| 1 |
commit: 7ef9adb36a21fda32d38eaa0c4d0cf4312ade686 |
| 2 |
Author: Florian Schmaus <flow <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Dec 7 10:30:13 2021 +0000 |
| 4 |
Commit: Florian Schmaus <flow <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Dec 7 10:42:15 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ef9adb3 |
| 7 |
|
| 8 |
net-im/ejabberd: add 21.04-r1 |
| 9 |
|
| 10 |
This marks two important transitions: |
| 11 |
- from EAPI 6 to EAPI 7 |
| 12 |
- from net-im/jabber-base to acct-user/ejabberd |
| 13 |
|
| 14 |
The latter also means that ejabberd now runs under its own 'ejabberd' |
| 15 |
user, and no longer used the *shared* 'jabber' user from |
| 16 |
net-im/jabber-base. This increases the isolation of ejabberd. The |
| 17 |
configuration directory also changes from /etc/jabber, which is a |
| 18 |
non-standard ejabberd directory used only by Gentoo, to /etc/ejabberd, |
| 19 |
ejabberd's standard configuration directory. |
| 20 |
|
| 21 |
Futhermore, the custom SSL/TLS certificate handling (via the ssl-cert |
| 22 |
eclass) is removed, as ejabberd has for a long time now a built-in |
| 23 |
ACME client. And the certificate handling significantly increased the |
| 24 |
complecity of the ejabberd ebuild. This also fixes bug #716968. |
| 25 |
|
| 26 |
The ebuild also now passes the correct localstatedir to |
| 27 |
econf. Previously ejabberd would use /var/lib/lib/ejabberd. |
| 28 |
|
| 29 |
Ejabberd also unnecessarily created /var/lock/ejabberdctl, even though |
| 30 |
this directory is no longer used. This is now fixed in the ebuild and |
| 31 |
a patch was submitted and accepted upstream [1]. |
| 32 |
|
| 33 |
This also drops the non-upstream systemd tmpfile.conf. The directory |
| 34 |
created by the tmpfile is only ever used if the user manually |
| 35 |
configured it. And in this case, we should trust the user to also |
| 36 |
ensure that the directory is created. This further reduces the |
| 37 |
complexity of the ebuild. |
| 38 |
|
| 39 |
1: https://github.com/processone/ejabberd/pull/3724 |
| 40 |
|
| 41 |
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org> |
| 42 |
Closes: https://bugs.gentoo.org/716968 |
| 43 |
|
| 44 |
net-im/ejabberd/ejabberd-21.04-r1.ebuild | 233 +++++++++++++++++++++++++++++++ |
| 45 |
1 file changed, 233 insertions(+) |
| 46 |
|
| 47 |
diff --git a/net-im/ejabberd/ejabberd-21.04-r1.ebuild b/net-im/ejabberd/ejabberd-21.04-r1.ebuild |
| 48 |
new file mode 100644 |
| 49 |
index 000000000000..0d4324cb98e4 |
| 50 |
--- /dev/null |
| 51 |
+++ b/net-im/ejabberd/ejabberd-21.04-r1.ebuild |
| 52 |
@@ -0,0 +1,233 @@ |
| 53 |
+# Copyright 1999-2021 Gentoo Authors |
| 54 |
+# Distributed under the terms of the GNU General Public License v2 |
| 55 |
+ |
| 56 |
+EAPI=7 |
| 57 |
+ |
| 58 |
+inherit pam rebar systemd |
| 59 |
+ |
| 60 |
+DESCRIPTION="Robust, scalable and extensible XMPP server" |
| 61 |
+HOMEPAGE="https://www.ejabberd.im/ https://github.com/processone/ejabberd/" |
| 62 |
+SRC_URI="https://static.process-one.net/${PN}/downloads/${PV}/${P}.tgz |
