[PATCH] services: dovecot: Fix "/var/run/dovecot" owner.

  • Open
  • quality assurance status badge
Details
One participant
  • Brice Waegeneire
Owner
unassigned
Submitted by
Brice Waegeneire
Severity
normal
B
B
Brice Waegeneire wrote on 19 Jul 2021 23:19
(address . guix-patches@gnu.org)
20210719211943.23824-1-brice@waegenei.re
* gnu/services/mail.scm (%dovecot-activation)[mkdir-p/perms]: Change
owner of "directory" not the static string "/var/run/dovecot".
---
gnu/services/mail.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Following a discussion on IRC¹. There are several other bug in that service
but those should only manifest when using non default configuration, for
example using a user other that "dovecot" or a run time directory other than
"/var/run/dovevot", etc...


Toggle diff (15 lines)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 72dc123f41..805f4ec864 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1515,7 +1515,7 @@ greyed out, instead of only later giving \"not selectable\" popup error.
(use-modules (guix build utils))
(define (mkdir-p/perms directory owner perms)
(mkdir-p directory)
- (chown "/var/run/dovecot" (passwd:uid owner) (passwd:gid owner))
+ (chown directory (passwd:uid owner) (passwd:gid owner))
(chmod directory perms))
(define (build-subject parameters)
(string-concatenate
--
2.32.0
B
B
Brice Waegeneire wrote on 21 Dec 2021 21:36
[PATCH v2] services: dovecot: Fix "/var/run/dovecot" owner.
(address . 49650@debbugs.gnu.org)
20211221203603.7326-1-brice@waegenei.re
* gnu/services/mail.scm (%dovecot-activation)[mkdir-p/perms]: Use
procedure defined in (gnu build activation), fixing the 'chown' call
which was using the static string "/var/run/dovecot".
---

This version replace the faulty mkdir-p/perms procedure with a correct and
more widely used one. It pass the system check:

Toggle snippet (13 lines)
$ make check-system TESTS="dovecot" -j4
[...]
%%%% Starting test dovecot (Writing full log to "/gnu/store/q8iyyvzk954vfc1ihwzvd0ma6f2vxjf7-dovecot-test/dovecot.log")
marionette is ready
PASS: dovecot running
PASS: service process id
PASS: accept an email
PASS: mail arrived
# of expected passes 4
successfully built /gnu/store/2i0jkcpirr5v5wr9bvmgvphc7lh3zwir-dovecot-test.drv
/gnu/store/q8iyyvzk954vfc1ihwzvd0ma6f2vxjf7-dovecot-test

gnu/services/mail.scm | 117 +++++++++++++++++++++---------------------
1 file changed, 59 insertions(+), 58 deletions(-)

Toggle diff (146 lines)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 4ad6ddb534..f376c67284 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2017, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 Kristofer Buffington <kristoferbuffington@gmail.com>
;;; Copyright © 2020 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -35,6 +36,7 @@ (define-module (gnu services mail)
#:use-module (gnu packages dav)
#:use-module (gnu packages tls)
#:use-module (guix records)
+ #:use-module (guix modules)
#:use-module (guix packages)
#:use-module (guix gexp)
#:use-module (ice-9 match)
@@ -1511,64 +1513,63 @@ (define (%dovecot-activation config)
(lambda ()
(serialize-configuration config
dovecot-configuration-fields)))))))
- #~(begin
- (use-modules (guix build utils))
- (define (mkdir-p/perms directory owner perms)
- (mkdir-p directory)
- (chown "/var/run/dovecot" (passwd:uid owner) (passwd:gid owner))
- (chmod directory perms))
- (define (build-subject parameters)
- (string-concatenate
- (map (lambda (pair)
- (let ((k (car pair)) (v (cdr pair)))
- (define (escape-char str chr)
- (string-join (string-split str chr) (string #\\ chr)))
- (string-append "/" k "="
- (escape-char (escape-char v #\=) #\/))))
- (filter (lambda (pair) (cdr pair)) parameters))))
- (define* (create-self-signed-certificate-if-absent
- #:key private-key public-key (owner (getpwnam "root"))
- (common-name (gethostname))
- (organization-name "Guix")
- (organization-unit-name "Default Self-Signed Certificate")
- (subject-parameters `(("CN" . ,common-name)
- ("O" . ,organization-name)
- ("OU" . ,organization-unit-name)))
- (subject (build-subject subject-parameters)))
- ;; Note that by default, OpenSSL outputs keys in PEM format. This
- ;; is what we want.
- (unless (file-exists? private-key)
- (cond
- ((zero? (system* (string-append #$openssl "/bin/openssl")
- "genrsa" "-out" private-key "2048"))
- (chown private-key (passwd:uid owner) (passwd:gid owner))
- (chmod private-key #o400))
- (else
- (format (current-error-port)
- "Failed to create private key at ~a.\n" private-key))))
- (unless (file-exists? public-key)
- (cond
- ((zero? (system* (string-append #$openssl "/bin/openssl")
- "req" "-new" "-x509" "-key" private-key
- "-out" public-key "-days" "3650"
- "-batch" "-subj" subject))
- (chown public-key (passwd:uid owner) (passwd:gid owner))
- (chmod public-key #o444))
- (else
- (format (current-error-port)
- "Failed to create public key at ~a.\n" public-key)))))
- (let ((user (getpwnam "dovecot")))
- (mkdir-p/perms "/var/run/dovecot" user #o755)
- (mkdir-p/perms "/var/lib/dovecot" user #o755)
- (mkdir-p/perms "/etc/dovecot" user #o755)
- (copy-file #$(plain-file "dovecot.conf" config-str)
- "/etc/dovecot/dovecot.conf")
- (mkdir-p/perms "/etc/dovecot/private" user #o700)
- (create-self-signed-certificate-if-absent
- #:private-key "/etc/dovecot/private/default.pem"
- #:public-key "/etc/dovecot/default.pem"
- #:owner (getpwnam "root")
- #:common-name (format #f "Dovecot service on ~a" (gethostname)))))))
+ (with-imported-modules (source-module-closure
+ '((gnu build activation)))
+ #~(begin
+ (use-modules (guix build utils)
+ (gnu build activation))
+ (define (build-subject parameters)
+ (string-concatenate
+ (map (lambda (pair)
+ (let ((k (car pair)) (v (cdr pair)))
+ (define (escape-char str chr)
+ (string-join (string-split str chr) (string #\\ chr)))
+ (string-append "/" k "="
+ (escape-char (escape-char v #\=) #\/))))
+ (filter (lambda (pair) (cdr pair)) parameters))))
+ (define* (create-self-signed-certificate-if-absent
+ #:key private-key public-key (owner (getpwnam "root"))
+ (common-name (gethostname))
+ (organization-name "Guix")
+ (organization-unit-name "Default Self-Signed Certificate")
+ (subject-parameters `(("CN" . ,common-name)
+ ("O" . ,organization-name)
+ ("OU" . ,organization-unit-name)))
+ (subject (build-subject subject-parameters)))
+ ;; Note that by default, OpenSSL outputs keys in PEM format. This
+ ;; is what we want.
+ (unless (file-exists? private-key)
+ (cond
+ ((zero? (system* (string-append #$openssl "/bin/openssl")
+ "genrsa" "-out" private-key "2048"))
+ (chown private-key (passwd:uid owner) (passwd:gid owner))
+ (chmod private-key #o400))
+ (else
+ (format (current-error-port)
+ "Failed to create private key at ~a.\n" private-key))))
+ (unless (file-exists? public-key)
+ (cond
+ ((zero? (system* (string-append #$openssl "/bin/openssl")
+ "req" "-new" "-x509" "-key" private-key
+ "-out" public-key "-days" "3650"
+ "-batch" "-subj" subject))
+ (chown public-key (passwd:uid owner) (passwd:gid owner))
+ (chmod public-key #o444))
+ (else
+ (format (current-error-port)
+ "Failed to create public key at ~a.\n" public-key)))))
+ (let ((user (getpwnam "dovecot")))
+ (mkdir-p/perms "/var/run/dovecot" user #o755)
+ (mkdir-p/perms "/var/lib/dovecot" user #o755)
+ (mkdir-p/perms "/etc/dovecot" user #o755)
+ (copy-file #$(plain-file "dovecot.conf" config-str)
+ "/etc/dovecot/dovecot.conf")
+ (mkdir-p/perms "/etc/dovecot/private" user #o700)
+ (create-self-signed-certificate-if-absent
+ #:private-key "/etc/dovecot/private/default.pem"
+ #:public-key "/etc/dovecot/default.pem"
+ #:owner (getpwnam "root")
+ #:common-name (format #f "Dovecot service on ~a" (gethostname))))))))
(define (dovecot-shepherd-service config)
"Return a list of <shepherd-service> for CONFIG."

base-commit: 87e5502d406bfb44b61f7577b241602e02a3498e
--
2.34.0
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 49650@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 49650
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch