bug#56756: closed ([PATCH] gnu: services: Add optional fix for opensmtpd executables group)

[GNU bug Tracking System]

Your message dated Mon, 01 Aug 2022 11:51:33 +0200
with message-id <87wnbsz3yy.fsf@gnu.org>
and subject line Re: bug#56756: [PATCH] gnu: services: Add optional fix for 
opensmtpd executables group
has caused the debbugs.gnu.org bug report #56756,
regarding [PATCH] gnu: services: Add optional fix for opensmtpd executables 
group
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
56756: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=56756
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> [PATCH] gnu: services: Add optional fix for opensmtpd executables group
>
>
>
>
> Date: 
>
> Mon, 25 Jul 2022 09:02:18 +0000
>
>
>
>
> This is a patch that fixes "<executable name>: this program must be setgid 
> smtpq". As this cannot be done in the store during build, but the upstream 
> opensmtpd requires to set the group of those executables.
>
> ---
>  gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 65 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
> index 10e6523861..803cdd77f2 100644
> --- a/gnu/services/mail.scm
> +++ b/gnu/services/mail.scm
> @@ -30,6 +30,7 @@ (define-module (gnu services mail)
>    #:use-module (gnu services shepherd)
>    #:use-module (gnu system pam)
>    #:use-module (gnu system shadow)
> +  #:use-module (gnu system setuid)
>    #:use-module (gnu packages mail)
>    #:use-module (gnu packages admin)
>    #:use-module (gnu packages dav)
> @@ -1653,7 +1654,30 @@ (define-record-type* <opensmtpd-configuration>
>    (package     opensmtpd-configuration-package
>                 (default opensmtpd))
>    (config-file opensmtpd-configuration-config-file
> -               (default %default-opensmtpd-config-file)))
> +               (default %default-opensmtpd-config-file))
> +  (set-gids? opensmtpd-set-gids? (default #t)
> +             "Set group of:
> +@itemize
> +@item
> +@command{smtpctl}
> +
> +@item
> +@command{sendmail}
> +
> +@item
> +@command{send-mail}
> +
> +@item
> +@command{makemap}
> +
> +@item
> +@command{mailq}
> +
> +@item
> +@command{newaliases}
> +@end itemize
> +
> +to @code{smtpq}, to allow them to be executed."))
>
>  (define %default-opensmtpd-config-file
>    (plain-file "smtpd.conf" "
> @@ -1714,6 +1738,43 @@ (define opensmtpd-activation
>  (define %opensmtpd-pam-services
>    (list (unix-pam-service "smtpd")))
>
> +(define opensmtpd-set-gids
> +  (match-lambda
> +    (($ <opensmtpd-configuration> package config-file set-gids?)
> +     (if set-gids?
> +         (list
> +          (setuid-program
> +           (program (file-append package "/sbin/smtpctl"))
> +           (setuid? #false)
> +           (setgid? #true)
> +           (group "smtpq"))
> +          (setuid-program
> +           (program (file-append package "/sbin/sendmail"))
> +           (setuid? #false)
> +           (setgid? #true)
> +           (group "smtpq"))
> +          (setuid-program
> +           (program (file-append package "/sbin/send-mail"))
> +           (setuid? #false)
> +           (setgid? #true)
> +           (group "smtpq"))
> +          (setuid-program
> +           (program (file-append package "/sbin/makemap"))
> +           (setuid? #false)
> +           (setgid? #true)
> +           (group "smtpq"))
> +          (setuid-program
> +           (program (file-append package "/sbin/mailq"))
> +           (setuid? #false)
> +           (setgid? #true)
> +           (group "smtpq"))
> +          (setuid-program
> +           (program (file-append package "/sbin/newaliases"))
> +           (setuid? #false)
> +           (setgid? #true)
> +           (group "smtpq")))
> +         '()))))
> +
>  (define opensmtpd-service-type
>    (service-type
>     (name 'opensmtpd)
> @@ -1727,7 +1788,9 @@ (define opensmtpd-service-type
>            (service-extension profile-service-type
>                               (compose list opensmtpd-configuration-package))
>            (service-extension shepherd-root-service-type
> -                             opensmtpd-shepherd-service)))
> +                             opensmtpd-shepherd-service)
> +          (service-extension setuid-program-service-type
> +                             opensmtpd-set-gids)))
>     (description "Run the OpenSMTPD, a lightweight @acronym{SMTP, Simple Mail
>  Transfer Protocol} server.")))
>
> --
> 2.37.0
>
>
>
> --- End Message ---
> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: bug#56756: [PATCH] gnu: services: Add optional fix for opensmtpd executables group
>
>
>
>
> Date: 
>
> Mon, 01 Aug 2022 11:51:33 +0200
>
>
>
>
> User-agent: 
>
> Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
>
>
>
>
> Hi Maya,
>
> Maya <maya.omase@protonmail.com> skribis:
>
> > This is a patch that fixes "<executable name>: this program must be setgid 
> > smtpq". As this cannot be done in the store during build, but the upstream 
> > opensmtpd requires to set the group of those executables.
> >
> > ---
> >  gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
> >  1 file changed, 65 insertions(+), 2 deletions(-)
>
> That sounds like a welcome improvement.
>
> I applied the patch with a few changes:
>
>   • Changed the option name from ‘set-gids?’ to ‘setgid-commands?’,
>     which I think is slightly clearer.
>
>   • Tweaked and moved its documentation to ‘doc/guix.texi’.
>
>   • Adjusted the commit log as per our conventions (see
>     <https://guix.gnu.org/manual/devel/en/html_node/Submitting-Patches.html>).
>
> Thank you!
>
> Ludo’.
>
>
> --- End Message ---