From: "Florian Schmaus" <flow@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-im/ejabberd/
Date: Tue, 7 Dec 2021 10:42:29 +0000 (UTC) [thread overview]
Message-ID: <1638873735.7ef9adb36a21fda32d38eaa0c4d0cf4312ade686.flow@gentoo> (raw)
commit: 7ef9adb36a21fda32d38eaa0c4d0cf4312ade686
Author: Florian Schmaus <flow <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 7 10:30:13 2021 +0000
Commit: Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Tue Dec 7 10:42:15 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ef9adb3
net-im/ejabberd: add 21.04-r1
This marks two important transitions:
- from EAPI 6 to EAPI 7
- from net-im/jabber-base to acct-user/ejabberd
The latter also means that ejabberd now runs under its own 'ejabberd'
user, and no longer used the *shared* 'jabber' user from
net-im/jabber-base. This increases the isolation of ejabberd. The
configuration directory also changes from /etc/jabber, which is a
non-standard ejabberd directory used only by Gentoo, to /etc/ejabberd,
ejabberd's standard configuration directory.
Futhermore, the custom SSL/TLS certificate handling (via the ssl-cert
eclass) is removed, as ejabberd has for a long time now a built-in
ACME client. And the certificate handling significantly increased the
complecity of the ejabberd ebuild. This also fixes bug #716968.
The ebuild also now passes the correct localstatedir to
econf. Previously ejabberd would use /var/lib/lib/ejabberd.
Ejabberd also unnecessarily created /var/lock/ejabberdctl, even though
this directory is no longer used. This is now fixed in the ebuild and
a patch was submitted and accepted upstream [1].
This also drops the non-upstream systemd tmpfile.conf. The directory
created by the tmpfile is only ever used if the user manually
configured it. And in this case, we should trust the user to also
ensure that the directory is created. This further reduces the
complexity of the ebuild.
1: https://github.com/processone/ejabberd/pull/3724
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>
Closes: https://bugs.gentoo.org/716968
net-im/ejabberd/ejabberd-21.04-r1.ebuild | 233 +++++++++++++++++++++++++++++++
1 file changed, 233 insertions(+)
diff --git a/net-im/ejabberd/ejabberd-21.04-r1.ebuild b/net-im/ejabberd/ejabberd-21.04-r1.ebuild
new file mode 100644
index 000000000000..0d4324cb98e4
--- /dev/null
+++ b/net-im/ejabberd/ejabberd-21.04-r1.ebuild
@@ -0,0 +1,233 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit pam rebar systemd
+
+DESCRIPTION="Robust, scalable and extensible XMPP server"
+HOMEPAGE="https://www.ejabberd.im/ https://github.com/processone/ejabberd/"
+SRC_URI="https://static.process-one.net/${PN}/downloads/${PV}/${P}.tgz
+ -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ia64 ~sparc ~x86"
+REQUIRED_USE="mssql? ( odbc )"
+# TODO: Add 'tools' flag.
+IUSE="captcha debug full-xml ldap mssql mysql odbc pam postgres redis
+ roster-gw selinux sip sqlite +stun zlib"
+
+RESTRICT="test"
+
+# TODO: Add dependencies for 'tools' flag enabled.
+# TODO: tools? (
+# TODO: >=dev-erlang/luerl-0.3
+# TODO: )
+DEPEND=">=dev-lang/erlang-19.3[odbc?,ssl]
+ >=dev-erlang/cache_tab-1.0.28
+ >=dev-erlang/eimp-1.0.20
+ >=dev-erlang/fast_tls-1.1.12
+ >=dev-erlang/fast_xml-1.1.46
+ >=dev-erlang/fast_yaml-1.0.31
+ >=dev-erlang/yconf-1.0.11
+ >=dev-erlang/jiffy-1.0.5
+ >=dev-erlang/jose-1.9.0
+ >=dev-erlang/lager-3.6.10
+ >=dev-erlang/p1_oauth2-0.6.9
+ >=dev-erlang/p1_utils-1.0.22
+ >=dev-erlang/stringprep-1.0.25
+ >=dev-erlang/xmpp-1.5.3
+ >=dev-erlang/pkix-1.0.7
+ >=dev-erlang/mqtree-1.0.13
+ >=dev-erlang/idna-6.0.0-r1
+ >=dev-erlang/p1_acme-1.0.12
+ >=dev-erlang/base64url-1.0.1
+ >=net-im/jabber-base-0.01
+ ldap? ( =net-nds/openldap-2* )
+ mysql? ( >=dev-erlang/p1_mysql-1.0.18 )
+ odbc? ( dev-db/unixODBC )
+ pam? ( >=dev-erlang/epam-1.0.10 )
+ postgres? ( >=dev-erlang/p1_pgsql-1.1.11 )
+ redis? ( >=dev-erlang/eredis-1.0.8 )
+ sip? ( >=dev-erlang/esip-1.0.42 )
+ sqlite? ( >=dev-erlang/sqlite3-1.1.12 )
+ stun? ( >=dev-erlang/stun-1.0.43 )
+ zlib? ( >=dev-erlang/ezlib-1.0.9 )"
+RDEPEND="${DEPEND}
+ acct-user/ejabberd
+ captcha? ( media-gfx/imagemagick[truetype,png] )
+ selinux? ( sec-policy/selinux-jabber )
+"
+
+DOCS=( CHANGELOG.md README.md )
+PATCHES=( "${FILESDIR}/${PN}-19.08-ejabberdctl.patch"
+ "${FILESDIR}/${PN}-17.04-0002-Dont-overwrite-service-file.patch")
+
+# Set paths to ejabberd lib directory consistently to point always to directory
+# suffixed with version.
+correct_ejabberd_paths() {
+ sed -e "/^EJABBERDDIR[[:space:]]*=/{s:ejabberd:${P}:}" \
+ -i "${S}/Makefile.in" \
+ || die 'failed to set ejabberd path in Makefile.in'
+ sed -e "/EJABBERD_BIN_PATH=/{s:ejabberd:${P}:}" \
+ -i "${S}/ejabberdctl.template" \
+ || die 'failed to set ejabberd path in ejabberdctl.template'
+}
+
+# Get epam-wrapper from 'files' directory and correct path to lib directory in
+# it. epam-wrapper is placed into work directory. It is assumed no epam-wrapper
+# file exists there already.
+customize_epam_wrapper() {
+ local epam_wrapper_src="${1}"
+ local epam_wrapper_dst="${S}/epam-wrapper"
+
+ [[ -e ${epam_wrapper_dst} ]] && die 'epam-wrapper already exists'
+ sed -r -e "s@^(ERL_LIBS=).*\$@\1${EPREFIX}$(get_erl_libs)@" \
+ "${epam_wrapper_src}" >"${epam_wrapper_dst}" \
+ || die 'failed to install epam-wrapper'
+}
+
+# Get path to ejabberd lib directory.
+#
+# This is the path ./configure script Base for this path is path set in
+# ./configure script which is /usr/lib by default. If libdir is explicitely set
+# to something else than this should be adjusted here as well.
+get_ejabberd_path() {
+ echo "/usr/$(get_libdir)/${P}"
+}
+
+# Make ejabberd.service for systemd from upstream provided template.
+make_ejabberd_service() {
+ sed -r \
+ -e 's!@ctlscriptpath@!/usr/sbin!g' \
+ -e 's!^(After)=(.*)!\1=epmd.service network.target!' \
+ -e '/^After=/ a Requires=epmd.service' \
+ "${PN}.service.template" >"${PN}.service" \
+ || die 'failed to make ejabberd.service'
+}
+
+src_prepare() {
+ default
+
+ rebar_remove_deps
+ correct_ejabberd_paths
+ make_ejabberd_service
+ customize_epam_wrapper "${FILESDIR}/epam-wrapper"
+
+ rebar_fix_include_path fast_xml
+ rebar_fix_include_path p1_utils
+ rebar_fix_include_path xmpp
+
+ # Fix bug #591862. ERL_LIBS should point directly to ejabberd directory
+ # rather than its parent which is default. That way ejabberd directory
+ # takes precedence is module lookup.
