Clamav < Resource # Install ClamAV, configure it, and enable or disable the services. # action :create do - clamav_app new_resource.name do - version new_resource.version unless new_resource.version.nil? - dev new_resource.dev - end - clamav_config 'freshclam' do - new_resource.freshclam_config.each { |k, v| send(k, v) } - if new_resource.enable_freshclam - notifies :restart, 'clamav_service[freshclam]' + with_run_context :parent do + clamav_app new_resource.name do + version new_resource.version unless new_resource.version.nil? + dev new_resource.dev end - end - clamav_config 'clamd' do - new_resource.clamd_config.each { |k, v| send(k, v) } - if new_resource.enable_clamd - notifies :restart, 'clamav_service[clamd]' + + clamav_config 'freshclam' do + new_resource.freshclam_config.each { |k, v| send(k, v) } + if new_resource.enable_freshclam + notifies :restart, 'clamav_service[freshclam]' + end + end + + clamav_config 'clamd' do + new_resource.clamd_config.each { |k, v| send(k, v) } + if new_resource.enable_clamd + notifies :restart, 'clamav_service[clamd]' + end + end + + clamav_service 'freshclam' do + action(if new_resource.enable_freshclam + %i(enable start) + else + %i(stop disable) + end) + end + + clamav_service 'clamd' do + action(if new_resource.enable_clamd + %i(enable start) + else + %i(stop disable) + end) end - end - clamav_service 'freshclam' do - action(if new_resource.enable_freshclam - %i(enable start) - else - %i(stop disable) - end) - end - clamav_service 'clamd' do - action(if new_resource.enable_clamd - %i(enable start) - else - %i(stop disable) - end) end end @@ -102,11 +108,13 @@ class Clamav < Resource # packages. # action :remove do - clamav_service('clamd') { action %i(stop disable) } - clamav_service('freshclam') { action %i(stop disable) } - clamav_config('clamd') { action :delete } - clamav_config('freshclam') { action :delete } - clamav_app(new_resource.name) { action :remove } + with_run_context :parent do + clamav_service('clamd') { action %i(stop disable) } + clamav_service('freshclam') { action %i(stop disable) } + clamav_config('clamd') { action :delete } + clamav_config('freshclam') { action :delete } + clamav_app(new_resource.name) { action :remove } + end end end end From 6c1e4ecb0219be7ceb49af00ad63c640789e088a Mon Sep 17 00:00:00 2001 From: Jonathan Hartman Date: Sat, 15 Jul 2017 10:56:19 -0700 Subject: [PATCH 17/17] Resolve all new style offenses --- .rubocop.yml | 4 + LICENSE | 202 +++++++++++++++++ Rakefile | 4 +- attributes/default.rb | 1 + libraries/helpers_config.rb | 1 + libraries/matchers.rb | 37 --- libraries/resource_clamav.rb | 13 +- libraries/resource_clamav_app.rb | 11 +- libraries/resource_clamav_app_debian.rb | 7 +- libraries/resource_clamav_config.rb | 21 +- libraries/resource_clamav_config_debian.rb | 12 +- libraries/resource_clamav_cron.rb | 7 +- libraries/resource_clamav_service.rb | 3 +- libraries/resource_clamav_service_debian.rb | 3 +- libraries/resource_clamav_update.rb | 3 +- metadata.rb | 2 +- recipes/default.rb | 1 + spec/libraries/helpers_config_spec.rb | 6 +- spec/libraries/helpers_defaults_spec.rb | 212 ------------------ spec/recipes/default_spec.rb | 10 +- spec/resources.rb | 4 +- spec/resources/clamav.rb | 4 +- spec/resources/clamav/debian.rb | 2 +- spec/resources/clamav_app.rb | 2 +- spec/resources/clamav_app/debian.rb | 4 +- spec/resources/clamav_config.rb | 20 +- .../clamav_cron/ubuntu/14_04_spec.rb | 8 +- spec/resources/clamav_service.rb | 9 +- spec/resources/clamav_update.rb | 6 +- .../cookbooks/clamav_test/recipes/default.rb | 2 +- test/smoke/base/app_test.rb | 2 +- test/smoke/base/config_test.rb | 2 +- test/smoke/default/app_test.rb | 2 +- test/smoke/default/service_test.rb | 2 +- test/smoke/enabled/service_test.rb | 4 +- test/smoke/remove/app_test.rb | 2 +- test/smoke/remove/config_test.rb | 2 +- test/smoke/remove/service_test.rb | 4 +- 38 files changed, 306 insertions(+), 335 deletions(-) create mode 100644 .rubocop.yml create mode 100644 LICENSE delete mode 100644 libraries/matchers.rb delete mode 100644 spec/libraries/helpers_defaults_spec.rb diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..a542df1 --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,4 @@ +Metrics/BlockLength: + Max: 32 + Exclude: + - spec/**/* diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/Rakefile b/Rakefile index e92d79c..dab783d 100755 --- a/Rakefile +++ b/Rakefile @@ -12,7 +12,7 @@ require 'stove/rake_task' RuboCop::RakeTask.new FoodCritic::Rake::LintTask.new do |f| - f.options = { fail_tags: %w(any), tags: %w(~FC023) } + f.options = { fail_tags: %w[any] } end RSpec::Core::RakeTask.new(:spec) @@ -21,4 +21,4 @@ Kitchen::RakeTasks.new Stove::RakeTask.new -task default: %w(rubocop foodcritic spec) +task default: %w[rubocop foodcritic spec] diff --git a/attributes/default.rb b/attributes/default.rb index d95f769..a0890dd 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Attributes:: default diff --git a/libraries/helpers_config.rb b/libraries/helpers_config.rb index c2c108e..31e18d6 100644 --- a/libraries/helpers_config.rb +++ b/libraries/helpers_config.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Library:: helpers_config diff --git a/libraries/matchers.rb b/libraries/matchers.rb deleted file mode 100644 index 4db1fcf..0000000 --- a/libraries/matchers.rb +++ /dev/null @@ -1,37 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true -# -# Cookbook Name:: clamav -# Library:: matchers -# -# Copyright 2012-2017, Jonathan Hartman -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -if defined?(ChefSpec) - { - clamav: %i(create remove), - clamav_app: %i(install upgrade remove), - clamav_config: %i(create delete), - clamav_service: %i(enable disable start stop) - }.each do |matcher, actions| - ChefSpec.define_matcher(matcher) - - actions.each do |action| - define_method("#{action}_#{matcher}") do |name| - ChefSpec::Matchers::ResourceMatcher.new(matcher, action, name) - end - end - end -end diff --git a/libraries/resource_clamav.rb b/libraries/resource_clamav.rb index a2ff9e1..9bdca18 100644 --- a/libraries/resource_clamav.rb +++ b/libraries/resource_clamav.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Library:: resource_clamav @@ -87,17 +88,17 @@ class Clamav < Resource clamav_service 'freshclam' do action(if new_resource.enable_freshclam - %i(enable start) + %i[enable start] else - %i(stop disable) + %i[stop disable] end) end clamav_service 'clamd' do action(if new_resource.enable_clamd - %i(enable start) + %i[enable start] else - %i(stop disable) + %i[stop disable] end) end end @@ -109,8 +110,8 @@ class Clamav < Resource # action :remove do with_run_context :parent do - clamav_service('clamd') { action %i(stop disable) } - clamav_service('freshclam') { action %i(stop disable) } + clamav_service('clamd') { action %i[stop disable] } + clamav_service('freshclam') { action %i[stop disable] } clamav_config('clamd') { action :delete } clamav_config('freshclam') { action :delete } clamav_app(new_resource.name) { action :remove } diff --git a/libraries/resource_clamav_app.rb b/libraries/resource_clamav_app.rb index 37e57f6..c3b0a7f 100644 --- a/libraries/resource_clamav_app.rb +++ b/libraries/resource_clamav_app.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Library:: resource_clamav_app @@ -47,9 +48,7 @@ class ClamavApp < Resource # action :install do pkgs = new_resource.class::DEFAULTS[:base_packages] - if new_resource.dev - pkgs += new_resource.class::DEFAULTS[:dev_packages] - end + pkgs += new_resource.class::DEFAULTS[:dev_packages] if new_resource.dev pkgs.each do |p| package p do version new_resource.version unless new_resource.version.nil? @@ -62,9 +61,7 @@ class ClamavApp < Resource # action :upgrade do pkgs = new_resource.class::DEFAULTS[:base_packages] - if new_resource.dev - pkgs += new_resource.class::DEFAULTS[:dev_packages] - end + pkgs += new_resource.class::DEFAULTS[:dev_packages] if new_resource.dev pkgs.each do |p| package p do version new_resource.version unless new_resource.version.nil? @@ -78,7 +75,7 @@ class ClamavApp < Resource # action :remove do pkgs = new_resource.class::DEFAULTS[:dev_packages] + \ - new_resource.class::DEFAULTS[:base_packages] + new_resource.class::DEFAULTS[:base_packages] pkgs.each { |p| package(p) { action :purge } } end end diff --git a/libraries/resource_clamav_app_debian.rb b/libraries/resource_clamav_app_debian.rb index e1d13c8..a85d910 100644 --- a/libraries/resource_clamav_app_debian.rb +++ b/libraries/resource_clamav_app_debian.