mail-filter/amavisd-new: new revision to clean up auxiliary init scripts.

  * Two new service scripts for amavisd-snmp-agent{,-zmq}. Prior, both
    of these programs were installed, but had only a single service
    script which tried to figure out what to do at runtime. The new
    way is cleaner, doesn't rely on bashisms (bug 630896), and fixes
    a security issue (bug 630898).

  * A new OpenRC service script for amavis-mc. This fixes an
    unreported (to Gentoo, anyway) security issue. This program can
    create its PID file only after dropping privileges, which makes it
    unsafe for OpenRC to later "kill" it. The new script runs the
    program in the foreground and lets OpenRC (safely) handle the
    bookkeeping.

Closes: https://bugs.gentoo.org/630896
Bug: https://bugs.gentoo.org/630898
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

4 files changed, 267 insertions, 0 deletions

diff --git a/mail-filter/amavisd-new/amavisd-new-2.11.1-r2.ebuild b/mail-filter/amavisd-new/amavisd-new-2.11.1-r2.ebuild
new file mode 100644
index 000000000000..1767bdefc4a6
--- /dev/null
+++ b/mail-filter/amavisd-new/amavisd-new-2.11.1-r2.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit systemd user
+
+DESCRIPTION="High-performance interface between the MTA and content checkers"
+HOMEPAGE="https://gitlab.com/amavis/amavis"
+SRC_URI="${HOMEPAGE}/-/archive/${P}/amavis-${P}.tar.gz"
+
+LICENSE="GPL-2 BSD-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE="clamav courier dkim ldap mysql postgres qmail razor snmp spamassassin zmq"
+
+DEPEND=">=sys-apps/sed-4
+	>=dev-lang/perl-5.10.0"
+
+RDEPEND="${DEPEND}
+	>=sys-apps/coreutils-5.0-r3
+	app-arch/cpio
+	app-arch/gzip
+	app-arch/bzip2
+	app-arch/arc
+	app-arch/cabextract
+	app-arch/freeze
+	app-arch/lha
+	app-arch/lrzip
+	app-arch/lzop
+	app-arch/ncompress
+	app-arch/p7zip
+	app-arch/pax
+	app-arch/unarj
+	app-arch/unrar
+	app-arch/xz-utils
+	app-arch/zoo
+	net-mail/ripole
+	>=dev-perl/Archive-Zip-1.14
+	>=virtual/perl-IO-Compress-1.35
+	>=virtual/perl-Compress-Raw-Zlib-2.017
+	net-mail/tnef
+	virtual/perl-MIME-Base64
+	>=dev-perl/MIME-tools-5.415
+	>=dev-perl/MailTools-1.58
+	>=dev-perl/Net-Server-0.91
+	virtual/perl-Digest-MD5
+	dev-perl/IO-stringy
+	virtual/perl-IO-Socket-IP
+	>=virtual/perl-Time-HiRes-1.49
+	dev-perl/Unix-Syslog
+	dev-perl/Net-LibIDN
+	dev-perl/File-LibMagic
+	>=sys-libs/db-4.4.20
+	dev-perl/BerkeleyDB
+	dev-perl/Convert-BinHex
+	>=dev-perl/Mail-DKIM-0.31
+	virtual/perl-File-Temp
+	dev-perl/Net-SSLeay
+	dev-perl/IO-Socket-SSL
+	virtual/mta
+	clamav? ( app-antivirus/clamav )
+	ldap? ( >=dev-perl/perl-ldap-0.33 )
+	mysql? ( dev-perl/DBD-mysql )
+	postgres? ( dev-perl/DBD-Pg )
+	razor? ( mail-filter/razor )
+	snmp? ( net-analyzer/net-snmp[perl] )
+	spamassassin? ( mail-filter/spamassassin dev-perl/Image-Info )
+	zmq? ( dev-perl/ZMQ-LibZMQ3 )"
+
+AMAVIS_ROOT="/var/amavis"
+S="${WORKDIR}/amavis-${P}"
+
+pkg_setup() {
+	# Create the user beforehand so that we can install the config file
+	# (and some directories) with group "amavis" in src_install().
+	enewgroup amavis
+	enewuser amavis -1 -1 "${AMAVIS_ROOT}" amavis
+}
+
