From 12c80f67c3180c729b394fe544a3a1e9b567b65c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Mon, 12 Aug 2024 14:48:06 +0200
Subject: [PATCH] feat: add switch to make sure that ClamAV is not uninstalled
 on Archivematica-Servers

---
 tasks/main.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tasks/main.yml b/tasks/main.yml
index 0b46b40..7afeceb 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -52,8 +52,25 @@
   ansible.builtin.import_tasks: "install_rkhunter.yml"
   tags: [rkhunter]
 
+- name: >
+    Check if Archivematica is installed. We can only uninstall ClamAV if we're
+    not on an Archivematica system, because as of AM 1.15, `clamav` is a
+    dependency of `archivematica-mcp-client`. If we still uninstall `clamav`,
+    we WILL break the system.
+    If Archivematica is installed, then `grep` will return a "0" exit code,
+    otherwise it will return "1", which is also OK for us.
+  ansible.builtin.shell:                      # noqa command-instead-of-module
+    cmd: |
+      set -o pipefail   # <-- adding this will prevent surprises
+      systemctl list-units | grep 'archivematica-'
+    executable: /bin/bash
+  register: archivematica_installed
+  changed_when: false
+  failed_when: archivematica_installed.rc > 1
+  tags: [clamav]
 - name: include ClamAV uninstall task
   ansible.builtin.import_tasks: "uninstall_clamav.yml"
+  when: 'archivematica_installed.rc != 0'
   tags: [clamav]
 
 - name: include auditd install task
-- 
GitLab