feat(MONTEREY): variable homebrew install location

osx-provisioner · Jun 18, 2022 · 966ce63 · 966ce63
1 parent a68bba1
commit 966ce63
Show file tree

Hide file tree

Showing 12 changed files with 38 additions and 21 deletions.
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -146,7 +146,7 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        os: [10.15]
+        os: [10.15, 11, 12]
         platform: [x86_64]
         python-version: [3.8.10]
         scenario: ["no_clamwatch", "clamwatch"]
@@ -172,6 +172,7 @@ jobs:
           poetry run molecule test -s "${SCENARIO}"
         env:
           SCENARIO: ${{ matrix.scenario}}
+          PLATFORM: ${{ matrix.platform }}
 
       - name: OSX Build -- Report Job Status (Success)
         if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}

diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ Ansible role that installs ClamAV antivirus on OSX machines.
 ### Notes:
 - See the [ClamAV Github Repository](https://github.com/Cisco-Talos/clamav) for further details about this tool.
 
-### Catalina and Big Sur:
+### Catalina and Later:
 
 On OSX versions >= 10.15, there's a manual post installation step that should be done to maximize protection.  (This is required to monitor the `Downloads` folder.)
 
@@ -28,6 +28,8 @@ Requirements
 Role Variables
 --------------
 
+- `brew_prefix`
+  - Usually `/usr/local` or `/opt/homebrew` depending on your OSX version.
 - `clamav_clamwatch` 
   - A boolean that indicates whether the ClamWatch daemon should be installed.
 - `clamav_clamwatch_target_folder:` 
@@ -74,6 +76,7 @@ Example Playbook
   - role: elliotweiser.osx-command-line-tools
   - role: geerlingguy.mac.homebrew
   - role: osx_provisioner.clamav
+    brew_prefix: /usr/local
     clamav_clamwatch: true
     clamav_clamwatch_target_folder: "{{ lookup('env','HOME') }}/Downloads"
     clamav_clamwatch_quarantine_folder: "{{ lookup('env','HOME') }}/Quarantine"

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,21 +1,23 @@
 ---
 # defaults file for clamav
 
+brew_prefix: "{{ (ansible_machine == 'arm64') | ternary('/opt/homebrew', '/usr/local') }}"
+
 clamav_clamwatch: true
 
 clamav_clamwatch_target_folder: "{{ lookup('env','HOME') }}/Downloads"
 clamav_clamwatch_quarantine_folder: "{{ lookup('env','HOME') }}/Quarantine"
 clamav_clamwatch_log_file: /var/log/clamav.clamwatch.log
 clamav_clamwatch_stderr_log_file: /var/log/clamav.clamwatch.error.log
 
-clamav_freshclam_config_file: /usr/local/etc/clamav/freshclam.conf
+clamav_freshclam_config_file: "{{ brew_prefix }}/etc/clamav/freshclam.conf"
 clamav_freshclam_log_file: /var/log/clamav.freshclam.log
 clamav_freshclam_stderr_log_file: /var/log/clamav.freshclam.error.log
 
-clamav_clamd_config_file: /usr/local/etc/clamav/clamd.conf
+clamav_clamd_config_file: "{{ brew_prefix }}/etc/clamav/clamd.conf"
 clamav_clamd_log_file: /var/log/clamav.clamd.log
 clamav_clamd_stderr_log_file: /var/log/clamav.clamd.error.log
 
-clamav_database_location: /usr/local/var/lib/clamav
+clamav_database_location: "{{ brew_prefix }}/etc/local/var/lib/clamav"
 
 clamav_homebrew_retries: 3
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -3,7 +3,7 @@
 
 - name: Update Virus Definitions
   become: true
-  ansible.builtin.command: /usr/local/bin/freshclam --config-file "{{ clamav_freshclam_config_file }}"
+  ansible.builtin.command: "{{ brew_prefix }}/bin/freshclam --config-file '{{ clamav_freshclam_config_file }}'"
   changed_when: true
   listen: "Update Virus Definitions"
 

diff --git a/molecule/common/tasks/files.yml b/molecule/common/tasks/files.yml
@@ -1,15 +1,22 @@
 ---
+- name: Set CI Machine Type
+  set_fact:
+    ansible_machine: "{{ lookup('env','PLATFORM') }}"
+
+- name: Load Default Var Content
+  include_vars: "../../../defaults/main.yml"
+
 - name: Check clamd is installed
   ansible.builtin.stat:
-    path: "/usr/local/sbin/clamd"
+    path: "{{ brew_prefix }}/sbin/clamd"
   register: clamd_file
 
 - name: Check freshclam is installed
   ansible.builtin.stat:
-    path: "/usr/local/bin/freshclam"
+    path: "{{ brew_prefix }}/bin/freshclam"
   register: freshclam_file
 
