Bug 245853 - mail/mailman: audit for pkg-plist and pkg-install glitches
Summary: mail/mailman: audit for pkg-plist and pkg-install glitches
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Matthias Andree
URL: https://reviews.freebsd.org/D24571
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-23 15:15 UTC by Matthias Andree
Modified: 2020-04-25 22:42 UTC (History)
2 users (show)

See Also:
mandree: maintainer-feedback+
mandree: merge-quarterly-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Andree freebsd_committer freebsd_triage 2020-04-23 15:15:08 UTC 
(actually bapt@'s and manu@'s report who are questioning the need for all the pkg-install actions that should be covered by pkg-plist already, and bapt references the 5yo https://svnweb.freebsd.org/ports/head/mail/mailman/files/pkg-message.in?r1=364803&r2=375670

#1 ###
(17:07:16) mandree: drwxr-xr-x  2 mailman  mailman  512 Apr 14 22:16 /usr/local/mailman/messages/ar/LC_MESSAGES/
...
(17:07:39) mandree: that directory does NOT belong into mailman's hands with write permission.

#2 ###
(17:08:54) manu: mandree: you chown %%GROUP%% and chmod 0755 in pkg-install


#3 ###
(17:10:09) manu: ok anyway, please let me know if you find a good test case of something not working in the plist

See also https://reviews.freebsd.org/D24531 for a home dir fix

Apparently pkg -r /foo/bar install mailman can reveal some issues, whether or not -I is in use.

Set up a test plan with what directory needs which permissions.


#4 ###
Possibly check for @sample template files in the rcfile as a prereq and refuse to start if @sample files aren't in place, and point to post-install again
Comment 1 commit-hook freebsd_committer freebsd_triage 2020-04-25 22:42:10 UTC 
A commit references this bug:

Author: mandree
Date: Sat Apr 25 22:41:22 UTC 2020
New revision: 532983
URL: https://svnweb.freebsd.org/changeset/ports/532983

Log:
  mail/mailman: fix some permission issues, realign template policy

  - tighten up permissions on install dirs even more, patching
    bin/check_perms to not complain - fewer directories or files belong
    in mailman's hand or need group write permissions.

  - revert 2.1.30's "make templates samples" because the upstream has
    always instead provided a templates/site dir here and warned users that
    default templates will be overwritten on updates or reinstallation
    https://wiki.list.org/DOC/4.48%20How%20can%20I%20change%20the%20HTML%20or%20.txt%20templates%20used%20by%20my%20mailing%20lists%3F
    changed templates will be written to different directories, the site,
    domain-specific or list-specific directory

  - adjust pkg-plist such that a no-script install, a regular install
    with post-install script run, and check_perms agree on permissions,
    however with tighter write permissions than the default install,
    as a security-in-depth safety precaution. [1]

  - revise files/pkg-install.in accordingly

  - boil down files/pkg-message.in texts a little bit

  - bump PORTREVISION

  PR:		245853
  Reported by:	manu@ (IRC) [1]

Changes:
  head/mail/mailman/Makefile
  head/mail/mailman/files/patch-bin_check__perms
  head/mail/mailman/files/pkg-install.in
  head/mail/mailman/files/pkg-message.in
  head/mail/mailman/files/templates_site_README.txt
  head/mail/mailman/pkg-plist
Comment 2 Matthias Andree freebsd_committer freebsd_triage 2020-04-25 22:42:20 UTC 
Found a @sample buglet along the way, see https://reviews.freebsd.org/D24571 for details