Merged
Conversation
Codecov Report
@@ Coverage Diff @@
## main #20 +/- ##
==========================================
+ Coverage 55.12% 55.41% +0.28%
==========================================
Files 4 4
Lines 156 157 +1
==========================================
+ Hits 86 87 +1
Misses 58 58
Partials 12 12
Continue to review full report at Codecov.
|
Greg Tyler (gregtyler)
force-pushed
the
VEGA-1215-update-antivirus-base-image
branch
3 times, most recently
from
bf159c2 to
21b879f
Compare
Use alpine as a base image, and install clamav properly so that it's just available on PATH. This led to a few changes to how we call `clamscan` and `freshclam`. Without lambci, we now need `aws-lambda-rie` to provide the Lambda runtime environment (i.e. the HTTP API). Because this is just needed for local dev, mount it rather than installing on the image directly. `aws-lambda-rie` causes two restrictions: - The function name must be "function". There's [a PR to make this configurable](aws/aws-lambda-runtime-interface-emulator#46), but AWS don't seem keen - It can only handle one invokation at a time, so we can't upload the second test file (and therefore invoke the Lamdba) until the first is finished #minor
Greg Tyler (gregtyler)
force-pushed
the
VEGA-1215-update-antivirus-base-image
branch
from
21b879f to
560bd6d
Compare
|
|
||
| func (c *Freshclam) Update() error { | ||
| cmd := exec.Command("./bin/freshclam") | ||
| cmd := exec.Command("freshclam", "--config-file=/etc/freshclam.conf") |
Contributor
Author
There was a problem hiding this comment.
For some reason the config file needs to be specified now, even though it's the default location. No harm in being specific though I guess 🤷🏽
| Bucket: aws.String(l.bucket), | ||
| Key: aws.String(key), | ||
| Body: file, | ||
| ServerSideEncryption: aws.String("AES256"), |
Contributor
Author
There was a problem hiding this comment.
This is required by our S3 policy
| COPY --from=build-clamav /usr/lib64/libpcre* /var/task/lib/ | ||
| COPY --from=build-clamav /usr/lib64/libprelude* /var/task/lib/ | ||
| COPY --from=build-clamav /usr/lib64/libtasn1* /var/task/lib/ | ||
| RUN mkdir -p /tmp/clamav && chown -R clamav:clamav /tmp/clamav |
Contributor
Author
There was a problem hiding this comment.
/tmp is overwritten by Lambda in production but this is necessary locally, effectively emulating that behaviour
Joshua Hawxwell (hawx)
approved these changes
Mar 3, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Use alpine as a base image, and install clamav properly so that it's just available on PATH. This led to a few changes to how we call
clamscanandfreshclam.Without lambci, we now need
aws-lambda-rieto provide the Lambda runtime environment (i.e. the HTTP API). Because this is just needed for local dev, mount it rather than installing on the image directly.aws-lambda-riecauses two restrictions:#minor