+ local ejabberd_erl_libs="$(get_ejabberd_path):$(get_erl_libs)"
+ sed -e "s|\(ERL_LIBS=\){{libdir}}.*|\1${ejabberd_erl_libs}|" \
+ -i "${S}/ejabberdctl.template" \
+ || die 'failed to set ERL_LIBS in ejabberdctl.template'
+}
+
+src_configure() {
+ econf \
+ --docdir="${EPREFIX}/usr/share/doc/${PF}/html" \
+ --localstatedir="${EPREFIX}/var" \
+ --enable-user=${PN} \
+ $(use_enable debug) \
+ $(use_enable full-xml) \
+ $(use_enable mssql) \
+ $(use_enable mysql) \
+ $(use_enable odbc) \
+ $(use_enable pam) \
+ $(use_enable postgres pgsql) \
+ $(use_enable redis) \
+ $(use_enable roster-gw roster-gateway-workaround) \
+ $(use_enable sqlite) \
+ $(use_enable sip) \
+ $(use_enable stun) \
+ $(use_enable zlib)
+
+ # more options to support
+ # --enable-elixir requires https://github.com/elixir-lang/elixir
+}
+
+src_compile() {
+ emake REBAR='rebar -v' src
+}
+
+src_install() {
+ default
+
+ if use pam; then
+ local epam_path="$(get_ejabberd_path)/priv/bin/epam"
+
+ pamd_mimic_system xmpp auth account
+ into "$(get_ejabberd_path)/priv"
+ newbin epam-wrapper epam
+ fi
+
+ newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+ newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+ systemd_dounit "${PN}.service"
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/${PN}.logrotate" "${PN}"
+
+ # /var/lock/ejabberdctl is unused, see
+ # https://github.com/processone/ejabberd/pull/3724
+ rmdir "${ED}/var/lock/ejabberdctl" || die
+ rmdir "${ED}/var/lock" || die
+
+ keepdir /var/{lib,log}/ejabberd
+}
+
+pkg_preinst() {
+ if use pam; then
+ einfo "Adding ejabberd user to epam group to allow ejabberd to use PAM" \
+ "authentication"
+ # See
+ # <https://docs.ejabberd.im/admin/configuration/#pam-authentication>.
+ # epam binary is installed by dev-erlang/epam package, therefore SUID
+ # is set by that package. Instead of jabber group it uses epam group,
+ # therefore we need to add jabber user to epam group.
+ usermod -a -G epam ejabberd || die
+ fi
+}
+
+pkg_postinst() {
+ local migrate_to_etc_ejabberd=false
+
+ if [[ ! ${REPLACING_VERSIONS} ]]; then
+ echo
+ elog "For configuration instructions, please see"
+ elog " https://docs.ejabberd.im/"
+ echo
+ else
+ for v in ${REPLACING_VERSIONS}; do
+ if ver_test "${v}" -lt 21.04-r1; then
+ migrate_to_etc_ejabberd=true
+ break
+ fi
+ done
+ fi
+
+ # Sarting with >=21.04-r1, the ejabberd configuration is now in
+ # /etc/ejabberd and no longer in /etc/jabber. See if we need to
+ # migrate the configuration. Furthermore, ejabberd no longer runs
+ # under the, shared via net-im/jabber-base, 'jabber' use, but under
+ # its own user. This increase isolation and hence robustness and
+ # security.
+ if $migrate_to_etc_ejabberd; then
+ cp -r "${EROOT}"/etc/jabber/. "${EROOT}"/etc/ejabberd || die
+ if [[ -f "${EROOT}"/etc/ejabberd/.keep_net-im_jabber-base-0 ]]; then
+ rm "${EROOT}"/etc/ejabberd/.keep_net-im_jabber-base-0 || die
+ fi
+ if ! use prefix; then
+ chown --recursive ejabberd:ejabberd "${EROOT}"/etc/ejabberd || die
+ fi
+ elog "Newer versions of the ejabberd Gentoo package use /etc/ejabberd"
+ elog "(just as upstream) and *not* /etc/ejabber."
+ elog "The files from /etc/jabber where copied to /etc/ejabberd."
+ elog "Please check your configuration and delete the file in /etc/jabber."
+ fi
+}
next reply other threads:[~2021-12-07 10:42 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-07 10:42 Florian Schmaus [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-11-08 20:21 [gentoo-commits] repo/gentoo:master commit in: net-im/ejabberd/ Florian Schmaus
2024-10-18 8:36 Florian Schmaus
2024-10-18 8:27 Florian Schmaus
2024-08-05 20:42 Sam James
2024-06-10 20:05 Arthur Zamarin
2024-04-16 14:55 Florian Schmaus
2024-04-16 14:50 Florian Schmaus
2024-03-12 19:31 Florian Schmaus
2024-03-10 20:10 Florian Schmaus
2023-12-11 15:44 Florian Schmaus
2023-12-10 10:53 Florian Schmaus
2023-12-06 21:20 Arthur Zamarin
2023-07-30 17:22 Florian Schmaus
2023-07-29 20:20 Florian Schmaus
2023-07-28 18:56 Sam James
2023-07-28 14:28 Florian Schmaus
2023-02-10 20:36 Sam James
2023-02-10 12:40 Florian Schmaus
2022-09-21 19:56 Florian Schmaus
2022-07-16 14:46 Florian Schmaus
2022-07-05 8:52 Agostino Sarubbo
2022-05-17 20:02 Florian Schmaus
2022-03-23 8:33 Florian Schmaus
2022-03-23 8:33 Florian Schmaus
2022-03-23 8:33 Florian Schmaus
2022-02-01 7:22 Hanno Böck
2022-01-20 20:10 Florian Schmaus
2021-12-12 18:56 Florian Schmaus
2021-12-10 9:26 Florian Schmaus
2021-07-30 23:31 Sam James
2021-07-08 18:37 Florian Schmaus
2021-07-08 15:37 Florian Schmaus
2021-06-02 1:13 Sam James
2021-06-01 9:35 Sam James
2021-06-01 9:35 Sam James
2021-05-16 13:49 Sergei Trofimovich
2021-03-07 11:58 David Seifert
2020-10-14 16:20 Hanno Böck
2020-08-23 8:24 Sergei Trofimovich
2020-08-23 8:12 Hanno Böck
2020-08-06 11:52 Agostino Sarubbo
2020-08-06 11:47 Agostino Sarubbo
2020-07-20 11:52 Sam James
2020-07-19 13:33 Sergei Trofimovich
2020-07-17 11:01 Sam James
2020-07-12 8:08 Sergei Trofimovich
2020-07-12 2:41 Sam James
2020-05-04 18:54 Hanno Böck
2020-05-04 11:55 Hanno Böck
2019-07-13 10:10 Amadeusz Piotr Żołnowski
2018-12-04 22:01 Amadeusz Piotr Żołnowski
2018-05-27 15:33 Mikle Kolyada
2018-05-27 14:14 Thomas Deutschmann
2018-04-18 18:11 Pacho Ramos
2018-03-28 19:01 Pacho Ramos
2018-03-26 18:40 Aaron Bauman
2017-12-06 22:18 Amadeusz Piotr Żołnowski
2017-07-09 20:17 Amadeusz Piotr Żołnowski
2017-07-09 20:14 Amadeusz Piotr Żołnowski
2017-05-28 18:06 Amadeusz Piotr Żołnowski
2017-05-27 20:55 Amadeusz Piotr Żołnowski
2017-05-27 20:55 Amadeusz Piotr Żołnowski
2017-05-17 20:34 Amadeusz Piotr Żołnowski
2017-04-19 20:10 Amadeusz Piotr Żołnowski
2017-01-02 9:35 Amadeusz Piotr Żołnowski
2017-01-01 21:49 Agostino Sarubbo
2016-12-23 7:48 Aaron Bauman
2016-08-27 13:27 Amadeusz Piotr Żołnowski
2016-08-27 13:27 Amadeusz Piotr Żołnowski
2016-08-27 13:27 Amadeusz Piotr Żołnowski
2016-08-27 13:27 Amadeusz Piotr Żołnowski
2016-08-27 13:12 Amadeusz Piotr Żołnowski
2016-08-27 13:12 Amadeusz Piotr Żołnowski
2016-08-27 7:05 Amadeusz Piotr Żołnowski
2016-08-21 10:49 Amadeusz Piotr Żołnowski
2016-08-20 22:22 Anthony G. Basile
2016-08-20 3:18 Matthias Maier
2016-08-19 20:23 Amadeusz Piotr Żołnowski
2016-07-13 20:36 Amadeusz Piotr Żołnowski
2016-07-09 9:33 Amadeusz Piotr Żołnowski
2016-07-03 17:39 Amadeusz Piotr Żołnowski
2016-07-03 7:44 Amadeusz Piotr Żołnowski
2016-06-14 19:21 Amadeusz Piotr Żołnowski
2016-06-13 21:36 Amadeusz Piotr Żołnowski
2016-06-07 21:35 Amadeusz Piotr Żołnowski
2016-05-05 9:53 Anthony G. Basile
2016-01-24 10:47 Amadeusz Piotr Żołnowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1638873735.7ef9adb36a21fda32d38eaa0c4d0cf4312ade686.flow@gentoo \
--to=flow@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox