Updated patch that adds av hooks to portage ---------------------------------------------- 1) antivirus * this feature adds hooks to do virus scanning ** before unpacking ** after compiling - To take advantage of this feature we need to set 3 things in our make.conf FEATURES="${FEATURES} antivirus" # only really tested with f-prot AVS_SCANNER=/opt/f-prot/f-prot AVS_OPTS="-archive -dumb -ai -old" # little to no testing done with clam #AVS_SCANNER=/usr/bin/clamscan #AVS_OPTS="--stdout --tgz=/bin/tar --tar=/bin/tar --unzip=/usr/bin/unzip --disable-summary"
Created attachment 15819 [details, diff] Patch that adds the hooks to ebuild to do antivirus scanning
A Note on this patch. This adds the basic hooks but what action to take when a virus is found is not written yet. [ ${ret} != 0 ] && myfail="something here " For that I would want input from other devs. We could exit and refuse to install. Warn the user etc.. (or Prompt for input?)
seemant reported a few bugs directly to me via irc and has been really helpfull in the testing, debugging phase. I'll be posting an updated patch in the next day or so.
Lack of time to work on this feature.
I still lack the time to support this feature, antiviral engines differ so much that it somewhat becomes difficult to want to even maintain such a feature when the dynamic differences between them vary so much. If anybody else has some creative ideas on protecting portage in such a way I'd love to hear about them or better see the code :)
solved by introduction of portage bashrc handling some time ago and or the recent addition of hooks.