Bug 208056 - mail/opendkim: Add GID support to the rc script
Summary: mail/opendkim: Add GID support to the rc script
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Ulrich Spoerlein
URL:
Keywords: easy, patch
Depends on:
Blocks:
 
Reported: 2016-03-16 11:39 UTC by Krzysztof
Modified: 2018-10-12 15:31 UTC (History)
4 users (show)

See Also:
freebsd-ports: maintainer-feedback+


Attachments
patch__milter-opendkim.in (1.36 KB, text/plain)
2016-03-16 11:39 UTC, Krzysztof
no flags Details
patch-milteropendkim.in v2 (2.71 KB, patch)
2016-03-25 11:47 UTC, Krzysztof
no flags Details | Diff
milter-opendkim.in patch - v3 (2.53 KB, patch)
2016-04-10 12:34 UTC, Krzysztof
freebsd-ports: maintainer-approval+
Details | Diff
Correct socket permissions to make sendmail happy (2.76 KB, patch)
2018-09-16 22:06 UTC, Krzysztof
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Krzysztof 2016-03-16 11:39:02 UTC
Created attachment 168293 [details]
patch__milter-opendkim.in

I think that's good idea to add support for milteropendkim_gid to milter-opendkim.in I have config for postfix + opendkim (found somewhere on the web), where postfix user has privileges to write to opendkim socket. The easiest way it to put postfix user to mailnull group (or something else).

I think it is not need to bump portrevision - it could take effect on next upgrade. I'd like to add for future.

Because this change does not affect compile process - so I don't include log from poudriere. And patch is included.
Comment 1 Daniel Austin 2016-03-17 08:27:17 UTC
(In reply to Krzysztof from comment #0)
the patch would require a bit more work before it could be included.

it needs to document the milteropendkim_uid variable in the comments at the top, and also support for profile based startup too.
Comment 2 Krzysztof 2016-03-17 08:55:38 UTC
OK, I understand your comment. Telling the truth I'm not using profiles, so I did not notice that patch should cover using profiles.

Also I checked man pages for opendkim, so now I know what should be added.

I will make another patch.
Comment 3 Krzysztof 2016-03-25 11:47:46 UTC
Created attachment 168614 [details]
patch-milteropendkim.in v2

I've made suggested changes to start-script. I hope that now this patch will be accepted.
Comment 4 Daniel Austin 2016-04-10 09:51:18 UTC
(In reply to Krzysztof from comment #3)
Sorry for the delayed reply!

I can't get your patch to apply:

|diff -ruN mail/opendkim/files/milter-opendkim.in mail/opendkim.new/files/milter-opendkim.in
|--- mail/opendkim/files/milter-opendkim.in      2014-01-24 01:14:07.000000000 +0100
|+++ mail/opendkim.new/files/milter-opendkim.in  2016-03-25 12:44:18.553548627 +0100
--------------------------
Patching file mail/opendkim/files/milter-opendkim.in using Plan A...
Hunk #1 succeeded at 16.
Hunk #2 succeeded at 39.
Hunk #3 succeeded at 54.
Hunk #4 failed at 86.
Hunk #5 failed at 134.
Hunk #6 succeeded at 167 with fuzz 2.
2 out of 6 hunks failed--saving rejects to mail/opendkim/files/milter-opendkim.in.rej
done
Comment 5 Krzysztof 2016-04-10 12:34:42 UTC
Created attachment 169144 [details]
milter-opendkim.in patch - v3

OK, so I've made a patch once again. I've checked on my FreeBSD box - there is no error at all. So I hope you will able to test it again.
Comment 6 Daniel Austin 2016-04-10 17:04:26 UTC
(In reply to Krzysztof from comment #5)
looks good here.

Pooudriere logs (if needed) at:

https://poudriere.dan.tm/poudriere/data/latest-per-pkg/opendkim/2.10.3_5/
Comment 7 Krzysztof 2016-05-18 12:56:38 UTC
Could it be committed to source tree? It seems that latest version of patch is correct...

