Remove F-PROT package and service module (EoL) (#160372)

2 years ago · 671a068a01
parent 6fc2b4b5e9
commit 671a068a01
8 changed files with 13 additions and 129 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@ -553,6 +553,13 @@
          <literal>tilp2</literal> was removed together with its module
        </para>
      </listitem>
+      <listitem>
+        <para>
+          The F-PROT antivirus (<literal>fprot</literal> package) and
+          its service module were removed because it reached
+          <link xlink:href="https://kb.cyren.com/av-support/index.php?/Knowledgebase/Article/View/434/0/end-of-sale--end-of-life-for-f-prot-and-csam">end-of-life</link>.
+        </para>
+      </listitem>
      <listitem>
        <para>
          <literal>bird1</literal> and its modules
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@ -180,6 +180,9 @@ In addition to numerous new and upgraded packages, this release has the followin

 - `tilp2` was removed together with its module

+- The F-PROT antivirus (`fprot` package) and its service module were removed because it
+  reached [end-of-life](https://kb.cyren.com/av-support/index.php?/Knowledgebase/Article/View/434/0/end-of-sale--end-of-life-for-f-prot-and-csam).
+
 - `bird1` and its modules `services.bird` as well as `services.bird6` have been removed. Upgrade to `services.bird2`.

 - The options `networking.interfaces.<name>.ipv4.routes` and `networking.interfaces.<name>.ipv6.routes` are no longer ignored when using networkd instead of the default scripted network backend by setting `networking.useNetworkd` to `true`.
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -89,7 +89,7 @@ in
      prayer = 49;
      mpd = 50;
      clamav = 51;
-      fprot = 52;
+      #fprot = 52; # unused
      # bind = 53; #dynamically allocated as of 2021-09-03
      wwwrun = 54;
      #adm = 55; # unused
@ -412,7 +412,7 @@ in
      prayer = 49;
      mpd = 50;
      clamav = 51;
-      fprot = 52;
+      #fprot = 52; # unused
      #bind = 53; # unused
      wwwrun = 54;
      adm = 55;
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -951,7 +951,6 @@
  ./services/security/clamav.nix
  ./services/security/fail2ban.nix
  ./services/security/fprintd.nix
-  ./services/security/fprot.nix
  ./services/security/haka.nix
  ./services/security/haveged.nix
  ./services/security/hockeypuck.nix
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@ -50,6 +50,7 @@ with lib;
    (mkRemovedOptionModule [ "services" "flashpolicyd" ] "The flashpolicyd module has been removed. Adobe Flash Player is deprecated.")
    (mkRemovedOptionModule [ "services" "fourStore" ] "The fourStore module has been removed")
    (mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
+    (mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
    (mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
    (mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
    (mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
--- a/nixos/modules/services/security/fprot.nix
+++ b/nixos/modules/services/security/fprot.nix
@ -1,82 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let
-  fprotUser = "fprot";
-  stateDir = "/var/lib/fprot";
-  fprotGroup = fprotUser;
-  cfg = config.services.fprot;
-in {
-  options = {
-
-    services.fprot = {
-      updater = {
-        enable = mkEnableOption "automatic F-Prot virus definitions database updates";
-
-        productData = mkOption {
-          description = ''
-            product.data file. Defaults to the one supplied with installation package.
-          '';
-          type = types.path;
-        };
-
-        frequency = mkOption {
-          default = 30;
-          type = types.int;
-          description = ''
-            Update virus definitions every X minutes.
-          '';
-        };
-
-        licenseKeyfile = mkOption {
-          type = types.path;
-          description = ''
-            License keyfile. Defaults to the one supplied with installation package.
-          '';
-        };
-
-      };
-    };
-  };
-
-  ###### implementation
-
-  config = mkIf cfg.updater.enable {
-
-    services.fprot.updater.productData = mkDefault "${pkgs.fprot}/opt/f-prot/product.data";
-    services.fprot.updater.licenseKeyfile = mkDefault "${pkgs.fprot}/opt/f-prot/license.key";
-
-    environment.systemPackages = [ pkgs.fprot ];
-    environment.etc."f-prot.conf" = {
-      source = "${pkgs.fprot}/opt/f-prot/f-prot.conf";
-    };
-
-    users.users.${fprotUser} =
-      { uid = config.ids.uids.fprot;
-        description = "F-Prot daemon user";
-        home = stateDir;
-      };
-
-    users.groups.${fprotGroup} =
-      { gid = config.ids.gids.fprot; };
-
-    services.cron.systemCronJobs = [ "*/${toString cfg.updater.frequency} * * * * root start fprot-updater" ];
-
-    systemd.services.fprot-updater = {
-      serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = false;
-      };
-      wantedBy = [ "multi-user.target" ];
-
-      # have to copy fpupdate executable because it insists on storing the virus database in the same dir
-      preStart = ''
-        mkdir -m 0755 -p ${stateDir}
-        chown ${fprotUser}:${fprotGroup} ${stateDir}
-        cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}
-        ln -sf ${cfg.updater.productData} ${stateDir}/product.data
-      '';
-
-      script = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";
-    };
- };
-}
--- a/pkgs/tools/security/fprot/default.nix
+++ b/pkgs/tools/security/fprot/default.nix
@ -1,42 +0,0 @@
-{ lib, stdenv, fetchurl }:
-
-stdenv.mkDerivation {
-
-  pname = "f-prot";
-  version = "6.2.1";
-
-  src = fetchurl {
-    url = "http://files.f-prot.com/files/unix-trial/fp-Linux.x86.32-ws.tar.gz";
-    sha256 = "0qlsrkanf0inplwv1i6hqbimdg91syf5ggd1vahsm9lhivmnr0v5";
-  };
-
-  installPhase = ''
-    mkdir -p $out/bin
-    cp fpscan $out/bin
-
-    mkdir -p $out/opt/f-prot
-    cp fpupdate $out/opt/f-prot
-    cp product.data.default $out/opt/f-prot/product.data
-    cp license.key $out/opt/f-prot/
-    cp f-prot.conf.default $out/opt/f-prot/f-prot.conf
-    ln -s $out/opt/f-prot/fpupdate $out/bin/fpupdate
-
-    patchelf --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/opt/f-prot/fpupdate
-
-    mkdir -p $out/share/man/
-    mkdir -p $out/share/man/man1
-    cp doc/man/fpscan.1 $out/share/man/man1
-    mkdir -p $out/share/man/man5
-    cp doc/man/f-prot.conf.5 $out/share/man/man5
-    mkdir -p $out/share/man/man8
-    cp doc/man/fpupdate.8 $out/share/man/man8
-  '';
-
-  meta = with lib; {
-    homepage = "http://www.f-prot.com";
-    description = "A popular proprietary antivirus program";
-    license = licenses.unfree;
-    maintainers = [ ];
-    platforms = platforms.linux;
-  };
-}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -5555,8 +5555,6 @@ with pkgs;

  fpm = callPackage ../tools/package-management/fpm { };

-  fprot = callPackage ../tools/security/fprot { };
-
  fprintd = callPackage ../tools/security/fprintd { };

  fprintd-tod = callPackage ../tools/security/fprintd/tod.nix { };