1 |
commit: 2d55bc8f1afb8dc8f712ba139a860c828f52eb17 |
2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Nov 1 03:05:53 2017 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Nov 1 18:54:56 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d55bc8f |
7 |
|
8 |
mail-filter/spamassassin: new revision that lets spamd run as root (openrc). |
9 |
|
10 |
The r13 revision of spamassassin came with a new init script (and |
11 |
systemd service file) that runs spamd as the "spamd" user by default, |
12 |
and that choice is not configurable. There is however a legitimate use |
13 |
case for running spamd as root; namely, when local users have their |
14 |
configurations or bayes databases stored in their home directories on |
15 |
the local filesystem. |
16 |
|
17 |
This new revision adds back the ability to run spamd as root, through |
18 |
the SPAMD_RUN_AS_ROOT variable in the OpenRC service configuration |
19 |
file. This should suffice for the users who have reported problems so |
20 |
far, and a similar fix for the systemd service is on its way. |
21 |
|
22 |
The pkg_postinst phase of the ebuild alerts users to the new |
23 |
configuration variable. |
24 |
|
25 |
Bug: https://bugs.gentoo.org/635790 |
26 |
Package-Manager: Portage-2.3.8, Repoman-2.3.3 |
27 |
|
28 |
mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 | 30 +++++++++++++++++ |
29 |
mail-filter/spamassassin/files/3.4.1-spamd.init-r2 | 38 ++++++++++++++++++++++ |
30 |
....1-r17.ebuild => spamassassin-3.4.1-r18.ebuild} | 9 +++-- |
31 |
3 files changed, 75 insertions(+), 2 deletions(-) |
32 |
|
33 |
diff --git a/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 b/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 |
34 |
new file mode 100644 |
35 |
index 00000000000..b7b46f3226a |
36 |
--- /dev/null |
37 |
+++ b/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 |
38 |
@@ -0,0 +1,30 @@ |
39 |
+# ***WARNING*** |
40 |
+# |
41 |
+# The spamd daemon must not run on an untrusted network. |
42 |
+# |
43 |
+# ***WARNING*** |
44 |
+ |
45 |
+# Additional options to pass to the spamd daemon. The spamd(1) man |
46 |
+# page explains the available options. If you choose to listen on a |
47 |
+# non-default interface, you will need to use OpenRC's "rc_need" |
48 |
+# mechanism to ensure that your interface comes up before spamd |
49 |
+# starts. The openrc-run(8) man page describes rc_need. |
50 |
+SPAMD_OPTS="--max-children=5 --create-prefs --helper-home-dir" |
51 |
+ |
52 |
+# Sets the 'nice' level of the spamd process. |
53 |
+SPAMD_NICELEVEL=0 |
54 |
+ |
55 |
+# How long (in seconds) should we wait for spamd to stop after we've |
56 |
+# asked it to? After this amount of time, if spamd is still running, |
57 |
+# we will assume that it has failed to stop. |
58 |
+SPAMD_TIMEOUT=15 |
59 |
+ |
60 |
+# Do you want to run spamd as root? If you have local users storing their |
61 |
+# personal configurations (or bayes databases) in ~/.spamassassin, then you |
62 |
+# may want to run spamd as root so that it can setuid to each user while |
63 |
+# processing his spam. (That way, you don't have to grant the "spamd" user |
64 |
+# individual permissions to everyone's ~/.spamassassin directory.) |
65 |
+# |
66 |
+# On the other hand, if you don't store any per-user configuration on |
67 |
+# the filesystem, then you should leave this alone. |
68 |
+SPAMD_RUN_AS_ROOT=false |
69 |
|
70 |
diff --git a/mail-filter/spamassassin/files/3.4.1-spamd.init-r2 b/mail-filter/spamassassin/files/3.4.1-spamd.init-r2 |
71 |
new file mode 100644 |
72 |
index 00000000000..c704782f3a4 |
73 |
--- /dev/null |
74 |
+++ b/mail-filter/spamassassin/files/3.4.1-spamd.init-r2 |
75 |
@@ -0,0 +1,38 @@ |
76 |
+#!/sbin/openrc-run |
77 |
+# Copyright 1999-2017 Gentoo Foundation |
78 |
+# Distributed under the terms of the GNU General Public License v2 |
79 |
+ |
80 |
+command="/usr/sbin/spamd" |
81 |
+pidfile="/run/spamd.pid" |
82 |
+command_args="--pidfile=${pidfile} ${SPAMD_OPTS}" |
83 |
+command_args_background="--daemonize" |
84 |
+ |
85 |
+if ! [ "${SPAMD_RUN_AS_ROOT}" = "true" ]; then |
86 |
+ # Passing --username=root to spamd kills it, so if SPAMD_RUN_AS_ROOT |
87 |
+ # is true, then we want to pass no user/group command args at all. |
88 |
+ # Any value other than "true" gets the default user/group of "spamd". |
89 |
+ command_args="${command_args} --username=spamd --groupname=spamd" |
90 |
+fi |
91 |
+ |
92 |
+: ${SPAMD_NICELEVEL:=0} |
93 |
+start_stop_daemon_args="--nicelevel ${SPAMD_NICELEVEL}" |
94 |
+ |
95 |
+# Retry after SPAMD_TIMEOUT seconds because spamd can take a |
96 |
+# while to kill off all of its children. This was bug 322025. |
97 |
+: ${SPAMD_TIMEOUT:=15} |
98 |
+retry="${SPAMD_TIMEOUT}" |
99 |
+ |
100 |
+extra_started_commands="reload" |
101 |
+ |
102 |
+depend() { |
103 |
+ before mta |
104 |
+ use logger mysql postgres |
105 |
+} |
106 |
+ |
107 |
+reload() { |
108 |
+ ebegin "Reloading configuration" |
109 |
+ # Warning: reload causes the PID of the spamd process to |
110 |
+ # change, but spamd does update its PID file afterwards. |
111 |
+ start-stop-daemon --signal HUP --pidfile "${pidfile}" |
112 |
+ eend $? |
113 |
+} |
114 |
|
115 |
diff --git a/mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild b/mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild |
116 |
similarity index 95% |
117 |
rename from mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild |
118 |
rename to mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild |
119 |
index ba402950811..49b14da5015 100644 |
120 |
--- a/mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild |
121 |
+++ b/mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild |
122 |
@@ -156,8 +156,8 @@ src_install () { |
123 |
|| die "failed to disable plugins by default" |
124 |
|
125 |
# Add the init and config scripts. |
126 |
- newinitd "${FILESDIR}/3.4.1-spamd.init-r1" spamd |
127 |
- newconfd "${FILESDIR}/3.4.1-spamd.conf" spamd |
128 |
+ newinitd "${FILESDIR}/3.4.1-spamd.init-r2" spamd |
129 |
+ newconfd "${FILESDIR}/3.4.1-spamd.conf-r1" spamd |
130 |
|
131 |
systemd_newunit "${FILESDIR}/${PN}.service-r3" "${PN}.service" |
132 |
systemd_install_serviced "${FILESDIR}/${PN}.service.conf-r1" \ |
133 |
@@ -241,4 +241,9 @@ pkg_postinst() { |
134 |
elog |
135 |
elog ' https://wiki.gentoo.org/wiki/SpamAssassin' |
136 |
elog |
137 |
+ |
138 |
+ ewarn 'If this version of SpamAssassin causes permissions issues' |
139 |
+ ewarn 'with your user configurations or bayes databases, you may' |
140 |
+ ewarn 'need to set SPAMD_RUN_AS_ROOT=true in your OpenRC service' |
141 |
+ ewarn 'configuration file.' |
142 |
} |