Skip to content

Commit

Permalink
move to amazon linux 2023 and LTS clamav
Browse files Browse the repository at this point in the history
  • Loading branch information
mojotalantikite committed Jan 31, 2024
1 parent 2a636a8 commit 193fd19
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 26 deletions.
33 changes: 9 additions & 24 deletions services/uploads/src/avLayer/build/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,35 +7,25 @@ rm -rf bin
rm -rf lib
rm lambda_layer.zip || true

yum update -y
amazon-linux-extras install epel -y
yum install -y cpio yum-utils zip
dnf update -y
dnf install -y cpio yum-utils zip

# extract binaries for clamav, json-c, pcre
# extract binaries for clamav
mkdir -p /tmp/build
pushd /tmp/build

# Download the clamav package that includes unrar
curl -L --output clamav-0.103.3-22187.el7.art.x86_64.rpm http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/clamav-0.104.4-27025.el7.art.x86_64.rpm
rpm2cpio clamav-0*.rpm | cpio -vimd

# Download libcrypt.so.1
curl -L --output glibc-2.17-317.el7.x86_64.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/glibc-2.17-317.el7.x86_64.rpm
rpm2cpio glibc*.rpm | cpio -vimd
# Install latest clamav from clamav.net
curl -L --output clamav-1.0.4.linux.x86_64.rpm https://www.clamav.net/downloads/production/clamav-1.0.4.linux.x86_64.rpm
rpm2cpio clamav-*.rpm | cpio -vimd

# Download other package dependencies
yumdownloader -x \*i686 --archlist=x86_64 clamav clamav-lib clamav-update clamd json-c pcre2 libtool-ltdl libxml2 bzip2-libs xz-libs libprelude gnutls nettle libcurl libnghttp2 libidn2 libssh2 openldap libffi krb5-libs keyutils-libs libunistring cyrus-sasl-lib nss nspr libselinux openssl-libs libcrypt
rpm2cpio clamav-0*.rpm | cpio -vimd
rpm2cpio clamav-lib*.rpm | cpio -vimd
rpm2cpio clamav-update*.rpm | cpio -vimd
rpm2cpio clamd*.rpm | cpio -vimd
dnf download -x \*i686 --archlist=x86_64 json-c pcre2 libtool-ltdl libxml2 bzip2-libs xz-libs gnutls nettle libcurl libnghttp2 libidn2 libssh2 openldap libffi krb5-libs keyutils-libs libunistring cyrus-sasl-lib nss nspr libselinux openssl-libs
rpm2cpio json-c*.rpm | cpio -vimd
rpm2cpio pcre*.rpm | cpio -vimd
rpm2cpio libtool-ltdl*.rpm | cpio -vimd
rpm2cpio libxml2*.rpm | cpio -vimd
rpm2cpio bzip2-libs*.rpm | cpio -vimd
rpm2cpio xz-libs*.rpm | cpio -vimd
rpm2cpio libprelude*.rpm | cpio -vimd
rpm2cpio gnutls*.rpm | cpio -vimd
rpm2cpio nettle*.rpm | cpio -vimd
rpm2cpio libcurl*.rpm | cpio -vimd
Expand All @@ -52,19 +42,14 @@ rpm2cpio nss*.rpm | cpio -vimd
rpm2cpio nspr*.rpm | cpio -vimd
rpm2cpio libselinux*.rpm | cpio -vimd
rpm2cpio openssl-libs*.rpm | cpio -vimd
rpm2cpio libcrypt*.rpm | cpio -vimd

# reset the timestamps so that we generate a reproducible zip file where
# running with the same file contents we get the exact same hash even if we
# run the same build on different days
find usr -exec touch -t 200001010000 "{}" \;
popd

mkdir -p bin lib

cp /tmp/build/usr/bin/clamscan /tmp/build/usr/bin/freshclam bin/.
cp /tmp/build/usr/local/bin/clamscan /tmp/build/usr/local/bin/clamdscan /tmp/build/usr/local/bin/freshclam bin/.
cp -R /tmp/build/usr/lib64/* lib/.
cp -R /tmp/build/lib64/* lib/.
cp -R /tmp/build/usr/local/lib64/* lib/.
cp freshclam.conf bin/freshclam.conf

zip -r9 lambda_layer.zip bin
Expand Down
71 changes: 71 additions & 0 deletions services/uploads/src/avLayer/build/oldbuild.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
#!/usr/bin/env bash
set -e

echo "building clamav lambda layer..."
uname -m
rm -rf bin
rm -rf lib
rm lambda_layer.zip || true

yum update -y
amazon-linux-extras install epel -y
yum install -y cpio yum-utils zip

# extract binaries for clamav, json-c, pcre
mkdir -p /tmp/build
pushd /tmp/build

# Download the clamav package that includes unrar
curl -L --output clamav-0.103.3-22187.el7.art.x86_64.rpm http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/clamav-0.104.4-27025.el7.art.x86_64.rpm
rpm2cpio clamav-0*.rpm | cpio -vimd

# Download libcrypt.so.1
curl -L --output glibc-2.17-317.el7.x86_64.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/glibc-2.17-317.el7.x86_64.rpm
rpm2cpio glibc*.rpm | cpio -vimd

# Download other package dependencies
yumdownloader -x \*i686 --archlist=x86_64 clamav clamav-lib clamav-update clamd json-c pcre2 libtool-ltdl libxml2 bzip2-libs xz-libs libprelude gnutls nettle libcurl libnghttp2 libidn2 libssh2 openldap libffi krb5-libs keyutils-libs libunistring cyrus-sasl-lib nss nspr libselinux openssl-libs libcrypt
rpm2cpio clamav-0*.rpm | cpio -vimd
rpm2cpio clamav-lib*.rpm | cpio -vimd
rpm2cpio clamav-update*.rpm | cpio -vimd
rpm2cpio clamd*.rpm | cpio -vimd
rpm2cpio json-c*.rpm | cpio -vimd
rpm2cpio pcre*.rpm | cpio -vimd
rpm2cpio libtool-ltdl*.rpm | cpio -vimd
rpm2cpio libxml2*.rpm | cpio -vimd
rpm2cpio bzip2-libs*.rpm | cpio -vimd
rpm2cpio xz-libs*.rpm | cpio -vimd
rpm2cpio libprelude*.rpm | cpio -vimd
rpm2cpio gnutls*.rpm | cpio -vimd
rpm2cpio nettle*.rpm | cpio -vimd
rpm2cpio libcurl*.rpm | cpio -vimd
rpm2cpio libnghttp2*.rpm | cpio -vimd
rpm2cpio libidn2*.rpm | cpio -vimd
rpm2cpio libssh2*.rpm | cpio -vimd
rpm2cpio openldap*.rpm | cpio -vimd
rpm2cpio libffi*.rpm | cpio -vimd
rpm2cpio krb5-libs*.rpm | cpio -vimd
rpm2cpio keyutils-libs*.rpm | cpio -vimd
rpm2cpio libunistring*.rpm | cpio -vimd
rpm2cpio cyrus-sasl-lib*.rpm | cpio -vimd
rpm2cpio nss*.rpm | cpio -vimd
rpm2cpio nspr*.rpm | cpio -vimd
rpm2cpio libselinux*.rpm | cpio -vimd
rpm2cpio openssl-libs*.rpm | cpio -vimd
rpm2cpio libcrypt*.rpm | cpio -vimd

# reset the timestamps so that we generate a reproducible zip file where
# running with the same file contents we get the exact same hash even if we
# run the same build on different days
find usr -exec touch -t 200001010000 "{}" \;
popd

mkdir -p bin lib

cp /tmp/build/usr/bin/clamscan /tmp/build/usr/bin/freshclam bin/.
cp -R /tmp/build/usr/lib64/* lib/.
cp -R /tmp/build/lib64/* lib/.
cp freshclam.conf bin/freshclam.conf

zip -r9 lambda_layer.zip bin
zip -r9 lambda_layer.zip lib
4 changes: 2 additions & 2 deletions services/uploads/src/avLayer/dockerbuild.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/env bash

set -e
docker pull amazonlinux:2
docker run --rm --platform linux/x86_64 -v `pwd`/build:/opt/app amazonlinux:2 /bin/bash -c "cd /opt/app && ./build.sh"
docker pull amazonlinux:2023
docker run --rm --platform linux/x86_64 -v `pwd`/build:/opt/app amazonlinux:2023 /bin/bash -c "cd /opt/app && ./build.sh"

0 comments on commit 193fd19

Please sign in to comment.