Bug 208056
| Summary: | mail/opendkim: Add GID support to the rc script | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Krzysztof <ports> | ||||||||||
| Component: | Individual Port(s) | Assignee: | Ulrich Spörlein <uqs> | ||||||||||
| Status: | Closed FIXED | ||||||||||||
| Severity: | Affects Some People | CC: | freebsd-ports, neil, saper, uqs | ||||||||||
| Priority: | --- | Keywords: | easy, patch | ||||||||||
| Version: | Latest | Flags: | freebsd-ports:
maintainer-feedback+
|
||||||||||
| Hardware: | Any | ||||||||||||
| OS: | Any | ||||||||||||
| Attachments: |
|
||||||||||||
(In reply to Krzysztof from comment #0) the patch would require a bit more work before it could be included. it needs to document the milteropendkim_uid variable in the comments at the top, and also support for profile based startup too. OK, I understand your comment. Telling the truth I'm not using profiles, so I did not notice that patch should cover using profiles. Also I checked man pages for opendkim, so now I know what should be added. I will make another patch. Created attachment 168614 [details]
patch-milteropendkim.in v2
I've made suggested changes to start-script. I hope that now this patch will be accepted.
(In reply to Krzysztof from comment #3) Sorry for the delayed reply! I can't get your patch to apply: |diff -ruN mail/opendkim/files/milter-opendkim.in mail/opendkim.new/files/milter-opendkim.in |--- mail/opendkim/files/milter-opendkim.in 2014-01-24 01:14:07.000000000 +0100 |+++ mail/opendkim.new/files/milter-opendkim.in 2016-03-25 12:44:18.553548627 +0100 -------------------------- Patching file mail/opendkim/files/milter-opendkim.in using Plan A... Hunk #1 succeeded at 16. Hunk #2 succeeded at 39. Hunk #3 succeeded at 54. Hunk #4 failed at 86. Hunk #5 failed at 134. Hunk #6 succeeded at 167 with fuzz 2. 2 out of 6 hunks failed--saving rejects to mail/opendkim/files/milter-opendkim.in.rej done Created attachment 169144 [details]
milter-opendkim.in patch - v3
OK, so I've made a patch once again. I've checked on my FreeBSD box - there is no error at all. So I hope you will able to test it again.
(In reply to Krzysztof from comment #5) looks good here. Pooudriere logs (if needed) at: https://poudriere.dan.tm/poudriere/data/latest-per-pkg/opendkim/2.10.3_5/ Could it be committed to source tree? It seems that latest version of patch is correct... Thanks a lot. Comment on attachment 169144 [details]
milter-opendkim.in patch - v3
Daniel, please set the maintainer-approval+ flag on attachments you approve for ports you maintain.
Sorry, I forgot about this one... patch approved now. A commit references this bug: Author: swills Date: Fri Aug 18 20:49:17 UTC 2017 New revision: 448274 URL: https://svnweb.freebsd.org/changeset/ports/448274 Log: mail/opendkim: Add GID support to the rc script PR: 208056 Submitted by: Krzysztof <ports@bsdserwis.com> Approved by: Daniel Austin <freebsd-ports@dan.me.uk> (maintainer) Changes: head/mail/opendkim/Makefile head/mail/opendkim/files/milter-opendkim.in Committed, thanks! This update breaks operation with sendmail. Setting pid dir perms to mode 0775 makes the directory group writable which sendmail does not permit by default. Why do this anyway? I run opendkim with Postfix and leave the GID as mailnull. I just set the milteropendkim_uid to postfix and it works. If you must implement this then it will need to be made selective on the MTA used and for sendmail the pid dir perms must be set mode 0755. As a workaround you can tell sendmail that group writable directories are safe but it applies to all directories and is undesirable. OK, I understand. As you can see start_pre_cmd chacks if "milteropendkim_gid" is not empty. If this variable is empty it does not do anything. So I think to be compliant with "older" behaviour I will make new version of patch which will set milteropendkim_gid="" as default. And everybody will be happy :-))) Krzysztof,
I ran into this today, breaking my sendmail setup after milter reinstallation.
milteropendkim_gid is set to "mailnull" if unset previously:
: ${milteropendkim_gid="mailnull"}
so setting it an empty value explicitly avoids the chmod.
So I have to explicitly set it to
milteropendkim_gid=""
which is counterintuitive (why do I have to explicitly unset something to make directory mode correct?!)
Please fix this, sendmail is still the default here :)
Please fix this with the default sendmail in the base. There are at least 2 things broken with this: 1. it runs a broken chmod command: # /usr/local/etc/rc.d/milter-opendkim restart Stopping milteropendkim. Waiting for PIDS: 11324. Starting milteropendkim. usage: chmod [-fhv] [-R [-H | -L | -P]] mode file ... 2. Mode 775 is not overridable and is wrong for sendmail, it chokes on it like so: # service sendmail restart sendmail not running? (check /var/run/sendmail.pid). Starting sendmail. 451 4.0.0 /etc/mail/sendmail.cf: line 1823: Xdkim: local socket name /var/run/milteropendkim/socket unsafe: Group writable directory /etc/rc.d/sendmail: WARNING: failed to start sendmail Stopping sendmail_msp_queue. Waiting for PIDS: 11469. Starting sendmail_msp_queue. A chmod g-w /var/run/milteropendkim/ fixes this, but that's something I need to do after every reboot. Created attachment 197154 [details]
Correct socket permissions to make sendmail happy
Previously added patch was made not correctly - as some people complains. I've made a new one (based on last changes which were applied). This patch introduces a new startup variable which sets permissions 0755 of local socket as default.
Because this change is only in startup script I did not attach poudriere testport logs - it is not needed :-)))
I hope this small patch will make all of us happy :-)))
I'd like to apologize for inconvenience of sendmail users.
Thanks for the patch! I'll commit this shortly with a fix to avoid the empty chmod when no profiles are in use. A commit references this bug: Author: uqs Date: Fri Oct 12 15:30:35 UTC 2018 New revision: 481909 URL: https://svnweb.freebsd.org/changeset/ports/481909 Log: Fix mail/opendkim to work with standard sendmail in base PR: 208056 Submitted by: Krzysztof <ports@bsdserwis.com> Reported by: Marcin Cie?lak Changes: head/mail/opendkim/Makefile head/mail/opendkim/files/milter-opendkim.in |
Created attachment 168293 [details] patch__milter-opendkim.in I think that's good idea to add support for milteropendkim_gid to milter-opendkim.in I have config for postfix + opendkim (found somewhere on the web), where postfix user has privileges to write to opendkim socket. The easiest way it to put postfix user to mailnull group (or something else). I think it is not need to bump portrevision - it could take effect on next upgrade. I'd like to add for future. Because this change does not affect compile process - so I don't include log from poudriere. And patch is included.