1 |
commit: f62a4daaab97707076a0bd714d6fb2b6ee25e052 |
2 |
Author: Amadeusz Żołnowski <aidecoe <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat May 27 20:31:30 2017 +0000 |
4 |
Commit: Amadeusz Piotr Żołnowski <aidecoe <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat May 27 20:55:01 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f62a4daa |
7 |
|
8 |
net-im/ejabberd: Fix PAM authentication |
9 |
|
10 |
Rely on dev-erlang/epam setting SUID for epam binary instead of setting |
11 |
SUID for wrapper bash script which doesn't actually work. |
12 |
|
13 |
Gentoo-Bug: 612608 |
14 |
Package-Manager: Portage-2.3.5, Repoman-2.3.2 |
15 |
|
16 |
net-im/ejabberd/ejabberd-17.01-r1.ebuild | 302 +++++++++++++++++++++++++++++++ |
17 |
1 file changed, 302 insertions(+) |
18 |
|
19 |
diff --git a/net-im/ejabberd/ejabberd-17.01-r1.ebuild b/net-im/ejabberd/ejabberd-17.01-r1.ebuild |
20 |
new file mode 100644 |
21 |
index 00000000000..6ee9e157db6 |
22 |
--- /dev/null |
23 |
+++ b/net-im/ejabberd/ejabberd-17.01-r1.ebuild |
24 |
@@ -0,0 +1,302 @@ |
25 |
+# Copyright 1999-2017 Gentoo Foundation |
26 |
+# Distributed under the terms of the GNU General Public License v2 |
27 |
+ |
28 |
+EAPI=6 |
29 |
+ |
30 |
+SSL_CERT_MANDATORY=1 |
31 |
+ |
32 |
+inherit eutils pam rebar ssl-cert systemd |
33 |
+ |
34 |
+DESCRIPTION="Robust, scalable and extensible XMPP server" |
35 |
+HOMEPAGE="http://www.ejabberd.im/ https://github.com/processone/ejabberd/" |
36 |
+SRC_URI="http://www.process-one.net/downloads/${PN}/${PV}/${P}.tgz |
37 |
+ -> ${P}.tar.gz" |
38 |
+ |
39 |
+LICENSE="GPL-2" |
40 |
+SLOT="0" |
41 |
+KEYWORDS="~amd64 ~arm ~ia64 ~ppc ~sparc ~x86" |
42 |
+REQUIRED_USE="mssql? ( odbc )" |
43 |
+# TODO: Add 'tools' flag. |
44 |
+IUSE="captcha debug full-xml hipe ldap mssql mysql nls odbc pam postgres redis |
45 |
+ riak roster-gw sqlite zlib" |
46 |
+ |
47 |
+RESTRICT="test" |
48 |
+ |
49 |
+# TODO: Add dependencies for 'tools' flag enabled. |
50 |
+# TODO: tools? ( |
51 |
+# TODO: >=dev-erlang/meck-0.8.4 |
52 |
+# TODO: >=dev-erlang/moka-1.0.5b |
53 |
+# TODO: ) |
54 |
+CDEPEND=" |
55 |
+ >=dev-erlang/cache_tab-1.0.6 |
56 |
+ >=dev-erlang/esip-1.0.10 |
57 |
+ >=dev-erlang/fast_tls-1.0.10 |
58 |
+ >=dev-erlang/fast_xml-1.1.19 |
59 |
+ >=dev-erlang/fast_yaml-1.0.8 |
60 |
+ >=dev-erlang/jiffy-0.14.8 |
61 |
+ >=dev-erlang/lager-3.2.1 |
62 |
+ >=dev-erlang/luerl-0.2 |
63 |
+ >=dev-erlang/p1_oauth2-0.6.1 |
64 |
+ >=dev-erlang/p1_utils-1.0.6 |
65 |
+ >=dev-erlang/stringprep-1.0.7 |
66 |
+ >=dev-erlang/stun-1.0.9 |
67 |
+ >=dev-erlang/xmpp-1.1.6 |
68 |
+ >=dev-lang/erlang-17.1[hipe?,odbc?,ssl] |
69 |
+ >=net-im/jabber-base-0.01 |
70 |
