guix-patches
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#56756] [PATCH] gnu: services: Add optional fix for opensmtpd execut


From: Maya
Subject: [bug#56756] [PATCH] gnu: services: Add optional fix for opensmtpd executables group
Date: Mon, 25 Jul 2022 09:02:18 +0000

This is a patch that fixes "<executable name>: this program must be setgid 
smtpq". As this cannot be done in the store during build, but the upstream 
opensmtpd requires to set the group of those executables.

---
 gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 65 insertions(+), 2 deletions(-)

diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 10e6523861..803cdd77f2 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -30,6 +30,7 @@ (define-module (gnu services mail)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system pam)
   #:use-module (gnu system shadow)
+  #:use-module (gnu system setuid)
   #:use-module (gnu packages mail)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages dav)
@@ -1653,7 +1654,30 @@ (define-record-type* <opensmtpd-configuration>
   (package     opensmtpd-configuration-package
                (default opensmtpd))
   (config-file opensmtpd-configuration-config-file
-               (default %default-opensmtpd-config-file)))
+               (default %default-opensmtpd-config-file))
+  (set-gids? opensmtpd-set-gids? (default #t)
+             "Set group of:
+@itemize
+@item
+@command{smtpctl}
+
+@item
+@command{sendmail}
+
+@item
+@command{send-mail}
+
+@item
+@command{makemap}
+
+@item
+@command{mailq}
+
+@item
+@command{newaliases}
+@end itemize
+
+to @code{smtpq}, to allow them to be executed."))

 (define %default-opensmtpd-config-file
   (plain-file "smtpd.conf" "
@@ -1714,6 +1738,43 @@ (define opensmtpd-activation
 (define %opensmtpd-pam-services
   (list (unix-pam-service "smtpd")))

+(define opensmtpd-set-gids
+  (match-lambda
+    (($ <opensmtpd-configuration> package config-file set-gids?)
+     (if set-gids?
+         (list
+          (setuid-program
+           (program (file-append package "/sbin/smtpctl"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/sendmail"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/send-mail"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/makemap"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/mailq"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/newaliases"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq")))
+         '()))))
+
 (define opensmtpd-service-type
   (service-type
    (name 'opensmtpd)
@@ -1727,7 +1788,9 @@ (define opensmtpd-service-type
           (service-extension profile-service-type
                              (compose list opensmtpd-configuration-package))
           (service-extension shepherd-root-service-type
-                             opensmtpd-shepherd-service)))
+                             opensmtpd-shepherd-service)
+          (service-extension setuid-program-service-type
+                             opensmtpd-set-gids)))
    (description "Run the OpenSMTPD, a lightweight @acronym{SMTP, Simple Mail
 Transfer Protocol} server.")))

--
2.37.0





reply via email to

[Prev in Thread] Current Thread [Next in Thread]