[gentoo-commits] repo/gentoo:master commit in: mail-filter/spamassassin/, mail-filter/spamassassin/files/ - gentoo-commits

From:	Michael Orlitzky <mjo@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: mail-filter/spamassassin/, mail-filter/spamassassin/files/
Date:	Wed, 01 Nov 2017 18:55:59
Message-Id:	`1509562496.2d55bc8f1afb8dc8f712ba139a860c828f52eb17.mjo@gentoo`

1

commit:     2d55bc8f1afb8dc8f712ba139a860c828f52eb17

2

Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>

3

AuthorDate: Wed Nov  1 03:05:53 2017 +0000

4

Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>

5

CommitDate: Wed Nov  1 18:54:56 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d55bc8f

7

8

mail-filter/spamassassin: new revision that lets spamd run as root (openrc).

9

10

The r13 revision of spamassassin came with a new init script (and

11

systemd service file) that runs spamd as the "spamd" user by default,

12

and that choice is not configurable. There is however a legitimate use

13

case for running spamd as root; namely, when local users have their

14

configurations or bayes databases stored in their home directories on

15

the local filesystem.

16

17

This new revision adds back the ability to run spamd as root, through

18

the SPAMD_RUN_AS_ROOT variable in the OpenRC service configuration

19

file. This should suffice for the users who have reported problems so

20

far, and a similar fix for the systemd service is on its way.

21

22

The pkg_postinst phase of the ebuild alerts users to the new

23

configuration variable.

24

25

Bug: https://bugs.gentoo.org/635790

26

Package-Manager: Portage-2.3.8, Repoman-2.3.3

27

28

 mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 | 30 +++++++++++++++++

29

 mail-filter/spamassassin/files/3.4.1-spamd.init-r2 | 38 ++++++++++++++++++++++

30

 ....1-r17.ebuild => spamassassin-3.4.1-r18.ebuild} |  9 +++--

31

 3 files changed, 75 insertions(+), 2 deletions(-)

32

33

diff --git a/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 b/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1

34

new file mode 100644

35

index 00000000000..b7b46f3226a

36

--- /dev/null

37

+++ b/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1

38

@@ -0,0 +1,30 @@

39

+# ***WARNING***

40

+#

41

+# The spamd daemon must not run on an untrusted network.

42

+#

43

+# ***WARNING***

44

+

45

+# Additional options to pass to the spamd daemon. The spamd(1) man

46

+# page explains the available options. If you choose to listen on a

47

+# non-default interface, you will need to use OpenRC's "rc_need"

48

+# mechanism to ensure that your interface comes up before spamd

49

+# starts. The openrc-run(8) man page describes rc_need.

50

+SPAMD_OPTS="--max-children=5 --create-prefs --helper-home-dir"

51

+

52

+# Sets the 'nice' level of the spamd process.

53

+SPAMD_NICELEVEL=0

54

+

55

+# How long (in seconds) should we wait for spamd to stop after we've

56

+# asked it to? After this amount of time, if spamd is still running,

57

+# we will assume that it has failed to stop.

58

+SPAMD_TIMEOUT=15

59

+

60

+# Do you want to run spamd as root? If you have local users storing their

61

+# personal configurations (or bayes databases) in ~/.spamassassin, then you

62

+# may want to run spamd as root so that it can setuid to each user while

63

+# processing his spam. (That way, you don't have to grant the "spamd" user

64

+# individual permissions to everyone's ~/.spamassassin directory.)

65

+#

66

+# On the other hand, if you don't store any per-user configuration on

67

+# the filesystem, then you should leave this alone.

68

+SPAMD_RUN_AS_ROOT=false

69

70

diff --git a/mail-filter/spamassassin/files/3.4.1-spamd.init-r2 b/mail-filter/spamassassin/files/3.4.1-spamd.init-r2

71

new file mode 100644

72

index 00000000000..c704782f3a4

73

--- /dev/null

74

+++ b/mail-filter/spamassassin/files/3.4.1-spamd.init-r2

75

@@ -0,0 +1,38 @@

76

+#!/sbin/openrc-run

77

+# Copyright 1999-2017 Gentoo Foundation

78

+# Distributed under the terms of the GNU General Public License v2

79

+

80

+command="/usr/sbin/spamd"

81

+pidfile="/run/spamd.pid"

82

+command_args="--pidfile=${pidfile} ${SPAMD_OPTS}"

83

+command_args_background="--daemonize"

84

+

85

+if ! [ "${SPAMD_RUN_AS_ROOT}" = "true" ]; then

86

+    # Passing --username=root to spamd kills it, so if SPAMD_RUN_AS_ROOT

87

+    # is true, then we want to pass no user/group command args at all.

88

+    # Any value other than "true" gets the default user/group of "spamd".

89

+    command_args="${command_args} --username=spamd --groupname=spamd"

90

+fi

91

+

92

+: ${SPAMD_NICELEVEL:=0}

93

+start_stop_daemon_args="--nicelevel ${SPAMD_NICELEVEL}"

94

+

95

+# Retry after SPAMD_TIMEOUT seconds because spamd can take a

96

+# while to kill off all of its children. This was bug 322025.

97

+: ${SPAMD_TIMEOUT:=15}

98

+retry="${SPAMD_TIMEOUT}"

99

+

100

+extra_started_commands="reload"

101

+

102

+depend() {

103

+    before mta

104

+    use logger mysql postgres

105

+}

106

+

107

+reload() {

108

+	ebegin "Reloading configuration"

109

+	# Warning: reload causes the PID of the spamd process to

110

+	# change, but spamd does update its PID file afterwards.

111

+	start-stop-daemon --signal HUP --pidfile "${pidfile}"

112

+	eend $?

113

+}

114

115

diff --git a/mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild b/mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild

116

similarity index 95%

117

rename from mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild

118

rename to mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild

119

index ba402950811..49b14da5015 100644

120

--- a/mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild

121

+++ b/mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild

122

@@ -156,8 +156,8 @@ src_install () {

123

 		|| die "failed to disable plugins by default"

124

125

 	# Add the init and config scripts.

126

-	newinitd "${FILESDIR}/3.4.1-spamd.init-r1" spamd

127

-	newconfd "${FILESDIR}/3.4.1-spamd.conf" spamd

128

+	newinitd "${FILESDIR}/3.4.1-spamd.init-r2" spamd

129

+	newconfd "${FILESDIR}/3.4.1-spamd.conf-r1" spamd

130

131

 	systemd_newunit "${FILESDIR}/${PN}.service-r3" "${PN}.service"

132

 	systemd_install_serviced "${FILESDIR}/${PN}.service.conf-r1" \

133

@@ -241,4 +241,9 @@ pkg_postinst() {

134

 	elog

135

 	elog '  https://wiki.gentoo.org/wiki/SpamAssassin'

136

 	elog

137

+

138

+	ewarn 'If this version of SpamAssassin causes permissions issues'

139

+	ewarn 'with your user configurations or bayes databases, you may'

140

+	ewarn 'need to set SPAMD_RUN_AS_ROOT=true in your OpenRC service'

141

+	ewarn 'configuration file.'

