1 |
commit: 7ef9adb36a21fda32d38eaa0c4d0cf4312ade686 |
2 |
Author: Florian Schmaus <flow <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Dec 7 10:30:13 2021 +0000 |
4 |
Commit: Florian Schmaus <flow <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Dec 7 10:42:15 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ef9adb3 |
7 |
|
8 |
net-im/ejabberd: add 21.04-r1 |
9 |
|
10 |
This marks two important transitions: |
11 |
- from EAPI 6 to EAPI 7 |
12 |
- from net-im/jabber-base to acct-user/ejabberd |
13 |
|
14 |
The latter also means that ejabberd now runs under its own 'ejabberd' |
15 |
user, and no longer used the *shared* 'jabber' user from |
16 |
net-im/jabber-base. This increases the isolation of ejabberd. The |
17 |
configuration directory also changes from /etc/jabber, which is a |
18 |
non-standard ejabberd directory used only by Gentoo, to /etc/ejabberd, |
19 |
ejabberd's standard configuration directory. |
20 |
|
21 |
Futhermore, the custom SSL/TLS certificate handling (via the ssl-cert |
22 |
eclass) is removed, as ejabberd has for a long time now a built-in |
23 |
ACME client. And the certificate handling significantly increased the |
24 |
complecity of the ejabberd ebuild. This also fixes bug #716968. |
25 |
|
26 |
The ebuild also now passes the correct localstatedir to |
27 |
econf. Previously ejabberd would use /var/lib/lib/ejabberd. |
28 |
|
29 |
Ejabberd also unnecessarily created /var/lock/ejabberdctl, even though |
30 |
this directory is no longer used. This is now fixed in the ebuild and |
31 |
a patch was submitted and accepted upstream [1]. |
32 |
|
33 |
This also drops the non-upstream systemd tmpfile.conf. The directory |
34 |
created by the tmpfile is only ever used if the user manually |
35 |
configured it. And in this case, we should trust the user to also |
36 |
ensure that the directory is created. This further reduces the |
37 |
complexity of the ebuild. |
38 |
|
39 |
1: https://github.com/processone/ejabberd/pull/3724 |
40 |
|
41 |
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org> |
42 |
Closes: https://bugs.gentoo.org/716968 |
43 |
|
44 |
net-im/ejabberd/ejabberd-21.04-r1.ebuild | 233 +++++++++++++++++++++++++++++++ |
45 |
1 file changed, 233 insertions(+) |
46 |
|
47 |
diff --git a/net-im/ejabberd/ejabberd-21.04-r1.ebuild b/net-im/ejabberd/ejabberd-21.04-r1.ebuild |
48 |
new file mode 100644 |
49 |
index 000000000000..0d4324cb98e4 |
50 |
--- /dev/null |
51 |
+++ b/net-im/ejabberd/ejabberd-21.04-r1.ebuild |
52 |
@@ -0,0 +1,233 @@ |
53 |
+# Copyright 1999-2021 Gentoo Authors |
54 |
+# Distributed under the terms of the GNU General Public License v2 |
55 |
+ |
56 |
+EAPI=7 |
57 |
+ |
58 |
+inherit pam rebar systemd |
59 |
+ |
60 |
+DESCRIPTION="Robust, scalable and extensible XMPP server" |
61 |
+HOMEPAGE="https://www.ejabberd.im/ https://github.com/processone/ejabberd/" |
62 |
+SRC_URI="https://static.process-one.net/${PN}/downloads/${PV}/${P}.tgz |
63 |
+ -> ${P}.tar.gz" |
64 |
+ |
65 |
+LICENSE="GPL-2" |
66 |
+SLOT="0" |
67 |
+KEYWORDS="~amd64 ~arm ~ia64 ~sparc ~x86" |
68 |
+REQUIRED_USE="mssql? ( odbc )" |
69 |
+# TODO: Add 'tools' flag. |
70 |
+IUSE="captcha debug full-xml ldap mssql mysql odbc pam postgres redis |
71 |
+ roster-gw selinux sip sqlite +stun zlib" |
72 |
+ |
73 |
+RESTRICT="test" |
74 |
+ |
75 |
+# TODO: Add dependencies for 'tools' flag enabled. |
76 |
+# TODO: tools? ( |
77 |
+# TODO: >=dev-erlang/luerl-0.3 |
78 |
+# TODO: ) |
79 |
+DEPEND=">=dev-lang/erlang-19.3[odbc?,ssl] |
80 |
+ >=dev-erlang/cache_tab-1.0.28 |
81 |
+ >=dev-erlang/eimp-1.0.20 |
82 |
+ >=dev-erlang/fast_tls-1.1.12 |
83 |
+ >=dev-erlang/fast_xml-1.1.46 |
84 |
+ >=dev-erlang/fast_yaml-1.0.31 |
85 |
+ >=dev-erlang/yconf-1.0.11 |
86 |
+ >=dev-erlang/jiffy-1.0.5 |
87 |
+ >=dev-erlang/jose-1.9.0 |
88 |
+ >=dev-erlang/lager-3.6.10 |
89 |
+ >=dev-erlang/p1_oauth2-0.6.9 |
90 |
+ >=dev-erlang/p1_utils-1.0.22 |
91 |
+ >=dev-erlang/stringprep-1.0.25 |
92 |
+ >=dev-erlang/xmpp-1.5.3 |
93 |
+ >=dev-erlang/pkix-1.0.7 |
94 |
+ >=dev-erlang/mqtree-1.0.13 |
95 |
+ >=dev-erlang/idna-6.0.0-r1 |
96 |
+ >=dev-erlang/p1_acme-1.0.12 |
97 |
+ >=dev-erlang/base64url-1.0.1 |
98 |
+ >=net-im/jabber-base-0.01 |
99 |
+ ldap? ( =net-nds/openldap-2* ) |
100 |
+ mysql? ( >=dev-erlang/p1_mysql-1.0.18 ) |
101 |
+ odbc? ( dev-db/unixODBC ) |
102 |
+ pam? ( >=dev-erlang/epam-1.0.10 ) |
103 |
+ postgres? ( >=dev-erlang/p1_pgsql-1.1.11 ) |
104 |
+ redis? ( >=dev-erlang/eredis-1.0.8 ) |
105 |
+ sip? ( >=dev-erlang/esip-1.0.42 ) |
106 |
+ sqlite? ( >=dev-erlang/sqlite3-1.1.12 ) |
107 |
+ stun? ( >=dev-erlang/stun-1.0.43 ) |
108 |
+ zlib? ( >=dev-erlang/ezlib-1.0.9 )" |
109 |
+RDEPEND="${DEPEND} |
110 |
+ acct-user/ejabberd |
111 |
+ captcha? ( media-gfx/imagemagick[truetype,png] ) |
112 |
+ selinux? ( sec-policy/selinux-jabber ) |
113 |
+" |
114 |
+ |
115 |
+DOCS=( CHANGELOG.md README.md ) |
116 |
+PATCHES=( "${FILESDIR}/${PN}-19.08-ejabberdctl.patch" |
117 |
+ "${FILESDIR}/${PN}-17.04-0002-Dont-overwrite-service-file.patch") |
118 |
+ |
119 |
+# Set paths to ejabberd lib directory consistently to point always to directory |
120 |
+# suffixed with version. |
121 |
+correct_ejabberd_paths() { |
122 |
+ sed -e "/^EJABBERDDIR[[:space:]]*=/{s:ejabberd:${P}:}" \ |
123 |
+ -i "${S}/Makefile.in" \ |
124 |
+ || die 'failed to set ejabberd path in Makefile.in' |
125 |
+ sed -e "/EJABBERD_BIN_PATH=/{s:ejabberd:${P}:}" \ |
126 |
+ -i "${S}/ejabberdctl.template" \ |
127 |
+ || die 'failed to set ejabberd path in ejabberdctl.template' |
128 |
+} |
129 |
+ |
130 |
+# Get epam-wrapper from 'files' directory and correct path to lib directory in |
131 |
+# it. epam-wrapper is placed into work directory. It is assumed no epam-wrapper |
132 |
+# file exists there already. |
133 |
+customize_epam_wrapper() { |
134 |
+ local epam_wrapper_src="${1}" |
135 |
+ local epam_wrapper_dst="${S}/epam-wrapper" |
136 |
+ |
137 |
+ [[ -e ${epam_wrapper_dst} ]] && die 'epam-wrapper already exists' |
138 |
+ sed -r -e "s@^(ERL_LIBS=).*\$@\1${EPREFIX}$(get_erl_libs)@" \ |
139 |
+ "${epam_wrapper_src}" >"${epam_wrapper_dst}" \ |
140 |
+ || die 'failed to install epam-wrapper' |
141 |
+} |
142 |
+ |
143 |
+# Get path to ejabberd lib directory. |
144 |
+# |
145 |
+# This is the path ./configure script Base for this path is path set in |
146 |
+# ./configure script which is /usr/lib by default. If libdir is explicitely set |
147 |
+# to something else than this should be adjusted here as well. |
148 |
+get_ejabberd_path() { |
149 |
+ echo "/usr/$(get_libdir)/${P}" |
150 |
+} |
151 |
+ |
152 |
+# Make ejabberd.service for systemd from upstream provided template. |
153 |
+make_ejabberd_service() { |
154 |
+ sed -r \ |
155 |
+ -e 's!@ctlscriptpath@!/usr/sbin!g' \ |
156 |
+ -e 's!^(After)=(.*)!\1=epmd.service network.target!' \ |
157 |
+ -e '/^After=/ a Requires=epmd.service' \ |
158 |
+ "${PN}.service.template" >"${PN}.service" \ |
159 |
+ || die 'failed to make ejabberd.service' |
160 |
+} |
161 |
+ |
162 |
+src_prepare() { |
163 |
+ default |
164 |
+ |
165 |
+ rebar_remove_deps |
166 |
+ correct_ejabberd_paths |
167 |
+ make_ejabberd_service |
168 |
+ customize_epam_wrapper "${FILESDIR}/epam-wrapper" |
169 |
+ |
170 |
+ rebar_fix_include_path fast_xml |
171 |
+ rebar_fix_include_path p1_utils |
172 |
+ rebar_fix_include_path xmpp |
173 |
+ |
174 |
+ # Fix bug #591862. ERL_LIBS should point directly to ejabberd directory |
175 |
+ # rather than its parent which is default. That way ejabberd directory |
176 |
+ # takes precedence is module lookup. |
177 |
+ local ejabberd_erl_libs="$(get_ejabberd_path):$(get_erl_libs)" |
178 |
+ sed -e "s|\(ERL_LIBS=\){{libdir}}.*|\1${ejabberd_erl_libs}|" \ |
179 |
+ -i "${S}/ejabberdctl.template" \ |
180 |
+ || die 'failed to set ERL_LIBS in ejabberdctl.template' |
181 |
+} |
182 |
+ |
183 |
+src_configure() { |
184 |
+ econf \ |
185 |
+ --docdir="${EPREFIX}/usr/share/doc/${PF}/html" \ |
186 |
+ --localstatedir="${EPREFIX}/var" \ |
187 |
+ --enable-user=${PN} \ |
188 |
+ $(use_enable debug) \ |
189 |
+ $(use_enable full-xml) \ |
190 |
+ $(use_enable mssql) \ |
191 |
+ $(use_enable mysql) \ |
192 |
+ $(use_enable odbc) \ |
193 |
+ $(use_enable pam) \ |
194 |
+ $(use_enable postgres pgsql) \ |
195 |
+ $(use_enable redis) \ |
196 |
+ $(use_enable roster-gw roster-gateway-workaround) \ |
197 |
+ $(use_enable sqlite) \ |
198 |
+ $(use_enable sip) \ |
199 |
+ $(use_enable stun) \ |
200 |
+ $(use_enable zlib) |
201 |
+ |
202 |
+ # more options to support |
203 |
+ # --enable-elixir requires https://github.com/elixir-lang/elixir |
204 |
+} |
205 |
+ |
206 |
+src_compile() { |
207 |
+ emake REBAR='rebar -v' src |
208 |
+} |
209 |
+ |
210 |
+src_install() { |
211 |
+ default |
212 |
+ |
213 |
+ if use pam; then |
214 |
+ local epam_path="$(get_ejabberd_path)/priv/bin/epam" |
215 |
+ |
216 |
+ pamd_mimic_system xmpp auth account |
217 |
+ into "$(get_ejabberd_path)/priv" |
218 |
+ newbin epam-wrapper epam |
219 |
+ fi |
220 |
+ |
221 |
+ newconfd "${FILESDIR}/${PN}.confd" "${PN}" |
222 |
+ newinitd "${FILESDIR}/${PN}.initd" "${PN}" |
223 |
+ systemd_dounit "${PN}.service" |
224 |
+ |
225 |
+ insinto /etc/logrotate.d |
226 |
+ newins "${FILESDIR}/${PN}.logrotate" "${PN}" |
227 |
+ |
228 |
+ # /var/lock/ejabberdctl is unused, see |
229 |
+ # https://github.com/processone/ejabberd/pull/3724 |
230 |
+ rmdir "${ED}/var/lock/ejabberdctl" || die |
231 |
+ rmdir "${ED}/var/lock" || die |
232 |
+ |
233 |
+ keepdir /var/{lib,log}/ejabberd |
234 |
+} |
235 |
+ |
236 |
+pkg_preinst() { |
237 |
+ if use pam; then |
238 |
+ einfo "Adding ejabberd user to epam group to allow ejabberd to use PAM" \ |
239 |
+ "authentication" |
240 |
+ # See |
241 |
+ # <https://docs.ejabberd.im/admin/configuration/#pam-authentication>. |
242 |
+ # epam binary is installed by dev-erlang/epam package, therefore SUID |
243 |
+ # is set by that package. Instead of jabber group it uses epam group, |
244 |
+ # therefore we need to add jabber user to epam group. |
245 |
+ usermod -a -G epam ejabberd || die |
246 |
+ fi |
247 |
+} |
248 |
+ |
249 |
+pkg_postinst() { |
250 |
+ local migrate_to_etc_ejabberd=false |
251 |
+ |
252 |
+ if [[ ! ${REPLACING_VERSIONS} ]]; then |
253 |
+ echo |
254 |
+ elog "For configuration instructions, please see" |
255 |
+ elog " https://docs.ejabberd.im/" |
256 |
+ echo |
257 |
+ else |
258 |
+ for v in ${REPLACING_VERSIONS}; do |
259 |
+ if ver_test "${v}" -lt 21.04-r1; then |
260 |
+ migrate_to_etc_ejabberd=true |
261 |
+ break |
262 |
+ fi |
263 |
+ done |
264 |
+ fi |
265 |
+ |
266 |
+ # Sarting with >=21.04-r1, the ejabberd configuration is now in |
267 |
+ # /etc/ejabberd and no longer in /etc/jabber. See if we need to |
268 |
+ # migrate the configuration. Furthermore, ejabberd no longer runs |
269 |
+ # under the, shared via net-im/jabber-base, 'jabber' use, but under |
270 |
+ # its own user. This increase isolation and hence robustness and |
271 |
+ # security. |
272 |
+ if $migrate_to_etc_ejabberd; then |
273 |
+ cp -r "${EROOT}"/etc/jabber/. "${EROOT}"/etc/ejabberd || die |
274 |
+ if [[ -f "${EROOT}"/etc/ejabberd/.keep_net-im_jabber-base-0 ]]; then |
275 |
+ rm "${EROOT}"/etc/ejabberd/.keep_net-im_jabber-base-0 || die |
276 |
+ fi |
277 |
+ if ! use prefix; then |
278 |
+ chown --recursive ejabberd:ejabberd "${EROOT}"/etc/ejabberd || die |
279 |
+ fi |
280 |
+ elog "Newer versions of the ejabberd Gentoo package use /etc/ejabberd" |
281 |
+ elog "(just as upstream) and *not* /etc/ejabber." |
282 |
+ elog "The files from /etc/jabber where copied to /etc/ejabberd." |
283 |
+ elog "Please check your configuration and delete the file in /etc/jabber." |
284 |
+ fi |
285 |
+} |