diff options
author | Michael Orlitzky <mjo@gentoo.org> | 2018-11-17 10:09:21 -0500 |
---|---|---|
committer | Michael Orlitzky <mjo@gentoo.org> | 2018-11-18 18:23:57 -0500 |
commit | c8fe3982751aa4881b42f89ed080b210c4529c81 (patch) | |
tree | fd98be24f52c855f030a577f974eabd3f21eae62 /mail-filter/amavisd-new/files | |
parent | mail-filter/amavisd-new: remove old (now-unused) OpenRC service script. (diff) | |
download | gentoo-c8fe3982751aa4881b42f89ed080b210c4529c81.tar.gz gentoo-c8fe3982751aa4881b42f89ed080b210c4529c81.tar.bz2 gentoo-c8fe3982751aa4881b42f89ed080b210c4529c81.zip |
mail-filter/amavisd-new: new version 2.11.1.
A mostly standard version bump (bug 668494) with some improvements and
bug fixes piled on:
* The sys-apps/file dependency is replaced by dev-perl/File-LibMagic
to improve performance a bit (bug 592802).
* New user creation has been moved to pkg_setup(). This allows us to
set permissions and ownership properly in src_install(), so that
we don't have to "fix" them later and cause big ol' security
problems (bug 630836).
* The OpenRC service script has been rewritten to use start-stop-daemon.
This fixes outstanding bugs 507352, 634860, and 646336.
* The systemd service dependencies have been updated (bug 581452). We
never really needed spamassassin (spamd) at all, and we shouldn't fail
to start if postfix/clamav are absent entirely.
* As part of the previous item, removed two failing "sed" calls
(that were missing die() statements!) intended to modify a service
file that no longer lives where it used to.
Thanks are due to,
* Marcin Mirosław who reported an OpenRC issue,
* Nick Wiltshire for reporting and testing the OpenRC fixes,
* Robin Lutz for reporting the OpenRC restart issue,
* Timo Rothenpieler for reporting the systemd dependency issue.
Bug: https://bugs.gentoo.org/630836
Closes: https://bugs.gentoo.org/507352
Closes: https://bugs.gentoo.org/581452
Closes: https://bugs.gentoo.org/592802
Closes: https://bugs.gentoo.org/634860
Closes: https://bugs.gentoo.org/646336
Closes: https://bugs.gentoo.org/668494
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
Diffstat (limited to 'mail-filter/amavisd-new/files')
-rw-r--r-- | mail-filter/amavisd-new/files/amavisd.initd-r2 | 42 | ||||
-rw-r--r-- | mail-filter/amavisd-new/files/amavisd.service-r1 | 21 |
2 files changed, 63 insertions, 0 deletions
diff --git a/mail-filter/amavisd-new/files/amavisd.initd-r2 b/mail-filter/amavisd-new/files/amavisd.initd-r2 new file mode 100644 index 000000000000..2e58bf9b7a93 --- /dev/null +++ b/mail-filter/amavisd-new/files/amavisd.initd-r2 @@ -0,0 +1,42 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" +command="/usr/sbin/${RC_SVCNAME}" +pidfile="/run/${RC_SVCNAME}.pid" + +# Why run in the foreground? Typically amavisd will drop privileges +# and then write its own PID file in its home directory. This is fine +# so long as you use e.g. "amavisd stop" to stop the daemon. But, we +# want to use start-stop-daemon to do it. And start-stop-daemon will +# send a signal *as root* to the PID contained in the PID file. So, we +# don't want to rely on a PID file that's controlled by a non-root +# user. +# +# As a workaround, we run amavisd in the foreground, and let +# start-stop-daemon push it into the background with its own PID +# file. We don't pass "-P" via command_args below because we don't +# want amavisd to try (and fail) to create that PID file. This does +# mean that you can't run "amavisd stop" or "amavisd reload" directly; +# sorry! +command_args="foreground" +command_background="true" + +# The amavisd daemon provides its own "stop" and "reload" functions, +# but if you read into the source, they just do what start-stop-daemon +# is going to do anyway. The "stop" command for amavisd will send a +# SIGTERM immediately, and then a SIGKILL after 60 seconds. So, we do +# that too. The "reload" command sends a SIGHUP; see reload() below. +retry="SIGTERM/15 SIGKILL/60" + +depend() { + use net logger antivirus snmpd + before mta +} + +reload() { + ebegin "Reloading ${RC_SVCNAME}" + start-stop-daemon --signal HUP --pidfile "${pidfile}" + eend $? +} diff --git a/mail-filter/amavisd-new/files/amavisd.service-r1 b/mail-filter/amavisd-new/files/amavisd.service-r1 new file mode 100644 index 000000000000..038712853551 --- /dev/null +++ b/mail-filter/amavisd-new/files/amavisd.service-r1 @@ -0,0 +1,21 @@ +[Unit] +Description=Amavisd Daemon +Before=postfix.service +After=clamd.service +After=network.target + +[Service] +User=amavis +Group=amavis +ExecStart=/usr/sbin/amavisd -c /etc/amavisd.conf foreground +ExecReload=/usr/sbin/amavisd -c /etc/amavisd.conf reload +PrivateTmp=true +CapabilityBoundingSet= +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +ProtectHome=true +MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target |