WIP version of postfix.scm

  • Open
  • quality assurance status badge
Details
5 participants
  • Gábor Boskovits
  • Brant Gardner
  • Christine Lemmer-Webber
  • Jan Nieuwenhuizen
  • Ricardo Wurmus
Owner
unassigned
Submitted by
Brant Gardner
Severity
normal
B
B
Brant Gardner wrote on 7 May 2019 17:15
(address . guix-patches@gnu.org)
567ff351-d0f4-4143-af85-4a0e5c83c012@www.fastmail.com
I've gotten it to the point where it builds but does not install - Postfix seems to have a non-standard install procedure and I'm not sure how to proceed.

'guix lint' is mostly happy with it and I tried to follow standards but I'm still new at this so any comments are appreciated.

Thank you!

--
Brant Gardner
Attachment: file
From 212731a40d9ad0f41c757d42aacc98efbf3f9ddf Mon Sep 17 00:00:00 2001
From: Brant Gardner <brantcgardner@brantware.com>
Date: Tue, 7 May 2019 10:09:08 -0500
Subject: [PATCH] gnu: Add postfix WIP.

* gnu/packages/postfix.scm (postfix): New public variable.
---
gnu/packages/postfix.scm | 85 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 85 insertions(+)
create mode 100644 gnu/packages/postfix.scm

Toggle diff (93 lines)
diff --git a/gnu/packages/postfix.scm b/gnu/packages/postfix.scm
new file mode 100644
index 0000000000..6585c108e4
--- /dev/null
+++ b/gnu/packages/postfix.scm
@@ -0,0 +1,85 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Brant Gardner <bcg@member.fsf.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages postfix)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix build-system gnu)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (gnu packages autotools)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages dbm)
+ #:use-module (gnu packages onc-rpc)
+ #:use-module (gnu packages perl))
+
+(define-public postfix
+ (package
+ (name "postfix")
+ (version "3.4.5")
+ (source (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "ftp://ftp.porcupine.org/mirrors/project-history/postfix/official/postfix-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "17riwr21i9p1h17wpagfiwkpx9bbx7dy4gpdl219a11akm7saawb"))))
+ (build-system gnu-build-system)
+ (arguments '(#:phases
+ (modify-phases %standard-phases
+ (add-before 'build 'patch-/bin/sh
+ (lambda _
+ (substitute* (find-files "." "^Makefile.in")
+ (("/bin/sh") (which "sh")))
+ #t))
+ (add-before 'build 'auxlibs
+ (lambda _
+ (setenv "AUXLIBS"
+ "-lnsl -lresolv") ; Required, but postfix OS
+ ; detection in leaves these
+ ; unset for Guix
+ #t))
+ (add-before 'build 'patch-/usr/include
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* '("makedefs")
+ (("/usr/include") (string-append (assoc-ref
+ inputs "bdb")
+ "/include"))) #t))
+ (add-before 'build 'configure-postfix ; Move configuration folder
+ (lambda* (#:key outputs #:allow-other-keys)
+ (invoke "make" "makefiles"
+ (string-append "CCARGS=-DDEF_CONFIG_DIR=\\\""
+ (assoc-ref outputs "out") "/etc\\\"")) #t))
+ (delete 'configure) ; no configure script
+ (delete 'check)))) ; no check
+ (inputs `(("bdb" ,bdb)
+ ("libnsl" ,libnsl)))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)
+ ("perl" ,perl)
+ ("pkg-config" ,pkg-config)))
+ (synopsis "Full-featured & secure sendmail replacement")
+ (description "Postfix attempts to be fast, easy to administer, and
+secure. The outside has a definite Sendmail-ish flavor, but the inside is
+completely different.")
+ (home-page "https://www.postfix.org/")
+ (license license:ibmpl1.0)))
--
2.21.0
J
J
Jan Nieuwenhuizen wrote on 10 Aug 2020 08:49
Re: wip-postfix
(name . Gábor Boskovits)(address . boskovits@gmail.com)
878sen0zcd.fsf@gnu.org
Gábor Boskovits writes:

Hello!

Toggle quote (4 lines)
>> Jan Nieuwenhuizen <janneke@gnu.org> ezt írta (id?pont: 2020. márc. 17., Ke 9:02):
>
> Gábor Boskovits writes:

I took the liberty of rebasing wip-postfix on latest master and
found it does not compile

Toggle snippet (13 lines)
gcc -fPIC -I. -I../../include -DNO_EAI -DDEF_SMTPUTF8_ENABLE=\"no\" -DHAS_DEV_URANDOM -DDEF_SHLIB_DIR=\"/gnu/store/hbdrbb84krvjvw58vmr1pvzb6l3gbmyv-postfix-minimal-3.4.8\" -DUSE_DYNAMIC_LIBS -DUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment -fPIC -g -O -I. -I../../include -DLINUX5 -c dns_str_resflags.c
dns_str_resflags.c:55:13: warning: RES_AAONLY is deprecated
"RES_AAONLY", RES_AAONLY,
^~~~~~~~~~~~~~~~~
dns_str_resflags.c:57:13: warning: RES_PRIMARY is deprecated
"RES_PRIMARY", RES_PRIMARY,
^~~~~~~~~~~~~~~~~~~
dns_str_resflags.c:63:22: error: ‘RES_INSECURE1’ undeclared here (not in a function); did you mean ‘RES_RECURSE’?
"RES_INSECURE1", RES_INSECURE1,
^~~~~~~~~~~~~
RES_RECURSE

Luckily, that was easily fixed by updating postfix to 3.5.0.

Toggle quote (3 lines)
>> When I hack around and create /etc/ailases.db, it works.
> I would like to add a service config for this.

I found we already have mail-aliases-service-type, so I used that,
together with running postalias. Now, queuing mail works ootb...but
delivery seems not to work: it remains queued.

I rebased wip-postfix and added a couple of patches for this. Please
feel free to revert them if you don't like it :-)

When starting postfix like so

Toggle snippet (5 lines)
./pre-inst-env guix system vm gnu/system/examples/postfix.tmpl`\
--nographic -m 1G\
--nic user,model=virtio-net-pci,hostfwd=tcp::12025-:25,hostfwd=tcp:127.0.0.1:12022-:2222

I'm seeing

Toggle snippet (33 lines)
07:39:18 janneke@dundal:~/src/guix/wip-postfix [env]
$ telnet localhost 12025
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 komputilo.localdomain ESMTP Postfix
mail from: root
mail from: root
250 2.1.0 Ok
rcpt to: alice
rcpt to: alice
250 2.1.5 Ok
data
data
354 End data with <CR><LF>.<CR><LF>
hello Alice!
hello Alice!
.
.
250 2.0.0 Ok: queued as E26BA3116
quit
quit
221 2.0.0 Bye
Connection closed by foreign host.
08:03:53 janneke@dundal:~/src/guix/wip-postfix [env]
$ ssh -p 12022 root@localhost /gnu/store/mydn0wr0bs7mz3rx9fwihpma26r0dpqq-postfix-minimal-3.5.0/mailq -C /gnu/store/nj5pa9l9zy6vx5484pbdsqnilva8bivc-postfix-config-dir
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
E26BA3116* 175 Mon Aug 10 08:00:50 root@komputilo.localdomain
alice@komputilo.localdomain

-- 0 Kbytes in 1 Request.

Ideas?

Toggle quote (10 lines)
>> It looks like most everything is installed in a single, flat directory
>>
>> /gnu/store/pyv0rpd6zs0m2i482cb8qxd6mhf5b47z-postfix-minimal-3.4.8
>>
>> executables, copies of readmes, (unused?) config files (main.cf,
>> aliases)?
>
> Yes, but can be easily separated. The config files are installer
> generated, and not used.

Ok => TODO :-)

Toggle quote (7 lines)
>> Anyhow, this is a great start; next Mailman?
>
> One thing that blocks me from finishing this is that the setuid
> programs in the os declatation should be extended, so that we can use
> the privilege separation of postfix. I would like to propose a patch
> later this week.

