diff options
author | Alexander V. Nikolaev <avn@avnik.info> | 2016-01-18 23:10:58 +0200 |
---|---|---|
committer | Alexander V. Nikolaev <avn@avnik.info> | 2016-01-20 14:52:59 +0200 |
commit | 39bd9be5a9dc8d8efe6016e3234302ab027dc4cf (patch) | |
tree | 3326acd976ba70b6782de2ddaea1b4abe5898a13 | |
parent | b4052f0a1e7dd60a900de0c78f6673621b291beb (diff) | |
download | nixlib-39bd9be5a9dc8d8efe6016e3234302ab027dc4cf.tar nixlib-39bd9be5a9dc8d8efe6016e3234302ab027dc4cf.tar.gz nixlib-39bd9be5a9dc8d8efe6016e3234302ab027dc4cf.tar.bz2 nixlib-39bd9be5a9dc8d8efe6016e3234302ab027dc4cf.tar.lz nixlib-39bd9be5a9dc8d8efe6016e3234302ab027dc4cf.tar.xz nixlib-39bd9be5a9dc8d8efe6016e3234302ab027dc4cf.tar.zst nixlib-39bd9be5a9dc8d8efe6016e3234302ab027dc4cf.zip |
postfix: use built-in set-permission tool to setup queue
Make top level /var/lib/postfix as root:root 0755 After generating custom configs in /var/lib/postfix/conf, `postfix set-permissions` called, to perform all required tricks related to queue handling (postfix use file mode bits to keep some internal statuses, so `chmod -R` not recommended by authors, see comments in $out/libexec/postfix/post-install for details) Also post-install script was patched, to skip permission check/update for files inside $out, as well as symlinks following to $NIX_STORE. Config file `main.cf` extended with all default directory locations, to prevent post-install script from guessing and overwrite them. And finally all actions in activation script snippets performed by postmap/postalias/postfix tools from current build, not random one from paths.
-rw-r--r-- | nixos/modules/services/mail/postfix.nix | 37 | ||||
-rw-r--r-- | pkgs/servers/mail/postfix/3.0.nix | 6 | ||||
-rw-r--r-- | pkgs/servers/mail/postfix/post-install-script.patch | 28 |
3 files changed, 62 insertions, 9 deletions
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 6c5d7e92702b..f2d8189de6ef 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -20,6 +20,23 @@ let mail_owner = ${user} default_privs = nobody + # NixOS specific locations + data_directory = /var/lib/postfix/data + queue_directory = /var/lib/postfix/queue + + # Default location of everything in package + meta_directory = ${pkgs.postfix}/etc/postfix + command_directory = ${pkgs.postfix}/bin + sample_directory = /etc/postfix + newaliases_path = ${pkgs.postfix}/bin/newaliases + mailq_path = ${pkgs.postfix}/bin/mailq + readme_directory = no + sendmail_path = ${pkgs.postfix}/bin/sendmail + daemon_directory = ${pkgs.postfix}/libexec/postfix + manpage_directory = ${pkgs.postfix}/share/man + html_directory = ${pkgs.postfix}/share/postfix/doc/html + shlib_directory = no + '' + optionalString config.networking.enableIPv6 '' inet_protocols = all @@ -435,31 +452,35 @@ in mkdir -p /var/lib mv /var/postfix /var/lib/postfix fi - mkdir -p /var/lib/postfix/data /var/lib/postfix/queue/{pid,public,maildrop} - chown -R ${user}:${group} /var/lib/postfix - chown root /var/lib/postfix/queue - chown root /var/lib/postfix/queue/pid - chgrp -R ${setgidGroup} /var/lib/postfix/queue/{public,maildrop} - chmod 770 /var/lib/postfix/queue/{public,maildrop} + # All permissions set according ${pkgs.postfix}/etc/postfix/postfix-files script + mkdir -p /var/lib/postfix /var/lib/postfix/queue/{pid,public,maildrop} + chmod 0755 /var/lib/postfix + chown root:root /var/lib/postfix rm -rf /var/lib/postfix/conf mkdir -p /var/lib/postfix/conf + chmod 0755 /var/lib/postfix/conf + ln -sf ${pkgs.postfix}/etc/postfix/postfix-files ln -sf ${mainCfFile} /var/lib/postfix/conf/main.cf ln -sf ${masterCfFile} /var/lib/postfix/conf/master.cf + ${concatStringsSep "\n" (mapAttrsToList (to: from: '' ln -sf ${from} /var/lib/postfix/conf/${to} - postalias /var/lib/postfix/conf/${to} + ${pkgs.postfix}/bin/postalias /var/lib/postfix/conf/${to} '') cfg.aliasFiles)} ${concatStringsSep "\n" (mapAttrsToList (to: from: '' ln -sf ${from} /var/lib/postfix/conf/${to} - postmap /var/lib/postfix/conf/${to} + ${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/${to} '') cfg.mapFiles)} mkdir -p /var/spool/mail chown root:root /var/spool/mail chmod a+rwxt /var/spool/mail ln -sf /var/spool/mail /var/ + + #Finally delegate to postfix checking remain directories in /var/lib/postfix and set permissions on them + ${pkgs.postfix}/bin/postfix set-permissions config_directory=/var/lib/postfix/conf ''; }; } diff --git a/pkgs/servers/mail/postfix/3.0.nix b/pkgs/servers/mail/postfix/3.0.nix index 73ab8c8116f3..8ccd9f3a3f9a 100644 --- a/pkgs/servers/mail/postfix/3.0.nix +++ b/pkgs/servers/mail/postfix/3.0.nix @@ -35,10 +35,14 @@ in stdenv.mkDerivation rec { ++ lib.optional withMySQL libmysql ++ lib.optional withSQLite sqlite; - patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch ]; + patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch ./post-install-script.patch ]; preBuild = '' sed -e '/^PATH=/d' -i postfix-install + sed -e "s|@PACKAGE@|$out|" -i conf/post-install + + # post-install need skip permissions check/set on all symlinks following to /nix/store + sed -e "s|@NIX_STORE@|$NIX_STORE|" -i conf/post-install export command_directory=$out/sbin export config_directory=/etc/postfix diff --git a/pkgs/servers/mail/postfix/post-install-script.patch b/pkgs/servers/mail/postfix/post-install-script.patch new file mode 100644 index 000000000000..350fbf929b74 --- /dev/null +++ b/pkgs/servers/mail/postfix/post-install-script.patch @@ -0,0 +1,28 @@ +--- a/conf/post-install 1970-01-01 03:00:01.000000000 +0300 ++++ b/conf/post-install 2016-01-20 13:25:18.382233172 +0200 +@@ -254,6 +254,8 @@ + } + + # Bootstrapping problem. ++meta_directory="@PACKAGE@/etc/postfix" ++command_directory="@PACKAGE@/bin" + + if [ -n "$command_directory" ] + then +@@ -528,7 +530,16 @@ + # Skip uninstalled files. + case $path in + no|no/*) continue;; ++ # Skip immutable files from package, correct permissions provided by Nix. ++ @PACKAGE@/*) continue; + esac ++ # Also skip symlinks following to /nix/store ++ if test -L $path; then ++ case "$(readlink $path)" in ++ @NIX_STORE@/*) continue; ++ esac ++ fi ++ + # Pick up the flags. + case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac + case $flags in *c*) create_flag=1;; *) create_flag=;; esac |