+ ldap? ( =net-nds/openldap-2* ) |
71 |
+ mysql? ( >=dev-erlang/p1_mysql-1.0.2 ) |
72 |
+ nls? ( >=dev-erlang/iconv-1.0.3 ) |
73 |
+ odbc? ( dev-db/unixODBC ) |
74 |
+ pam? ( >=dev-erlang/epam-1.0.0-r1 |
75 |
+ <dev-erlang/epam-1.0.1 ) |
76 |
+ postgres? ( >=dev-erlang/p1_pgsql-1.1.2 ) |
77 |
+ redis? ( >=dev-erlang/eredis-1.0.8 ) |
78 |
+ riak? ( |
79 |
+ >=dev-erlang/hamcrest-0.1.0_p20150103 |
80 |
+ >=dev-erlang/riakc-2.4.1 |
81 |
+ ) |
82 |
+ sqlite? ( >=dev-erlang/sqlite3-1.1.5 ) |
83 |
+ zlib? ( >=dev-erlang/ezlib-1.0.2 )" |
84 |
+DEPEND="${CDEPEND} |
85 |
+ >=sys-apps/gawk-4.1" |
86 |
+RDEPEND="${CDEPEND} |
87 |
+ captcha? ( media-gfx/imagemagick[truetype,png] )" |
88 |
+ |
89 |
+DOCS=( README ) |
90 |
+PATCHES=( "${FILESDIR}/${P}-ejabberdctl.patch" ) |
91 |
+ |
92 |
+EJABBERD_CERT="${EPREFIX}/etc/ssl/ejabberd/server.pem" |
93 |
+# Paths in net-im/jabber-base |
94 |
+JABBER_ETC="${EPREFIX}/etc/jabber" |
95 |
+JABBER_LOG="${EPREFIX}/var/log/jabber" |
96 |
+JABBER_SPOOL="${EPREFIX}/var/spool/jabber" |
97 |
+ |
98 |
+# Adjust example configuration file to Gentoo. |
99 |
+# - Use our sample certificates. |
100 |
+# - Correct PAM service name. |
101 |
+adjust_config() { |
102 |
+ sed -e "s|\"/path/to/ssl.pem\"|\"${EJABBERD_CERT}\"|g" \ |
103 |
+ -e "s|\"pamservicename\"|\"xmpp\"|" \ |
104 |
+ -i "${S}/ejabberd.yml.example" \ |
105 |
+ || die 'failed to adjust example config' |
106 |
+} |
107 |
+ |
108 |
+# Set paths to ejabberd lib directory consistently to point always to directory |
109 |
+# suffixed with version. |
110 |
+correct_ejabberd_paths() { |
111 |
+ sed -e "/^EJABBERDDIR[[:space:]]*=/{s:ejabberd:${P}:}" \ |
112 |
+ -i "${S}/Makefile.in" \ |
113 |
+ || die 'failed to set ejabberd path in Makefile.in' |
114 |
+ sed -e "/EJABBERD_BIN_PATH=/{s:ejabberd:${P}:}" \ |
115 |
+ -i "${S}/ejabberdctl.template" \ |
116 |
+ || die 'failed to set ejabberd path in ejabberdctl.template' |
117 |
+ sed -e 's|\(captcha_cmd:[[:space:]]*"\).\+"|\1'$(get_ejabberd_path)'/priv/bin/captcha.sh"|' \ |
118 |
+ -i "${S}/ejabberd.yml.example" \ |
119 |
+ || die 'failed to correct path to captcha.sh in example config' |
120 |
+} |
121 |
+ |
122 |
+# Get epam-wrapper from 'files' directory and correct path to lib directory in |
123 |
+# it. epam-wrapper is placed into work directory. It is assumed no epam-wrapper |
124 |
+# file exists there already. |
125 |
+customize_epam_wrapper() { |
126 |
+ local epam_wrapper_src="$1" |
127 |
+ local epam_wrapper_dst="${S}/epam-wrapper" |
128 |
+ |
129 |
+ [[ -e ${epam_wrapper_dst} ]] && die 'epam-wrapper already exists' |
130 |
+ sed -r -e "s@^(ERL_LIBS=).*\$@\1${EPREFIX}$(get_erl_libs)@" \ |
131 |