+src_prepare() {
+	# amavisd-new version 2.11.0 breaks DKIM signing of outbound mail,
+	# see https://bugs.gentoo.org/603582
+	eapply "${FILESDIR}/amavisd-2.11.0-dkim.patch"
+
+	if use courier ; then
+		eapply -p0 amavisd-new-courier.patch
+	fi
+
+	if use qmail ; then
+		eapply -p0 amavisd-new-qmqpqq.patch
+	fi
+
+	# We need to fix the daemon_user and daemon_group in amavis-mc even
+	# though we're going to run it in the foreground, because it calls
+	# "drop_priv" unconditionally and will crash if its user/group
+	# doesn't exist.
+	sed -i  \
+		-e '/daemon/s/vscan/amavis/' \
+		-e "s:'/var/virusmails':\"\$MYHOME/quarantine\":" \
+		"${S}/amavisd.conf" "${S}/amavis-mc" || die "missing conf file"
+
+	if ! use dkim ; then
+		sed -i -e '/enable_dkim/s/1/0/' "${S}/amavisd.conf" \
+			|| die "missing conf file - dkim"
+	fi
+
+	if use zmq ; then
+		sed -i -e '/enable_zmq/s/# //' "${S}/amavisd.conf" \
+			|| die "missing conf file - zmq"
+	fi
+
+	if ! use spamassassin ; then
+		sed -i -e \
+			"/^#[[:space:]]*@bypass_spam_checks_maps[[:space:]]*=[[:space:]]*(1)/s/^#//" \
+			"${S}/amavisd.conf" || die "missing conf file - sa"
+	fi
+
+	eapply_user
+}
+
+src_install() {
+	dosbin amavisd{,-agent,-nanny,-release,-signer,-status}
+	dobin p0f-analyzer.pl amavisd-submit
+
+	if use snmp ; then
+		dosbin amavisd-snmp-subagent
+		newinitd "${FILESDIR}/amavisd-snmp-subagent.initd" \
+				 amavisd-snmp-subagent
+		dodoc AMAVIS-MIB.txt
+
+		if use zmq ; then
+			dosbin amavisd-snmp-subagent-zmq
+			newinitd "${FILESDIR}/amavisd-snmp-subagent-zmq.initd" \
+					 amavisd-snmp-subagent-zmq
+		fi
+	fi
+
+	if use zmq ; then
+		dosbin amavis-services amavis-mc
+		newinitd "${FILESDIR}/amavis-mc.initd-r1" amavis-mc
+	fi
+
+	if use ldap ; then
+		dodir /etc/openldap/schema
+		insinto /etc/openldap/schema
+		newins LDAP.schema "${PN}.schema"
+	fi
+
+	# The config file should be root:amavis so that the amavis user can
+	# read (only) it after dropping privileges. And of course he should
+	# own everything in his home directory.
+	insinto /etc
+	insopts -m0640 -g amavis
+	doins amavisd.conf
+
+	# Implementation detail? Keepdir calls dodir under the hood.
+	diropts -o amavis -g amavis
+	keepdir "${AMAVIS_ROOT}"/{,db,quarantine,tmp,var}
+
+	# BEWARE:
+	#
+	# Anything below this line is using the mangled insopts/diropts from
+	# above!
+	#
+
+	newinitd "${FILESDIR}/amavisd.initd-r2" amavisd
+
+	systemd_newunit "${FILESDIR}/amavisd.service-r1" amavisd.service
+
+	dodoc AAAREADME.first INSTALL MANIFEST RELEASE_NOTES TODO \
+		amavisd.conf-default amavisd-custom.conf
+
+	docinto README_FILES
+	dodoc README_FILES/README*
+	dodoc -r README_FILES/*.{html,css}
+	docinto README_FILES/images
+	dodoc README_FILES/images/*.png
+	docinto README_FILES/images/callouts
+	dodoc README_FILES/images/callouts/*.png
+
+	docinto test-messages
+	dodoc test-messages/README
+	dodoc test-messages/sample.tar.gz.compl
+}
+
+pkg_preinst() {
+	# TODO: the following is done as root, but should probably be done
+	# as the amavis user.
+	if use razor ; then
+		if [ ! -d "${ROOT}${AMAVIS_ROOT}/.razor" ] ; then
+			elog "Setting up initial razor config files..."
+
+			razor-admin -create -home="${D}/${AMAVIS_ROOT}/.razor"
+			sed -i -e "s:debuglevel\([ ]*\)= .:debuglevel\1= 0:g" \
+				"${D}/${AMAVIS_ROOT}/.razor/razor-agent.conf" || die
+		fi
+	fi
+}
diff --git a/mail-filter/amavisd-new/files/amavis-mc.initd-r1 b/mail-filter/amavisd-new/files/amavis-mc.initd-r1
new file mode 100644
index 000000000000..6343d4255c4c
--- /dev/null
+++ b/mail-filter/amavisd-new/files/amavis-mc.initd-r1
@@ -0,0 +1,18 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+command="/usr/sbin/amavis-mc"
+pidfile="/run/${RC_SVCNAME}.pid"
+
+# Let OpenRC background this, because otherwise it will write its PID
+# file after dropping privileges which presents a security issue when
+# we go to `kill` the thing as root.
+command_args="-f"
+command_background="true"
+command_user="amavis:amavis"
+
+depend() {
+  use logger
+  before amavisd-new snmpd
+}
diff --git a/mail-filter/amavisd-new/files/amavisd-snmp-subagent-zmq.initd b/mail-filter/amavisd-new/files/amavisd-snmp-subagent-zmq.initd
new file mode 100644
index 000000000000..7482a3f1d20b
--- /dev/null
+++ b/mail-filter/amavisd-new/files/amavisd-snmp-subagent-zmq.initd
@@ -0,0 +1,26 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+command="/usr/sbin/amavisd-snmp-subagent-zmq"
+pidfile="/run/${RC_SVCNAME}.pid"
+
+# The RELEASE_NOTES say "it is safe to run it as root, although
+# perhaps not necessary." I'm not in a position to test, but I bet
+# it's safe to run this as amavis:amavis. Since the program itself
+# doesn't have the ability to drop privileges, we'd have to let OpenRC
+# do that; and in that case, the easiest way to deal with the PID file
+# is to let OpenRC handle that, too.
+#
+# Thus as a means of future-proofing, we run $command in the
+# foreground, and let OpenRC background it and write a PID file. So
+# if somebody wants to try command_user="amavis:amavis" here, it might
+# just work.
+command_args="-f"
+command_background="true"
+
+depend() {
+  use logger
+  before amavisd-new snmpd
+  need amavis-mc
+}
diff --git a/mail-filter/amavisd-new/files/amavisd-snmp-subagent.initd b/mail-filter/amavisd-new/files/amavisd-snmp-subagent.initd
new file mode 100644
index 000000000000..84784b619e2b
--- /dev/null
+++ b/mail-filter/amavisd-new/files/amavisd-snmp-subagent.initd
@@ -0,0 +1,25 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+command="/usr/sbin/amavisd-snmp-subagent"
+pidfile="/run/${RC_SVCNAME}.pid"
+
+# The RELEASE_NOTES say "it is safe to run it as root, although
+# perhaps not necessary." I'm not in a position to test, but I bet
+# it's safe to run this as amavis:amavis. Since the program itself
+# doesn't have the ability to drop privileges, we'd have to let OpenRC
+# do that; and in that case, the easiest way to deal with the PID file
+# is to let OpenRC handle that, too.
+#
+# Thus as a means of future-proofing, we run $command in the
+# foreground, and let OpenRC background it and write a PID file. So
+# if somebody wants to try command_user="amavis:amavis" here, it might
+# just work.
+command_args="-f"
+command_background="true"
+
+depend() {
+  use logger
+  before amavisd-new snmpd
+}