Any insight here, something blocking maybe?

Greetings,
Janneke

Jan (janneke) Nieuwenhuizen (5):
gnu: postfix-minimal: Updato to 3.5.0.
system: examples: Add postfix.tmpl.
gnu: postfix-minimal: Fix startup warnings.
service: postfix: Use mail-aliases-service-type.
system: postfix.tmpl: Add mail-aliases-service.

gnu/packages/mail.scm | 32 ++++++++++++-------
gnu/services/mail.scm | 12 ++++++-
gnu/system/examples/postfix.tmpl | 54 ++++++++++++++++++++++++++++++++
3 files changed, 86 insertions(+), 12 deletions(-)
create mode 100644 gnu/system/examples/postfix.tmpl

--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com| Avatar® http://AvatarAcademy.com
J
J
Jan (janneke) Nieuwenhuizen wrote on 10 Aug 2020 08:51
[PATCH 1/5] gnu: postfix-minimal: Updato to 3.5.0.
20200810065112.6879-1-janneke@gnu.org
* gnu/packages/mail.scm (postfix-minimal): Update to 3.5.0. Fixes build with
glibc-2.30.
---
gnu/packages/mail.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (25 lines)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index a2708ed1a2..94236bbbcd 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3558,7 +3558,7 @@ based on asyncio.")
(define-public postfix-minimal
(package
(name "postfix-minimal")
- (version "3.4.8")
+ (version "3.5.0")
(source (origin
(method url-fetch)
(uri (string-append "http://cdn.postfix.johnriley.me/"
@@ -3566,7 +3566,7 @@ based on asyncio.")
"postfix-" version ".tar.gz"))
(sha256
(base32
- "0hw9kbr05qdzvfqhxi4dp4n3s9xvdh0gr0la08a4bip06ybl4pcd"))))
+ "1k2mxx9yx8lif804ff7zjyllizv4najfv3dca912k6j46fbr5b12"))))
(build-system gnu-build-system)
(arguments
'(#:phases
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
J
J
Jan (janneke) Nieuwenhuizen wrote on 10 Aug 2020 08:51
[PATCH 2/5] system: examples: Add postfix.tmpl.
20200810065112.6879-2-janneke@gnu.org
* gnu/system/examples/postfix.tmpl: New file.
---
gnu/system/examples/postfix.tmpl | 52 ++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
create mode 100644 gnu/system/examples/postfix.tmpl

Toggle diff (61 lines)
diff --git a/gnu/system/examples/postfix.tmpl b/gnu/system/examples/postfix.tmpl
new file mode 100644
index 0000000000..e0b335954e
--- /dev/null
+++ b/gnu/system/examples/postfix.tmpl
@@ -0,0 +1,52 @@
+;; This is an operating system configuration template for testing postfix.
+
+(use-modules (gnu))
+(use-service-modules mail networking ssh)
+(use-package-modules ssh)
+
+(operating-system
+ (host-name "komputilo")
+ (timezone "Europe/Berlin")
+ (locale "en_US.utf8")
+
+ ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
+ ;; target hard disk, and "my-root" is the label of the target
+ ;; root file system.
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (target "/dev/sdX")))
+
+ ;; Allow run-vm.sh --nographic
+ (kernel-arguments '("console=tty0" "console=ttyS0"))
+ (file-systems (cons (file-system
+ (device (file-system-label "guix"))
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+
+ ;; This is where user accounts are specified. The "root"
+ ;; account is implicit, and is initially created with the
+ ;; empty password.
+ (users (cons (user-account
+ (name "alice")
+ (comment "Bob's sister")
+ (group "users")
+
+ ;; Adding the account to the "wheel" group
+ ;; makes it a sudoer.
+ (supplementary-groups '("wheel")))
+ %base-user-accounts))
+
+ ;; Add services to the baseline: a DHCP client, POSTFIX and
+ ;; an SSH server.
+ (services (append (list (service dhcp-client-service-type)
+ (service openssh-service-type
+ (openssh-configuration
+ (openssh openssh-sans-x)
+ (use-pam? #f)
+ (port-number 2222)
+ (permit-root-login #t)
+ (allow-empty-passwords? #t)
+ (password-authentication? #t)))
+ (service postfix-service-type))
+ %base-services)))
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
J
J
Jan (janneke) Nieuwenhuizen wrote on 10 Aug 2020 08:51
[PATCH 3/5] gnu: postfix-minimal: Fix startup warnings.
20200810065112.6879-3-janneke@gnu.org
This avoids kind of funny replacements like these of `rm'

