[PATCH] services: dovecot: Fix "/var/run/dovecot" owner.

  • Open
  • quality assurance status badge
Details
One participant
  • Brice Waegeneire
Owner
unassigned
Submitted by
Brice Waegeneire
Severity
normal
B
B
Brice Waegeneire wrote on 19 Jul 2021 23:19
(address . guix-patches@gnu.org)
20210719211943.23824-1-brice@waegenei.re
* gnu/services/mail.scm (%dovecot-activation)[mkdir-p/perms]: Change
owner of "directory" not the static string "/var/run/dovecot".
---
gnu/services/mail.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Following a discussion on IRC¹. There are several other bug in that service
but those should only manifest when using non default configuration, for
example using a user other that "dovecot" or a run time directory other than
"/var/run/dovevot", etc...


Toggle diff (15 lines)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 72dc123f41..805f4ec864 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1515,7 +1515,7 @@ greyed out, instead of only later giving \"not selectable\" popup error.
(use-modules (guix build utils))
(define (mkdir-p/perms directory owner perms)
(mkdir-p directory)
- (chown "/var/run/dovecot" (passwd:uid owner) (passwd:gid owner))
+ (chown directory (passwd:uid owner) (passwd:gid owner))
(chmod directory perms))
(define (build-subject parameters)
(string-concatenate
--
2.32.0
B
B
Brice Waegeneire wrote on 21 Dec 2021 21:36
[PATCH v2] services: dovecot: Fix "/var/run/dovecot" owner.
(address . 49650@debbugs.gnu.org)
20211221203603.7326-1-brice@waegenei.re
* gnu/services/mail.scm (%dovecot-activation)[mkdir-p/perms]: Use
procedure defined in (gnu build activation), fixing the 'chown' call
which was using the static string "/var/run/dovecot".
---

This version replace the faulty mkdir-p/perms procedure with a correct and
more widely used one. It pass the system check:

Toggle snippet (13 lines)
$ make check-system TESTS="dovecot" -j4
[...]
%%%% Starting test dovecot (Writing full log to "/gnu/store/q8iyyvzk954vfc1ihwzvd0ma6f2vxjf7-dovecot-test/dovecot.log")
marionette is ready
PASS: dovecot running
PASS: service process id
PASS: accept an email
PASS: mail arrived
# of expected passes 4
successfully built /gnu/store/2i0jkcpirr5v5wr9bvmgvphc7lh3zwir-dovecot-test.drv
/gnu/store/q8iyyvzk954vfc1ihwzvd0ma6f2vxjf7-dovecot-test

gnu/services/mail.scm | 117 +++++++++++++++++++++---------------------
1 file changed, 59 insertions(+), 58 deletions(-)