+ "${epam_wrapper_src}" >"${epam_wrapper_dst}" \ |
132 |
+ || die 'failed to install epam-wrapper' |
133 |
+} |
134 |
+ |
135 |
+# Check if there already exists a certificate. |
136 |
+ejabberd_cert_exists() { |
137 |
+ local cert |
138 |
+ |
139 |
+ for cert in $(gawk -- \ |
140 |
+ 'match($0, /^[[:space:]]*certfile: "([^"]+)"/, m) {print m[1];}' \ |
141 |
+ "${EROOT%/}${JABBER_ETC}/ejabberd.yml"); do |
142 |
+ [[ -f ${cert} ]] && return 0 |
143 |
+ done |
144 |
+ |
145 |
+ return 1 |
146 |
+} |
147 |
+ |
148 |
+# Generate and install sample ejabberd certificate. It's installed into |
149 |
+# EJABBERD_CERT path. |
150 |
+ejabberd_cert_install() { |
151 |
+ SSL_ORGANIZATION="${SSL_ORGANIZATION:-ejabberd XMPP Server}" |
152 |
+ install_cert "${EJABBERD_CERT%.*}" |
153 |
+ chown root:jabber "${EROOT%/}${EJABBERD_CERT}" || die |
154 |
+ chmod 0440 "${EROOT%/}${EJABBERD_CERT}" || die |
155 |
+} |
156 |
+ |
157 |
+# Get path to ejabberd lib directory. |
158 |
+# |
159 |
+# This is the path ./configure script Base for this path is path set in |
160 |
+# ./configure script which is /usr/lib by default. If libdir is explicitely set |
161 |
+# to something else than this should be adjusted here as well. |
162 |
+get_ejabberd_path() { |
163 |
+ echo "/usr/$(get_libdir)/${P}" |
164 |
+} |
165 |
+ |
166 |
+# Make ejabberd.service for systemd from upstream provided template. |
167 |
+make_ejabberd_service() { |
168 |
+ sed -r \ |
169 |
+ -e 's!@ctlscriptpath@!/usr/sbin!' \ |
170 |
+ -e 's!(User|Group)=(.*)!\1=jabber!' \ |
171 |
+ "${PN}.service.template" >"${PN}.service" \ |
172 |
+ || die 'failed to make ejabberd.service' |
173 |
+} |
174 |
+ |
175 |
+# Set paths to defined by net-im/jabber-base. |
176 |
+set_jabberbase_paths() { |
177 |
+ sed -e "/^ETCDIR[[:space:]]*=/{s:@sysconfdir@/ejabberd:${JABBER_ETC}:}" \ |
178 |
+ -e "/^LOGDIR[[:space:]]*=/{s:@localstatedir@/log/ejabberd:${JABBER_LOG}:}" \ |
179 |
+ -e "/^SPOOLDIR[[:space:]]*=/{s:@localstatedir@/lib/ejabberd:${JABBER_SPOOL}:}" \ |
180 |
+ -i "${S}/Makefile.in" \ |
181 |
+ || die 'failed to set paths in Makefile.in' |
182 |
+ sed -e "s|\(ETC_DIR=\){{sysconfdir}}.*|\1${JABBER_ETC}|" \ |
183 |
+ -e "s|\(LOGS_DIR=\){{localstatedir}}.*|\1${JABBER_LOG}|" \ |
184 |
+ -e "s|\(SPOOL_DIR=\){{localstatedir}}.*|\1${JABBER_SPOOL}|" \ |
185 |
+ -i "${S}/ejabberdctl.template" \ |
186 |
+ || die 'failed to set paths ejabberdctl.template' |
187 |
+} |
188 |
+ |
189 |
+# Skip installing docs because it's only COPYING that's installed by Makefile. |
190 |
+skip_docs() { |
191 |
+ gawk -i inplace ' |
192 |
+/# Documentation/, /^[[:space:]]*#?[[:space:]]*$/ { |
193 |
+ if ($0 ~ /^[[:space:]]*#?[[:space:]]*$/) { |
194 |
