From 9e95d966569b8b2b3e9c2d4db28e2fb900fbb56c Mon Sep 17 00:00:00 2001 From: Zoey Date: Thu, 6 Mar 2025 16:00:53 +0100 Subject: [PATCH] Merge pull request #6094 from nextcloud/clamav-alpine-aarch64 clamav: build the container also for aarch64/arm64 by using the alpine package --- Containers/clamav/Dockerfile | 37 +++++++++---------- Containers/clamav/clamav.conf | 5 --- Containers/clamav/healthcheck.sh | 9 +++++ Containers/clamav/start.script | 4 -- Containers/clamav/start.sh | 5 +++ Containers/clamav/supervisord.conf | 21 +++++++++++ Containers/whiteboard/Dockerfile | 3 +- manual-install/readme.md | 6 +-- manual-install/update-yaml.sh | 2 +- php/containers.json | 11 +++--- php/public/index.php | 1 - php/src/Data/ConfigurationManager.php | 8 +--- .../includes/optional-containers.twig | 6 +-- readme.md | 2 +- 14 files changed, 69 insertions(+), 51 deletions(-) delete mode 100644 Containers/clamav/clamav.conf create mode 100644 Containers/clamav/healthcheck.sh delete mode 100644 Containers/clamav/start.script create mode 100644 Containers/clamav/start.sh create mode 100644 Containers/clamav/supervisord.conf diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 22227b71..9f86f5f9 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,28 +1,25 @@ # syntax=docker/dockerfile:latest -# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.2-29 - -COPY clamav.conf /clamav.conf -COPY --chmod=775 start.script /start.script +FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a; \ - apk add --no-cache tzdata bash; \ - mkdir -p /var/run/clamav /run/lock; \ - chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \ - chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp; \ - sed -i "/^set -eu/r /start.script" /init-unprivileged; \ - rm /start.script; \ - grep -q 'clamd --foreground &' /init-unprivileged; \ - sed -i "s|clamd --foreground \&|clamd --foreground --config-file /tmp/clamd.conf \&|" /init-unprivileged; \ - cat /init-unprivileged + apk add --no-cache tzdata clamav supervisord; \ + mkdir /run/clamav; \ + chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \ + sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \ + sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \ + sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \ + sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \ + sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \ + freshclam --foreground --stdout -VOLUME /var/lib/clamav +COPY --chmod=775 start.sh /start.sh +COPY --chmod=775 healthcheck.sh /healthcheck.sh +COPY --chmod=664 supervisord.conf /supervisord.conf USER 100 - +VOLUME /var/lib/clamav +ENTRYPOINT ["/start.sh"] +CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] LABEL com.centurylinklabs.watchtower.enable="false" - -HEALTHCHECK --start-period=60s --retries=9 CMD clamdcheck.sh - -ENTRYPOINT ["/init-unprivileged"] +HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh diff --git a/Containers/clamav/clamav.conf b/Containers/clamav/clamav.conf deleted file mode 100644 index b32636ba..00000000 --- a/Containers/clamav/clamav.conf +++ /dev/null @@ -1,5 +0,0 @@ -# AIO settings -MaxDirectoryRecursion 30 -MaxFileSize 16G -PCREMaxFileSize 16G -StreamMaxLength 16G diff --git a/Containers/clamav/healthcheck.sh b/Containers/clamav/healthcheck.sh new file mode 100644 index 00000000..cef67500 --- /dev/null +++ b/Containers/clamav/healthcheck.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env sh + +if [ "$(echo "PING" | nc 127.0.0.1 3310)" != "PONG" ]; then + echo "ERROR: Unable to contact server" + exit 1 +fi + +echo "Clamd is up" +exit 0 diff --git a/Containers/clamav/start.script b/Containers/clamav/start.script deleted file mode 100644 index da228462..00000000 --- a/Containers/clamav/start.script +++ /dev/null @@ -1,4 +0,0 @@ -# Adjust settings -cat /etc/clamav/clamd.conf > /tmp/clamd.conf -CLAMAV_FILE="$(sed "s|16G|$MAX_SIZE|" /clamav.conf)" -echo "$CLAMAV_FILE" >> /tmp/clamd.conf diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh new file mode 100644 index 00000000..fb7c8bd8 --- /dev/null +++ b/Containers/clamav/start.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env sh + +sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf + +exec "$@" diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf new file mode 100644 index 00000000..a5475bce --- /dev/null +++ b/Containers/clamav/supervisord.conf @@ -0,0 +1,21 @@ +[supervisord] +nodaemon=true +nodaemon=true +logfile=/var/log/supervisord/supervisord.log +pidfile=/var/run/supervisord/supervisord.pid +childlogdir=/var/log/supervisord/ +logfile_maxbytes=50MB +logfile_backups=10 +loglevel=error + +[program:freshclam] +stdout_logfile=NONE +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=freshclam --foreground --stdout --daemon + +[program:clamd] +stdout_logfile=NONE +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=clamd --foreground --config-file=/tmp/clamd.conf diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 1000ecbb..c208a403 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -5,7 +5,8 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.5 USER root RUN set -ex; \ apk upgrade --no-cache -a; \ - apk add --no-cache bash + apk add --no-cache bash; \ + chmod 777 -R /tmp USER 65534 COPY --chmod=775 start.sh /start.sh diff --git a/manual-install/readme.md b/manual-install/readme.md index 9bf34c9c..874a5b4b 100644 --- a/manual-install/readme.md +++ b/manual-install/readme.md @@ -24,7 +24,7 @@ First, install docker and docker-compose (v2) if not already done. Then simply r git clone https://github.com/nextcloud/all-in-one.git cd all-in-one/manual-install ``` -Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.
⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols! Also please note that values inside the latest.yaml that are not exposed as variables are not officially supported to be changed. See for example [this report](https://github.com/nextcloud/all-in-one/issues/5612). Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`. @@ -32,9 +32,9 @@ Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml Now you should be ready to go with `sudo docker compose up`. ## Docker profiles -The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64). +The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. -For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`. (Note: there is no clamav image for arm64). +For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`. ## How to update? Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers. diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index dc5e13f1..70d14b4e 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -75,7 +75,7 @@ do done sed -i 's|_ENABLED=|_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf -sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: arm64 has no clamav support|' sample.conf +sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora|' sample.conf diff --git a/php/containers.json b/php/containers.json index cc60249a..4f218af2 100644 --- a/php/containers.json +++ b/php/containers.json @@ -642,7 +642,7 @@ "init": false, "healthcheck": { "start_period": "60s", - "test": "clamdcheck.sh", + "test": "/healthcheck.sh", "interval": "30s", "timeout": "30s", "start_interval": "5s", @@ -654,8 +654,7 @@ "internal_port": "3310", "environment": [ "TZ=%TIMEZONE%", - "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%", - "CLAMD_STARTUP_TIMEOUT=90" + "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%" ], "volumes": [ { @@ -670,9 +669,11 @@ ], "read_only": true, "tmpfs": [ - "/var/lock", + "/tmp", "/var/log/clamav", - "/tmp" + "/run/clamav", + "/var/log/supervisord", + "/var/run/supervisord" ], "cap_drop": [ "NET_RAW" diff --git a/php/public/index.php b/php/public/index.php index 5e5c1896..a3ee8f7d 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -102,7 +102,6 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'last_backup_time' => $configurationManager->GetLastBackupTime(), 'backup_times' => $configurationManager->GetBackupTimes(), 'current_channel' => $dockerActionManger->GetCurrentChannel(), - 'is_x64_platform' => $configurationManager->isx64Platform(), 'is_clamav_enabled' => $configurationManager->isClamavEnabled(), 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(), 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 60a95761..7c7039af 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -132,7 +132,7 @@ class ConfigurationManager } } - public function isx64Platform() : bool { + private function isx64Platform() : bool { if (php_uname('m') === 'x86_64') { return true; } else { @@ -140,11 +140,7 @@ class ConfigurationManager } } - public function isClamavEnabled() : bool { - if (!$this->isx64Platform()) { - return false; - } - + public function isClamavEnabled() : bool { $config = $this->GetConfig(); if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) { return true; diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 5b00a769..16fef91f 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -21,7 +21,7 @@ data-initial-state="false" {% endif %} > - +

Minimal system requirements: When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV, Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see this documentation

-{% if isAnyRunning == true or is_x64_platform == false %} - -{% endif %} {% if isAnyRunning == true %} + diff --git a/readme.md b/readme.md index b10a262d..0eb92033 100644 --- a/readme.md +++ b/readme.md @@ -351,7 +351,7 @@ If you get an error during the domain validation which states that your ip-addre ### Which CPU architectures are supported? You can check this on Linux by running: `uname -m` - x86_64/x64/amd64 -- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture) +- aarch64/arm64/armv8 ### Disrecommended VPS providers - *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work.