diff --git a/catalog.json b/catalog.json index f82ddc277e2..2be7830ad03 100644 --- a/catalog.json +++ b/catalog.json @@ -305,6 +305,25 @@ }, "test": {}, "community": { + "clamav": { + "app_readme": "

clamav

\n

clamav is a music collection manager for Usenet and BitTorrent users.

\n
\n

When application is installed, a container will be launched with root privileges.\nThis is required in order to apply the correct permissions to the clamav directories.\nAfterward, the clamav container will run as a non-root user (Default: 568).\nAll mounted storage(s) will be chowned only if the parent directory does not match the configured user.

\n
", + "categories": [ + "media", + "music" + ], + "description": "clamav is a music collection manager for Usenet and BitTorrent users.", + "healthy": true, + "healthy_error": null, + "location": "/__w/charts/charts/community/clamav", + "latest_version": "1.0.0", + "latest_app_version": "1.1.3.2982", + "latest_human_version": "1.1.3.2982_1.0.0", + "last_update": "2023-04-13 15:16:58", + "name": "clamav", + "recommended": false, + "title": "clamav", + "icon_url": "https://raw.githubusercontent.com/clamav/clamav/develop/Logo/256.png" + }, "lidarr": { "app_readme": "

Lidarr

\n

Lidarr is a music collection manager for Usenet and BitTorrent users.

\n
\n

When application is installed, a container will be launched with root privileges.\nThis is required in order to apply the correct permissions to the Lidarr directories.\nAfterward, the Lidarr container will run as a non-root user (Default: 568).\nAll mounted storage(s) will be chowned only if the parent directory does not match the configured user.