Toggle diff (146 lines)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 4ad6ddb534..f376c67284 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2017, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 Kristofer Buffington <kristoferbuffington@gmail.com>
;;; Copyright © 2020 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -35,6 +36,7 @@ (define-module (gnu services mail)
#:use-module (gnu packages dav)
#:use-module (gnu packages tls)
#:use-module (guix records)
+ #:use-module (guix modules)
#:use-module (guix packages)
#:use-module (guix gexp)
#:use-module (ice-9 match)
@@ -1511,64 +1513,63 @@ (define (%dovecot-activation config)
(lambda ()
(serialize-configuration config
dovecot-configuration-fields)))))))
- #~(begin
- (use-modules (guix build utils))
- (define (mkdir-p/perms directory owner perms)
- (mkdir-p directory)
- (chown "/var/run/dovecot" (passwd:uid owner) (passwd:gid owner))
- (chmod directory perms))
- (define (build-subject parameters)
- (string-concatenate
- (map (lambda (pair)
- (let ((k (car pair)) (v (cdr pair)))
- (define (escape-char str chr)
- (string-join (string-split str chr) (string #\\ chr)))
- (string-append "/" k "="
- (escape-char (escape-char v #\=) #\/))))
- (filter (lambda (pair) (cdr pair)) parameters))))
- (define* (create-self-signed-certificate-if-absent
- #:key private-key public-key (owner (getpwnam "root"))
- (common-name (gethostname))
- (organization-name "Guix")
- (organization-unit-name "Default Self-Signed Certificate")
- (subject-parameters `(("CN" . ,common-name)
- ("O" . ,organization-name)
- ("OU" . ,organization-unit-name)))
- (subject (build-subject subject-parameters)))
- ;; Note that by default, OpenSSL outputs keys in PEM format. This
- ;; is what we want.
- (unless (file-exists? private-key)
- (cond
- ((zero? (system* (string-append #$openssl "/bin/openssl")
- "genrsa" "-out" private-key "2048"))
- (chown private-key (passwd:uid owner) (passwd:gid owner))
- (chmod private-key #o400))
- (else
- (format (current-error-port)
- "Failed to create private key at ~a.\n" private-key))))
- (unless (file-exists? public-key)
- (cond
- ((zero? (system* (string-append #$openssl "/bin/openssl")
- "req" "-new" "-x509" "-key" private-key
- "-out" public-key "-days" "3650"
- "-batch" "-subj" subject))
- (chown public-key (passwd:uid owner) (passwd:gid owner))
- (chmod public-key #o444))
- (else
- (format (current-error-port)
- "Failed to create public key at ~a.\n" public-key)))))
- (let ((user (getpwnam "dovecot")))
- (mkdir-p/perms "/var/run/dovecot" user #o755)
- (mkdir-p/perms "/var/lib/dovecot" user #o755)
- (mkdir-p/perms "/etc/dovecot" user #o755)
- (copy-file #$(plain-file "dovecot.conf" config-str)
- "/etc/dovecot/dovecot.conf")
- (mkdir-p/perms "/etc/dovecot/private" user #o700)
- (create-self-signed-certificate-if-absent
- #:private-key "/etc/dovecot/private/default.pem"
- #:public-key "/etc/dovecot/default.pem"
- #:owner (getpwnam "root")
- #:common-name (format #f "Dovecot service on ~a" (gethostname)))))))
+ (with-imported-modules (source-module-closure
+ '((gnu build activation)))
+ #~(begin
+ (use-modules (guix build utils)
+ (gnu build activation))
+ (define (build-subject parameters)
+ (string-concatenate
+ (map (lambda (pair)
+ (let ((k (car pair)) (v (cdr pair)))
+ (define (escape-char str chr)
+ (string-join (string-split str chr) (string #\\ chr)))
+ (string-append "/" k "="
+ (escape-char (escape-char v #\=) #\/))))
+ (filter (lambda (pair) (cdr pair)) parameters))))
+ (define* (create-self-signed-certificate-if-absent
+ #:key private-key public-key (owner (getpwnam "root"))
+ (common-name (gethostname))
+ (organization-name "Guix")
+ (organization-unit-name "Default Self-Signed Certificate")
+ (subject-parameters `(("CN" . ,common-name)
+ ("O" . ,organization-name)
+ ("OU" . ,organization-unit-name)))
+ (subject (build-subject subject-parameters)))
+ ;; Note that by default, OpenSSL outputs keys in PEM format. This
+ ;; is what we want.
+ (unless (file-exists? private-key)
+ (cond
+ ((zero? (system* (string-append #$openssl "/bin/openssl")
+ "genrsa" "-out" private-key "2048"))
+ (chown private-key (passwd:uid owner) (passwd:gid owner))
+ (chmod private-key #o400))
+ (else
+ (format (current-error-port)
+ "Failed to create private key at ~a.\n" private-key))))
+ (unless (file-exists? public-key)
+ (cond
+ ((zero? (system* (string-append #$openssl "/bin/openssl")
+ "req" "-new" "-x509" "-key" private-key
+ "-out" public-key "-days" "3650"
+ "-batch" "-subj" subject))
+ (chown public-key (passwd:uid owner) (passwd:gid owner))
+ (chmod public-key #o444))
+ (else
+ (format (current-error-port)
+ "Failed to create public key at ~a.\n" public-key)))))
+ (let ((user (getpwnam "dovecot")))
+ (mkdir-p/perms "/var/run/dovecot" user #o755)
+ (mkdir-p/perms "/var/lib/dovecot" user #o755)
+ (mkdir-p/perms "/etc/dovecot" user #o755)
+ (copy-file #$(plain-file "dovecot.conf" config-str)
+ "/etc/dovecot/dovecot.conf")
+ (mkdir-p/perms "/etc/dovecot/private" user #o700)
+ (create-self-signed-certificate-if-absent
+ #:private-key "/etc/dovecot/private/default.pem"
+ #:public-key "/etc/dovecot/default.pem"
+ #:owner (getpwnam "root")
+ #:common-name (format #f "Dovecot service on ~a" (gethostname))))))))
(define (dovecot-shepherd-service config)
"Return a list of <shepherd-service> for CONFIG."

base-commit: 87e5502d406bfb44b61f7577b241602e02a3498e
--
2.34.0
?