142

}

1	commit: 2d55bc8f1afb8dc8f712ba139a860c828f52eb17
2	Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
3	AuthorDate: Wed Nov 1 03:05:53 2017 +0000
4	Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
5	CommitDate: Wed Nov 1 18:54:56 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d55bc8f
7
8	mail-filter/spamassassin: new revision that lets spamd run as root (openrc).
9
10	The r13 revision of spamassassin came with a new init script (and
11	systemd service file) that runs spamd as the "spamd" user by default,
12	and that choice is not configurable. There is however a legitimate use
13	case for running spamd as root; namely, when local users have their
14	configurations or bayes databases stored in their home directories on
15	the local filesystem.
16
17	This new revision adds back the ability to run spamd as root, through
18	the SPAMD_RUN_AS_ROOT variable in the OpenRC service configuration
19	file. This should suffice for the users who have reported problems so
20	far, and a similar fix for the systemd service is on its way.
21
22	The pkg_postinst phase of the ebuild alerts users to the new
23	configuration variable.
24
25	Bug: https://bugs.gentoo.org/635790
26	Package-Manager: Portage-2.3.8, Repoman-2.3.3
27
28	mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 \| 30 +++++++++++++++++
29	mail-filter/spamassassin/files/3.4.1-spamd.init-r2 \| 38 ++++++++++++++++++++++
30	....1-r17.ebuild => spamassassin-3.4.1-r18.ebuild} \| 9 +++--
31	3 files changed, 75 insertions(+), 2 deletions(-)
32
33	diff --git a/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 b/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1
34	new file mode 100644
35	index 00000000000..b7b46f3226a
36	--- /dev/null
37	+++ b/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1
38	@@ -0,0 +1,30 @@
39	+# *WARNING*
40	+#
41	+# The spamd daemon must not run on an untrusted network.
42	+#
43	+# *WARNING*
44	+
45	+# Additional options to pass to the spamd daemon. The spamd(1) man
46	+# page explains the available options. If you choose to listen on a
47	+# non-default interface, you will need to use OpenRC's "rc_need"
48	+# mechanism to ensure that your interface comes up before spamd
49	+# starts. The openrc-run(8) man page describes rc_need.
50	+SPAMD_OPTS="--max-children=5 --create-prefs --helper-home-dir"
51	+
52	+# Sets the 'nice' level of the spamd process.
53	+SPAMD_NICELEVEL=0
54	+
55	+# How long (in seconds) should we wait for spamd to stop after we've
56	+# asked it to? After this amount of time, if spamd is still running,
57	+# we will assume that it has failed to stop.
58	+SPAMD_TIMEOUT=15
59	+
60	+# Do you want to run spamd as root? If you have local users storing their
61	+# personal configurations (or bayes databases) in ~/.spamassassin, then you
62	+# may want to run spamd as root so that it can setuid to each user while
63	+# processing his spam. (That way, you don't have to grant the "spamd" user
64	+# individual permissions to everyone's ~/.spamassassin directory.)
65	+#
66	+# On the other hand, if you don't store any per-user configuration on
67	+# the filesystem, then you should leave this alone.
68	+SPAMD_RUN_AS_ROOT=false
69
70	diff --git a/mail-filter/spamassassin/files/3.4.1-spamd.init-r2 b/mail-filter/spamassassin/files/3.4.1-spamd.init-r2
71	new file mode 100644
72	index 00000000000..c704782f3a4
73	--- /dev/null
74	+++ b/mail-filter/spamassassin/files/3.4.1-spamd.init-r2
75	@@ -0,0 +1,38 @@
76	+#!/sbin/openrc-run
77	+# Copyright 1999-2017 Gentoo Foundation
78	+# Distributed under the terms of the GNU General Public License v2
79	+
80	+command="/usr/sbin/spamd"
81	+pidfile="/run/spamd.pid"
82	+command_args="--pidfile=${pidfile} ${SPAMD_OPTS}"
83	+command_args_background="--daemonize"
84	+
85	+if ! [ "${SPAMD_RUN_AS_ROOT}" = "true" ]; then
86	+ # Passing --username=root to spamd kills it, so if SPAMD_RUN_AS_ROOT
87	+ # is true, then we want to pass no user/group command args at all.
88	+ # Any value other than "true" gets the default user/group of "spamd".
89	+ command_args="${command_args} --username=spamd --groupname=spamd"
90	+fi
91	+
92	+: ${SPAMD_NICELEVEL:=0}
93	+start_stop_daemon_args="--nicelevel ${SPAMD_NICELEVEL}"
94	+
95	+# Retry after SPAMD_TIMEOUT seconds because spamd can take a
96	+# while to kill off all of its children. This was bug 322025.
97	+: ${SPAMD_TIMEOUT:=15}
98	+retry="${SPAMD_TIMEOUT}"
99	+
100	+extra_started_commands="reload"
101	+
102	+depend() {
103	+ before mta
104	+ use logger mysql postgres
105	+}
106	+
107	+reload() {
108	+ ebegin "Reloading configuration"
109	+ # Warning: reload causes the PID of the spamd process to
110	+ # change, but spamd does update its PID file afterwards.
111	+ start-stop-daemon --signal HUP --pidfile "${pidfile}"
112	+ eend $?
113	+}
114
115	diff --git a/mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild b/mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild
116	similarity index 95%
117	rename from mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild
118	rename to mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild
119	index ba402950811..49b14da5015 100644
120	--- a/mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild
121	+++ b/mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild
122	@@ -156,8 +156,8 @@ src_install () {
123	\|\| die "failed to disable plugins by default"
124
125	# Add the init and config scripts.
126	- newinitd "${FILESDIR}/3.4.1-spamd.init-r1" spamd
127	- newconfd "${FILESDIR}/3.4.1-spamd.conf" spamd
128	+ newinitd "${FILESDIR}/3.4.1-spamd.init-r2" spamd
129	+ newconfd "${FILESDIR}/3.4.1-spamd.conf-r1" spamd
130
131	systemd_newunit "${FILESDIR}/${PN}.service-r3" "${PN}.service"
132	systemd_install_serviced "${FILESDIR}/${PN}.service.conf-r1" \
133	@@ -241,4 +241,9 @@ pkg_postinst() {
134	elog
135	elog ' https://wiki.gentoo.org/wiki/SpamAssassin'
136	elog
137	+
138	+ ewarn 'If this version of SpamAssassin causes permissions issues'
139	+ ewarn 'with your user configurations or bayes databases, you may'
140	+ ewarn 'need to set SPAMD_RUN_AS_ROOT=true in your OpenRC service'
141	+ ewarn 'configuration file.'
142	}

Gentoo Archives: gentoo-commits