Package: guix-patches;
Reported by: Brice Waegeneire <brice <at> waegenei.re>
Date: Mon, 19 Jul 2021 21:20:01 UTC
Severity: normal
Tags: patch
To reply to this bug, email your comments to 49650 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#49650; Package guix-patches.
(Mon, 19 Jul 2021 21:20:01 GMT) Full text and rfc822 format available.Brice Waegeneire <brice <at> waegenei.re>:guix-patches <at> gnu.org.
(Mon, 19 Jul 2021 21:20:01 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Brice Waegeneire <brice <at> waegenei.re> To: guix-patches <at> gnu.org Subject: [PATCH] services: dovecot: Fix "/var/run/dovecot" owner. Date: Mon, 19 Jul 2021 23:19:43 +0200
* gnu/services/mail.scm (%dovecot-activation)[mkdir-p/perms]: Change
owner of "directory" not the static string "/var/run/dovecot".
---
gnu/services/mail.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Following a discussion on IRC¹. There are several other bug in that service
but those should only manifest when using non default configuration, for
example using a user other that "dovecot" or a run time directory other than
"/var/run/dovevot", etc...
¹ <http://logs.guix.gnu.org/guix/2021-07-17.log#151005>
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 72dc123f41..805f4ec864 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1515,7 +1515,7 @@ greyed out, instead of only later giving \"not selectable\" popup error.
(use-modules (guix build utils))
(define (mkdir-p/perms directory owner perms)
(mkdir-p directory)
- (chown "/var/run/dovecot" (passwd:uid owner) (passwd:gid owner))
+ (chown directory (passwd:uid owner) (passwd:gid owner))
(chmod directory perms))
(define (build-subject parameters)
(string-concatenate
--
2.32.0
guix-patches <at> gnu.org:bug#49650; Package guix-patches.
(Tue, 21 Dec 2021 20:37:01 GMT) Full text and rfc822 format available.Message #8 received at 49650 <at> debbugs.gnu.org (full text, mbox):
From: Brice Waegeneire <brice <at> waegenei.re> To: 49650 <at> debbugs.gnu.org Subject: [PATCH v2] services: dovecot: Fix "/var/run/dovecot" owner. Date: Tue, 21 Dec 2021 21:36:03 +0100
* gnu/services/mail.scm (%dovecot-activation)[mkdir-p/perms]: Use
procedure defined in (gnu build activation), fixing the 'chown' call
which was using the static string "/var/run/dovecot".
---
This version replace the faulty mkdir-p/perms procedure with a correct and
more widely used one. It pass the system check:
--8<---------------cut here---------------start------------->8---
$ make check-system TESTS="dovecot" -j4
[...]
%%%% Starting test dovecot (Writing full log to "/gnu/store/q8iyyvzk954vfc1ihwzvd0ma6f2vxjf7-dovecot-test/dovecot.log")
marionette is ready
PASS: dovecot running
PASS: service process id
PASS: accept an email
PASS: mail arrived
# of expected passes 4
successfully built /gnu/store/2i0jkcpirr5v5wr9bvmgvphc7lh3zwir-dovecot-test.drv
/gnu/store/q8iyyvzk954vfc1ihwzvd0ma6f2vxjf7-dovecot-test
--8<---------------cut here---------------end--------------->8---
gnu/services/mail.scm | 117 +++++++++++++++++++++---------------------
1 file changed, 59 insertions(+), 58 deletions(-)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 4ad6ddb534..f376c67284 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2017, 2020 Tobias Geerinckx-Rice <me <at> tobias.gr>
;;; Copyright © 2019 Kristofer Buffington <kristoferbuffington <at> gmail.com>
;;; Copyright © 2020 Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
+;;; Copyright © 2021 Brice Waegeneire <brice <at> waegenei.re>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -35,6 +36,7 @@ (define-module (gnu services mail)
#:use-module (gnu packages dav)
#:use-module (gnu packages tls)
#:use-module (guix records)
+ #:use-module (guix modules)
#:use-module (guix packages)
#:use-module (guix gexp)
#:use-module (ice-9 match)
@@ -1511,64 +1513,63 @@ (define (%dovecot-activation config)
(lambda ()
(serialize-configuration config
dovecot-configuration-fields)))))))
- #~(begin
- (use-modules (guix build utils))
- (define (mkdir-p/perms directory owner perms)
- (mkdir-p directory)
- (chown "/var/run/dovecot" (passwd:uid owner) (passwd:gid owner))
- (chmod directory perms))
- (define (build-subject parameters)
- (string-concatenate
- (map (lambda (pair)
- (let ((k (car pair)) (v (cdr pair)))
- (define (escape-char str chr)
- (string-join (string-split str chr) (string #\\ chr)))
- (string-append "/" k "="
- (escape-char (escape-char v #\=) #\/))))
- (filter (lambda (pair) (cdr pair)) parameters))))
- (define* (create-self-signed-certificate-if-absent
- #:key private-key public-key (owner (getpwnam "root"))
- (common-name (gethostname))
- (organization-name "Guix")
- (organization-unit-name "Default Self-Signed Certificate")
- (subject-parameters `(("CN" . ,common-name)
- ("O" . ,organization-name)
- ("OU" . ,organization-unit-name)))
- (subject (build-subject subject-parameters)))
- ;; Note that by default, OpenSSL outputs keys in PEM format. This
- ;; is what we want.
