[Clamd] use python bootstrapper to start CLAMD container

2026-01-20 12:25:29 +00:00 · 2025-05-21 14:02:49 +02:00
parent 5a39ae45cb
commit 669f75182d
9 changed files with 122 additions and 60 deletions
--- a/data/Dockerfiles/bootstrap/modules/BootstrapBase.py
+++ b/data/Dockerfiles/bootstrap/modules/BootstrapBase.py
@@ -30,16 +30,14 @@ class BootstrapBase:
    self.mysql_conn = None
    self.redis_conn = None

-  def render_config(self, template_name, output_path):
+  def render_config(self, template_name, output_path, clean_blank_lines=False):
    """
    Renders a Jinja2 template and writes it to the specified output path.

-    The method uses the class's `self.env` Jinja2 environment and `self.env_vars`
-    for rendering template variables.
-
    Args:
-        template_name (str): Name of the template file.
-        output_path (str or Path): Path to write the rendered output file.
+      template_name (str): Name of the template file.
+      output_path (str or Path): Path to write the rendered output file.
+      clean_blank_lines (bool): If True, removes empty/whitespace-only lines from rendered output.
    """

    output_path = Path(output_path)
@@ -48,6 +46,12 @@ class BootstrapBase:
    template = self.env.get_template(template_name)
    rendered = template.render(self.env_vars)

+    if clean_blank_lines:
+      rendered = "\n".join(line for line in rendered.splitlines() if line.strip())
+
+    # converts output to Unix-style line endings
+    rendered = rendered.replace('\r\n', '\n').replace('\r', '\n')
+
    with open(output_path, "w") as f:
      f.write(rendered)

--- a/data/Dockerfiles/bootstrap/modules/BootstrapClamd.py
+++ b/data/Dockerfiles/bootstrap/modules/BootstrapClamd.py
@@ -0,0 +1,58 @@
+from jinja2 import Environment, FileSystemLoader
+from modules.BootstrapBase import BootstrapBase
+from pathlib import Path
+import os
+import sys
+import time
+import platform
+
+class Bootstrap(BootstrapBase):
+  def bootstrap(self):
+    # Skip Clamd if set
+    if self.isYes(os.getenv("SKIP_CLAMD", "")):
+      print("SKIP_CLAMD is set, skipping ClamAV startup...")
+      time.sleep(365 * 24 * 60 * 60)
+      sys.exit(1)
+
+    # Connect to MySQL
+    self.connect_mysql()
+
+    print("Cleaning up tmp files...")
+    tmp_files = Path("/var/lib/clamav").glob("clamav-*.tmp")
+    for tmp_file in tmp_files:
+      try:
+        self.remove(tmp_file)
+        print(f"Removed: {tmp_file}")
+      except Exception as e:
+        print(f"Failed to remove {tmp_file}: {e}")
+
+    self.create_dir("/run/clamav")
+    self.create_dir("/var/lib/clamav")
+
+    # Setup Jinja2 Environment and load vars
+    self.env = Environment(
+      loader=FileSystemLoader('./etc/clamav/config_templates'),
+      keep_trailing_newline=True,
+      lstrip_blocks=True,
+      trim_blocks=True
+    )
+    extra_vars = {
+    }
+    self.env_vars = self.prepare_template_vars('/overwrites.json', extra_vars)
+
+    print("Set Timezone")
+    self.set_timezone()
+
+    print("Render config")
+    self.render_config("whitelist.ign2.j2", "/var/lib/clamav/whitelist.ign2", clean_blank_lines=True)
+
+    # Fix permissions
+    self.set_owner("/var/lib/clamav", "clamav", "clamav", recursive=True)
+    self.set_owner("/run/clamav", "clamav", "clamav", recursive=True)
+    self.set_permissions("/var/lib/clamav", 0o755)
+    for item in Path("/var/lib/clamav").glob("*"):
+      self.set_permissions(item, 0o644)
+    self.set_permissions("/run/clamav", 0o750)
+
+    # Copying to /etc/clamav to expose file as-is to administrator
+    self.copy_file("/var/lib/clamav/whitelist.ign2", "/etc/clamav/whitelist.ign2")