+ print $0; |
195 |
+ } else { |
196 |
+ next; |
197 |
+ } |
198 |
+} |
199 |
+1 |
200 |
+' "${S}/Makefile.in" || die 'failed to remove docs section from Makefile.in' |
201 |
+} |
202 |
+ |
203 |
+pkg_setup() { |
204 |
+ if use pam; then |
205 |
+ einfo "Adding jabber user to epam group to allow ejabberd to use PAM" \ |
206 |
+ "authentication" |
207 |
+ # See |
208 |
+ # <https://docs.ejabberd.im/admin/configuration/#pam-authentication>. |
209 |
+ # epam binary is installed by dev-erlang/epam package, therefore SUID |
210 |
+ # is set by that package. Instead of jabber group it uses epam group, |
211 |
+ # therefore we need to add jabber user to epam group. |
212 |
+ usermod -a -G epam jabber || die |
213 |
+ fi |
214 |
+} |
215 |
+ |
216 |
+src_prepare() { |
217 |
+ default |
218 |
+ |
219 |
+ rebar_remove_deps |
220 |
+ correct_ejabberd_paths |
221 |
+ set_jabberbase_paths |
222 |
+ make_ejabberd_service |
223 |
+ skip_docs |
224 |
+ adjust_config |
225 |
+ customize_epam_wrapper "${FILESDIR}/epam-wrapper" |
226 |
+ |
227 |
+ rebar_fix_include_path fast_xml |
228 |
+ rebar_fix_include_path xmpp |
229 |
+ |
230 |
+ # Fix bug #591862. ERL_LIBS should point directly to ejabberd directory |
231 |
+ # rather than its parent which is default. That way ejabberd directory |
232 |
+ # takes precedence is module lookup. |
233 |
+ local ejabberd_erl_libs="$(get_ejabberd_path):$(get_erl_libs)" |
234 |
+ sed -e "s|\(ERL_LIBS=\){{libdir}}.*|\1${ejabberd_erl_libs}|" \ |
235 |
+ -i "${S}/ejabberdctl.template" \ |
236 |
+ || die 'failed to set ERL_LIBS in ejabberdctl.template' |
237 |
+} |
238 |
+ |
239 |
+src_configure() { |
240 |
+ econf \ |
241 |
+ --docdir="${EPREFIX}/usr/share/doc/${PF}/html" \ |
242 |
+ --enable-user=jabber \ |
243 |
+ $(use_enable debug) \ |
244 |
+ $(use_enable full-xml) \ |
245 |
+ $(use_enable hipe) \ |
246 |
+ $(use_enable mssql) \ |
247 |
+ $(use_enable mysql) \ |
248 |
+ $(use_enable nls iconv) \ |
249 |
+ $(use_enable odbc) \ |
250 |
+ $(use_enable pam) \ |
251 |
+ $(use_enable postgres pgsql) \ |
252 |
+ $(use_enable redis) \ |
253 |
+ $(use_enable riak) \ |
254 |
+ $(use_enable roster-gw roster-gateway-workaround) \ |
255 |
+ $(use_enable sqlite) \ |
256 |
+ $(use_enable zlib) |
257 |
+} |
258 |
+ |
259 |
+src_compile() { |
260 |
+ emake REBAR='rebar -v' src |
261 |
+} |
262 |
+ |
263 |
+src_install() { |
264 |
+ default |
265 |
+ |
266 |
+ if use pam; then |
267 |
+ local epam_path="$(get_ejabberd_path)/priv/bin/epam" |
268 |
+ |
269 |
+ pamd_mimic_system xmpp auth account || die "cannot create pam.d file" |
270 |
+ into "$(get_ejabberd_path)/priv" |
271 |
+ newbin epam-wrapper epam |
272 |
+ fi |
273 |
+ |