 - name: Check clamwatch is installed
   ansible.builtin.stat:
-    path: "/usr/local/bin/clamwatch"
+    path: "{{ brew_prefix }}/bin/clamwatch"
   register: clamwatch_file
diff --git a/molecule/common/tasks/processes.yml b/molecule/common/tasks/processes.yml
@@ -1,4 +1,8 @@
 ---
+- name: Set CI Machine Type
+  set_fact:
+    ansible_machine: "{{ lookup('env','PLATFORM') }}"
+
 - name: Load Default Var Content
   include_vars: "../../../defaults/main.yml"
 
@@ -9,8 +13,8 @@
 
 - name: Create Root Processes Match String
   set_fact:
-    root_process_match_string1: '/usr/local/sbin/clamd --foreground -c {{ clamav_clamd_config_file }}'
-    root_process_match_string2: '/bin/bash /usr/local/bin/clamwatch {{ clamav_clamwatch_target_folder }} {{ clamav_clamwatch_quarantine_folder }} {{ clamav_clamwatch_log_file }}'
+    root_process_match_string1: '{{ brew_prefix }}/sbin/clamd --foreground -c {{ clamav_clamd_config_file }}'
+    root_process_match_string2: '/bin/bash {{ brew_prefix }}/bin/clamwatch {{ clamav_clamwatch_target_folder }} {{ clamav_clamwatch_quarantine_folder }} {{ clamav_clamwatch_log_file }}'
 
 - name: Capture _clamav Processes
   ansible.builtin.command: ps -u _clamav
@@ -19,4 +23,4 @@
 
 - name: Create _clamav Processes Match String
   set_fact:
-    _clamav_processes_match_string: '/usr/local/bin/freshclam --daemon --foreground --config-file {{ clamav_freshclam_config_file }}'
+    _clamav_processes_match_string: '{{ brew_prefix }}/bin/freshclam --daemon --foreground --config-file {{ clamav_freshclam_config_file }}'
diff --git a/tasks/watcher.yml b/tasks/watcher.yml
@@ -47,9 +47,9 @@
 
 - name: Install ClamWatch Script
   become: true
-  ansible.builtin.copy:
-    src: clamwatch.sh
-    dest: /usr/local/bin/clamwatch
+  ansible.builtin.template:
+    src: clamwatch.sh.j2
+    dest: "{{ brew_prefix }}/bin/clamwatch"
     mode: 0755
     owner: root
     group: wheel

diff --git a/templates/clamav.clamd.plist.j2 b/templates/clamav.clamd.plist.j2
@@ -8,7 +8,7 @@
 	<string>clamav.clamd</string>
 	<key>ProgramArguments</key>
 	<array>
-		<string>/usr/local/sbin/clamd</string>
+		<string>{{ brew_prefix }}/sbin/clamd</string>
 		<string>--foreground</string>
 		<string>-c</string>
 		<string>{{ clamav_clamd_config_file }}</string>

diff --git a/templates/clamav.clamwatch.plist.j2 b/templates/clamav.clamwatch.plist.j2
@@ -8,7 +8,7 @@
 	<string>clamav.clamwatch</string>
 	<key>ProgramArguments</key>
 	<array>
-		<string>/usr/local/bin/clamwatch</string>
+		<string>{{ brew_prefix }}/bin/clamwatch</string>
 		<string>{{ clamav_clamwatch_target_folder }}</string>
 		<string>{{ clamav_clamwatch_quarantine_folder }}</string>
 		<string>{{ clamav_clamwatch_log_file }}</string>

diff --git a/templates/clamav.freshclam.plist.j2 b/templates/clamav.freshclam.plist.j2
@@ -8,7 +8,7 @@
 	<string>clamav.freshclam</string>
 	<key>ProgramArguments</key>
 	<array>
-		<string>/usr/local/bin/freshclam</string>
+		<string>{{ brew_prefix }}/bin/freshclam</string>
 		<string>--daemon</string>
 		<string>--foreground</string>
 		<string>--config-file</string>

diff --git a/files/clamwatch.sh → templates/clamwatch.sh.j2 b/files/clamwatch.sh → templates/clamwatch.sh.j2
@@ -4,9 +4,9 @@
 # $2 - The quarantine folder to move items to
 # $3 - The log file location
 
-/usr/local/bin/fswatch "${1}" | while read -r FILE
+{{ brew_prefix }}/bin/fswatch "${1}" | while read -r FILE
 do
    if [[ -f ${FILE} ]]; then
-     /usr/local/bin/clamdscan --no-summary --move="${2}" "${FILE}" >> "${3}"
+     {{ brew_prefix }}/bin/clamdscan --no-summary --move="${2}" "${FILE}" >> "${3}"
    fi
 done
diff --git a/templates/freshclam.conf.j2 b/templates/freshclam.conf.j2
@@ -145,7 +145,7 @@ DatabaseMirror database.clamav.net
 
 # Send the RELOAD command to clamd.
 # Default: no
-NotifyClamd /usr/local/etc/clamav/clamd.conf
+NotifyClamd {{ brew_prefix }}/etc/clamav/clamd.conf
 
 # Run command after successful database update.
 # Default: disabled