mail-filter/spamassassin: new revision letting spamd run as root (systemd).

In the previous revision (r18), support was added for running spamd as
root through OpenRC. That was done using a new variable called
SPAMD_RUN_AS_ROOT, defaulting to false. The choice to use a boolean
variable -- as opposed to e.g. SPAMD_USER -- was made because passing
"root" as the username to spamd kills it. Thus, SPAMD_USER=root would
not have worked, and we instead test SPAMD_RUN_AS_ROOT to decide
whether or not to specify a username/groupname at all.

The same exact issue arises with systemd; however, systemd offers no
way for us to test the value of SPAMD_RUN_AS_ROOT and act on the
result! The SPAMD_USER proposal is dead in the water for the same
reason, so a different approach was needed. The simplest thing that
could work was to move the "--username" and "--groupname" flags out
of the systemd service file, and into the SPAMD_OPTS variable. That
way, users who know what they are doing can simply drop those flags.

Closes: https://bugs.gentoo.org/635790
Package-Manager: Portage-2.3.8, Repoman-2.3.3

3 files changed, 18 insertions, 4 deletions

diff --git a/mail-filter/spamassassin/files/spamassassin.service-r4 b/mail-filter/spamassassin/files/spamassassin.service-r4
new file mode 100644
index 000000000000..b539cd2bb5a3
--- /dev/null
+++ b/mail-filter/spamassassin/files/spamassassin.service-r4
@@ -0,0 +1,10 @@
+[Unit]
+Description=Spamassassin daemon
+After=network.target
+
+[Service]
+ExecStart=/usr/sbin/spamd $SPAMD_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/mail-filter/spamassassin/files/spamassassin.service.conf-r2 b/mail-filter/spamassassin/files/spamassassin.service.conf-r2
new file mode 100644
index 000000000000..442dde44e078
--- /dev/null
+++ b/mail-filter/spamassassin/files/spamassassin.service.conf-r2
@@ -0,0 +1,2 @@
+[Service]
+Environment="SPAMD_OPTS=--username=spamd --groupname=spamd --max-children=5 --create-prefs --helper-home-dir"
diff --git a/mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild b/mail-filter/spamassassin/spamassassin-3.4.1-r19.ebuild
index 49b14da50159..2f2e31f1087d 100644
--- a/mail-filter/spamassassin/spamassassin-3.4.1-r18.ebuild
+++ b/mail-filter/spamassassin/spamassassin-3.4.1-r19.ebuild
@@ -159,8 +159,8 @@ src_install () {
 	newinitd "${FILESDIR}/3.4.1-spamd.init-r2" spamd
 	newconfd "${FILESDIR}/3.4.1-spamd.conf-r1" spamd
 
-	systemd_newunit "${FILESDIR}/${PN}.service-r3" "${PN}.service"
-	systemd_install_serviced "${FILESDIR}/${PN}.service.conf-r1" \
+	systemd_newunit "${FILESDIR}/${PN}.service-r4" "${PN}.service"
+	systemd_install_serviced "${FILESDIR}/${PN}.service.conf-r2" \
 							 "${PN}.service"
 
 	use postgres && dodoc sql/*_pg.sql
@@ -243,7 +243,9 @@ pkg_postinst() {
 	elog
 
 	ewarn 'If this version of SpamAssassin causes permissions issues'
-	ewarn 'with your user configurations or bayes databases, you may'
-	ewarn 'need to set SPAMD_RUN_AS_ROOT=true in your OpenRC service'
+	ewarn 'with your user configurations or bayes databases, then you'
+	ewarn 'may need to set SPAMD_RUN_AS_ROOT=true in your OpenRC service'
+	ewarn 'configuration file, or remove the --username and --groupname'
+	ewarn 'flags from the SPAMD_OPTS variable in your systemd service'
 	ewarn 'configuration file.'
 }