From patchwork Mon Jul 25 09:02:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Maya <maya.omase@protonmail.com>
X-Patchwork-Id: 3983
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id EBA2827BBEA; Mon, 25 Jul 2022 10:03:42 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,SPF_HELO_PASS,
	URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 721AF27BBE9
	for <patchwork@mira.cbaines.net>; Mon, 25 Jul 2022 10:03:42 +0100 (BST)
Received: from localhost ([::1]:60288 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>)
	id 1oFu05-000703-KO
	for patchwork@mira.cbaines.net; Mon, 25 Jul 2022 05:03:41 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:36642)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1oFtzT-0006zp-FT
 for guix-patches@gnu.org; Mon, 25 Jul 2022 05:03:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:59486)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1oFtzS-0007Sr-A9
 for guix-patches@gnu.org; Mon, 25 Jul 2022 05:03:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1oFtzS-0003rT-1u
 for guix-patches@gnu.org; Mon, 25 Jul 2022 05:03:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#56756] [PATCH] gnu: services: Add optional fix for opensmtpd
 executables group
Resent-From: Maya <maya.omase@protonmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 25 Jul 2022 09:03:01 +0000
Resent-Message-ID: <handler.56756.B.165873975914809@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 56756
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 56756@debbugs.gnu.org
X-Debbugs-Original-To: "guix-patches@gnu.org" <guix-patches@gnu.org>
Received: via spool by submit@debbugs.gnu.org id=B.165873975914809
 (code B ref -1); Mon, 25 Jul 2022 09:03:01 +0000
Received: (at submit) by debbugs.gnu.org; 25 Jul 2022 09:02:39 +0000
Received: from localhost ([127.0.0.1]:49235 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1oFtz4-0003qn-Fi
 for submit@debbugs.gnu.org; Mon, 25 Jul 2022 05:02:38 -0400
Received: from lists.gnu.org ([209.51.188.17]:47578)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maya.omase@protonmail.com>) id 1oFtz1-0003qe-9O
 for submit@debbugs.gnu.org; Mon, 25 Jul 2022 05:02:38 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:36554)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <maya.omase@protonmail.com>)
 id 1oFtz1-0006x7-4b
 for guix-patches@gnu.org; Mon, 25 Jul 2022 05:02:35 -0400
Received: from mail-0201.mail-europe.com ([51.77.79.158]:40579)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <maya.omase@protonmail.com>)
 id 1oFtyy-0007Q5-9h
 for guix-patches@gnu.org; Mon, 25 Jul 2022 05:02:34 -0400
Date: Mon, 25 Jul 2022 09:02:18 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1658739746; x=1658998946;
 bh=GtxFmnpjzxIq3uNDZ36Fb75aZUmlbFyOdQp4/CT70UA=;
 h=Date:To:From:Reply-To:Subject:Message-ID:Feedback-ID:From:To:Cc:
 Date:Subject:Reply-To:Feedback-ID:Message-ID;
 b=nsRUKW7wYlUclaBVH5csjJko70U0ZYVHfeXJqi31Jr4DT7dbpABTqKhTbBZkqYIxN
 MTIPXNBx90Tvko4VZMz/2Xd44baDDqgTz6HfEvSacjJ9OXzrigAT6/otM7g5xVMdr+
 8PTACoAApVhMjtbGFEttvpb0QdITY3cta8P//duvG4nm+zVf6W61diyCvd27KbTMz8
 OmiAqd3vwJyAGDveY6gsFsdq+krMHthNZP0iwVQ+auLd6gXD5xGFmheKrQzPikXp+n
 tUqSAeK9HdXSREVIVYhkU3GyKn0GDDfM/RySDt6dMprPLvAX1wfkkEtN+IWtCcMQj5
 O/gJNv0KhQ+4g==
Message-ID: 
 <j0Qv_BQl2vETNUUP9Zx8qNRW3AweMu0POQ56pxeJjmJiorsNkQyYIEN7a_XL7ZsF9TkT6wYLKPE1fLy4ohvnzz-7dDrmJIuwJzFysYtjIDI=@protonmail.com>
Feedback-ID: 44744921:user:proton
MIME-Version: 1.0
Received-SPF: pass client-ip=51.77.79.158;
 envelope-from=maya.omase@protonmail.com; helo=mail-0201.mail-europe.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
 <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
Reply-to: Maya <maya.omase@protonmail.com>
X-ACL-Warn: ,  Maya via Guix-patches <guix-patches@gnu.org>
X-Patchwork-Original-From: Maya via Guix-patches via <guix-patches@gnu.org>
From: Maya <maya.omase@protonmail.com>
X-getmail-retrieved-from-mailbox: Patches

This is a patch that fixes "<executable name>: this program must be setgid smtpq". As this cannot be done in the store during build, but the upstream opensmtpd requires to set the group of those executables.
---
 gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 65 insertions(+), 2 deletions(-)

--
2.37.0

diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 10e6523861..803cdd77f2 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -30,6 +30,7 @@ (define-module (gnu services mail)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system pam)
   #:use-module (gnu system shadow)
+  #:use-module (gnu system setuid)
   #:use-module (gnu packages mail)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages dav)
@@ -1653,7 +1654,30 @@ (define-record-type* <opensmtpd-configuration>
   (package     opensmtpd-configuration-package
                (default opensmtpd))
   (config-file opensmtpd-configuration-config-file
-               (default %default-opensmtpd-config-file)))
+               (default %default-opensmtpd-config-file))
+  (set-gids? opensmtpd-set-gids? (default #t)
+             "Set group of:
+@itemize
+@item
+@command{smtpctl}
+
+@item
+@command{sendmail}
+
+@item
+@command{send-mail}
+
+@item
+@command{makemap}
+
+@item
+@command{mailq}
+
+@item
+@command{newaliases}
+@end itemize
+
+to @code{smtpq}, to allow them to be executed."))

 (define %default-opensmtpd-config-file
   (plain-file "smtpd.conf" "
@@ -1714,6 +1738,43 @@ (define opensmtpd-activation
 (define %opensmtpd-pam-services
   (list (unix-pam-service "smtpd")))

+(define opensmtpd-set-gids
+  (match-lambda
+    (($ <opensmtpd-configuration> package config-file set-gids?)
+     (if set-gids?
+         (list
+          (setuid-program
+           (program (file-append package "/sbin/smtpctl"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/sendmail"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/send-mail"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/makemap"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/mailq"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/newaliases"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq")))
+         '()))))
+
 (define opensmtpd-service-type
   (service-type
    (name 'opensmtpd)
@@ -1727,7 +1788,9 @@ (define opensmtpd-service-type
           (service-extension profile-service-type
                              (compose list opensmtpd-configuration-package))
           (service-extension shepherd-root-service-type
-                             opensmtpd-shepherd-service)))
+                             opensmtpd-shepherd-service)
+          (service-extension setuid-program-service-type
+                             opensmtpd-set-gids)))
    (description "Run the OpenSMTPD, a lightweight @acronym{SMTP, Simple Mail
 Transfer Protocol} server.")))