diff options
| author | Jakub Jirutka <jakub@jirutka.cz> | 2018-07-25 02:13:58 +0200 |
|---|---|---|
| committer | Jakub Jirutka <jakub@jirutka.cz> | 2018-07-25 02:52:12 +0200 |
| commit | 51d7f21cb1cd1b2a475ae0106d93b64d667ee20e (patch) | |
| tree | ae89197fe85452064df46c340a57e413b44dd6df /community/rspamd | |
| parent | bfd042a2dfb36acd7c82d37d06e3aaa2759a8225 (diff) | |
| download | aports-51d7f21cb1cd1b2a475ae0106d93b64d667ee20e.tar.bz2 aports-51d7f21cb1cd1b2a475ae0106d93b64d667ee20e.tar.xz | |
community/rspamd: rewrite init script, start as unprivileged user
It's init/rc system's job to daemonize process and drop privileges!
Diffstat (limited to 'community/rspamd')
| -rw-r--r-- | community/rspamd/APKBUILD | 12 | ||||
| -rw-r--r-- | community/rspamd/default-configs.patch | 10 | ||||
| -rw-r--r-- | community/rspamd/rspamd.confd | 23 | ||||
| -rw-r--r-- | community/rspamd/rspamd.initd | 52 | ||||
| -rw-r--r-- | community/rspamd/rspamd.post-upgrade | 12 |
5 files changed, 69 insertions, 40 deletions
diff --git a/community/rspamd/APKBUILD b/community/rspamd/APKBUILD index bb924c65a7..1466f7fd40 100644 --- a/community/rspamd/APKBUILD +++ b/community/rspamd/APKBUILD @@ -2,6 +2,7 @@ # Contributor: Valery Kartel <valery.kartel@gmail.com> # Contributor: Nathan Angelacos <nangel@alpinelinux.org> # Contributor: TBK <alpine@jjtc.eu> +# Contributor: Jakub Jirutka <jakub@jirutka.cz> pkgname=rspamd pkgver=1.7.8 pkgrel=1 @@ -28,7 +29,7 @@ makedepends=" ragel sqlite-dev " -install="$pkgname.pre-install" +install="$pkgname.pre-install $pkgname.post-upgrade" subpackages=" $pkgname-doc $pkgname-client @@ -93,7 +94,8 @@ package() { install -dm 750 -o rspamd -g rspamd \ ./var/lib/$pkgname \ ./var/lib/$pkgname/dynamic - install -dm 750 -g rspamd ./var/log/$pkgname + install -dm 750 -o rspamd -g rspamd \ + ./var/log/$pkgname } client() { @@ -149,8 +151,8 @@ _mv() { sha512sums="43f2350dfa4e0369cd53480bd4c8d0aa3898d7c471540281e7460a264207032aea226c4fd519a26397b9e9e8c8de3951e5a9752e010eabf1b3733a0c3e3086c2 rspamd-1.7.8.tar.gz 2efe28575c40d1fba84b189bb872860e744400db80dce2f6330be6c6287fb3f46e6511284729b957488bf40bcb9b0952e26df9934f5f138334bd2766075c45cb rspamd.logrotated -df37726d03e676b16d707854d95bafc9162da65c27bb150edbfc0cb00f1842188a1f2a8f1b82be5ae2a253b4f4db4d93dfe804a89feb988b5af858eb3f3458be rspamd.initd -e417dd825d1b4d03d115db037b2fdf2f48a35420ee7a9010d97167b6c31e88d6c0a15dd33b21d7d76856db0fdc5097c922fcdf1d8164d1e92ae377f7c5303947 rspamd.confd +89dbe56ed5350f5b3dc683ad6c66fcbb41817594d74a69a1a656408c0690130cf5694d8b6eabdef6bd2f242b966f4c29d24e5c5a1d3f3948ae2eeb95c494e850 rspamd.initd +a2003ef0c9d64a44480f59302864a2dfedcbe3a0047fcbb655408bc8aae9014b6ad0ddc6b64d4abeeb21bea0f86678afd30589ac8eed83e07ad7f87710e93702 rspamd.confd fa0e14d507cd7421a20916506c03e6e6c95fb2f38736e69540ee3e066da883c2ee4cb779ee8787756e4a1831ff8f04150ce592d4d6df08d8a18d55f3c6de4646 cmakelists.patch a8aefee649bf6630339d1d3f2bb20c25ca70b21a8eaa92951e926d0fd4525f1d4ac4cc7ea66ac2b15323cf02c93c759ddf7181502f0d71b21384ced9d88c008e conf-split-workers.patch -d3b466751392617dd8ffe63b63262c5bb2a066731057a5bf24a4990e5eaa22b1063017a0d186b758de87a2c57b57b762cc84858439aa6e7ded2b0b15dd4d4771 default-configs.patch" +bca1b1361524e1c582f2d6f9d754766c63f60a856b9f0d858e17dfebb40f2046db3a759eb3dffc5075460c3d3b64224092e043f07bcd8331daa97babc61ea973 default-configs.patch" diff --git a/community/rspamd/default-configs.patch b/community/rspamd/default-configs.patch index 776444f9cb..fd428c78ca 100644 --- a/community/rspamd/default-configs.patch +++ b/community/rspamd/default-configs.patch @@ -20,3 +20,13 @@ Distro-specific adjustments of the default configs. history_rows = 200; explicit_modules = ["settings", "bayes_expiry"]; +--- a/conf/rspamd.conf ++++ b/conf/rspamd.conf +@@ -18,7 +18,6 @@ + .include "$CONFDIR/common.conf" + + options { +- pidfile = "$RUNDIR/rspamd.pid"; + .include "$CONFDIR/options.inc" + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/options.