| 63 |
+ -> ${P}.tar.gz" |
| 64 |
+ |
| 65 |
+LICENSE="GPL-2" |
| 66 |
+SLOT="0" |
| 67 |
+KEYWORDS="~amd64 ~arm ~ia64 ~sparc ~x86" |
| 68 |
+REQUIRED_USE="mssql? ( odbc )" |
| 69 |
+# TODO: Add 'tools' flag. |
| 70 |
+IUSE="captcha debug full-xml ldap mssql mysql odbc pam postgres redis |
| 71 |
+ roster-gw selinux sip sqlite +stun zlib" |
| 72 |
+ |
| 73 |
+RESTRICT="test" |
| 74 |
+ |
| 75 |
+# TODO: Add dependencies for 'tools' flag enabled. |
| 76 |
+# TODO: tools? ( |
| 77 |
+# TODO: >=dev-erlang/luerl-0.3 |
| 78 |
+# TODO: ) |
| 79 |
+DEPEND=">=dev-lang/erlang-19.3[odbc?,ssl] |
| 80 |
+ >=dev-erlang/cache_tab-1.0.28 |
| 81 |
+ >=dev-erlang/eimp-1.0.20 |
| 82 |
+ >=dev-erlang/fast_tls-1.1.12 |
| 83 |
+ >=dev-erlang/fast_xml-1.1.46 |
| 84 |
+ >=dev-erlang/fast_yaml-1.0.31 |
| 85 |
+ >=dev-erlang/yconf-1.0.11 |
| 86 |
+ >=dev-erlang/jiffy-1.0.5 |
| 87 |
+ >=dev-erlang/jose-1.9.0 |
| 88 |
+ >=dev-erlang/lager-3.6.10 |
| 89 |
+ >=dev-erlang/p1_oauth2-0.6.9 |
| 90 |
+ >=dev-erlang/p1_utils-1.0.22 |
| 91 |
+ >=dev-erlang/stringprep-1.0.25 |
| 92 |
+ >=dev-erlang/xmpp-1.5.3 |
| 93 |
+ >=dev-erlang/pkix-1.0.7 |
| 94 |
+ >=dev-erlang/mqtree-1.0.13 |
| 95 |
+ >=dev-erlang/idna-6.0.0-r1 |
| 96 |
+ >=dev-erlang/p1_acme-1.0.12 |
| 97 |
+ >=dev-erlang/base64url-1.0.1 |
| 98 |
+ >=net-im/jabber-base-0.01 |
| 99 |
+ ldap? ( =net-nds/openldap-2* ) |
| 100 |
+ mysql? ( >=dev-erlang/p1_mysql-1.0.18 ) |
| 101 |
+ odbc? ( dev-db/unixODBC ) |
| 102 |
+ pam? ( >=dev-erlang/epam-1.0.10 ) |
| 103 |
+ postgres? ( >=dev-erlang/p1_pgsql-1.1.11 ) |
| 104 |
+ redis? ( >=dev-erlang/eredis-1.0.8 ) |
| 105 |
+ sip? ( >=dev-erlang/esip-1.0.42 ) |
| 106 |
+ sqlite? ( >=dev-erlang/sqlite3-1.1.12 ) |
| 107 |
+ stun? ( >=dev-erlang/stun-1.0.43 ) |
| 108 |
+ zlib? ( >=dev-erlang/ezlib-1.0.9 )" |
| 109 |
+RDEPEND="${DEPEND} |
| 110 |
+ acct-user/ejabberd |
| 111 |
+ captcha? ( media-gfx/imagemagick[truetype,png] ) |
| 112 |
+ selinux? ( sec-policy/selinux-jabber ) |
| 113 |
+" |
| 114 |
+ |
| 115 |
+DOCS=( CHANGELOG.md README.md ) |
| 116 |
+PATCHES=( "${FILESDIR}/${PN}-19.08-ejabberdctl.patch" |
| 117 |
+ "${FILESDIR}/${PN}-17.04-0002-Dont-overwrite-service-file.patch") |
| 118 |
+ |
| 119 |
+# Set paths to ejabberd lib directory consistently to point always to directory |
| 120 |
+# suffixed with version. |
| 121 |
+correct_ejabberd_paths() { |
| 122 |
+ sed -e "/^EJABBERDDIR[[:space:]]*=/{s:ejabberd:${P}:}" \ |
| 123 |
+ -i "${S}/Makefile.in" \ |
| 124 |
+ || die 'failed to set ejabberd path in Makefile.in' |
| 125 |
+ sed -e "/EJABBERD_BIN_PATH=/{s:ejabberd:${P}:}" \ |
| 126 |
+ -i "${S}/ejabberdctl.template" \ |
| 127 |
+ || die 'failed to set ejabberd path in ejabberdctl.template' |
| 128 |
+} |
| 129 |
+ |
| 130 |
+# Get epam-wrapper from 'files' directory and correct path to lib directory in |
| 131 |
+# it. epam-wrapper is placed into work directory. It is assumed no epam-wrapper |
| 132 |
+# file exists there already. |
| 133 |
+customize_epam_wrapper() { |
| 134 |
+ local epam_wrapper_src="${1}" |
| 135 |
