aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilliam Bowman <wilbowma@indiana.edu>2011-12-20 23:19:12 -0600
committerRobby Workman <rworkman@slackbuilds.org>2011-12-20 23:19:12 -0600
commitcf8d6e29ed99b62469a816f3d96885073909a548 (patch)
tree79a66e2ecd62170e88d084e172bf9d5e729f8991
parentc36593f743727071b5334fdd643f62e29e445dcf (diff)
network/havp: Added (HTTP Anti Virus Proxy)
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
-rw-r--r--network/havp/README16
-rw-r--r--network/havp/README.setup18
-rw-r--r--network/havp/doinst.sh29
-rw-r--r--network/havp/havp.SlackBuild113
-rw-r--r--network/havp/havp.info10
-rw-r--r--network/havp/patches/fixup_and_install_init_script.diff38
-rw-r--r--network/havp/patches/put_templates_in_usrshare.diff46
-rw-r--r--network/havp/patches/use_clamav_group_by_default.diff16
-rw-r--r--network/havp/patches/use_vartmphavp_for_tempdir.diff26
-rw-r--r--network/havp/slack-desc19
10 files changed, 331 insertions, 0 deletions
diff --git a/network/havp/README b/network/havp/README
new file mode 100644
index 0000000000000..1f5aa3d1337d9
--- /dev/null
+++ b/network/havp/README
@@ -0,0 +1,16 @@
+HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner.
+The main aims are continuous, non-blocking downloads and smooth scanning
+of dynamic and password protected HTTP traffic. Havp antivirus proxy has
+a parent and transparent proxy mode. It can be used with squid or standalone.
+
+This requires mandatory locks on the scanning find system unless you
+add --disable-locking to the configuration (enabled by default for
+performance).
+
+This requires clamav. Also, see README.setup for some configuration hints.
+
+You need an "havp" user (and a "clamav" group, due to the dependency on
+clamav noted above) to be present during compilation and installation.
+Suggested means of accomplishing this are as follows:
+ groupadd -g 210 clamav
+ useradd -u 256 -d /dev/null -s /bin/false -g clamav havp
diff --git a/network/havp/README.setup b/network/havp/README.setup
new file mode 100644
index 0000000000000..0053bc4d0bb80
--- /dev/null
+++ b/network/havp/README.setup
@@ -0,0 +1,18 @@
+README.setup for havp
+
+After installing, edit /etc/havp/havp.conf according to the comments.
+At a minimum, you'll need to pay attention to these two lines:
+
+ # REMOVETHISLINE deleteme
+ ENABLECLAMLIB true
+
+You'll probably want to make /var/tmp/havp a ram-based filesystem,
+so something like this in /etc/fstab will suffice:
+
+ tmpfs /var/tmp/havp tmpfs mand,uid=havp,gid=clamav,mode=0775 0 0
+
+Finally, start clamav and havp:
+
+ /etc/rc.d/rc.clamav start
+ /etc/rc.d/rc.havp start
+
diff --git a/network/havp/doinst.sh b/network/havp/doinst.sh
new file mode 100644
index 0000000000000..d7e2071f92e14
--- /dev/null
+++ b/network/havp/doinst.sh
@@ -0,0 +1,29 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ if [ -e $OLD ]; then
+ cp -a $OLD ${NEW}.incoming
+ cat $NEW > ${NEW}.incoming
+ mv ${NEW}.incoming $NEW
+ fi
+ config $NEW
+}
+
+config etc/havp/blacklist.new
+config etc/havp/havp.config.new
+config etc/havp/whitelist.new
+preserve_perms etc/rc.d/rc.havp.new
+
diff --git a/network/havp/havp.SlackBuild b/network/havp/havp.SlackBuild
new file mode 100644
index 0000000000000..b9df40ae60a29
--- /dev/null
+++ b/network/havp/havp.SlackBuild
@@ -0,0 +1,113 @@
+#!/bin/sh
+
+# Slackware build script for HAVP
+
+# Written by William Bowman <wilbowma@indiana.edu>
+
+PRGNAM=havp
+VERSION=${VERSION:-0.92a}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i486 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+bailout() {
+ printf "\n You must have a \"havp\" user and \"clamav\" group in order
+ to run this script. Add them with something like this
+ (the uid and gid are only suggestions):
+ groupadd -g 210 clamav
+ useradd -u 256 -d /dev/null -s /bin/false -g clamav havp \n"
+ exit 1
+}
+
+if ! getent group clamav 2>&1 >/dev/null; then
+ bailout ;
+elif ! getent passwd havp 2>&1 > /dev/null; then
+ bailout ;
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+# See the patch headers for details
+patch -p1 < $CWD/patches/fixup_and_install_init_script.diff
+patch -p1 < $CWD/patches/use_clamav_group_by_default.diff
+patch -p1 < $CWD/patches/put_templates_in_usrshare.diff
+patch -p1 < $CWD/patches/use_vartmphavp_for_tempdir.diff
+
+CFLAGS="$SLKCFLAGS"
+./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --datadir=/usr/share \
+ --localstatedir=/var \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --enable-ssl-tunnel \
+ --build=$ARCH-slackware-linux
+
+make CFLAGS="$SLKCFLAGS -Wall -g"
+make install DESTDIR=$PKG
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+# Let's not clobber configs
+for file in blacklist whitelist havp.config ; do
+ mv $PKG/etc/havp/$file $PKG/etc/havp/$file.new ;
+done
+
+# Note that /var/log/havp should probably not be operated on by logrotate,
+# since it runs as root, and the directory is controlled by a non-root
+# process. This is mitigated in logrotate-3.8.0+ with an "su" directive
+# to logrotate, but it's not available in 13.37.
+chown havp:clamav $PKG/var/{log,run,tmp}/havp
+chmod 0775 $PKG/var/tmp/havp
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a INSTALL COPYING ChangeLog $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+cat $CWD/README.setup > $PKG/usr/doc/$PRGNAM-$VERSION/README.setup
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/network/havp/havp.info b/network/havp/havp.info
new file mode 100644
index 0000000000000..918de0182667f
--- /dev/null
+++ b/network/havp/havp.info
@@ -0,0 +1,10 @@
+PRGNAM="havp"
+VERSION="0.92a"
+HOMEPAGE="http://sourceforge.net/projects/havp/"
+DOWNLOAD="http://downloads.sourceforge.net/havp/havp-0.92a.tar.gz"
+MD5SUM="f9a37411116eceea579b9034c5fa8a69"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+MAINTAINER="William Bowman"
+EMAIL="wilbowma@indiana.edu"
+APPROVED="rworkman"
diff --git a/network/havp/patches/fixup_and_install_init_script.diff b/network/havp/patches/fixup_and_install_init_script.diff
new file mode 100644
index 0000000000000..80ea40ba33ce3
--- /dev/null
+++ b/network/havp/patches/fixup_and_install_init_script.diff
@@ -0,0 +1,38 @@
+Fix paths to havp binary, config file, and init script, and make
+sure the init script is installed to the correct directory.
+
+diff -Nur havp-0.92a.orig/etc/init.d/havp havp-0.92a/etc/init.d/havp
+--- havp-0.92a.orig/etc/init.d/havp 2006-03-24 11:26:26.000000000 -0600
++++ havp-0.92a/etc/init.d/havp 2011-12-20 10:28:49.449889309 -0600
+@@ -9,8 +9,8 @@
+ # Any configuration of HAVP is done in havp.config
+ # Type havp --help for help and read havp.config you should have received.
+
+-HAVP_BIN=/usr/local/sbin/havp
+-HAVP_CONFIG=/usr/local/etc/havp/havp.config
++HAVP_BIN=/usr/sbin/havp
++HAVP_CONFIG=/etc/havp/havp.config
+ PIDFILE=/var/run/havp/havp.pid
+
+ # Return values acc. to LSB for all commands but status:
+@@ -54,6 +54,7 @@
+ echo "Error: $HAVP_BIN not found"
+ exit 5
+ fi
++ mkdir -p `dirname $PIDFILE`
+ $HAVP_BIN -c $HAVP_CONFIG
+ exit $?
+ ;;
+diff -Nur havp-0.92a.orig/havp/Makefile.in havp-0.92a/havp/Makefile.in
+--- havp-0.92a.orig/havp/Makefile.in 2007-09-11 13:42:44.000000000 -0500
++++ havp-0.92a/havp/Makefile.in 2011-12-20 10:27:42.992846172 -0600
+@@ -29,7 +29,8 @@
+ $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/log/havp
+ $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/tmp/havp
+ $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/run/havp
+- $(INSTALL) -d $(DESTDIR)/etc/init.d
++ $(INSTALL) -d $(DESTDIR)/etc/rc.d
++ $(INSTALL) -m 755 ../etc/init.d/havp $(DESTDIR)/etc/rc.d/rc.havp.new
+ $(INSTALL) -m 644 ../etc/havp/havp.config $(DESTDIR)$(sysconfdir)/havp/havp.config.default
+ @if [ ! -f $(DESTDIR)$(sysconfdir)/havp/havp.config ]; then \
+ echo "$(INSTALL) -m 644 ../etc/havp/havp.config $(DESTDIR)$(sysconfdir)/havp/havp.config"; \
diff --git a/network/havp/patches/put_templates_in_usrshare.diff b/network/havp/patches/put_templates_in_usrshare.diff
new file mode 100644
index 0000000000000..5bf54cfa29e77
--- /dev/null
+++ b/network/havp/patches/put_templates_in_usrshare.diff
@@ -0,0 +1,46 @@
+Use @datadir@/havp/ (e.g. /usr/share/havp) instead of
+@sysconfdir@/havp (e.g. /etc/havp) for the templates
+(use for error messages and such)
+
+diff -Nur havp-0.92a.orig/etc/havp/havp.config.in havp-0.92a/etc/havp/havp.config.in
+--- havp-0.92a.orig/etc/havp/havp.config.in 2011-12-20 22:00:20.651052966 -0600
++++ havp-0.92a/etc/havp/havp.config.in 2011-12-20 22:00:06.253243044 -0600
+@@ -203,7 +203,7 @@
+ # Path to template files.
+ #
+ # Default:
+-# TEMPLATEPATH @sysconfdir@/havp/templates/en
++TEMPLATEPATH @datadir@/havp/templates/en
+
+ #
+ # Set to true if you want to prefer Whitelist.
+diff -Nur havp-0.92a.orig/havp/Makefile.in havp-0.92a/havp/Makefile.in
+--- havp-0.92a.orig/havp/Makefile.in 2011-12-20 21:59:41.434570700 -0600
++++ havp-0.92a/havp/Makefile.in 2011-12-20 22:02:28.130369990 -0600
+@@ -9,6 +9,7 @@
+ sbindir = @sbindir@
+ sysconfdir = @sysconfdir@
+ localstatedir = @localstatedir@
++datadir = @datadir@
+
+ OBJECTS = helper.o logfile.o scannerhandler.o connectiontobrowser.o \
+ genericscanner.o httphandler.o params.o sockethandler.o \
+@@ -29,6 +30,7 @@
+ $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/log/havp
+ $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/tmp/havp
+ $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/run/havp
++ $(INSTALL) -d -m 755 $(DESTDIR)$(datadir)/havp
+ $(INSTALL) -d $(DESTDIR)/etc/rc.d
+ $(INSTALL) -m 755 ../etc/init.d/havp $(DESTDIR)/etc/rc.d/rc.havp.new
+ $(INSTALL) -m 644 ../etc/havp/havp.config $(DESTDIR)$(sysconfdir)/havp/havp.config.default
+@@ -49,8 +51,8 @@
+ else \
+ echo "Not overwriting old $(DESTDIR)$(sysconfdir)/havp/blacklist"; \
+ fi
+- cp -r ../etc/havp/templates $(DESTDIR)$(sysconfdir)/havp/
+- chmod -R a+rX $(DESTDIR)$(sysconfdir)/havp/templates
++ cp -r ../etc/havp/templates $(DESTDIR)$(datadir)/havp/
++ chmod -R a+rX $(DESTDIR)$(datadir)/havp/templates
+
+ clean:
+ cd scanners && $(MAKE) clean
diff --git a/network/havp/patches/use_clamav_group_by_default.diff b/network/havp/patches/use_clamav_group_by_default.diff
new file mode 100644
index 0000000000000..d7b1099421415
--- /dev/null
+++ b/network/havp/patches/use_clamav_group_by_default.diff
@@ -0,0 +1,16 @@
+Set user and group to havp:clamav by default in the config file
+
+diff -Nur havp-0.92a.orig/etc/havp/havp.config.in havp-0.92a/etc/havp/havp.config.in
+--- havp-0.92a.orig/etc/havp/havp.config.in 2010-04-02 08:33:34.000000000 -0500
++++ havp-0.92a/etc/havp/havp.config.in 2011-12-20 21:56:34.749035312 -0600
+@@ -24,8 +24,8 @@
+ # used by any other program.
