[yocto] [meta-security][PATCH] clamav: freshclam need bind to run

akuster808 akuster808 at gmail.com
Sun Apr 7 22:23:46 PDT 2019 


On 4/7/19 12:46 PM, Adrian Bunk wrote:
> On Sun, Apr 07, 2019 at 11:45:18AM +0530, akuster808 wrote:
>>
>> On 4/7/19 10:42 AM, Adrian Bunk wrote:
>>> On Sun, Apr 07, 2019 at 01:38:38AM +0530, akuster808 wrote:
>>>> On 4/6/19 8:31 PM, Adrian Bunk wrote:
>>>>> On Sat, Apr 06, 2019 at 08:15:40PM +0530, Armin Kuster wrote:
>>>>>> Add it to the rdepends for that package
>>>>>>
>>>>>> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
>>>>>> ---
>>>>>>  recipes-security/clamav/clamav_0.99.4.bb | 2 ++
>>>>>>  1 file changed, 2 insertions(+)
>>>>>>
>>>>>> diff --git a/recipes-security/clamav/clamav_0.99.4.bb b/recipes-security/clamav/clamav_0.99.4.bb
>>>>>> index 6219d9e..dbe903f 100644
>>>>>> --- a/recipes-security/clamav/clamav_0.99.4.bb
>>>>>> +++ b/recipes-security/clamav/clamav_0.99.4.bb
>>>>>> @@ -152,3 +152,5 @@ RCONFLICTS_${PN} += "${PN}-systemd"
>>>>>>  SYSTEMD_SERVICE_${PN} = "${BPN}.service"
>>>>>>  
>>>>>>  RDEPENDS_${PN} += "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav"
>>>>>> +
>>>>>> +RDEPENDS_freshclam = "bind"
>>>>> freshclam depending on a DNS server looks very wrong.
>>>> got talk to clamav folks then.
>>>>
>>>>> What is the actual problem?
>>>> ClamAV update process started at Sat Apr  6 14:59:25 2019
>>>> WARNING: Can't query current.cvd.clamav.net
>>>> WARNING: Invalid DNS reply. Falling back to HTTP mode.
>>>> ERROR: Can't get information about database.clamav.net: Temporary failure in name resolution
>>>> ERROR: Can't download main.cvd from database.clamav.net
>>>> Giving up on database.clamav.net...
>>>>
>>>> because 
>>>>
>>>> Use DNS to verify virus database version. Freshclam uses DNS TXT records
>>>> to verify database and software versions 
>>>>
>>>> therefor I am including bind.
>>> freshclam needing DNS information makes sense, which means it must be 
>>> configured how to access a DNS server.
>>>
>>> On the local machine you need only DNS client funtionality,
>>> just like every user needs for a web browser.
>>> Forcing installation of a DNS server is not the correct solution
>>> when the actual problem is just a configuration issue on the
>>> machine where you were trying it.
>> So I can expect a patch to provide such configuration. I would like to
>> see how you would solve this.
> How are you configuring networking on your device?

I figured it out.
>
>> Maybe an FAQ we can add to the layer for this package?
> From the error message you gave it is not obvious that there is any
> problem that would be specific to this package.
>
> I would guess that DNS configuration is missing or incorrect on your 
> device, and that "ping www.google.com" would also fail with a name 
> resolution error.

The runtime test I added creates a /etc/resolve.conf , that allows me to
ping to the outside but I missed including the local ip ( 127.)   I am
running this two systems to verify this my flurry of changes. One system
in at home on real hardware and other in qemu my laptop while I am
traveling. With that being said, I can drop the bind requirement and I
need to update the runtime test.

I do appreciate the reviews , questions and push back. 

Kind regards,
Armin
>
>> - armin
> cu
> Adrian
>

More information about the yocto mailing list