Thanks a lot.
Comment 8 VK freebsd_triage 2016-10-02 20:12:45 UTC
Comment on attachment 169144 [details]
milter-opendkim.in patch - v3

Daniel, please set the maintainer-approval+ flag on attachments you approve for ports you maintain.
Comment 9 Daniel Austin 2017-04-29 08:26:08 UTC
Sorry, I forgot about this one... patch approved now.
Comment 10 commit-hook freebsd_committer 2017-08-18 20:50:19 UTC
A commit references this bug:

Author: swills
Date: Fri Aug 18 20:49:17 UTC 2017
New revision: 448274
URL: https://svnweb.freebsd.org/changeset/ports/448274

Log:
  mail/opendkim: Add GID support to the rc script

  PR:		208056
  Submitted by:	Krzysztof <ports@bsdserwis.com>
  Approved by:	Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)

Changes:
  head/mail/opendkim/Makefile
  head/mail/opendkim/files/milter-opendkim.in
Comment 11 Steve Wills freebsd_committer 2017-08-18 20:51:19 UTC
Committed, thanks!
Comment 12 neil 2017-08-25 22:37:47 UTC
This update breaks operation with sendmail.

Setting pid dir perms to mode 0775 makes the directory group writable which sendmail does not permit by default.

Why do this anyway? I run opendkim with Postfix and leave the GID as mailnull. I just set the milteropendkim_uid to postfix and it works.

If you must implement this then it will need to be made selective on the MTA used and for sendmail the pid dir perms must be set mode 0755.

As a workaround you can tell sendmail that group writable directories are safe but it applies to all directories and is undesirable.
Comment 13 Krzysztof 2017-08-28 18:28:03 UTC
OK, I understand.

As you can see start_pre_cmd chacks if "milteropendkim_gid" is not empty. If this variable is empty it does not do anything.

So I think to be compliant with "older" behaviour I will make new version of patch which will set milteropendkim_gid="" as default. And everybody will be happy :-)))
Comment 14 Marcin Cieślak 2018-05-20 17:19:32 UTC
Krzysztof,

I ran into this today, breaking my sendmail setup after milter reinstallation.

milteropendkim_gid is set to "mailnull" if unset previously:

: ${milteropendkim_gid="mailnull"}

so setting it an empty value explicitly avoids the chmod.

So I have to explicitly set it to

milteropendkim_gid=""

which is counterintuitive (why do I have to explicitly unset something to make directory mode correct?!)

Please fix this, sendmail is still the default here :)
Comment 15 Ulrich Spoerlein freebsd_committer 2018-09-12 12:30:29 UTC
Please fix this with the default sendmail in the base. There are at least 2 things broken with this:

1. it runs a broken chmod command:

# /usr/local/etc/rc.d/milter-opendkim restart
Stopping milteropendkim.
Waiting for PIDS: 11324.
Starting milteropendkim.
usage: chmod [-fhv] [-R [-H | -L | -P]] mode file ...

2. Mode 775 is not overridable and is wrong for sendmail, it chokes on it like so:


# service sendmail restart
sendmail not running? (check /var/run/sendmail.pid).
Starting sendmail.
451 4.0.0 /etc/mail/sendmail.cf: line 1823: Xdkim: local socket name /var/run/milteropendkim/socket unsafe: Group writable directory
/etc/rc.d/sendmail: WARNING: failed to start sendmail
Stopping sendmail_msp_queue.
Waiting for PIDS: 11469.
Starting sendmail_msp_queue.


A chmod g-w /var/run/milteropendkim/ fixes this, but that's something I need to do after every reboot.
Comment 16 Krzysztof 2018-09-16 22:06:21 UTC
Created attachment 197154 [details]
Correct socket permissions to make sendmail happy

Previously added patch was made not correctly - as some people complains. I've made a new one (based on last changes which were applied). This patch introduces a new startup variable which sets permissions 0755 of local socket as default.

Because this change is only in startup script I did not attach poudriere testport logs - it is not needed :-)))

I hope this small patch will make all of us happy :-)))

I'd like to apologize for inconvenience of sendmail users.
Comment 17 Ulrich Spoerlein freebsd_committer 2018-10-12 15:18:48 UTC
Thanks for the patch! I'll commit this shortly with a fix to avoid the empty chmod when no profiles are in use.
Comment 18 commit-hook freebsd_committer 2018-10-12 15:30:49 UTC
A commit references this bug:

Author: uqs
Date: Fri Oct 12 15:30:35 UTC 2018
New revision: 481909
URL: https://svnweb.freebsd.org/changeset/ports/481909

Log:
  Fix mail/opendkim to work with standard sendmail in base

  PR:		208056
  Submitted by:	Krzysztof <ports@bsdserwis.com>
  Reported by:	Marcin Cie?lak

Changes:
  head/mail/opendkim/Makefile
  head/mail/opendkim/files/milter-opendkim.in