+ #
+ # Default:
+-# USER havp
+-# GROUP havp
++USER havp
++GROUP clamav
+
+ # If this is true HAVP is running as daemon in background.
+ # For testing you may run HAVP at your text console.
diff --git a/network/havp/patches/use_vartmphavp_for_tempdir.diff b/network/havp/patches/use_vartmphavp_for_tempdir.diff
new file mode 100644
index 0000000000000..b114afdca1b44
--- /dev/null
+++ b/network/havp/patches/use_vartmphavp_for_tempdir.diff
@@ -0,0 +1,26 @@
+Set the working dir (TEMPDIR) to /var/tmp/havp instead of /var/tmp
+
+diff -Nur havp-0.92a.orig/etc/havp/havp.config.in havp-0.92a/etc/havp/havp.config.in
+--- havp-0.92a.orig/etc/havp/havp.config.in 2011-12-20 22:08:18.907739050 -0600
++++ havp-0.92a/etc/havp/havp.config.in 2011-12-20 22:08:55.267259030 -0600
+@@ -120,7 +120,7 @@
+ # Needs to be writable by HAVP user. Use ramdisk for best performance.
+ #
+ # Default:
+-# TEMPDIR /var/tmp
++# TEMPDIR /var/tmp/havp
+
+ #
+ # HAVP reloads scanners virus database by receiving a signal
+diff -Nur havp-0.92a.orig/havp/params.cpp havp-0.92a/havp/params.cpp
+--- havp-0.92a.orig/havp/params.cpp 2010-04-02 08:32:42.000000000 -0500
++++ havp-0.92a/havp/params.cpp 2011-12-20 22:08:44.061406971 -0600
+@@ -70,7 +70,7 @@
+ SetConfig("WHITELIST", WHITELISTFILE);
+ SetConfig("BLACKLIST", BLACKLISTFILE);
+ SetConfig("TEMPLATEPATH", TEMPLATEPATH);
+- SetConfig("TEMPDIR", "/var/tmp");
++ SetConfig("TEMPDIR", "/var/tmp/havp");
+ SetConfig("SCANTEMPFILE", "/var/tmp/havp/havp-XXXXXX");
+ SetConfig("PIDFILE", PIDFILE);
+ SetConfig("TRANSPARENT", "false");
diff --git a/network/havp/slack-desc b/network/havp/slack-desc
new file mode 100644
index 0000000000000..c91e5d2ded7b5
--- /dev/null
+++ b/network/havp/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+havp: HAVP (HTTP Anti Virus Proxy)
+havp:
+havp: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus
+havp: scanner. The main aims are continuous, non-blocking downloads and
+havp: smooth scanning of dynamic and password protected HTTP traffic. Havp
+havp: antivirus proxy has a parent and transparent proxy mode. It can be
+havp: used with squid or standalone.
+havp:
+havp: http://www.server-side.de/
+havp:
+havp: