public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Amadeusz Piotr Żołnowski" <aidecoe@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-im/ejabberd/
Date: Sat, 27 May 2017 20:55:06 +0000 (UTC)	[thread overview]
Message-ID: <1495918501.f62a4daaab97707076a0bd714d6fb2b6ee25e052.aidecoe@gentoo> (raw)

commit:     f62a4daaab97707076a0bd714d6fb2b6ee25e052
Author:     Amadeusz Żołnowski <aidecoe <AT> gentoo <DOT> org>
AuthorDate: Sat May 27 20:31:30 2017 +0000
Commit:     Amadeusz Piotr Żołnowski <aidecoe <AT> gentoo <DOT> org>
CommitDate: Sat May 27 20:55:01 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f62a4daa

net-im/ejabberd: Fix PAM authentication

Rely on dev-erlang/epam setting SUID for epam binary instead of setting
SUID for wrapper bash script which doesn't actually work.

Gentoo-Bug: 612608
Package-Manager: Portage-2.3.5, Repoman-2.3.2

 net-im/ejabberd/ejabberd-17.01-r1.ebuild | 302 +++++++++++++++++++++++++++++++
 1 file changed, 302 insertions(+)

diff --git a/net-im/ejabberd/ejabberd-17.01-r1.ebuild b/net-im/ejabberd/ejabberd-17.01-r1.ebuild
new file mode 100644
index 00000000000..6ee9e157db6
--- /dev/null
+++ b/net-im/ejabberd/ejabberd-17.01-r1.ebuild
@@ -0,0 +1,302 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+SSL_CERT_MANDATORY=1
+
+inherit eutils pam rebar ssl-cert systemd
+
+DESCRIPTION="Robust, scalable and extensible XMPP server"
+HOMEPAGE="http://www.ejabberd.im/ https://github.com/processone/ejabberd/"
+SRC_URI="http://www.process-one.net/downloads/${PN}/${PV}/${P}.tgz
+	-> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ia64 ~ppc ~sparc ~x86"
+REQUIRED_USE="mssql? ( odbc )"
+# TODO: Add 'tools' flag.
+IUSE="captcha debug full-xml hipe ldap mssql mysql nls odbc pam postgres redis
+	riak roster-gw sqlite zlib"
+
+RESTRICT="test"
+
+# TODO: Add dependencies for 'tools' flag enabled.
+# TODO: tools? (
+# TODO: 	>=dev-erlang/meck-0.8.4
+# TODO: 	>=dev-erlang/moka-1.0.5b
+# TODO: )
+CDEPEND="
+	>=dev-erlang/cache_tab-1.0.6
+	>=dev-erlang/esip-1.0.10
+	>=dev-erlang/fast_tls-1.0.10
+	>=dev-erlang/fast_xml-1.1.19
+	>=dev-erlang/fast_yaml-1.0.8
+	>=dev-erlang/jiffy-0.14.8
+	>=dev-erlang/lager-3.2.1
+	>=dev-erlang/luerl-0.2
+	>=dev-erlang/p1_oauth2-0.6.1
+	>=dev-erlang/p1_utils-1.0.6
+	>=dev-erlang/stringprep-1.0.7
+	>=dev-erlang/stun-1.0.9
+	>=dev-erlang/xmpp-1.1.6
+	>=dev-lang/erlang-17.1[hipe?,odbc?,ssl]
+	>=net-im/jabber-base-0.01
+	ldap? ( =net-nds/openldap-2* )
+	mysql? ( >=dev-erlang/p1_mysql-1.0.2 )
+	nls? ( >=dev-erlang/iconv-1.0.3 )
+	odbc? ( dev-db/unixODBC )
+	pam? ( >=dev-erlang/epam-1.0.0-r1
+		<dev-erlang/epam-1.0.1 )
+	postgres? ( >=dev-erlang/p1_pgsql-1.1.2 )
+	redis? ( >=dev-erlang/eredis-1.0.8 )
+	riak? (
+		>=dev-erlang/hamcrest-0.1.0_p20150103
+		>=dev-erlang/riakc-2.4.1
+	)
+	sqlite? ( >=dev-erlang/sqlite3-1.1.5 )
+	zlib? ( >=dev-erlang/ezlib-1.0.2 )"
+DEPEND="${CDEPEND}
+	>=sys-apps/gawk-4.1"
+RDEPEND="${CDEPEND}
+	captcha? ( media-gfx/imagemagick[truetype,png] )"
+
+DOCS=( README )
+PATCHES=( "${FILESDIR}/${P}-ejabberdctl.patch" )
+
+EJABBERD_CERT="${EPREFIX}/etc/ssl/ejabberd/server.pem"
+# Paths in net-im/jabber-base
+JABBER_ETC="${EPREFIX}/etc/jabber"
+JABBER_LOG="${EPREFIX}/var/log/jabber"
+JABBER_SPOOL="${EPREFIX}/var/spool/jabber"
+
+# Adjust example configuration file to Gentoo.
+# - Use our sample certificates.
+# - Correct PAM service name.
+adjust_config() {
+	sed -e "s|\"/path/to/ssl.pem\"|\"${EJABBERD_CERT}\"|g" \
+		-e "s|\"pamservicename\"|\"xmpp\"|" \
+		-i "${S}/ejabberd.yml.example" \
+		|| die 'failed to adjust example config'
+}
+
+# Set paths to ejabberd lib directory consistently to point always to directory
+# suffixed with version.
+correct_ejabberd_paths() {
+	sed -e "/^EJABBERDDIR[[:space:]]*=/{s:ejabberd:${P}:}" \
+		-i "${S}/Makefile.in" \
+		|| die 'failed to set ejabberd path in Makefile.in'
+	sed -e "/EJABBERD_BIN_PATH=/{s:ejabberd:${P}:}" \
+		-i "${S}/ejabberdctl.template" \
+		|| die 'failed to set ejabberd path in ejabberdctl.template'
+	sed -e 's|\(captcha_cmd:[[:space:]]*"\).\+"|\1'$(get_ejabberd_path)'/priv/bin/captcha.sh"|' \
+		-i "${S}/ejabberd.yml.example" \
+		|| die 'failed to correct path to captcha.sh in example config'
+}
+
+# Get epam-wrapper from 'files' directory and correct path to lib directory in
+# it. epam-wrapper is placed into work directory. It is assumed no epam-wrapper
+# file exists there already.
+customize_epam_wrapper() {
+	local epam_wrapper_src="$1"
+	local epam_wrapper_dst="${S}/epam-wrapper"
+
+	[[ -e ${epam_wrapper_dst} ]] && die 'epam-wrapper already exists'
+	sed -r -e "s@^(ERL_LIBS=).*\$@\1${EPREFIX}$(get_erl_libs)@" \
+		"${epam_wrapper_src}" >"${epam_wrapper_dst}" \
+		|| die 'failed to install epam-wrapper'
+}
+
+# Check if there already exists a certificate.
+ejabberd_cert_exists() {
+	local cert
+
+	for cert in $(gawk -- \
+			'match($0, /^[[:space:]]*certfile: "([^"]+)"/, m) {print m[1];}' \
+			"${EROOT%/}${JABBER_ETC}/ejabberd.yml"); do
+		[[ -f ${cert} ]] && return 0
+	done
+
+	return 1
+}
+
+# Generate and install sample ejabberd certificate. It's installed into
+# EJABBERD_CERT path.
+ejabberd_cert_install() {
+	SSL_ORGANIZATION="${SSL_ORGANIZATION:-ejabberd XMPP Server}"
+	install_cert "${EJABBERD_CERT%.*}"
+	chown root:jabber "${EROOT%/}${EJABBERD_CERT}" || die
+	chmod 0440 "${EROOT%/}${EJABBERD_CERT}" || die
+}
+
+# Get path to ejabberd lib directory.
+#
+# This is the path ./configure script Base for this path is path set in
+# ./configure script which is /usr/lib by default. If libdir is explicitely set
+# to something else than this should be adjusted here as well.
+get_ejabberd_path() {
+	echo "/usr/$(get_libdir)/${P}"
+}
+
+# Make ejabberd.service for systemd from upstream provided template.
+make_ejabberd_service() {
+	sed -r \
+		-e 's!@ctlscriptpath@!/usr/sbin!' \
+		-e 's!(User|Group)=(.*)!\1=jabber!' \
+		"${PN}.service.template" >"${PN}.service" \
+		|| die 'failed to make ejabberd.service'
+}
+
+# Set paths to defined by net-im/jabber-base.
+set_jabberbase_paths() {
+	sed -e "/^ETCDIR[[:space:]]*=/{s:@sysconfdir@/ejabberd:${JABBER_ETC}:}" \
+		-e "/^LOGDIR[[:space:]]*=/{s:@localstatedir@/log/ejabberd:${JABBER_LOG}:}" \
+		-e "/^SPOOLDIR[[:space:]]*=/{s:@localstatedir@/lib/ejabberd:${JABBER_SPOOL}:}" \
+		-i "${S}/Makefile.in" \
+		|| die 'failed to set paths in Makefile.in'
+	sed -e "s|\(ETC_DIR=\){{sysconfdir}}.*|\1${JABBER_ETC}|" \
+		-e "s|\(LOGS_DIR=\){{localstatedir}}.*|\1${JABBER_LOG}|" \
+		-e "s|\(SPOOL_DIR=\){{localstatedir}}.*|\1${JABBER_SPOOL}|" \
+		-i "${S}/ejabberdctl.template" \
+		|| die 'failed to set paths ejabberdctl.template'
+}
+
+# Skip installing docs because it's only COPYING that's installed by Makefile.
+skip_docs() {
+	gawk -i inplace '
+/# Documentation/, /^[[:space:]]*#?[[:space:]]*$/ {
+	if ($0 ~ /^[[:space:]]*#?[[:space:]]*$/) {
+		print $0;
+	} else {
+		next;
+	}
+}
+1
+' "${S}/Makefile.in" || die 'failed to remove docs section from Makefile.in'
+}
+
+pkg_setup() {
+	if use pam; then
+		einfo "Adding jabber user to epam group to allow ejabberd to use PAM" \
+			"authentication"
+		# See
+		# <https://docs.ejabberd.im/admin/configuration/#pam-authentication>.
+		# epam binary is installed by dev-erlang/epam package, therefore SUID
+		# is set by that package. Instead of jabber group it uses epam group,
+		# therefore we need to add jabber user to epam group.
+		usermod -a -G epam jabber || die
+	fi
+}
+
+src_prepare() {
+	default
+
+	rebar_remove_deps
+	correct_ejabberd_paths
+	set_jabberbase_paths
+	make_ejabberd_service
+	skip_docs
+	adjust_config
+	customize_epam_wrapper "${FILESDIR}/epam-wrapper"
+
+	rebar_fix_include_path fast_xml
+	rebar_fix_include_path xmpp
+
+	# Fix bug #591862. ERL_LIBS should point directly to ejabberd directory
+	# rather than its parent which is default. That way ejabberd directory
+	# takes precedence is module lookup.
+	local ejabberd_erl_libs="$(get_ejabberd_path):$(get_erl_libs)"
+	sed -e "s|\(ERL_LIBS=\){{libdir}}.*|\1${ejabberd_erl_libs}|" \
+		-i "${S}/ejabberdctl.template" \
+		|| die 'failed to set ERL_LIBS in ejabberdctl.template'
+}
+
+src_configure() {
+	econf \
+		--docdir="${EPREFIX}/usr/share/doc/${PF}/html" \
+		--enable-user=jabber \
+		$(use_enable debug) \
+		$(use_enable full-xml) \
+		$(use_enable hipe) \
+		$(use_enable mssql) \
+		$(use_enable mysql) \
+		$(use_enable nls iconv) \
+		$(use_enable odbc) \
+		$(use_enable pam) \
+		$(use_enable postgres pgsql) \
+		$(use_enable redis) \
+		$(use_enable riak) \
+		$(use_enable roster-gw roster-gateway-workaround) \
+		$(use_enable sqlite) \
+		$(use_enable zlib)
+}
+
+src_compile() {
+	emake REBAR='rebar -v' src
+}
+
+src_install() {
+	default
+
+	if use pam; then
+		local epam_path="$(get_ejabberd_path)/priv/bin/epam"
+
+		pamd_mimic_system xmpp auth account || die "cannot create pam.d file"
+		into "$(get_ejabberd_path)/priv"
+		newbin epam-wrapper epam
+	fi
+
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	systemd_dounit "${PN}.service"
+	systemd_dotmpfilesd "${FILESDIR}/${PN}.tmpfiles.conf"
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${PN}.logrotate" "${PN}"
+}
+
+pkg_postinst() {
+	if [[ ! ${REPLACING_VERSIONS} ]]; then
+		echo
+		elog "For configuration instructions, please see"
+		elog "  http://www.process-one.net/en/ejabberd/docs/"
+		echo
+		if [[ " ${REPLACING_VERSIONS} " =~ \ 2\. ]]; then
+			ewarn "If you have used pubsub in ejabberd-2.* you may encounter issues after"
+			ewarn "migration to ${PV}. pubsub data may not be migrated automatically and"
+			ewarn "you may need to run migration script manually, see:"
+			ewarn
+			ewarn "  https://github.com/processone/ejabberd/issues/479#issuecomment-124497456"
+			ewarn
+			ewarn "In case you don't care about all stored moods, activities, geoinfo and you"
+			ewarn "know you don't store in pubsub anything important, you can just remove"
+			ewarn "pubsub tables:"
+			ewarn
+			ewarn "  rm ${EROOT%/}${JABBER_SPOOL}/pubsub_*"
+			ewarn
+			ewarn "See also: https://bugs.gentoo.org/show_bug.cgi?id=588244"
+			echo
+		fi
+	elif [[ -f ${EROOT}etc/jabber/ejabberd.cfg ]]; then
+		elog "Ejabberd now defaults to using a YAML format for its config file."
+		elog "The old ejabberd.cfg file can be converted using the following instructions:"
+		echo
+		elog "1. Make sure all processes related to the previous version of ejabberd aren't"
+		elog "   running. Usually this just means the ejabberd and epmd daemons and possibly"
+		elog "   the pam-related process (epam) if pam support is enabled."
+		elog "2. Run \`ejabberdctl start\` with sufficient permissions. Note that this can"
+		elog "   fail to start ejabberd properly for various reasons. Check ejabberd's main"
+		elog "   log file at /var/log/jabber/ejabberd.log to confirm it started successfully."
+		elog "3. Run"
+		elog "     \`ejabberdctl convert_to_yaml /etc/jabber/ejabberd.cfg /etc/jabber/ejabberd.yml.new\`"
+		elog "   with sufficient permissions, edit and rename /etc/jabber/ejabberd.yml.new to"
+		elog "   /etc/jabber/ejabberd.yml, and finally restart ejabberd with the new config"
+		elog "   file."
+		echo
+	fi
+
+	if ! ejabberd_cert_exists; then
+		ejabberd_cert_install
+	fi
+}


             reply	other threads:[~2017-05-27 20:55 UTC|newest]

Thread overview: 88+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-27 20:55 Amadeusz Piotr Żołnowski [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-11-08 20:21 [gentoo-commits] repo/gentoo:master commit in: net-im/ejabberd/ Florian Schmaus
2024-10-18  8:36 Florian Schmaus
2024-10-18  8:27 Florian Schmaus
2024-08-05 20:42 Sam James
2024-06-10 20:05 Arthur Zamarin
2024-04-16 14:55 Florian Schmaus
2024-04-16 14:50 Florian Schmaus
2024-03-12 19:31 Florian Schmaus
2024-03-10 20:10 Florian Schmaus
2023-12-11 15:44 Florian Schmaus
2023-12-10 10:53 Florian Schmaus
2023-12-06 21:20 Arthur Zamarin
2023-07-30 17:22 Florian Schmaus
2023-07-29 20:20 Florian Schmaus
2023-07-28 18:56 Sam James
2023-07-28 14:28 Florian Schmaus
2023-02-10 20:36 Sam James
2023-02-10 12:40 Florian Schmaus
2022-09-21 19:56 Florian Schmaus
2022-07-16 14:46 Florian Schmaus
2022-07-05  8:52 Agostino Sarubbo
2022-05-17 20:02 Florian Schmaus
2022-03-23  8:33 Florian Schmaus
2022-03-23  8:33 Florian Schmaus
2022-03-23  8:33 Florian Schmaus
2022-02-01  7:22 Hanno Böck
2022-01-20 20:10 Florian Schmaus
2021-12-12 18:56 Florian Schmaus
2021-12-10  9:26 Florian Schmaus
2021-12-07 10:42 Florian Schmaus
2021-07-30 23:31 Sam James
2021-07-08 18:37 Florian Schmaus
2021-07-08 15:37 Florian Schmaus
2021-06-02  1:13 Sam James
2021-06-01  9:35 Sam James
2021-06-01  9:35 Sam James
2021-05-16 13:49 Sergei Trofimovich
2021-03-07 11:58 David Seifert
2020-10-14 16:20 Hanno Böck
2020-08-23  8:24 Sergei Trofimovich
2020-08-23  8:12 Hanno Böck
2020-08-06 11:52 Agostino Sarubbo
2020-08-06 11:47 Agostino Sarubbo
2020-07-20 11:52 Sam James
2020-07-19 13:33 Sergei Trofimovich
2020-07-17 11:01 Sam James
2020-07-12  8:08 Sergei Trofimovich
2020-07-12  2:41 Sam James
2020-05-04 18:54 Hanno Böck
2020-05-04 11:55 Hanno Böck
2019-07-13 10:10 Amadeusz Piotr Żołnowski
2018-12-04 22:01 Amadeusz Piotr Żołnowski
2018-05-27 15:33 Mikle Kolyada
2018-05-27 14:14 Thomas Deutschmann
2018-04-18 18:11 Pacho Ramos
2018-03-28 19:01 Pacho Ramos
2018-03-26 18:40 Aaron Bauman
2017-12-06 22:18 Amadeusz Piotr Żołnowski
2017-07-09 20:17 Amadeusz Piotr Żołnowski
2017-07-09 20:14 Amadeusz Piotr Żołnowski
2017-05-28 18:06 Amadeusz Piotr Żołnowski
2017-05-27 20:55 Amadeusz Piotr Żołnowski
2017-05-17 20:34 Amadeusz Piotr Żołnowski
2017-04-19 20:10 Amadeusz Piotr Żołnowski
2017-01-02  9:35 Amadeusz Piotr Żołnowski
2017-01-01 21:49 Agostino Sarubbo
2016-12-23  7:48 Aaron Bauman
2016-08-27 13:27 Amadeusz Piotr Żołnowski
2016-08-27 13:27 Amadeusz Piotr Żołnowski
2016-08-27 13:27 Amadeusz Piotr Żołnowski
2016-08-27 13:27 Amadeusz Piotr Żołnowski
2016-08-27 13:12 Amadeusz Piotr Żołnowski
2016-08-27 13:12 Amadeusz Piotr Żołnowski
2016-08-27  7:05 Amadeusz Piotr Żołnowski
2016-08-21 10:49 Amadeusz Piotr Żołnowski
2016-08-20 22:22 Anthony G. Basile
2016-08-20  3:18 Matthias Maier
2016-08-19 20:23 Amadeusz Piotr Żołnowski
2016-07-13 20:36 Amadeusz Piotr Żołnowski
2016-07-09  9:33 Amadeusz Piotr Żołnowski
2016-07-03 17:39 Amadeusz Piotr Żołnowski
2016-07-03  7:44 Amadeusz Piotr Żołnowski
2016-06-14 19:21 Amadeusz Piotr Żołnowski
2016-06-13 21:36 Amadeusz Piotr Żołnowski
2016-06-07 21:35 Amadeusz Piotr Żołnowski
2016-05-05  9:53 Anthony G. Basile
2016-01-24 10:47 Amadeusz Piotr Żołnowski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1495918501.f62a4daaab97707076a0bd714d6fb2b6ee25e052.aidecoe@gentoo \
    --to=aidecoe@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox