commit 39bd9be5a9dc8d8efe6016e3234302ab027dc4cf · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

postfix: use built-in set-permission tool to setup queue

Make top level /var/lib/postfix as root:root 0755

After generating custom configs in /var/lib/postfix/conf,
`postfix set-permissions` called, to perform all required tricks
related to queue handling (postfix use file mode bits to keep
some internal statuses, so `chmod -R` not recommended by authors,
see comments in $out/libexec/postfix/post-install for details)

Also post-install script was patched, to skip permission check/update
for files inside $out, as well as symlinks following to $NIX_STORE.

Config file `main.cf` extended with all default directory locations,
to prevent post-install script from guessing and overwrite them.

And finally all actions in activation script snippets performed
by postmap/postalias/postfix tools from current build, not random one
from paths.

Alexander V. Nikolaev 10 years ago 39bd9be5 b4052f0a

+62 -9

3 changed files

expand all

unified split

nixos

modules

services

mail

postfix.nix

pkgs

servers

mail

postfix

3.0.nix

post-install-script.patch

+29 -8

nixos/modules/services/mail/postfix.nix

··· 20 20 mail_owner = ${user} 21 21 default_privs = nobody 22 22 23 + # NixOS specific locations 24 + data_directory = /var/lib/postfix/data 25 + queue_directory = /var/lib/postfix/queue 26 + 27 + # Default location of everything in package 28 + meta_directory = ${pkgs.postfix}/etc/postfix 29 + command_directory = ${pkgs.postfix}/bin 30 + sample_directory = /etc/postfix 31 + newaliases_path = ${pkgs.postfix}/bin/newaliases 32 + mailq_path = ${pkgs.postfix}/bin/mailq 33 + readme_directory = no 34 + sendmail_path = ${pkgs.postfix}/bin/sendmail 35 + daemon_directory = ${pkgs.postfix}/libexec/postfix 36 + manpage_directory = ${pkgs.postfix}/share/man 37 + html_directory = ${pkgs.postfix}/share/postfix/doc/html 38 + shlib_directory = no 39 + 23 40 '' 24 41 + optionalString config.networking.enableIPv6 '' 25 42 inet_protocols = all ··· 435 452 mkdir -p /var/lib 436 453 mv /var/postfix /var/lib/postfix 437 454 fi 438 - mkdir -p /var/lib/postfix/data /var/lib/postfix/queue/{pid,public,maildrop} 439 455 440 - chown -R ${user}:${group} /var/lib/postfix 441 - chown root /var/lib/postfix/queue 442 - chown root /var/lib/postfix/queue/pid 443 - chgrp -R ${setgidGroup} /var/lib/postfix/queue/{public,maildrop} 444 - chmod 770 /var/lib/postfix/queue/{public,maildrop} 456 + # All permissions set according ${pkgs.postfix}/etc/postfix/postfix-files script 457 + mkdir -p /var/lib/postfix /var/lib/postfix/queue/{pid,public,maildrop} 458 + chmod 0755 /var/lib/postfix 459 + chown root:root /var/lib/postfix 445 460 446 461 rm -rf /var/lib/postfix/conf 447 462 mkdir -p /var/lib/postfix/conf 463 + chmod 0755 /var/lib/postfix/conf 464 + ln -sf ${pkgs.postfix}/etc/postfix/postfix-files 448 465 ln -sf ${mainCfFile} /var/lib/postfix/conf/main.cf 449 466 ln -sf ${masterCfFile} /var/lib/postfix/conf/master.cf 467 + 450 468 ${concatStringsSep "\n" (mapAttrsToList (to: from: '' 451 469 ln -sf ${from} /var/lib/postfix/conf/${to} 452 - postalias /var/lib/postfix/conf/${to} 470 + ${pkgs.postfix}/bin/postalias /var/lib/postfix/conf/${to} 453 471 '') cfg.aliasFiles)} 454 472 ${concatStringsSep "\n" (mapAttrsToList (to: from: '' 455 473 ln -sf ${from} /var/lib/postfix/conf/${to} 456 - postmap /var/lib/postfix/conf/${to} 474 + ${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/${to} 457 475 '') cfg.mapFiles)} 458 476 459 477 mkdir -p /var/spool/mail 460 478 chown root:root /var/spool/mail 461 479 chmod a+rwxt /var/spool/mail 462 480 ln -sf /var/spool/mail /var/ 481 + 482 + #Finally delegate to postfix checking remain directories in /var/lib/postfix and set permissions on them 483 + ${pkgs.postfix}/bin/postfix set-permissions config_directory=/var/lib/postfix/conf 463 484 ''; 464 485 }; 465 486 }

+5 -1

pkgs/servers/mail/postfix/3.0.nix

··· 35 35 ++ lib.optional withMySQL libmysql 36 36 ++ lib.optional withSQLite sqlite; 37 37 38 - patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch ]; 38 + patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch ./post-install-script.patch ]; 39 39 40 40 preBuild = '' 41 41 sed -e '/^PATH=/d' -i postfix-install 42 + sed -e "s|@PACKAGE@|$out|" -i conf/post-install 43 + 44 + # post-install need skip permissions check/set on all symlinks following to /nix/store 45 + sed -e "s|@NIX_STORE@|$NIX_STORE|" -i conf/post-install 42 46 43 47 export command_directory=$out/sbin 44 48 export config_directory=/etc/postfix

+28

pkgs/servers/mail/postfix/post-install-script.patch

··· 1 + --- a/conf/post-install 1970-01-01 03:00:01.000000000 +0300 2 + +++ b/conf/post-install 2016-01-20 13:25:18.382233172 +0200 3 + @@ -254,6 +254,8 @@ 4 + } 5 + 6 + # Bootstrapping problem. 7 + +meta_directory="@PACKAGE@/etc/postfix" 8 + +command_directory="@PACKAGE@/bin" 9 + 10 + if [ -n "$command_directory" ] 11 + then 12 + @@ -528,7 +530,16 @@ 13 + # Skip uninstalled files. 14 + case $path in 15 + no|no/*) continue;; 16 + + # Skip immutable files from package, correct permissions provided by Nix. 17 + + @PACKAGE@/*) continue; 18 + esac 19 + + # Also skip symlinks following to /nix/store 20 + + if test -L $path; then 21 + + case "$(readlink $path)" in 22 + + @NIX_STORE@/*) continue; 23 + + esac 24 + + fi 25 + + 26 + # Pick up the flags. 27 + case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac 28 + case $flags in *c*) create_flag=1;; *) create_flag=;; esac