- (unless (file-exists? private-key)
- (cond
- ((zero? (system* (string-append #$openssl "/bin/openssl")
- "genrsa" "-out" private-key "2048"))
- (chown private-key (passwd:uid owner) (passwd:gid owner))
- (chmod private-key #o400))
- (else
- (format (current-error-port)
- "Failed to create private key at ~a.\n" private-key))))
- (unless (file-exists? public-key)
- (cond
- ((zero? (system* (string-append #$openssl "/bin/openssl")
- "req" "-new" "-x509" "-key" private-key
- "-out" public-key "-days" "3650"
- "-batch" "-subj" subject))
- (chown public-key (passwd:uid owner) (passwd:gid owner))
- (chmod public-key #o444))
- (else
- (format (current-error-port)
- "Failed to create public key at ~a.\n" public-key)))))
- (let ((user (getpwnam "dovecot")))
- (mkdir-p/perms "/var/run/dovecot" user #o755)
- (mkdir-p/perms "/var/lib/dovecot" user #o755)
- (mkdir-p/perms "/etc/dovecot" user #o755)
- (copy-file #$(plain-file "dovecot.conf" config-str)
- "/etc/dovecot/dovecot.conf")
- (mkdir-p/perms "/etc/dovecot/private" user #o700)
- (create-self-signed-certificate-if-absent
- #:private-key "/etc/dovecot/private/default.pem"
- #:public-key "/etc/dovecot/default.pem"
- #:owner (getpwnam "root")
- #:common-name (format #f "Dovecot service on ~a" (gethostname)))))))
+ (with-imported-modules (source-module-closure
+ '((gnu build activation)))
+ #~(begin
+ (use-modules (guix build utils)
+ (gnu build activation))
+ (define (build-subject parameters)
+ (string-concatenate
+ (map (lambda (pair)
+ (let ((k (car pair)) (v (cdr pair)))
+ (define (escape-char str chr)
+ (string-join (string-split str chr) (string #\\ chr)))
+ (string-append "/" k "="
+ (escape-char (escape-char v #\=) #\/))))
+ (filter (lambda (pair) (cdr pair)) parameters))))
+ (define* (create-self-signed-certificate-if-absent
+ #:key private-key public-key (owner (getpwnam "root"))
+ (common-name (gethostname))
+ (organization-name "Guix")
+ (organization-unit-name "Default Self-Signed Certificate")
+ (subject-parameters `(("CN" . ,common-name)
+ ("O" . ,organization-name)
+ ("OU" . ,organization-unit-name)))
+ (subject (build-subject subject-parameters)))
+ ;; Note that by default, OpenSSL outputs keys in PEM format. This
+ ;; is what we want.
+ (unless (file-exists? private-key)
+ (cond
+ ((zero? (system* (string-append #$openssl "/bin/openssl")
+ "genrsa" "-out" private-key "2048"))
+ (chown private-key (passwd:uid owner) (passwd:gid owner))
+ (chmod private-key #o400))
+ (else
+ (format (current-error-port)
+ "Failed to create private key at ~a.\n" private-key))))
+ (unless (file-exists? public-key)
+ (cond
+ ((zero? (system* (string-append #$openssl "/bin/openssl")
+ "req" "-new" "-x509" "-key" private-key
+ "-out" public-key "-days" "3650"
+ "-batch" "-subj" subject))
+ (chown public-key (passwd:uid owner) (passwd:gid owner))
+ (chmod public-key #o444))
+ (else
+ (format (current-error-port)
+ "Failed to create public key at ~a.\n" public-key)))))
+ (let ((user (getpwnam "dovecot")))
+ (mkdir-p/perms "/var/run/dovecot" user #o755)
+ (mkdir-p/perms "/var/lib/dovecot" user #o755)
+ (mkdir-p/perms "/etc/dovecot" user #o755)
+ (copy-file #$(plain-file "dovecot.conf" config-str)
+ "/etc/dovecot/dovecot.conf")
+ (mkdir-p/perms "/etc/dovecot/private" user #o700)
+ (create-self-signed-certificate-if-absent
+ #:private-key "/etc/dovecot/private/default.pem"
+ #:public-key "/etc/dovecot/default.pem"
+ #:owner (getpwnam "root")
+ #:common-name (format #f "Dovecot service on ~a" (gethostname))))))))
(define (dovecot-shepherd-service config)
"Return a list of <shepherd-service> for CONFIG."
base-commit: 87e5502d406bfb44b61f7577b241602e02a3498e
--
2.34.0
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.