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/options.inc" diff --git a/community/rspamd/rspamd.confd b/community/rspamd/rspamd.confd index e804b2b642..620eecb947 100644 --- a/community/rspamd/rspamd.confd +++ b/community/rspamd/rspamd.confd @@ -1,16 +1,13 @@ -# User and group to run rspamd workers -#RSPAMD_USER=rspamd -#RSPAMD_GROUP=rspamd +# Configuration for /etc/init.d/rspamd -# Main config dir or file -#RSPAMD_CONFDIR=/etc/rspamd -#RSPAMD_CONFIG=/etc/rspamd/rspamd.conf +# User and group to run rspamd workers. +#command_user="rspamd:rspamd" -# PID file. Settings from config files are ignored -#RSPAMD_PIDFILE=/run/$RC_SVCNAME/rspamd.pid +# Path of the main configuration file. +#cfgfile="/etc/rspamd/rspamd.conf" -# Where to log startup configuration checking -# - /dev/null - silent (default) -# - /dev/stdout - show output on curent terminal -# - /path/filename - append to specified logfile -#RSPAMD_STARTUPLOG=/var/log/rspamd/startup.log +# Where to log startup configuration checking: +# - /dev/null - silent if check pass (default) +# - /dev/stdout - always print output on the curent terminal +# - /path/filename - append output to the specified logfile +#startuplog="/var/log/rspamd/startup.log" diff --git a/community/rspamd/rspamd.initd b/community/rspamd/rspamd.initd index 79e9d0d910..7aaa25a516 100644 --- a/community/rspamd/rspamd.initd +++ b/community/rspamd/rspamd.initd @@ -1,46 +1,54 @@ #!/sbin/openrc-run -description="Rapid spam filtering system" - -: ${user:=${RSPAMD_USER:-rspamd}} -: ${group:=${RSPAMD_GROUP:-rspamd}} -: ${cfgdir:=${RSPAMD_CONFDIR:-/etc/rspamd}} -: ${cfgfile:=${RSPAMD_CONFIG:-$cfgdir/rspamd.conf}} -: ${pidfile:=${RSPAMD_PIDFILE:-/run/$RC_SVCNAME/rspamd.pid}} - -command=/usr/sbin/rspamd -command_args="-u $user -g $group -c $cfgfile -p $pidfile" -required_files="$cfgfile" extra_commands="checkconfig" extra_started_commands="reload reopen" -description_checkconfig="Verify configuration" + +description="Rapid spam filtering system" +description_checkconfig="Check configuration" description_reload="Reload configuration" description_reopen="Reopen log files" +# Uppercase variables are here for backward compatibility only. +: ${command_user:="${RSPAMD_USER:-rspamd}:${RSPAMD_GROUP:-rspamd}"} +: ${cfgfile:=${RSPAMD_CONFIG:-/etc/rspamd/rspamd.conf}} +: ${startuplog:=${RSPAMD_STARTUPLOG:-/dev/null}} + +command="/usr/sbin/rspamd" +command_args="--config $cfgfile --no-fork ${command_args:-}" +command_background="yes" +pidfile="/run/rspamd/$RC_SVCNAME.pid" + +required_files="$cfgfile" + depend() { need localmount net before mta + after redis } -checkconfig() { - ebegin "Checking $RC_SVCNAME config" - $command $command_args -t - eend $? +start_pre() { + checkpath -d -m 750 -o "$command_user" ${pidfile%/*} + checkconfig >/dev/null 2>>"$startuplog" || checkconfig } -start_pre() { - checkpath -d -m 750 -o $user:$group ${pidfile%/*} - checkconfig >/dev/null 2>>${startuplog:=${RSPAMD_STARTUPLOG:-/dev/null}} +checkconfig() { + ebegin "Checking $name configuration" + + $command $command_args \ + -u "${command_user%:*}" \ + -g "${command_user#*:}" \ + --config-test + eend $? } reload() { - ebegin "Reloading $RC_SVCNAME config" - checkconfig >/dev/null 2>&1 && start-stop-daemon --signal HUP --pidfile $pidfile + ebegin "Reloading $name configuration" + start_pre && start-stop-daemon --signal HUP --pidfile $pidfile eend $? } reopen() { - ebegin "Reopening $RC_SVCNAME log files" + ebegin "Reopening $name log files" start-stop-daemon --signal USR1 --pidfile $pidfile eend $? } diff --git a/community/rspamd/rspamd.post-upgrade b/community/rspamd/rspamd.post-upgrade new file mode 100644 index 0000000000..cf3e277ddf --- /dev/null +++ b/community/rspamd/rspamd.post-upgrade @@ -0,0 +1,12 @@ +#!/bin/sh + +ver_new="$1" +ver_old="$2" + +if [ "$(apk version -t "$ver_old" '1.7.8-r1')" = '<' ]; then + if [ "$(stat -c %U:%G /var/log/rspamd)" = 'root:rspamd' ]; then + chown rspamd:rspamd /var/log/rspamd + fi +fi + +exit 0 |