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Library:: resource_clamav_app_debian @@ -30,9 +31,9 @@ class ClamavAppDebian < ClamavApp provides :clamav_app, platform_family: 'debian' DEFAULTS ||= { - base_packages: %w(clamav clamav-daemon clamav-freshclam), - dev_packages: %w(libclamav-dev) - } + base_packages: %w[clamav clamav-daemon clamav-freshclam], + dev_packages: %w[libclamav-dev] + }.freeze end end end diff --git a/libraries/resource_clamav_config.rb b/libraries/resource_clamav_config.rb index bf81fff..3792be0 100644 --- a/libraries/resource_clamav_config.rb +++ b/libraries/resource_clamav_config.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Library:: resource_clamav_config @@ -36,7 +37,7 @@ class ClamavConfig < Resource property :service_name, String, name_property: true, - equal_to: %w(clamd freshclam) + equal_to: %w[clamd freshclam] # # Allow the user to override the path of the config dir (at their peril). @@ -80,13 +81,17 @@ class ClamavConfig < Resource def method_missing(method_symbol, *args, &block) super rescue NoMethodError - raise if !block.nil? || args.length > 1 - case args.length - when 1 - config[method_symbol] = args[0] - when 0 - config[method_symbol] || raise - end + raise if !block.nil? || args.length != 1 + config[method_symbol] = args[0] + end + + # + # The property calls in method_missing do all the work for this. + # + # (see Object#respond_to_missing?) + # + def respond_to_missing?(method_symbol, include_private = false) + super end # diff --git a/libraries/resource_clamav_config_debian.rb b/libraries/resource_clamav_config_debian.rb index 4c67bad..428e735 100644 --- a/libraries/resource_clamav_config_debian.rb +++ b/libraries/resource_clamav_config_debian.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Library:: resource_clamav_config_debian @@ -36,8 +37,9 @@ class Resource # FixStaleSocket true # The ClamAV default # LocalSocketGroup clamav # The ClamAV default # LocalSocketMode 666 # The ClamAV default - # # TemporaryDirectory is not set to its default /tmp here to make overriding - # # the default with environment variables TMPDIR/TMP/TEMP possible + # # TemporaryDirectory is not set to its default /tmp here to make + # # overriding the default with environment variables TMPDIR/TMP/TEMP + # # possible # User clamav # AllowSupplementaryGroups false # The ClamAV default # ScanMail true # The ClamAV default @@ -124,7 +126,7 @@ class Resource # # # Automatically created by the clamav-freshclam postinst # # Comments will get lost when you reconfigure the clamav-freshclam package - # + # # DatabaseOwner clamav # UpdateLogFile /var/log/clamav/freshclam.log # LogVerbose false # The ClamAV default @@ -180,7 +182,7 @@ class ClamavConfigDebian < ClamavConfig freshclam_config: { checks: 24, connect_timeout: 30, - database_mirror: %w(db.local.clamav.net database.clamav.net), + database_mirror: %w[db.local.clamav.net database.clamav.net], database_owner: 'clamav', log_file_max_size: 0, log_rotate: true, @@ -189,7 +191,7 @@ class ClamavConfigDebian < ClamavConfig notify_clamd: '/etc/clamav/clamd.conf', update_log_file: '/var/log/clamav/freshclam.log' } - } + }.freeze end end end diff --git a/libraries/resource_clamav_cron.rb b/libraries/resource_clamav_cron.rb index f8decfc..04c07b4 100644 --- a/libraries/resource_clamav_cron.rb +++ b/libraries/resource_clamav_cron.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Library:: resource_clamav_cron @@ -34,14 +35,14 @@ class ClamavCron < Resource # # Properties for the underlying cron job definition. # - %i(minute hour day month weekday).each do |p| - property p, [Fixnum, String], required: true + %i[minute hour day month weekday].each do |p| + property p, [Integer, String], required: true end # # A filesystem path or array of paths to scan. # - property :paths, [Array, String], default: %w(/) + property :paths, [Array, String], default: %w[/] # # Create the cron job. diff --git a/libraries/resource_clamav_service.rb b/libraries/resource_clamav_service.rb index 12b0c04..c061af3 100644 --- a/libraries/resource_clamav_service.rb +++ b/libraries/resource_clamav_service.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Library:: resource_clamav_service @@ -34,7 +35,7 @@ class ClamavService < Resource property :service_name, String, name_property: true, - equal_to: %w(clamd freshclam) + equal_to: %w[clamd freshclam] # # The 'clamd' or 'freshclam' service then gets translated into whatever diff --git a/libraries/resource_clamav_service_debian.rb b/libraries/resource_clamav_service_debian.rb index a93d90f..014d068 100644 --- a/libraries/resource_clamav_service_debian.rb +++ b/libraries/resource_clamav_service_debian.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Library:: resource_clamav_service_debian @@ -32,7 +33,7 @@ class ClamavServiceDebian < ClamavService DEFAULTS ||= { clamd_service_name: 'clamav-daemon', freshclam_service_name: 'clamav-freshclam' - } + }.freeze end end end diff --git a/libraries/resource_clamav_update.rb b/libraries/resource_clamav_update.rb index cdcb500..8457325 100644 --- a/libraries/resource_clamav_update.rb +++ b/libraries/resource_clamav_update.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Library:: resource_clamav_update @@ -62,7 +63,7 @@ class ClamavUpdate < Resource when :freshclam execute 'freshclam' else - %w(main.cvd daily.cvd bytecode.cvd).each do |f| + %w[main.cvd daily.cvd bytecode.cvd].each do |f| remote_file ::File.join('/var/lib/clamav', f) do source ::File.join(new_resource.source, f) end diff --git a/metadata.rb b/metadata.rb index 60cb496..160793d 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,7 +4,7 @@ name 'clamav' maintainer 'Jonathan Hartman' maintainer_email 'j@p4nt5.com' -license 'Apache v2.0' +license 'Apache-2.0' description 'Installs/configures ClamAV' long_description 'Installs/configures ClamAV' version '1.3.1' diff --git a/recipes/default.rb b/recipes/default.rb index 52f4ed4..df99859 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -1,5 +1,6 @@ # encoding: utf-8 # frozen_string_literal: true + # # Cookbook Name:: clamav # Recipe:: default diff --git a/spec/libraries/helpers_config_spec.rb b/spec/libraries/helpers_config_spec.rb index 86e2c85..4f4b0ff 100644 --- a/spec/libraries/helpers_config_spec.rb +++ b/spec/libraries/helpers_config_spec.rb @@ -84,7 +84,7 @@ expected = { fix_stale_socket: true, pid_file: '/var/run/clamav.pid', - database_mirror: %w(mirror1 mirror2 mirror3) + database_mirror: %w[mirror1 mirror2 mirror3] } expect(config.instance_variable_get(:@config)).to eq(expected) end @@ -150,7 +150,7 @@ { fix_stale_socket: true, pid_file: '/var/run/clamav.pid', - database_mirror: %w(mirror1 mirror2 mirror3) + database_mirror: %w[mirror1 mirror2 mirror3] } end @@ -210,7 +210,7 @@ { fix_stale_socket: true, pid_file: '/var/run/clamav.pid', - database_mirror: %w(mirror1 mirror2 mirror3) + database_mirror: %w[mirror1 mirror2 mirror3] } end diff --git a/spec/libraries/helpers_defaults_spec.rb b/spec/libraries/helpers_defaults_spec.rb deleted file mode 100644 index ec62b25..0000000 --- a/spec/libraries/helpers_defaults_spec.rb +++ /dev/null @@ -1,212 +0,0 @@ -# encoding: utf-8 -# frozen_string_literal: true - -require_relative '../spec_helper' -require_relative '../../libraries/helpers_defaults' - -describe ClamavCookbook::Helpers::Defaults do - let(:platform) { nil } - let(:node) { ChefSpec::Macros.stub_node('node.example', platform) } - let(:test_class) do - Class.new do - include ClamavCookbook::Helpers::Defaults - end - end - let(:test_obj) { test_class.new } - - before(:each) do - allow(test_obj).to receive(:node).and_return(node) - end - - describe '#clamd_service_name' do - context 'Ubuntu 14.04' do - let(:platform) { { platform: 'ubuntu', version: '14.04' } } - - it 'returns the correct service name' do - expect(test_obj.clamd_service_name).to eq('clamav-daemon') - end - end - - context 'Debian 8.2' do - let(:platform) { { platform: 'debian', version: '8.2' } } - - it 'returns the correct service name' do - expect(test_obj.clamd_service_name).to eq('clamav-daemon') - end - end - end - - describe '#freshclam_service_name' do - context 'Ubuntu 14.04' do - let(:platform) { { platform: 'ubuntu', version: '14.04' } } - - it 'returns the correct service name' do - expect(test_obj.freshclam_service_name).to eq('clamav-freshclam') - end - end - - context 'Debian 8.2' do - let(:platform) { { platform: 'debian', version: '8.2' } } - - it 'returns the correct service name' do - expect(test_obj.freshclam_service_name).to eq('clamav-freshclam') - end - end - end - - describe '#freshclam_config' do - context 'Ubuntu 14.04' do - let(:platform) { { platform: 'ubuntu', version: '14.04' } } - - it 'returns the correct config' do - expect(test_obj.freshclam_config).to eq( - database_mirror: %w(db.local.clamav.net database.clamav.net) - ) - end - end - - context 'Debian 8.2' do - let(:platform) { { platform: 'debian', version: '8.2' } } - - it 'returns the correct config' do - expect(test_obj.freshclam_config).to eq( - database_mirror: %w(db.local.clamav.net database.clamav.net) - ) - end - end - end - - describe '#clamd_config' do - context 'Ubuntu 14.04' do - let(:platform) { { platform: 'ubuntu', version: '14.04' } } - - it 'returns the correct config' do - expect(test_obj.clamd_config).to eq( - local_socket: '/var/run/clamav/clamd.sock' - ) - end - end - - context 'Debian 8.2' do - let(:platform) { { platform: 'debian', version: '8.2' } } - - it 'returns the correct config' do - expect(test_obj.clamd_config).to eq( - local_socket: '/var/run/clamav/clamd.sock' - ) - end - end - end - - describe '#clamav_data_dir' do - context 'Ubuntu 14.04' do - let(:platform) { { platform: 'ubuntu', version: '14.04' } } - - it 'returns the correct path' do - expect(test_obj.clamav_data_dir).to eq('/var/lib/clamav') - end - end - - context 'Debian 8.2' do - let(:platform) { { platform: 'debian', version: '8.2' } } - - it 'returns the correct path' do - expect(test_obj.clamav_data_dir).to eq('/var/lib/clamav') - end - end - end - - describe '#clamav_conf_dir' do - context 'Ubuntu 14.04' do - let(:platform) { { platform: 'ubuntu', version: '14.04' } } - - it 'returns the correct path' do - expect(test_obj.clamav_conf_dir).to eq('/etc/clamav') - end - end - - context 'Debian 8.2' do - let(:platform) { { platform: 'debian', version: '8.2' } } - - it 'returns the correct path' do - expect(test_obj.clamav_conf_dir).to eq('/etc/clamav') - end - end - end - - describe '#clamav_user' do - context 'Ubuntu 14.04' do - let(:platform) { { platform: 'ubuntu', version: '14.04' } } - - it 'returns the correct user' do - expect(test_obj.clamav_user).to eq('clamav') - end - end - - context 'Debian 8.2' do - let(:platform) { { platform: 'debian', version: '8.2' } } - - it 'returns the correct user' do - expect(test_obj.clamav_user).to eq('clamav') - end - end - end - - describe '#clamav_group' do - context 'Ubuntu 14.04' do - let(:platform) { { platform: 'ubuntu', version: '14.04' } } - - it 'returns the correct group' do - expect(test_obj.clamav_group).to eq('clamav') - end - end - - context 'Debian 8.2' do - let(:platform) { { platform: 'debian', version: '8.2' } } - - it 'returns the correct group' do - expect(test_obj.clamav_group).to eq('clamav') - end - end - end - - describe '#base_packages' do - context 'Ubuntu 14.04' do - let(:platform) { { platform: 'ubuntu', version: '14.04' } } - - it 'returns the correct package list' do - expect(test_obj.base_packages).to eq( - %w(clamav clamav-daemon clamav-freshclam) - ) - end - end - - context 'Debian 8.2' do - let(:platform) { { platform: 'debian', version: '8.2' } } - - it 'returns the correct package list' do - expect(test_obj.base_packages).to eq( - %w(clamav clamav-daemon clamav-freshclam) - ) - end - end - end - - describe '#dev_packages' do - context 'Ubuntu 14.04' do - let(:platform) { { platform: 'ubuntu', version: '14.04' } } - - it 'returns the correct package list' do - expect(test_obj.dev_packages).to eq(%w(libclamav-dev)) - end - end - - context 'Debian 8.2' do - let(:platform) { { platform: 'debian', version: '8.2' } } - - it 'returns the correct package list' do - expect(test_obj.dev_packages).to eq(%w(libclamav-dev)) - end - end - end -end diff --git a/spec/recipes/default_spec.rb b/spec/recipes/default_spec.rb index bf9a601..1430fd6 100644 --- a/spec/recipes/default_spec.rb +++ b/spec/recipes/default_spec.rb @@ -5,22 +5,22 @@ describe 'clamav::default' do let(:version) { nil } - %w( + %w[ version dev clamd_config freshclam_config clamd_enabled freshclam_enabled - ).each { |a| let(a) { nil } } + ].each { |a| let(a) { nil } } let(:platform) { { platform: 'ubuntu', version: '14.04' } } let(:runner) do ChefSpec::ServerRunner.new(platform) do |node| - %w(version dev).each do |a| + %w[version dev].each do |a| node.normal['clamav'][a] = send(a) unless send(a).nil? end - %w(config enabled).each do |a| - %w(clamd freshclam).each do |s| + %w[config enabled].each do |a| + %w[clamd freshclam].each do |s| unless send("#{s}_#{a}").nil? node.normal['clamav'][s][a] = send("#{s}_#{a}") end diff --git a/spec/resources.rb b/spec/resources.rb index a611965..71cb2a8 100644 --- a/spec/resources.rb +++ b/spec/resources.rb @@ -4,13 +4,13 @@ require_relative 'spec_helper' shared_context 'resources' do - %i(resource name platform platform_version action).each { |p| let(p) { nil } } + %i[resource name platform platform_version action].each { |p| let(p) { nil } } let(:properties) { {} } let(:runner) do ChefSpec::SoloRunner.new( step_into: resource, platform: platform, version: platform_version ) do |node| - %i(resource name action).each do |p| + %i[resource name action].each do |p| next if send(p).nil? node.default['resource_test'][p] = send(p) end diff --git a/spec/resources/clamav.rb b/spec/resources/clamav.rb index 7dda629..b9198cd 100644 --- a/spec/resources/clamav.rb +++ b/spec/resources/clamav.rb @@ -7,14 +7,14 @@ include_context 'resources' let(:resource) { 'clamav' } - %i( + %i[ enable_clamd enable_freshclam clamd_config freshclam_config version dev - ).each do |p| + ].each do |p| let(p) { nil } end let(:properties) do diff --git a/spec/resources/clamav/debian.rb b/spec/resources/clamav/debian.rb index b232004..f951a09 100644 --- a/spec/resources/clamav/debian.rb +++ b/spec/resources/clamav/debian.rb @@ -27,7 +27,7 @@ freshclam_config: { checks: 24, connect_timeout: 30, - database_mirror: %w(db.local.clamav.net database.clamav.net), + database_mirror: %w[db.local.clamav.net database.clamav.net], database_owner: 'clamav', log_file_max_size: 0, log_rotate: true, diff --git a/spec/resources/clamav_app.rb b/spec/resources/clamav_app.rb index 7906ce8..eb44719 100644 --- a/spec/resources/clamav_app.rb +++ b/spec/resources/clamav_app.rb @@ -7,7 +7,7 @@ include_context 'resources' let(:resource) { 'clamav_app' } - %i(version dev).each { |p| let(p) { nil } } + %i[version dev].each { |p| let(p) { nil } } let(:properties) { { version: version, dev: dev } } let(:name) { 'default' } diff --git a/spec/resources/clamav_app/debian.rb b/spec/resources/clamav_app/debian.rb index 25b3c18..1c9b0cb 100644 --- a/spec/resources/clamav_app/debian.rb +++ b/spec/resources/clamav_app/debian.rb @@ -6,8 +6,8 @@ shared_context 'resources::clamav_app::debian' do include_context 'resources::clamav_app' - let(:base_packages) { %w(clamav clamav-daemon clamav-freshclam) } - let(:dev_packages) { %w(libclamav-dev) } + let(:base_packages) { %w[clamav clamav-daemon clamav-freshclam] } + let(:dev_packages) { %w[libclamav-dev] } shared_examples_for 'any Debian platform' do it_behaves_like 'any platform' diff --git a/spec/resources/clamav_config.rb b/spec/resources/clamav_config.rb index cae8312..4d48461 100644 --- a/spec/resources/clamav_config.rb +++ b/spec/resources/clamav_config.rb @@ -7,7 +7,7 @@ include_context 'resources' let(:resource) { 'clamav_config' } - %i(service_name path user group config).each do |p| + %i[service_name path user group config].each do |p| let(p) { nil } end let(:properties) do @@ -26,7 +26,9 @@ context 'the :create action' do shared_examples_for 'any property set' do it 'creates the config directory' do - expect(chef_run).to create_directory(path || defaults[:conf_dir]).with( + expect(chef_run).to create_directory( + path || defaults[:conf_dir] + ).with( owner: user || defaults[:user], group: group || defaults[:group], mode: '0644', @@ -35,10 +37,6 @@ end it 'creates the config file' do - props = { - owner: user || defaults[:user], - group: group || defaults[:group] - } expect(chef_run).to create_file( "#{path || defaults[:conf_dir]}/#{service_name || name}.conf" ).with(owner: user || defaults[:user], @@ -92,8 +90,9 @@ ReadTimeout 200 ScanSWF true EOH - expect(chef_run).to create_file("#{path || defaults[:conf_dir]}/clamd.conf") - .with(content: expected) + expect(chef_run).to create_file( + "#{path || defaults[:conf_dir]}/clamd.conf" + ).with(content: expected) end end @@ -117,8 +116,9 @@ ScanSWF true SelfCheck 3600 EOH - expect(chef_run).to create_file("#{path || defaults[:conf_dir]}/clamd.conf") - .with(content: expected) + expect(chef_run).to create_file( + "#{path || defaults[:conf_dir]}/clamd.conf" + ).with(content: expected) end end end diff --git a/spec/resources/clamav_cron/ubuntu/14_04_spec.rb b/spec/resources/clamav_cron/ubuntu/14_04_spec.rb index 21e4509..a53320b 100644 --- a/spec/resources/clamav_cron/ubuntu/14_04_spec.rb +++ b/spec/resources/clamav_cron/ubuntu/14_04_spec.rb @@ -1,7 +1,7 @@ require_relative '../../../spec_helper' describe 'resource_clamav_cron::ubuntu::14_04' do - %i( + %i[ minute hour day @@ -9,14 +9,14 @@ weekday paths action - ).each do |a| + ].each do |a| let(a) { nil } end let(:runner) do ChefSpec::SoloRunner.new( step_into: 'clamav_cron', platform: 'ubuntu', version: '14.04' ) do |node| - %i(minute hour day month weekday).each do |a| + %i[minute hour day month weekday].each do |a| node.set['clamav']['cron'][a] = send(a) end node.set['clamav']['cron']['paths'] = paths unless paths.nil? @@ -64,7 +64,7 @@ let(:day) { '*' } let(:month) { '*' } let(:weekday) { '*' } - let(:paths) { %w(/var /home /lib) } + let(:paths) { %w[/var /home /lib] } cached(:chef_run) { converge } it_behaves_like 'any attribute set' diff --git a/spec/resources/clamav_service.rb b/spec/resources/clamav_service.rb index 13183f7..5c24013 100644 --- a/spec/resources/clamav_service.rb +++ b/spec/resources/clamav_service.rb @@ -7,7 +7,7 @@ include_context 'resources' let(:resource) { 'clamav_service' } - %i(service_name platform_service_name wait_for_freshclam).each do |p| + %i[service_name platform_service_name wait_for_freshclam].each do |p| let(p) { nil } end let(:properties) do @@ -27,7 +27,7 @@ before do allow(File).to receive(:exist?).and_call_original allow(File).to receive(:exist?).with('/var/lib/clamav/main.cvd') - .and_return(main_cvd_exist?) + .and_return(main_cvd_exist?) end shared_examples_for 'any platform' do @@ -79,13 +79,14 @@ end end - %i(enable disable start stop).each do |a| + %i[enable disable start stop].each do |a| context "the :#{a} action" do let(:action) { a } shared_examples_for 'any property set' do it 'passes the action on to a regular service resource' do - svc = platform_service_name || send("#{service_name || name}_service") + svc = platform_service_name || \ + send("#{service_name || name}_service") expect(chef_run).to send("#{a}_service", svc) .with(supports: { status: true, restart: true }) end diff --git a/spec/resources/clamav_update.rb b/spec/resources/clamav_update.rb index f8028a9..62e060e 100644 --- a/spec/resources/clamav_update.rb +++ b/spec/resources/clamav_update.rb @@ -7,7 +7,7 @@ include_context 'resources' let(:resource) { 'clamav_update' } - %i(source).each { |p| let(p) { nil } } + %i[source].each { |p| let(p) { nil } } let(:properties) { { source: source } } let(:name) { 'default' } @@ -32,7 +32,7 @@ it_behaves_like 'any property set' - %w(main.cvd daily.cvd bytecode.cvd).each do |f| + %w[main.cvd daily.cvd bytecode.cvd].each do |f| it "downloads #{f} from database.clamav.net" do expect(chef_run).to create_remote_file("/var/lib/clamav/#{f}") .with(source: "http://database.clamav.net/#{f}") @@ -45,7 +45,7 @@ it_behaves_like 'any property set' - %w(main.cvd daily.cvd bytecode.cvd).each do |f| + %w[main.cvd daily.cvd bytecode.cvd].each do |f| it "downloads #{f} from the custom source" do expect(chef_run).to create_remote_file("/var/lib/clamav/#{f}") .with(source: "file:///tmp/cache/#{f}") diff --git a/test/fixtures/cookbooks/clamav_test/recipes/default.rb b/test/fixtures/cookbooks/clamav_test/recipes/default.rb index c74e963..175d586 100644 --- a/test/fixtures/cookbooks/clamav_test/recipes/default.rb +++ b/test/fixtures/cookbooks/clamav_test/recipes/default.rb @@ -10,7 +10,7 @@ # configs. package 'rsyslog' service 'rsyslog' do - action %i(enable start) + action %i[enable start] end # Speed up the build by circumventing the initial freshclam run and pulling in diff --git a/test/smoke/base/app_test.rb b/test/smoke/base/app_test.rb index 4aa198a..074d6d5 100644 --- a/test/smoke/base/app_test.rb +++ b/test/smoke/base/app_test.rb @@ -3,7 +3,7 @@ pkgs = case os[:family] when 'debian' - %w(clamav clamav-daemon clamav-freshclam) + %w[clamav clamav-daemon clamav-freshclam] end pkgs.each do |p| diff --git a/test/smoke/base/config_test.rb b/test/smoke/base/config_test.rb index 762a659..5c70aaa 100644 --- a/test/smoke/base/config_test.rb +++ b/test/smoke/base/config_test.rb @@ -3,7 +3,7 @@ case os[:family] when 'debian' - %w(/etc/clamav/clamd.conf /etc/clamav/freshclam.conf).each do |f| + %w[/etc/clamav/clamd.conf /etc/clamav/freshclam.conf].each do |f| describe file(f) do it { should exist } its(:owner) { should eq('clamav') } diff --git a/test/smoke/default/app_test.rb b/test/smoke/default/app_test.rb index dc3e1fd..38e21df 100644 --- a/test/smoke/default/app_test.rb +++ b/test/smoke/default/app_test.rb @@ -3,7 +3,7 @@ pkgs = case os[:family] when 'debian' - %w(libclamav-dev) + %w[libclamav-dev] end pkgs.each do |p| diff --git a/test/smoke/default/service_test.rb b/test/smoke/default/service_test.rb index ca2de44..b5f081f 100644 --- a/test/smoke/default/service_test.rb +++ b/test/smoke/default/service_test.rb @@ -3,7 +3,7 @@ case os[:family] when 'debian' - %w(clamav-daemon clamav-freshclam).each do |s| + %w[clamav-daemon clamav-freshclam].each do |s| describe service(s) do it { should_not be_enabled } it { should_not be_running } diff --git a/test/smoke/enabled/service_test.rb b/test/smoke/enabled/service_test.rb index af0bc21..dff4d1d 100644 --- a/test/smoke/enabled/service_test.rb +++ b/test/smoke/enabled/service_test.rb @@ -5,8 +5,8 @@ case os[:family] when 'debian' - %w(clamav-daemon clamav-freshclam).each do |s| - describe service(s) + %w[clamav-daemon clamav-freshclam].each do |s| + describe service(s) do it { should be_enabled } it { should be_running } end diff --git a/test/smoke/remove/app_test.rb b/test/smoke/remove/app_test.rb index 5ad7cb3..90ef4e3 100644 --- a/test/smoke/remove/app_test.rb +++ b/test/smoke/remove/app_test.rb @@ -3,7 +3,7 @@ pkgs = case os[:family] when 'debian' - %w(clamav clamav-daemon clamav-freshclam libclamav-dev) + %w[clamav clamav-daemon clamav-freshclam libclamav-dev] end pkgs.each do |p| diff --git a/test/smoke/remove/config_test.rb b/test/smoke/remove/config_test.rb index 62c55a0..bcdbc14 100644 --- a/test/smoke/remove/config_test.rb +++ b/test/smoke/remove/config_test.rb @@ -3,7 +3,7 @@ files = case os[:family] when 'debian' - %w(/etc/clamav/clamd.conf /etc/clamav/freshclam.conf) + %w[/etc/clamav/clamd.conf /etc/clamav/freshclam.conf] end files.each do |f| diff --git a/test/smoke/remove/service_test.rb b/test/smoke/remove/service_test.rb index ec67443..fbbf1cd 100644 --- a/test/smoke/remove/service_test.rb +++ b/test/smoke/remove/service_test.rb @@ -4,8 +4,8 @@ require_relative '../spec_helper' describe 'clamav::remove::service' do - %w(clamav-daemon clamav-freshclam).each do |s| - describe service(s), if: %w(ubuntu debian).include?(os[:family]) do + %w[clamav-daemon clamav-freshclam].each do |s| + describe service(s), if: %w[ubuntu debian].include?(os[:family]) do it 'is not enabled' do expect(subject).to_not be_enabled end