diff options
| author |   Michael Orlitzky <mjo@gentoo.org> | 2017-10-31 23:05:53 -0400 |
|---|---|---|
| committer | Michael Orlitzky <mjo@gentoo.org> | 2017-11-01 14:54:56 -0400 |
| commit | 2d55bc8f1afb8dc8f712ba139a860c828f52eb17 (patch) | |
| tree | 47afed08e1239f08df9b6abe5cba8607802aaf99 /mail-filter | |
| parent | mail-filter/spamassassin: new revision to fix the build with openssl-1.1. (diff) | |
| download | gentoo-2d55bc8f1afb8dc8f712ba139a860c828f52eb17.tar.gz gentoo-2d55bc8f1afb8dc8f712ba139a860c828f52eb17.tar.bz2 gentoo-2d55bc8f1afb8dc8f712ba139a860c828f52eb17.zip | |
mail-filter/spamassassin: new revision that lets spamd run as root (openrc).
The r13 revision of spamassassin came with a new init script (and
systemd service file) that runs spamd as the "spamd" user by default,
and that choice is not configurable. There is however a legitimate use
case for running spamd as root; namely, when local users have their
configurations or bayes databases stored in their home directories on
the local filesystem.
This new revision adds back the ability to run spamd as root, through
the SPAMD_RUN_AS_ROOT variable in the OpenRC service configuration
file. This should suffice for the users who have reported problems so
far, and a similar fix for the systemd service is on its way.
The pkg_postinst phase of the ebuild alerts users to the new
configuration variable.
Bug: https://bugs.gentoo.org/635790
Package-Manager: Portage-2.3.8, Repoman-2.3.3
Diffstat (limited to 'mail-filter')
| -rw-r--r-- | mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 | 30 | ||||
| -rw-r--r-- | mail-filter/spamassassin/files/3.4.1-spamd.init-r2 | 38 | ||||
| -rw-r--r-- | mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild (renamed from mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild) | 9 |
3 files changed, 75 insertions, 2 deletions
diff --git a/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 b/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 new file mode 100644 index 000000000000..b7b46f3226a7 --- /dev/null +++ b/mail-filter/spamassassin/files/3.4.1-spamd.conf-r1 @@ -0,0 +1,30 @@ +# ***WARNING*** +# +# The spamd daemon must not run on an untrusted network. +# +# ***WARNING*** + +# Additional options to pass to the spamd daemon. The spamd(1) man +# page explains the available options. If you choose to listen on a +# non-default interface, you will need to use OpenRC's "rc_need" +# mechanism to ensure that your interface comes up before spamd +# starts. The openrc-run(8) man page describes rc_need. +SPAMD_OPTS="--max-children=5 --create-prefs --helper-home-dir" + +# Sets the 'nice' level of the spamd process. +SPAMD_NICELEVEL=0 + +# How long (in seconds) should we wait for spamd to stop after we've +# asked it to? After this amount of time, if spamd is still running, +# we will assume that it has failed to stop. +SPAMD_TIMEOUT=15 + +# Do you want to run spamd as root? If you have local users storing their +# personal configurations (or bayes databases) in ~/.spamassassin, then you +# may want to run spamd as root so that it can setuid to each user while +# processing his spam. (That way, you don't have to grant the "spamd" user +# individual permissions to everyone's ~/.spamassassin directory.) +# +# On the other hand, if you don't store any per-user configuration on +# the filesystem, then you should leave this alone. +SPAMD_RUN_AS_ROOT=false diff --git a/mail-filter/spamassassin/files/3.4.1-spamd.init-r2 b/mail-filter/spamassassin/files/3.4.1-spamd.init-r2 new file mode 100644 index 000000000000..c704782f3a4e --- /dev/null +++ b/mail-filter/spamassassin/files/3.4.1-spamd.init-r2 @@ -0,0 +1,38 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command="/usr/sbin/spamd" +pidfile="/run/spamd.pid" +command_args="--pidfile=${pidfile} ${SPAMD_OPTS}" +command_args_background="--daemonize" + +if ! [ "${SPAMD_RUN_AS_ROOT}" = "true" ]; then + # Passing --username=root to spamd kills it, so if SPAMD_RUN_AS_ROOT + # is true, then we want to pass no user/group command args at all. + # Any value other than "true" gets the default user/group of "spamd". + command_args="${command_args} --username=spamd --groupname=spamd" +fi + +: ${SPAMD_NICELEVEL:=0} +start_stop_daemon_args="--nicelevel ${SPAMD_NICELEVEL}" + +# Retry after SPAMD_TIMEOUT seconds because spamd can take a +# while to kill off all of its children. This was bug 322025. +: ${SPAMD_TIMEOUT:=15} +retry="${SPAMD_TIMEOUT}" + +extra_started_commands="reload" + +depend() { + before mta + use logger mysql postgres +} + +reload() { + ebegin "Reloading configuration" + # Warning: reload causes the PID of the spamd process to + # change, but spamd does update its PID file afterwards. + start-stop-daemon --signal HUP --pidfile "${pidfile}" + eend $? +} diff --git a/mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild b/mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild index ba4029508113..49b14da50159 100644 --- a/mail-filter/spamassassin/spamassassin-3.4.1-r17.ebuild +++ b/mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild @@ -156,8 +156,8 @@ src_install () { || die "failed to disable plugins by default" # Add the init and config scripts. - newinitd "${FILESDIR}/3.4.1-spamd.init-r1" spamd - newconfd "${FILESDIR}/3.4.1-spamd.conf" spamd + newinitd "${FILESDIR}/3.4.1-spamd.init-r2" spamd + newconfd "${FILESDIR}/3.4.1-spamd.conf-r1" spamd systemd_newunit "${FILESDIR}/${PN}.service-r3" "${PN}.service" systemd_install_serviced "${FILESDIR}/${PN}.service.conf-r1" \ @@ -241,4 +241,9 @@ pkg_postinst() { elog elog ' https://wiki.gentoo.org/wiki/SpamAssassin' elog + + ewarn 'If this version of SpamAssassin causes permissions issues' + ewarn 'with your user configurations or bayes databases, you may' + ewarn 'need to set SPAMD_RUN_AS_ROOT=true in your OpenRC service' + ewarn 'configuration file.' } |