unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#56756] [PATCH] gnu: services: Add optional fix for opensmtpd executables group
@ 2022-07-25  9:02 Maya via Guix-patches via
  2022-08-01  9:51 ` bug#56756: " Ludovic Courtès
  0 siblings, 1 reply; 2+ messages in thread
From: Maya via Guix-patches via @ 2022-07-25  9:02 UTC (permalink / raw)
  To: 56756

This is a patch that fixes "<executable name>: this program must be setgid smtpq". As this cannot be done in the store during build, but the upstream opensmtpd requires to set the group of those executables.

---
 gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 65 insertions(+), 2 deletions(-)

diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 10e6523861..803cdd77f2 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -30,6 +30,7 @@ (define-module (gnu services mail)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system pam)
   #:use-module (gnu system shadow)
+  #:use-module (gnu system setuid)
   #:use-module (gnu packages mail)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages dav)
@@ -1653,7 +1654,30 @@ (define-record-type* <opensmtpd-configuration>
   (package     opensmtpd-configuration-package
                (default opensmtpd))
   (config-file opensmtpd-configuration-config-file
-               (default %default-opensmtpd-config-file)))
+               (default %default-opensmtpd-config-file))
+  (set-gids? opensmtpd-set-gids? (default #t)
+             "Set group of:
+@itemize
+@item
+@command{smtpctl}
+
+@item
+@command{sendmail}
+
+@item
+@command{send-mail}
+
+@item
+@command{makemap}
+
+@item
+@command{mailq}
+
+@item
+@command{newaliases}
+@end itemize
+
+to @code{smtpq}, to allow them to be executed."))

 (define %default-opensmtpd-config-file
   (plain-file "smtpd.conf" "
@@ -1714,6 +1738,43 @@ (define opensmtpd-activation
 (define %opensmtpd-pam-services
   (list (unix-pam-service "smtpd")))

+(define opensmtpd-set-gids
+  (match-lambda
+    (($ <opensmtpd-configuration> package config-file set-gids?)
+     (if set-gids?
+         (list
+          (setuid-program
+           (program (file-append package "/sbin/smtpctl"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/sendmail"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/send-mail"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/makemap"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/mailq"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/newaliases"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq")))
+         '()))))
+
 (define opensmtpd-service-type
   (service-type
    (name 'opensmtpd)
@@ -1727,7 +1788,9 @@ (define opensmtpd-service-type
           (service-extension profile-service-type
                              (compose list opensmtpd-configuration-package))
           (service-extension shepherd-root-service-type
-                             opensmtpd-shepherd-service)))
+                             opensmtpd-shepherd-service)
+          (service-extension setuid-program-service-type
+                             opensmtpd-set-gids)))
    (description "Run the OpenSMTPD, a lightweight @acronym{SMTP, Simple Mail
 Transfer Protocol} server.")))

--
2.37.0




^ permalink raw reply related	[flat|nested] 2+ messages in thread
* bug#56756: [PATCH] gnu: services: Add optional fix for opensmtpd executables group
  2022-07-25  9:02 [bug#56756] [PATCH] gnu: services: Add optional fix for opensmtpd executables group Maya via Guix-patches via
@ 2022-08-01  9:51 ` Ludovic Courtès
  0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2022-08-01  9:51 UTC (permalink / raw)
  To: Maya; +Cc: 56756-done

Hi Maya,

Maya <maya.omase@protonmail.com> skribis:

> This is a patch that fixes "<executable name>: this program must be setgid smtpq". As this cannot be done in the store during build, but the upstream opensmtpd requires to set the group of those executables.
>
> ---
>  gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 65 insertions(+), 2 deletions(-)

That sounds like a welcome improvement.

I applied the patch with a few changes:

  • Changed the option name from ‘set-gids?’ to ‘setgid-commands?’,
    which I think is slightly clearer.

  • Tweaked and moved its documentation to ‘doc/guix.texi’.

  • Adjusted the commit log as per our conventions (see
    <https://guix.gnu.org/manual/devel/en/html_node/Submitting-Patches.html>).

Thank you!

Ludo’.




^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-08-01  9:53 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-25  9:02 [bug#56756] [PATCH] gnu: services: Add optional fix for opensmtpd executables group Maya via Guix-patches via
2022-08-01  9:51 ` bug#56756: " Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).