+ local epam_wrapper_dst="${S}/epam-wrapper" |
| 136 |
+ |
| 137 |
+ [[ -e ${epam_wrapper_dst} ]] && die 'epam-wrapper already exists' |
| 138 |
+ sed -r -e "s@^(ERL_LIBS=).*\$@\1${EPREFIX}$(get_erl_libs)@" \ |
| 139 |
+ "${epam_wrapper_src}" >"${epam_wrapper_dst}" \ |
| 140 |
+ || die 'failed to install epam-wrapper' |
| 141 |
+} |
| 142 |
+ |
| 143 |
+# Get path to ejabberd lib directory. |
| 144 |
+# |
| 145 |
+# This is the path ./configure script Base for this path is path set in |
| 146 |
+# ./configure script which is /usr/lib by default. If libdir is explicitely set |
| 147 |
+# to something else than this should be adjusted here as well. |
| 148 |
+get_ejabberd_path() { |
| 149 |
+ echo "/usr/$(get_libdir)/${P}" |
| 150 |
+} |
| 151 |
+ |
| 152 |
+# Make ejabberd.service for systemd from upstream provided template. |
| 153 |
+make_ejabberd_service() { |
| 154 |
+ sed -r \ |
| 155 |
+ -e 's!@ctlscriptpath@!/usr/sbin!g' \ |
| 156 |
+ -e 's!^(After)=(.*)!\1=epmd.service network.target!' \ |
| 157 |
+ -e '/^After=/ a Requires=epmd.service' \ |
| 158 |
+ "${PN}.service.template" >"${PN}.service" \ |
| 159 |
+ || die 'failed to make ejabberd.service' |
| 160 |
+} |
| 161 |
+ |
| 162 |
+src_prepare() { |
| 163 |
+ default |
| 164 |
+ |
| 165 |
+ rebar_remove_deps |
| 166 |
+ correct_ejabberd_paths |
| 167 |
+ make_ejabberd_service |
| 168 |
+ customize_epam_wrapper "${FILESDIR}/epam-wrapper" |
| 169 |
+ |
| 170 |
+ rebar_fix_include_path fast_xml |
| 171 |
+ rebar_fix_include_path p1_utils |
| 172 |
+ rebar_fix_include_path xmpp |
| 173 |
+ |
| 174 |
+ # Fix bug #591862. ERL_LIBS should point directly to ejabberd directory |
| 175 |
+ # rather than its parent which is default. That way ejabberd directory |
| 176 |
+ # takes precedence is module lookup. |
| 177 |
+ local ejabberd_erl_libs="$(get_ejabberd_path):$(get_erl_libs)" |
| 178 |
+ sed -e "s|\(ERL_LIBS=\){{libdir}}.*|\1${ejabberd_erl_libs}|" \ |
| 179 |
+ -i "${S}/ejabberdctl.template" \ |
| 180 |
+ || die 'failed to set ERL_LIBS in ejabberdctl.template' |
| 181 |
+} |
| 182 |
+ |
| 183 |
+src_configure() { |
| 184 |
+ econf \ |
| 185 |
+ --docdir="${EPREFIX}/usr/share/doc/${PF}/html" \ |
| 186 |
+ --localstatedir="${EPREFIX}/var" \ |
| 187 |
+ --enable-user=${PN} \ |
| 188 |
+ $(use_enable debug) \ |
| 189 |
+ $(use_enable full-xml) \ |
| 190 |
+ $(use_enable mssql) \ |
| 191 |
+ $(use_enable mysql) \ |
| 192 |
+ $(use_enable odbc) \ |
| 193 |
+ $(use_enable pam) \ |
| 194 |
+ $(use_enable postgres pgsql) \ |
| 195 |
+ $(use_enable redis) \ |
| 196 |
+ $(use_enable roster-gw roster-gateway-workaround) \ |
| 197 |
+ $(use_enable sqlite) \ |
| 198 |
+ $(use_enable sip) \ |
| 199 |
+ $(use_enable stun) \ |
| 200 |
+ $(use_enable zlib) |
| 201 |
+ |
| 202 |
+ # more options to support |
| 203 |
+ # --enable-elixir requires https://github.com/elixir-lang/elixir |
| 204 |
+} |
| 205 |
+ |
| 206 |
+src_compile() { |
| 207 |
+ emake REBAR='rebar -v' src |
| 208 |
+} |
| 209 |
+ |
| 210 |
+src_install() { |
| 211 |
+ default |
| 212 |
+ |
| 213 |
+ if use pam; then |
| 214 |
+ local epam_path="$(get_ejabberd_path)/priv/bin/epam" |
| 215 |
+ |
| 216 |
+ pamd_mimic_system xmpp auth account |
| 217 |
+ into "$(get_ejabberd_path)/priv" |
| 218 |
+ newbin epam-wrapper epam |
| 219 |
+ fi |
| 220 |
+ |
| 221 |
+ newconfd "${FILESDIR}/${PN}.confd" "${PN}" |
| 222 |
+ newinitd "${FILESDIR}/${PN}.initd" "${PN}" |
| 223 |
+ systemd_dounit "${PN}.service" |
| 224 |
+ |
| 225 |
+ insinto /etc/logrotate.d |
| 226 |
+ newins "${FILESDIR}/${PN}.logrotate" "${PN}" |
| 227 |
+ |
| 228 |
+ # /var/lock/ejabberdctl is unused, see |
| 229 |
+ # https://github.com/processone/ejabberd/pull/3724 |
| 230 |
+ rmdir "${ED}/var/lock/ejabberdctl" || die |
| 231 |
+ rmdir "${ED}/var/lock" || die |
| 232 |
+ |
| 233 |
+ keepdir /var/{lib,log}/ejabberd |
| 234 |
+} |
| 235 |
+ |
| 236 |
+pkg_preinst() { |
| 237 |
+ if use pam; then |
| 238 |
+ einfo "Adding ejabberd user to epam group to allow ejabberd to use PAM" \ |
| 239 |
+ "authentication" |
| 240 |
+ # See |
| 241 |
+ # <https://docs.ejabberd.im/admin/configuration/#pam-authentication>. |
| 242 |
+ # epam binary is installed by dev-erlang/epam package, therefore SUID |
| 243 |
+ # is set by that package. Instead of jabber group it uses epam group, |
| 244 |
+ # therefore we need to add jabber user to epam group. |
| 245 |
+ usermod -a -G epam ejabberd || die |
| 246 |
+ fi |
| 247 |
+} |
| 248 |
+ |
| 249 |
+pkg_postinst() { |
| 250 |
+ local migrate_to_etc_ejabberd=false |
| 251 |
+ |
| 252 |
+ if [[ ! ${REPLACING_VERSIONS} ]]; then |
| 253 |
+ echo |
| 254 |
+ elog "For configuration instructions, please see" |
| 255 |
+ elog " https://docs.ejabberd.im/" |
| 256 |
+ echo |
| 257 |
+ else |
| 258 |
+ for v in ${REPLACING_VERSIONS}; do |
| 259 |
+ if ver_test "${v}" -lt 21.04-r1; then |
| 260 |
+ migrate_to_etc_ejabberd=true |
| 261 |
+ break |
| 262 |
+ fi |
| 263 |
+ done |
| 264 |
+ fi |
| 265 |
+ |
| 266 |
+ # Sarting with >=21.04-r1, the ejabberd configuration is now in |
| 267 |
+ # /etc/ejabberd and no longer in /etc/jabber. See if we need to |
| 268 |
+ # migrate the configuration. Furthermore, ejabberd no longer runs |
| 269 |
+ # under the, shared via net-im/jabber-base, 'jabber' use, but under |
| 270 |
+ # its own user. This increase isolation and hence robustness and |
| 271 |
+ # security. |
| 272 |
+ if $migrate_to_etc_ejabberd; then |
| 273 |
+ cp -r "${EROOT}"/etc/jabber/. "${EROOT}"/etc/ejabberd || die |
| 274 |
+ if [[ -f "${EROOT}"/etc/ejabberd/.keep_net-im_jabber-base-0 ]]; then |
| 275 |
+ rm "${EROOT}"/etc/ejabberd/.keep_net-im_jabber-base-0 || die |
| 276 |
+ fi |
| 277 |
+ if ! use prefix; then |
| 278 |
+ chown --recursive ejabberd:ejabberd "${EROOT}"/etc/ejabberd || die |
| 279 |
+ fi |
| 280 |
+ elog "Newer versions of the ejabberd Gentoo package use /etc/ejabberd" |
| 281 |
+ elog "(just as upstream) and *not* /etc/ejabber." |
| 282 |
+ elog "The files from /etc/jabber where copied to /etc/ejabberd." |
| 283 |
+ elog "Please check your configuration and delete the file in /etc/jabber." |
| 284 |
+ fi |
| 285 |
+} |
Archives