\n
", "categories": [ @@ -502,4 +521,4 @@ "icon_url": "https://min.io/resources/img/logo/MINIO_wordmark.png" } } -} \ No newline at end of file +} diff --git a/community/clamav/1.0.0/Chart.lock b/community/clamav/1.0.0/Chart.lock new file mode 100644 index 00000000000..43392af110c --- /dev/null +++ b/community/clamav/1.0.0/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.0.5 +digest: sha256:cf1db8c2ae650987a3e3d8d98767caab62c341bd0fb15309213b00dce87111cc +generated: "2023-04-18T16:35:11.316449241+03:00" diff --git a/community/clamav/1.0.0/Chart.yaml b/community/clamav/1.0.0/Chart.yaml new file mode 100644 index 00000000000..26a9626fa67 --- /dev/null +++ b/community/clamav/1.0.0/Chart.yaml @@ -0,0 +1,25 @@ +name: clamav +description: ClamAV is an open source (GPLv2) anti-virus toolkit. +annotations: + title: Clam AV +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: '1.0.1' +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ +dependencies: + - name: common + repository: file://../../../common + version: 1.0.5 +home: https://www.clamav.net/ +icon: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png +sources: + - https://docs.clamav.net/ + - https://github.com/truenas/charts/tree/master/community/clamav + - https://www.clamav.net/ +keywords: + - anti-virus + - clamav diff --git a/community/clamav/1.0.0/README.md b/community/clamav/1.0.0/README.md new file mode 100644 index 00000000000..3c4d7460a45 --- /dev/null +++ b/community/clamav/1.0.0/README.md @@ -0,0 +1,5 @@ +# ClamAV + +[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. + +- App runs as `root` user diff --git a/community/clamav/1.0.0/app-readme.md b/community/clamav/1.0.0/app-readme.md new file mode 100644 index 00000000000..3c4d7460a45 --- /dev/null +++ b/community/clamav/1.0.0/app-readme.md @@ -0,0 +1,5 @@ +# ClamAV + +[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. + +- App runs as `root` user diff --git a/community/clamav/1.0.0/charts/common-1.0.5.tgz b/community/clamav/1.0.0/charts/common-1.0.5.tgz new file mode 100644 index 00000000000..8d5f1868ce9 Binary files /dev/null and b/community/clamav/1.0.0/charts/common-1.0.5.tgz differ diff --git a/community/clamav/1.0.0/item.yaml b/community/clamav/1.0.0/item.yaml new file mode 100644 index 00000000000..07ba36c343d --- /dev/null +++ b/community/clamav/1.0.0/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png +categories: + - anti-virus + - clamav diff --git a/community/clamav/1.0.0/ix_values.yaml b/community/clamav/1.0.0/ix_values.yaml new file mode 100644 index 00000000000..5a9f740cef6 --- /dev/null +++ b/community/clamav/1.0.0/ix_values.yaml @@ -0,0 +1,31 @@ +image: + repository: clamav/clamav + pullPolicy: IfNotPresent + tag: '1.0.1-2' + +resources: + limits: + cpu: 4000m + memory: 8Gi + +clamavConfig: + disableClamd: false + disableFreshClamd: false + disableMilterd: true + clamdStartupTimeout: 1800 + freshclamChecks: 1 + additionalEnvs: [] + +clamavNetwork: + clamdPort: 30000 + milterdPort: 30001 + +clamavStorage: + sigdb: + type: ixVolume + hostPath: '' + datasetName: sig-db + scandir: + type: ixVolume + hostPath: '' + datasetName: scan-dir diff --git a/community/clamav/1.0.0/questions.yaml b/community/clamav/1.0.0/questions.yaml new file mode 100644 index 00000000000..f20b4c07e93 --- /dev/null +++ b/community/clamav/1.0.0/questions.yaml @@ -0,0 +1,210 @@ +groups: + - name: ClamAV Configuration + description: Configure ClamAV + - name: User and Group Configuration + description: Configure User and Group for ClamAV + - name: Network Configuration + description: Configure Network for ClamAV + - name: Storage Configuration + description: Configure Storage for ClamAV + - name: Resources Configuration + description: Configure Resources for ClamAV + +questions: + + - variable: clamavConfig + label: "" + group: ClamAV Configuration + schema: + type: dict + attrs: + - variable: disableClamd + label: Disable ClamD + description: Do not start Clam daemon + schema: + type: boolean + default: false + - variable: disableFreshClamd + label: Disable FreshClamD + description: Do not start the FreshClam daemon + schema: + type: boolean + default: false + - variable: disableMilterd + label: Disable MilterD + description: Do not start the ClamAV-Milter daemon + schema: + type: boolean + default: true + - variable: clamdStartupTimeout + label: ClamD Startup Timeout + description: Seconds to wait for ClamD to start + schema: + type: int + default: 1800 + required: true + - variable: freshclamChecks + label: Fresh Clam Checks + description: Times to check per day for a new database. + schema: + type: int + default: 1 + min: 1 + max: 50 + required: true + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for ClamAV. + schema: + type: list + default: [] + items: + - variable: env + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: clamavNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: clamdPort + label: ClamD Port + description: The port for the ClamAV ClamD + schema: + type: int + default: 30000 + min: 9000 + max: 65535 + required: true + - variable: milterdPort + label: MilterD Port + description: The port for the ClamAV MilterD + schema: + type: int + default: 30001 + min: 9000 + max: 65535 + required: true + + - variable: clamavStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: sigdb + label: ClamAV Signature Database Storage + description: The path to store ClamAV Signature Database. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: sig-db + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: scandir + label: ClamAV Scan Storage + description: The path to store ClamAV Scan storage. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: scan-dir + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + + - variable: resources + label: "" + group: Resources Configuration + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for ClamAV. + schema: + type: string + default: 4000m + required: true + - variable: memory + label: Memory + description: Memory limit for ClamAV. + schema: + type: string + default: 8Gi + required: true diff --git a/community/clamav/1.0.0/templates/NOTES.txt b/community/clamav/1.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..ba4e01146c0 --- /dev/null +++ b/community/clamav/1.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/community/clamav/1.0.0/templates/_clamav.tpl b/community/clamav/1.0.0/templates/_clamav.tpl new file mode 100644 index 00000000000..3224c567ec1 --- /dev/null +++ b/community/clamav/1.0.0/templates/_clamav.tpl @@ -0,0 +1,99 @@ +{{- define "clamav.workload" -}} +workload: + clamav: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: false + containers: + clamav: + enabled: true + primary: true + tty: true + stdin: true + imageSelector: image + securityContext: + # FIXME: https://github.com/Cisco-Talos/clamav/issues/478 + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + capabilities: + add: + - CHOWN + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + env: + CLAMAV_NO_CLAMD: {{ .Values.clamavConfig.disableClamd | quote }} + CLAMAV_NO_FRESHCLAMD: {{ .Values.clamavConfig.disableFreshClamd | quote }} + CLAMAV_NO_MILTERD: {{ .Values.clamavConfig.disableMilterd | quote }} + CLAMD_STARTUP_TIMEOUT: {{ .Values.clamavConfig.clamdStartupTimeout | quote }} + FRESHCLAM_CHECKS: {{ .Values.clamavConfig.freshclamChecks | quote }} + {{ with .Values.clamavConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: {{ not .Values.clamavConfig.disableClamd }} + type: exec + command: clamdcheck.sh + readiness: + enabled: {{ not .Values.clamavConfig.disableClamd }} + type: exec + command: clamdcheck.sh + startup: + enabled: {{ not .Values.clamavConfig.disableClamd }} + type: exec + command: clamdcheck.sh + +{{/* Service */}} +service: + clamav: + enabled: {{ or (not .Values.clamavConfig.disableClamd) (not .Values.clamavConfig.disableMilterd) }} + primary: true + type: NodePort + targetSelector: clamav + ports: + clamd: + enabled: {{ not .Values.clamavConfig.disableClamd }} + primary: true + port: {{ .Values.clamavNetwork.clamdPort }} + nodePort: {{ .Values.clamavNetwork.clamdPort }} + targetPort: 3310 + targetSelector: clamav + milted: + enabled: {{ not .Values.clamavConfig.disableMilterd }} + primary: {{ .Values.clamavConfig.disableClamd }} + port: {{ .Values.clamavNetwork.milterdPort }} + nodePort: {{ .Values.clamavNetwork.milterdPort }} + targetPort: 7357 + targetSelector: clamav + +{{/* Persistence */}} +persistence: + data: + enabled: true + type: {{ .Values.clamavStorage.sigdb.type }} + datasetName: {{ .Values.clamavStorage.sigdb.datasetName | default "" }} + hostPath: {{ .Values.clamavStorage.sigdb.hostPath | default "" }} + targetSelector: + clamav: + clamav: + mountPath: /var/lib/clamav + scan-dir: + enabled: true + type: {{ .Values.clamavStorage.scandir.type }} + datasetName: {{ .Values.clamavStorage.scandir.datasetName | default "" }} + hostPath: {{ .Values.clamavStorage.scandir.hostPath | default "" }} + targetSelector: + clamav: + clamav: + mountPath: /scandir +{{- end -}} diff --git a/community/clamav/1.0.0/templates/common.yaml b/community/clamav/1.0.0/templates/common.yaml new file mode 100644 index 00000000000..cb90f891d93 --- /dev/null +++ b/community/clamav/1.0.0/templates/common.yaml @@ -0,0 +1,6 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "clamav.workload" $ | fromYaml) -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/community/clamav/1.0.0/upgrade_info.json b/community/clamav/1.0.0/upgrade_info.json new file mode 100644 index 00000000000..767388094ad --- /dev/null +++ b/community/clamav/1.0.0/upgrade_info.json @@ -0,0 +1 @@ +{"filename": "values.yaml", "keys": ["image"]} diff --git a/community/clamav/1.0.0/upgrade_strategy b/community/clamav/1.0.0/upgrade_strategy new file mode 100755 index 00000000000..7e4b5ffae04 --- /dev/null +++ b/community/clamav/1.0.0/upgrade_strategy @@ -0,0 +1,31 @@ +#!/usr/bin/python3 +import json +import re +import sys + +from catalog_update.upgrade_strategy import semantic_versioning + + +RE_STABLE_VERSION = re.compile(r'^[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?$') + + +def newer_mapping(image_tags): + key = list(image_tags.keys())[0] + tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)} + version = semantic_versioning(list(tags)) + if not version: + return {} + + return { + 'tags': {key: tags[version]}, + 'app_version': version, + } + + +if __name__ == '__main__': + try: + versions_json = json.loads(sys.stdin.read()) + except ValueError: + raise ValueError('Invalid json specified') + + print(json.dumps(newer_mapping(versions_json))) diff --git a/community/clamav/item.yaml b/community/clamav/item.yaml new file mode 100644 index 00000000000..07ba36c343d --- /dev/null +++ b/community/clamav/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png +categories: + - anti-virus + - clamav diff --git a/library/ix-dev/community/clamav/charts/common-1.0.5.tgz b/library/ix-dev/community/clamav/charts/common-1.0.5.tgz index ca963621f1a..8d5f1868ce9 100644 Binary files a/library/ix-dev/community/clamav/charts/common-1.0.5.tgz and b/library/ix-dev/community/clamav/charts/common-1.0.5.tgz differ