274 |
+ newconfd "${FILESDIR}/${PN}.confd" "${PN}" |
275 |
+ newinitd "${FILESDIR}/${PN}.initd" "${PN}" |
276 |
+ systemd_dounit "${PN}.service" |
277 |
+ systemd_dotmpfilesd "${FILESDIR}/${PN}.tmpfiles.conf" |
278 |
+ |
279 |
+ insinto /etc/logrotate.d |
280 |
+ newins "${FILESDIR}/${PN}.logrotate" "${PN}" |
281 |
+} |
282 |
+ |
283 |
+pkg_postinst() { |
284 |
+ if [[ ! ${REPLACING_VERSIONS} ]]; then |
285 |
+ echo |
286 |
+ elog "For configuration instructions, please see" |
287 |
+ elog " http://www.process-one.net/en/ejabberd/docs/" |
288 |
+ echo |
289 |
+ if [[ " ${REPLACING_VERSIONS} " =~ \ 2\. ]]; then |
290 |
+ ewarn "If you have used pubsub in ejabberd-2.* you may encounter issues after" |
291 |
+ ewarn "migration to ${PV}. pubsub data may not be migrated automatically and" |
292 |
+ ewarn "you may need to run migration script manually, see:" |
293 |
+ ewarn |
294 |
+ ewarn " https://github.com/processone/ejabberd/issues/479#issuecomment-124497456" |
295 |
+ ewarn |
296 |
+ ewarn "In case you don't care about all stored moods, activities, geoinfo and you" |
297 |
+ ewarn "know you don't store in pubsub anything important, you can just remove" |
298 |
+ ewarn "pubsub tables:" |
299 |
+ ewarn |
300 |
+ ewarn " rm ${EROOT%/}${JABBER_SPOOL}/pubsub_*" |
301 |
+ ewarn |
302 |
+ ewarn "See also: https://bugs.gentoo.org/show_bug.cgi?id=588244" |
303 |
+ echo |
304 |
+ fi |
305 |
+ elif [[ -f ${EROOT}etc/jabber/ejabberd.cfg ]]; then |
306 |
+ elog "Ejabberd now defaults to using a YAML format for its config file." |
307 |
+ elog "The old ejabberd.cfg file can be converted using the following instructions:" |
308 |
+ echo |
309 |
+ elog "1. Make sure all processes related to the previous version of ejabberd aren't" |
310 |
+ elog " running. Usually this just means the ejabberd and epmd daemons and possibly" |
311 |
+ elog " the pam-related process (epam) if pam support is enabled." |
312 |
+ elog "2. Run \`ejabberdctl start\` with sufficient permissions. Note that this can" |
313 |
+ elog " fail to start ejabberd properly for various reasons. Check ejabberd's main" |
314 |
+ elog " log file at /var/log/jabber/ejabberd.log to confirm it started successfully." |
315 |
+ elog "3. Run" |
316 |
+ elog " \`ejabberdctl convert_to_yaml /etc/jabber/ejabberd.cfg /etc/jabber/ejabberd.yml.new\`" |
317 |
+ elog " with sufficient permissions, edit and rename /etc/jabber/ejabberd.yml.new to" |
318 |
+ elog " /etc/jabber/ejabberd.yml, and finally restart ejabberd with the new config" |
319 |
+ elog " file." |
320 |
+ echo |
321 |
+ fi |
322 |
+ |
323 |
+ if ! ejabberd_cert_exists; then |
324 |
+ ejabberd_cert_install |
325 |
+ fi |
326 |
+} |