GNU bug report logs -
#56756
[PATCH] gnu: services: Add optional fix for opensmtpd executables group
Previous Next
Reported by: Maya <maya.omase <at> protonmail.com>
Date: Mon, 25 Jul 2022 09:03:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 56756 in the body.
You can then email your comments to 56756 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#56756; Package
guix-patches.
(Mon, 25 Jul 2022 09:03:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Maya <maya.omase <at> protonmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 25 Jul 2022 09:03:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This is a patch that fixes "<executable name>: this program must be setgid smtpq". As this cannot be done in the store during build, but the upstream opensmtpd requires to set the group of those executables.
---
gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
1 file changed, 65 insertions(+), 2 deletions(-)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 10e6523861..803cdd77f2 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -30,6 +30,7 @@ (define-module (gnu services mail)
#:use-module (gnu services shepherd)
#:use-module (gnu system pam)
#:use-module (gnu system shadow)
+ #:use-module (gnu system setuid)
#:use-module (gnu packages mail)
#:use-module (gnu packages admin)
#:use-module (gnu packages dav)
@@ -1653,7 +1654,30 @@ (define-record-type* <opensmtpd-configuration>
(package opensmtpd-configuration-package
(default opensmtpd))
(config-file opensmtpd-configuration-config-file
- (default %default-opensmtpd-config-file)))
+ (default %default-opensmtpd-config-file))
+ (set-gids? opensmtpd-set-gids? (default #t)
+ "Set group of:
+@itemize
+@item
+@command{smtpctl}
+
+@item
+@command{sendmail}
+
+@item
+@command{send-mail}
+
+@item
+@command{makemap}
+
+@item
+@command{mailq}
+
+@item
+@command{newaliases}
+@end itemize
+
+to @code{smtpq}, to allow them to be executed."))
(define %default-opensmtpd-config-file
(plain-file "smtpd.conf" "
@@ -1714,6 +1738,43 @@ (define opensmtpd-activation
(define %opensmtpd-pam-services
(list (unix-pam-service "smtpd")))
+(define opensmtpd-set-gids
+ (match-lambda
+ (($ <opensmtpd-configuration> package config-file set-gids?)
+ (if set-gids?
+ (list
+ (setuid-program
+ (program (file-append package "/sbin/smtpctl"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq"))
+ (setuid-program
+ (program (file-append package "/sbin/sendmail"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq"))
+ (setuid-program
+ (program (file-append package "/sbin/send-mail"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq"))
+ (setuid-program
+ (program (file-append package "/sbin/makemap"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq"))
+ (setuid-program
+ (program (file-append package "/sbin/mailq"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq"))
+ (setuid-program
+ (program (file-append package "/sbin/newaliases"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq")))
+ '()))))
+
(define opensmtpd-service-type
(service-type
(name 'opensmtpd)
@@ -1727,7 +1788,9 @@ (define opensmtpd-service-type
(service-extension profile-service-type
(compose list opensmtpd-configuration-package))
(service-extension shepherd-root-service-type
- opensmtpd-shepherd-service)))
+ opensmtpd-shepherd-service)
+ (service-extension setuid-program-service-type
+ opensmtpd-set-gids)))
(description "Run the OpenSMTPD, a lightweight @acronym{SMTP, Simple Mail
Transfer Protocol} server.")))
--
2.37.0
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Mon, 01 Aug 2022 09:52:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Maya <maya.omase <at> protonmail.com>:
bug acknowledged by developer.
(Mon, 01 Aug 2022 09:52:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 56756-done <at> debbugs.gnu.org (full text, mbox):
Hi Maya,
Maya <maya.omase <at> protonmail.com> skribis:
> This is a patch that fixes "<executable name>: this program must be setgid smtpq". As this cannot be done in the store during build, but the upstream opensmtpd requires to set the group of those executables.
>
> ---
> gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 65 insertions(+), 2 deletions(-)
That sounds like a welcome improvement.
I applied the patch with a few changes:
• Changed the option name from ‘set-gids?’ to ‘setgid-commands?’,
which I think is slightly clearer.
• Tweaked and moved its documentation to ‘doc/guix.texi’.
• Adjusted the commit log as per our conventions (see
<https://guix.gnu.org/manual/devel/en/html_node/Submitting-Patches.html>).
Thank you!
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 29 Aug 2022 11:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 296 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.