find -prune -perm -020
=>
find -prune -pe/gnu/store/zibwkb5xavnv6z3gzknfqjsxb9b0izh0-coreutils-8.31/bin/rm -020

* gnu/packages/mail.scm (postfix-minimal)[phases]: Set PATH rather than
substituting individual commands.
---
gnu/packages/mail.scm | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)

Toggle diff (56 lines)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 94236bbbcd..5f622595c9 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -35,6 +35,7 @@
;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2020 Michael Rohleder <mike@rohleder.de>
;;; Copyright © 2020 Brant Gardner <brantcgardner@brantware.com>
+;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -3569,7 +3570,10 @@ based on asyncio.")
"1k2mxx9yx8lif804ff7zjyllizv4najfv3dca912k6j46fbr5b12"))))
(build-system gnu-build-system)
(arguments
- '(#:phases
+ '(#:modules ((srfi srfi-26)
+ (guix build utils)
+ (guix build gnu-build-system))
+ #:phases
(modify-phases %standard-phases
(add-before 'build 'patch-/bin/sh
(lambda _
@@ -3601,14 +3605,20 @@ based on asyncio.")
(lambda _
(invoke "make" "makefiles" "pie=yes" "dynamicmaps=yes")))
(add-before 'install 'fix-postfix-scripts-path
- (lambda _
- (for-each
- (lambda (command)
- (substitute* '("postfix-install" "conf/post-install" "conf/postfix-script")
- (((string-append command " ")) (string-append (which command) " "))))
- '("awk" "chmod" "chown" "chgrp" "cp" "find" "ln" "mkdir" "mv" "rm" "sed"
- "sleep" "sort" "touch" "uname"))
- #t))
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((path (string-join
+ (map (compose (cute string-append <> "/bin")
+ (cute assoc-ref inputs <>))
+ '("bash" "coreutils" "findutils" "gawk" "grep"
+ "sed"))
+ ":")))
+ (substitute* '("postfix-install"
+ "conf/post-install"
+ "conf/postfix-script")
+ (("^SHELL=/bin/sh")
+ (string-append "PATH=" path "\n"
+ "SHELL=" (assoc-ref inputs "bash") "/bin/sh")))
+ #t)))
(add-before 'install 'configure-install
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
J
J
Jan (janneke) Nieuwenhuizen wrote on 10 Aug 2020 08:51
[PATCH 4/5] service: postfix: Use mail-aliases-service-type.
20200810065112.6879-4-janneke@gnu.org
* gnu/services/mail.scm (postfix-service-type): Extend mail-aliases-service-type.
(postfix-shepherd-service): Generate /etc/aliases.db if necessary.
---
gnu/services/mail.scm | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)

Toggle diff (42 lines)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 59cb373fbf..9a0066d920 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2017, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 Kristofer Buffington <kristoferbuffington@gmail.com>
;;; Copyright © 2020 Gábor Boskovits <boskovits@gmail.com>
+;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -1956,9 +1957,17 @@ inet_protocols = ipv4
(match-record config <postfix-configuration>
(postfix)
(let* ((postfix-binary (file-append postfix "/postfix"))
+ (postalias-binary (file-append postfix "/postalias"))
(postfix-action
(lambda (action)
#~(lambda _
+ (when (or (not (file-exists? "/etc/aliases.db"))
+ (> (stat:mtime (stat "/etc/aliases"))
+ (stat:mtime (stat "/etc/aliases.db"))))
+ (invoke #$postalias-binary
+ "-c"
+ #$(postfix-configuration-directory config)
+ "/etc/aliases"))
(invoke #$postfix-binary "-c"
#$(postfix-configuration-directory config)
#$action)))))
@@ -1974,6 +1983,7 @@ inet_protocols = ipv4
(name 'postfix)
(extensions (list (service-extension account-service-type postfix-accounts)
(service-extension activation-service-type postfix-activation)
- (service-extension shepherd-root-service-type postfix-shepherd-service)))
+ (service-extension shepherd-root-service-type postfix-shepherd-service)
+ (service-extension mail-aliases-service-type (const '()))))
(description "Run the Postfix MTA.")
(default-value (postfix-configuration))))
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
J
J
Jan (janneke) Nieuwenhuizen wrote on 10 Aug 2020 08:51
[PATCH 5/5] system: postfix.tmpl: Add mail-aliases-service.
20200810065112.6879-5-janneke@gnu.org
* gnu/system/examples/postfix.tmpl: Add mail-aliases-service-type.
---
gnu/system/examples/postfix.tmpl | 2 ++
1 file changed, 2 insertions(+)

Toggle diff (15 lines)
diff --git a/gnu/system/examples/postfix.tmpl b/gnu/system/examples/postfix.tmpl
index e0b335954e..7ebc8544f5 100644
--- a/gnu/system/examples/postfix.tmpl
+++ b/gnu/system/examples/postfix.tmpl
@@ -48,5 +48,7 @@
(permit-root-login #t)
(allow-empty-passwords? #t)
(password-authentication? #t)))
+ (service mail-aliases-service-type
+ '(("postmaster" "root")))
(service postfix-service-type))
%base-services)))
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
G
G
Gábor Boskovits wrote on 11 Aug 2020 04:16
Re: wip-postfix
(name . Jan Nieuwenhuizen)(address . janneke@gnu.org)
CAE4v=pjVDxmC3p4+mWrCoMX_AtEJ_Ksbf1rQWJPm+NeHuGmY9A@mail.gmail.com
Hello Jan,

Jan Nieuwenhuizen <janneke@gnu.org> ezt írta (id?pont: 2020. aug. 10., Hét
8:50):

Toggle quote (34 lines)
> Gábor Boskovits writes:
>
> Hello!
>
> >> Jan Nieuwenhuizen <janneke@gnu.org> ezt írta (id?pont: 2020. márc.
> 17., Ke 9:02):
> >
> > Gábor Boskovits writes:
>
> I took the liberty of rebasing wip-postfix on latest master and
> found it does not compile
>
> --8<---------------cut here---------------start------------->8---
> gcc -fPIC -I. -I../../include -DNO_EAI -DDEF_SMTPUTF8_ENABLE=\"no\"
> -DHAS_DEV_URANDOM
> -DDEF_SHLIB_DIR=\"/gnu/store/hbdrbb84krvjvw58vmr1pvzb6l3gbmyv-postfix-minimal-3.4.8\"
> -DUSE_DYNAMIC_LIBS -DUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat
> -Wno-comment -fPIC -g -O -I. -I../../include -DLINUX5 -c dns_str_resflags.c
> dns_str_resflags.c:55:13: warning: RES_AAONLY is deprecated
> "RES_AAONLY", RES_AAONLY,
> ^~~~~~~~~~~~~~~~~
> dns_str_resflags.c:57:13: warning: RES_PRIMARY is deprecated
> "RES_PRIMARY", RES_PRIMARY,
> ^~~~~~~~~~~~~~~~~~~
> dns_str_resflags.c:63:22: error: ‘RES_INSECURE1’ undeclared here (not in a
> function); did you mean ‘RES_RECURSE’?
> "RES_INSECURE1", RES_INSECURE1,
> ^~~~~~~~~~~~~
> RES_RECURSE
> --8<---------------cut here---------------end--------------->8---
>
> Luckily, that was easily fixed by updating postfix to 3.5.0.
>

Thanks for having a look.

Toggle quote (62 lines)
>
> >> When I hack around and create /etc/ailases.db, it works.
> > I would like to add a service config for this.
>
> I found we already have mail-aliases-service-type, so I used that,
> together with running postalias. Now, queuing mail works ootb...but
> delivery seems not to work: it remains queued.
>
> I rebased wip-postfix and added a couple of patches for this. Please
> feel free to revert them if you don't like it :-)
>
> When starting postfix like so
>
> --8<---------------cut here---------------start------------->8---
> ./pre-inst-env guix system vm gnu/system/examples/postfix.tmpl`\
> --nographic -m 1G\
> --nic
> user,model=virtio-net-pci,hostfwd=tcp::12025-:25,hostfwd=tcp:127.0.0.1:12022
> -:2222
> --8<---------------cut here---------------end--------------->8---
>
> I'm seeing
>
> --8<---------------cut here---------------start------------->8---
> 07:39:18 janneke@dundal:~/src/guix/wip-postfix [env]
> $ telnet localhost 12025
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 komputilo.localdomain ESMTP Postfix
> mail from: root
> mail from: root
> 250 2.1.0 Ok
> rcpt to: alice
> rcpt to: alice
> 250 2.1.5 Ok
> data
> data
> 354 End data with <CR><LF>.<CR><LF>
> hello Alice!
> hello Alice!
> .
> .
> 250 2.0.0 Ok: queued as E26BA3116
> quit
> quit
> 221 2.0.0 Bye
> Connection closed by foreign host.
> 08:03:53 janneke@dundal:~/src/guix/wip-postfix [env]
> $ ssh -p 12022 root@localhost
> /gnu/store/mydn0wr0bs7mz3rx9fwihpma26r0dpqq-postfix-minimal-3.5.0/mailq -C
> /gnu/store/nj5pa9l9zy6vx5484pbdsqnilva8bivc-postfix-config-dir
> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
> E26BA3116* 175 Mon Aug 10 08:00:50 root@komputilo.localdomain
> alice@komputilo.localdomain
>
> -- 0 Kbytes in 1 Request.
> --8<---------------cut here---------------end--------------->8---
>
> Ideas?
>

I will have a look early next week. Most probably the setuid stuff is
missing, and access is denied to something.

Toggle quote (23 lines)
>
> >> It looks like most everything is installed in a single, flat directory
> >>
> >> /gnu/store/pyv0rpd6zs0m2i482cb8qxd6mhf5b47z-postfix-minimal-3.4.8
> >>
> >> executables, copies of readmes, (unused?) config files (main.cf,
> >> aliases)?
> >
> > Yes, but can be easily separated. The config files are installer
> > generated, and not used.
>
> Ok => TODO :-)
>
> >> Anyhow, this is a great start; next Mailman?
> >
> > One thing that blocks me from finishing this is that the setuid
> > programs in the os declatation should be extended, so that we can use
> > the privilege separation of postfix. I would like to propose a patch
> > later this week.
>
> Any insight here, something blocking maybe?
>

Nothing in particular. I had little time recently. I just finished a bigger
project, and I was on holiday. I will try to propose an interface for this
next week.


Toggle quote (4 lines)
> Greetings,
> Janneke
>

Regards,
g_bor

Toggle quote (18 lines)
>
> Jan (janneke) Nieuwenhuizen (5):
> gnu: postfix-minimal: Updato to 3.5.0.
> system: examples: Add postfix.tmpl.
> gnu: postfix-minimal: Fix startup warnings.
> service: postfix: Use mail-aliases-service-type.
> system: postfix.tmpl: Add mail-aliases-service.
>
> gnu/packages/mail.scm | 32 ++++++++++++-------
> gnu/services/mail.scm | 12 ++++++-
> gnu/system/examples/postfix.tmpl | 54 ++++++++++++++++++++++++++++++++
> 3 files changed, 86 insertions(+), 12 deletions(-)
> create mode 100644 gnu/system/examples/postfix.tmpl
>
> --
> Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
> Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
>
Attachment: file
C
C
Christine Lemmer-Webber wrote on 29 Jul 2021 18:19
(name . Gábor Boskovits)(address . boskovits@gmail.com)
87bl6lks91.fsf@dustycloud.org
Gábor Boskovits writes:

Toggle quote (94 lines)
> Hello Jan,
>
>> I took the liberty of rebasing wip-postfix on latest master and
>> found it does not compile
>>
>> --8<---------------cut here---------------start------------->8---
>> gcc -fPIC -I. -I../../include -DNO_EAI -DDEF_SMTPUTF8_ENABLE=\"no\"
>> -DHAS_DEV_URANDOM
>> -DDEF_SHLIB_DIR=\"/gnu/store/hbdrbb84krvjvw58vmr1pvzb6l3gbmyv-postfix-minimal-3.4.8\"
>> -DUSE_DYNAMIC_LIBS -DUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat
>> -Wno-comment -fPIC -g -O -I. -I../../include -DLINUX5 -c dns_str_resflags.c
>> dns_str_resflags.c:55:13: warning: RES_AAONLY is deprecated
>> "RES_AAONLY", RES_AAONLY,
>> ^~~~~~~~~~~~~~~~~
>> dns_str_resflags.c:57:13: warning: RES_PRIMARY is deprecated
>> "RES_PRIMARY", RES_PRIMARY,
>> ^~~~~~~~~~~~~~~~~~~
>> dns_str_resflags.c:63:22: error: ‘RES_INSECURE1’ undeclared here (not in a
>> function); did you mean ‘RES_RECURSE’?
>> "RES_INSECURE1", RES_INSECURE1,
>> ^~~~~~~~~~~~~
>> RES_RECURSE
>> --8<---------------cut here---------------end--------------->8---
>>
>> Luckily, that was easily fixed by updating postfix to 3.5.0.
>>
>
> Thanks for having a look.
>
>>
>> >> When I hack around and create /etc/ailases.db, it works.
>> > I would like to add a service config for this.
>>
>> I found we already have mail-aliases-service-type, so I used that,
>> together with running postalias. Now, queuing mail works ootb...but
>> delivery seems not to work: it remains queued.
>>
>> I rebased wip-postfix and added a couple of patches for this. Please
>> feel free to revert them if you don't like it :-)
>>
>> When starting postfix like so
>>
>> --8<---------------cut here---------------start------------->8---
>> ./pre-inst-env guix system vm gnu/system/examples/postfix.tmpl`\
>> --nographic -m 1G\
>> --nic
>> user,model=virtio-net-pci,hostfwd=tcp::12025-:25,hostfwd=tcp:127.0.0.1:12022
>> -:2222
>> --8<---------------cut here---------------end--------------->8---
>>
>> I'm seeing
>>
>> --8<---------------cut here---------------start------------->8---
>> 07:39:18 janneke@dundal:~/src/guix/wip-postfix [env]
>> $ telnet localhost 12025
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>> 220 komputilo.localdomain ESMTP Postfix
>> mail from: root
>> mail from: root
>> 250 2.1.0 Ok
>> rcpt to: alice
>> rcpt to: alice
>> 250 2.1.5 Ok
>> data
>> data
>> 354 End data with <CR><LF>.<CR><LF>
>> hello Alice!
>> hello Alice!
>> .
>> .
>> 250 2.0.0 Ok: queued as E26BA3116
>> quit
>> quit
>> 221 2.0.0 Bye
>> Connection closed by foreign host.
>> 08:03:53 janneke@dundal:~/src/guix/wip-postfix [env]
>> $ ssh -p 12022 root@localhost
>> /gnu/store/mydn0wr0bs7mz3rx9fwihpma26r0dpqq-postfix-minimal-3.5.0/mailq -C
>> /gnu/store/nj5pa9l9zy6vx5484pbdsqnilva8bivc-postfix-config-dir
>> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
>> E26BA3116* 175 Mon Aug 10 08:00:50 root@komputilo.localdomain
>> alice@komputilo.localdomain
>>
>> -- 0 Kbytes in 1 Request.
>> --8<---------------cut here---------------end--------------->8---
>>
>> Ideas?
>>
>
> I will have a look early next week. Most probably the setuid stuff is
> missing, and access is denied to something.

Good news, the new setuid stuff is in now in git master.

This probably means wip-postfix could be rebased on top of it again and
could take advantage of it?
C
C
Christine Lemmer-Webber wrote on 29 Jul 2021 18:22
Re: [bug#35619] [PATCH 5/5] system: postfix.tmpl: Add mail-aliases-service.
(name . Jan (janneke) Nieuwenhuizen)(address . janneke@gnu.org)
8735rxks2p.fsf@dustycloud.org
Now that the new setuid tooling is in, we should probably try updating
this and getting it going again. The wip-postfix branch should probably
be rebased as a first step and adjusted to use the new setuid tooling?

Anything else that should be done to make it happen?

- Christine
G
G
Gábor Boskovits wrote on 29 Jul 2021 20:49
(name . Christine Lemmer-Webber)(address . cwebber@dustycloud.org)
CAE4v=piX7ZrXpYWydPUfm=+X9TZ9WouPJ1_F1oEOCSGVUSTeiw@mail.gmail.com
Hello,

yup, that should be the first step. Once that is done I can have a look at
this again, and see what is missing.


Christine Lemmer-Webber <cwebber@dustycloud.org> ezt írta (id?pont: 2021.
júl. 29., Cs, 18:22):

Toggle quote (10 lines)
> Now that the new setuid tooling is in, we should probably try updating
> this and getting it going again. The wip-postfix branch should probably
> be rebased as a first step and adjusted to use the new setuid tooling?
>
> Anything else that should be done to make it happen?
>
> - Christine
>


--
OpenPGP Key Fingerprint: 7988:3B9F:7D6A:4DBF:3719:0367:2506:A96C:CF63:0B21
Attachment: file
C
C
Christine Lemmer-Webber wrote on 30 Jul 2021 16:16
(name . Gábor Boskovits)(address . boskovits@gmail.com)
878s1nj3a7.fsf@dustycloud.org
I've rebased wip-postfix and pushed it up.

The new setuid stuff is not yet added, I just rebased the older commits
on top.

Gábor Boskovits writes:

Toggle quote (17 lines)
> Hello,
>
> yup, that should be the first step. Once that is done I can have a look at
> this again, and see what is missing.
>
>
> Christine Lemmer-Webber <cwebber@dustycloud.org> ezt írta (id?pont: 2021.
> júl. 29., Cs, 18:22):
>
>> Now that the new setuid tooling is in, we should probably try updating
>> this and getting it going again. The wip-postfix branch should probably
>> be rebased as a first step and adjusted to use the new setuid tooling?
>>
>> Anything else that should be done to make it happen?
>>
>> - Christine
>>
R
R
Ricardo Wurmus wrote on 12 Jun 2022 12:29
WIP version of postfix.scm
(address . 35619@debbugs.gnu.org)
87edzu18cm.fsf@elephly.net
I just rebased all of this, changed the input style to plain lists,
removed trailing #t from build phases, and upgraded postfix to 3.7.

What is missing to get this merged?

--
Ricardo
R
R
Ricardo Wurmus wrote on 7 Sep 2023 18:13
(address . 35619@debbugs.gnu.org)
87zg1y6js0.fsf@elephly.net
I rebased again and upgraded to 3.7.7.

What remains to be done? People above mentioned something about setuid,
but I don’t know if that’s something that needs to change in the service
definition or the example configuration, or both.

--
Ricardo
R
R
Ricardo Wurmus wrote on 7 Sep 2023 21:32
(address . 35619@debbugs.gnu.org)
87r0n97p65.fsf@elephly.net
Okay, I made a few more changes:

- fixed typos

- fixed installation locations so the executables aren’t dumped into
the prefix directory
- let the postfix-service-type conditionally extend
setuid-program-service-type to setgid on the executables

What’s missing:

- rough tests to see if this works at all
- documentation of the service

Any takers?

--
Ricardo
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 35619@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 35619
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch