Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sendmail for openSUSE:Factory
checked in at 2022-10-10 18:43:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sendmail (Old)
and /work/SRC/openSUSE:Factory/.sendmail.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sendmail"
Mon Oct 10 18:43:08 2022 rev:112 rq:1008186 version:8.17.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/sendmail/sendmail.changes 2022-02-04
00:46:09.149184354 +0100
+++ /work/SRC/openSUSE:Factory/.sendmail.new.2275/sendmail.changes
2022-10-10 18:43:14.882698895 +0200
@@ -1,0 +2,33 @@
+Fri Sep 16 14:06:55 UTC 2022 - Dr. Werner Fink <wer...@suse.de>
+
+- Do not start sendmail-client as user mail as this one is not
+ allowed to check port smtp aka 25
+- Fix sm-client.pre script as ports are not only numbers but
+ also alias names
+
+-------------------------------------------------------------------
+Fri Sep 16 13:26:12 UTC 2022 - Dr. Werner Fink <wer...@suse.de>
+
+- Rework system service unit files
+ * sendmail-client now use user and group mail which requires
+ * /etc/mail/system/ becomes readable by all users e.g. mail
+ * sendmail now uses -bD to avoid a fork, this requires Type=exec
+- Various bug fixes
+- Require user and group mail for post and verify scriptlets
+- Add a %ghost for /run/sendmail whic his created by
+ tmpfile systemd configuration of sendmail
+
+-------------------------------------------------------------------
+Tue Sep 6 09:12:58 UTC 2022 - Ludwig Nussel <lnus...@suse.de>
+
+- Own /var/spool/mail (boo#1179574)
+
+-------------------------------------------------------------------
+Thu Jul 14 08:23:00 UTC 2022 - Dr. Werner Fink <wer...@suse.de>
+
+- Avoid older alias.db
+- Avoid that sendmail can not write its pid file
+- Allow sendmail and its helper like maildrop and procmail
+ to write into the users mail folder
+
+-------------------------------------------------------------------
Old:
----
sendmail.systemd
New:
----
sendmail.tmpfiles
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sendmail.spec ++++++
--- /var/tmp/diff_new_pack.yQJQ9V/_old 2022-10-10 18:43:15.886701056 +0200
+++ /var/tmp/diff_new_pack.yQJQ9V/_new 2022-10-10 18:43:15.894701073 +0200
@@ -88,6 +88,8 @@
Requires(pre): group(mail)
Requires(pre): user(mail)
%endif
+Requires(post): group(mail)
+Requires(post): user(mail)
Requires(post): %fillup_prereq
Requires(post): coreutils
Requires(post): permissions
@@ -95,6 +97,8 @@
Requires(posttrans):coreutils
Requires(posttrans):findutils
Requires(posttrans):m4
+Requires(verify):group(mail)
+Requires(verify):user(mail)
Requires(verify):permissions
%{?systemd_ordering}
Conflicts: postfix
@@ -112,8 +116,8 @@
Source3: sendmail-client.path
Source4: sendmail.service
Source5: sendmail-client.service
-Source6: sendmail.systemd
-Source7: sendmail-client.systemd
+Source6: sendmail-client.systemd
+Source7: sendmail.tmpfiles
Source42: ftp://ftp.sendmail.org/pub/sendmail/PGPKEYS#/%{name}.keyring
Source43:
ftp://ftp.sendmail.org/pub/sendmail/%{name}.%{version}.tar.gz.sig
# PATCH-FIX-OPENSUSE: Add our m4 extensions and maintenance scripts
@@ -331,9 +335,13 @@
mkdir -p %{buildroot}%{_mandir}/man5
mkdir -p %{buildroot}%{_mandir}/man8
mkdir -p %{buildroot}%{_fillupdir}
+ mkdir -p %{buildroot}/var/spool/mail
+ ln -s spool/mail %{buildroot}/var/mail
%if %{without sysvinit}
mkdir -p %{buildroot}%{_unitdir}
mkdir -p %{buildroot}%{_mailcnfdir}/system
+ chmod 0755 %{buildroot}%{_mailcnfdir}/system
+ mkdir -p %{buildroot}%{_tmpfilesdir}
%endif
make \
DESTDIR=%{buildroot} \
@@ -519,10 +527,8 @@
install -m 0644 %{S:3} %{buildroot}%{_unitdir}/
install -m 0644 %{S:4} %{buildroot}%{_unitdir}/
install -m 0644 %{S:5} %{buildroot}%{_unitdir}/
- install -m 0644 %{S:6} %{buildroot}%{_mailcnfdir}/system/sm.pre
- install -m 0644 %{S:7} %{buildroot}%{_mailcnfdir}/system/sm-client.pre
- chmod 0755 %{buildroot}%{_mailcnfdir}/system/sm.pre
- chmod 0755 %{buildroot}%{_mailcnfdir}/system/sm-client.pre
+ install -m 0755 %{S:6} %{buildroot}%{_mailcnfdir}/system/sm-client.pre
+ install -m 0644 %{S:7} %{buildroot}%{_tmpfilesdir}/sendmail.conf
%endif
#
# Documentation for libmilter
@@ -535,9 +541,6 @@
rm -f %{buildroot}%{_sysconfdir}/aliases %{buildroot}%{_mailcnfdir}/*.db
rm -f %{buildroot}%{_mailcnfdir}/*/*.db
-%clean
-rm -rf %{buildroot}
-
%if %{defined verify_permissions}
%verifyscript
%if %{with sysvinit}
@@ -548,6 +551,8 @@
%verify_permissions -e %{_sysconfdir}/sendmail.cf
%if %{with sysvinit}
%verify_permissions -e %{_sysconfdir}/init.d/sendmail
+%else
+%verify_permissions -e %{_mailcnfdir}/system/
%endif
%verify_permissions -e %{_mailcnfdir}/auth/
%verify_permissions -e %{_mailcnfdir}/certs/
@@ -558,6 +563,7 @@
%endif
%post
+%{?tmpfiles_create:%tmpfiles_create %{_prefix}/lib/tmpfiles.d/sendmail.conf}
# Trigger rebuild of old db's
for db in /etc/aliases.db /etc/aliases.d/*.db /etc/mail/*.db /etc/mail/*/*.db
; do
test -e "$db" || continue
@@ -579,6 +585,10 @@
:skip
N
}' /etc/sysconfig/sendmail
+ #
+ # For sendmail we use -bD aka listen on port 25 but do not become a daemon
+ #
+ sed -ri '/(SENDMAIL_ARGS|Default:)/{s/-bd/-bD/g}' /etc/sysconfig/sendmail
fi
%{fillup_only -an mail}
%if %{with sysvinit}
@@ -602,6 +612,8 @@
%set_permissions %{_sysconfdir}/sendmail.cf
%if %{with sysvinit}
%set_permissions %{_sysconfdir}/init.d/sendmail
+%else
+%set_permissions %{_mailcnfdir}/system/
%endif
%set_permissions %{_mailcnfdir}/auth/
%set_permissions %{_mailcnfdir}/certs/
@@ -653,7 +665,8 @@
%dir %attr(0750,root,root) %{_mailcnfdir}/auth/
%dir %attr(0750,root,root) %{_mailcnfdir}/certs/
%if %{without sysvinit}
-%dir %attr(0750,root,root) %{_mailcnfdir}/system/
+%dir %attr(0755,root,root) %{_mailcnfdir}/system/
+%ghost /run/sendmail/
%endif
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sendmail.cf
# %{_sysconfdir}/aliases is part of netcfg
@@ -695,8 +708,8 @@
%config %attr(0644,root,root) %{_unitdir}/sendmail-client.path
%config %attr(0644,root,root) %{_unitdir}/sendmail.service
%config %attr(0644,root,root) %{_unitdir}/sendmail-client.service
-%config %attr(0755,root,root) %{_mailcnfdir}/system/sm.pre
%config %attr(0755,root,root) %{_mailcnfdir}/system/sm-client.pre
+%attr(0644,root,root) %{_tmpfilesdir}/sendmail.conf
%endif
%{_bindir}/hoststat
%{_bindir}/mailq
@@ -731,6 +744,10 @@
%attr(2555,root,mail) %{_sbindir}/sendmail
%{_sbindir}/sendmail.nissl
%{_sbindir}/rcsendmail*
+%if 0%{?suse_version} > 1140
+%dir %attr(1777,root,root) /var/spool/mail/
+%endif
+/var/mail
%files devel
%defattr(-,root,root)
++++++ sendmail-client.path ++++++
--- /var/tmp/diff_new_pack.yQJQ9V/_old 2022-10-10 18:43:15.938701168 +0200
+++ /var/tmp/diff_new_pack.yQJQ9V/_new 2022-10-10 18:43:15.942701176 +0200
@@ -14,6 +14,7 @@
[Unit]
Description=Sendmail Client Mail Queue Watcher
Before=mail-transfer-agent.target
+After=systemd-tmpfiles-setup.service
[Path]
DirectoryNotEmpty=/var/spool/clientmqueue
++++++ sendmail-client.service ++++++
--- /var/tmp/diff_new_pack.yQJQ9V/_old 2022-10-10 18:43:15.962701219 +0200
+++ /var/tmp/diff_new_pack.yQJQ9V/_new 2022-10-10 18:43:15.966701228 +0200
@@ -14,14 +14,22 @@
Description=Sendmail Mail Transport Client
Requires=sendmail.service
After=sendmail.service
+After=systemd-tmpfiles-setup.service
Wants=mail-transfer-agent.target
Before=mail-transfer-agent.target
ConditionDirectoryNotEmpty=|/var/spool/clientmqueue
+JoinsNamespaceOf=sendmail.service
[Service]
+Group=mail
+ReadWritePaths=-/var/spool/clientmqueue
+ReadWritePaths=-/var/spool/clientmqueue/sm-client.pid
+ReadOnlyPaths=-/etc/mail/system/sm-client.pre
+ExecPaths=-/etc/mail/system/sm-client.pre
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
+# Do never do this as maildrop or procmail can not deliver mails anymore
#ProtectHome=read-only
PrivateDevices=true
ProtectHostname=true
@@ -34,6 +42,7 @@
# end of automatic additions
Type=forking
Restart=on-success
+# Note that PIDFile as it has wrong format and also shows timing problems
PIDFile=/var/spool/clientmqueue/sm-client.pid
ExecStartPre=-/etc/mail/system/sm-client.pre
Environment="SENDMAIL_CLIENT_ARGS=-L sendmail-client -Ac -qp30m"
++++++ sendmail-client.systemd ++++++
--- /var/tmp/diff_new_pack.yQJQ9V/_old 2022-10-10 18:43:15.982701263 +0200
+++ /var/tmp/diff_new_pack.yQJQ9V/_new 2022-10-10 18:43:15.986701271 +0200
@@ -14,7 +14,7 @@
pidfile=/var/spool/clientmqueue/sm-client.pid
typeset -i timeout=1000
-typeset -i port=25
+typeset port=smtp
for cfg in /etc/sendmail.cf /etc/mail/sendmail.cf ; do
test -s $cfg && break
@@ -30,19 +30,6 @@
done
#
-# Create /var/run/sendmail if not exit
-#
-if test ! -d /var/run ; then
- if test -d /run ; then
- /bin/ln -sf /run /var/run
- else
- /bin/mkdir -m 0755 /var/run
- fi
-fi
-test -d /var/run/sendmail || /bin/mkdir --mode 1750 /var/run/sendmail
-test -x /usr/bin/chkstat && /usr/bin/chkstat -n --set --system
/var/run/sendmail
-
-#
# Some default permissions
#
/bin/touch $pidfile
@@ -68,6 +55,7 @@
for opt in ${PortOpts//,/ } ; do
case "${opt%=*}" in
[Pp]ort) port=${opt#*=}
+ break ;;
esac
done
unset opt
++++++ sendmail-rpmlintrc ++++++
--- /var/tmp/diff_new_pack.yQJQ9V/_old 2022-10-10 18:43:16.006701314 +0200
+++ /var/tmp/diff_new_pack.yQJQ9V/_new 2022-10-10 18:43:16.010701323 +0200
@@ -1,21 +1,17 @@
addFilter(".*hidden-file-or-dir.*/var/spool/mqueue/\.hoststat.*")
-addFilter(".*executable-sourced-script.*/sbin/conf\.d/SuSEconfig\.sendmail.*")
-addFilter(".*non-etc-or-var-file-marked-as-conffile.*/sbin/conf\.d/SuSEconfig\.sendmail.*")
addFilter(".*non-etc-or-var-file-marked-as-conffile.*/lib/systemd/system/.*")
-addFilter(".*sourced-script-with-shebang.*/sbin/conf\.d/SuSEconfig\.sendmail.*")
addFilter(".*zero-length.*/var/spool/clientmqueue/sm-client\.st.*")
addFilter(".*zero-length.*/var/lib/sendmail/statistics.*")
-addFilter(".*no-manual-page-for-binary.*hoststat.*")
-addFilter(".*no-manual-page-for-binary.*rcsendmail.*")
-addFilter(".*no-manual-page-for-binary.*purgestat.*")
-addFilter(".*no-manual-page-for-binary.*sendmail.nissl.*")
addFilter(".*macro-in-comment.*")
addFilter(".*self-obsoletion.*")
addFilter(".*non-conffile-in-etc.*/etc/mail/README.*")
-addFilter(".*no-manual-page-for-binary.*config.sendmail.*")
addFilter(".*name-repeated-in-summary.*")
addFilter(".*binary-or-shlib-calls-gethostbyname.*")
-addFilter(".*sendmail-devel.*no-dependency-on.*sendmail.*")
addFilter(".*explicit-lib-dependency.*libmilter1_0.*")
-addFilter(".*W:.*explicit-lib-dependency.*libnss_usrfiles2.*")
+addFilter(".*standard-dir-owned-by-package.*/var/spool/mail.*")
+addFilter(".*W:.*permissions-dir-without-slash.*")
+addFilter(".*E:.*obsolete-suse-version-check.*")
+addFilter(".*E:.*world-writable-unauthorized-file.*/var/spool/mail.*")
+addFilter(".*E:.*filelist-forbidden-fhs23.*/var/mail.*")
+addFilter(".*E:.*explicit-lib-dependency.*libnss_usrfiles2.*")
++++++ sendmail-suse.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sendmail-suse/suse/permissions
new/sendmail-suse/suse/permissions
--- old/sendmail-suse/suse/permissions 2021-05-28 14:39:03.262647401 +0200
+++ new/sendmail-suse/suse/permissions 2022-09-16 15:24:31.144042570 +0200
@@ -3,9 +3,10 @@
/etc/init.d/sendmail root:root 0744
/etc/mail/auth/ root:root 0750
/etc/mail/certs/ root:root 0750
+/etc/mail/system/ root:root 0755
/var/spool/clientmqueue/ mail:mail 0770
/var/spool/mqueue/ root:root 0700
@@EXECPREFIX@@/sendmail.d/bin/ root:root 0755
@@EXECPREFIX@@/sendmail.d/bin/smrsh root:root 0511
@@EXECPREFIX@@/sendmail.d/bin/mail.local root:root 0511
-@@VARRUN@@/sendmail root:root 1750
+@@VARRUN@@/sendmail root:mail 0750
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sendmail-suse/suse/permissions.paranoid
new/sendmail-suse/suse/permissions.paranoid
--- old/sendmail-suse/suse/permissions.paranoid 2021-06-04 14:42:19.620081993
+0200
+++ new/sendmail-suse/suse/permissions.paranoid 2022-09-16 15:09:35.383851878
+0200
@@ -3,9 +3,10 @@
/etc/init.d/sendmail root:root 0744
/etc/mail/auth/ root:root 0750
/etc/mail/certs/ root:root 0750
+/etc/mail/system/ root:root 0755
/var/spool/clientmqueue/ mail:mail 0750
/var/spool/mqueue/ root:root 0700
@@EXECPREFIX@@/sendmail.d/bin/ root:root 0755
@@EXECPREFIX@@/sendmail.d/bin/smrsh root:root 0511
@@EXECPREFIX@@/sendmail.d/bin/mail.local root:root 0511
-@@VARRUN@@/sendmail root:root 1750
+@@VARRUN@@/sendmail root:mail 0750
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sendmail-suse/suse/sysconfig.sendmail
new/sendmail-suse/suse/sysconfig.sendmail
--- old/sendmail-suse/suse/sysconfig.sendmail 2021-01-27 09:53:08.772096987
+0100
+++ new/sendmail-suse/suse/sysconfig.sendmail 2022-09-16 13:57:25.080594748
+0200
@@ -81,19 +81,21 @@
USE_ACCESS_DB="yes"
## Type: string
-## Default: "-L sendmail -Am -bd -q30m -om"
+## Default: "-L sendmail -Am -bD -q30m -om"
## Command: /usr/libexec/sendmail.d/update
#
# with what parameters should sendmail be started?
-# normal sites use "-Am -bd -q30m -om".
+# normal sites use "-Am -bD -q30m -om".
# "-Am" will force sendmail to use sendmail.cf. "-q30m" will look every 30
# minutes to re-try sending failed email. "-bd" will start sendmail in daemon
# mode and sendmail will accept email over the network from other hosts.
+# NOTE that "-bD" also listen for email but does not become a daemon,
+# useful for systemd service.
# If you set SENDMAIL_EXPENSIVE and you have a dialup ISDN connection,
-# you probably want to set this to "-bd -om" and run "sendmail -q"
+# you probably want to set this to "-bD -om" and run "sendmail -q"
# from your crontab.
#
-SENDMAIL_ARGS="-L sendmail -Am -bd -q30m -om"
+SENDMAIL_ARGS="-L sendmail -Am -bD -q30m -om"
## Type: string
## Default: "-L sendmail-client -Ac -qp1m"
++++++ sendmail.service ++++++
--- /var/tmp/diff_new_pack.yQJQ9V/_old 2022-10-10 18:43:16.142701607 +0200
+++ /var/tmp/diff_new_pack.yQJQ9V/_new 2022-10-10 18:43:16.146701616 +0200
@@ -18,6 +18,7 @@
After=var-run.mount nss-lookup.target network.target local-fs.target
Wants=time-sync.target nss-user-lookup.target
After=time-sync.target nss-user-lookup.target
+After=systemd-tmpfiles-setup.service
After=amavis.service cyrus.service ldap.service nscd.service ypbind.service
saslauthd.service
Wants=sendmail-client.service
Before=sendmail-client.service
@@ -25,10 +26,21 @@
Conflicts=postfix.service exim.service
[Service]
+Group=mail
+ReadWritePaths=-/run/sendmail
+ReadWritePaths=-/run/sendmail.pid
+ReadWritePaths=-/var/run/sendmail
+ReadWritePaths=-/var/run/sendmail.pid
+ReadWritePaths=-/var/spool/mail
+ReadWritePaths=-/var/spool/mqueue
+ReadWritePaths=-/var/mail
+ReadWritePaths=-/etc/aliases.db
+ReadWritePaths=-/etc/mail/aliases.db
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
-ProtectHome=read-only
+# Do never do this as maildrop or procmail can not deliver mails anymore
+#ProtectHome=read-only
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
@@ -38,12 +50,14 @@
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
-Type=forking
+# Works only with -bD but not with -bd
+Type=exec
Restart=on-success
-PIDFile=/var/run/sendmail.pid
+# No PIDFile as it has wrong format and also shows timing problems,
+# use -bD instead of -bd to avoid forking main service process
ExecStartPre=-/bin/echo 'Initializing SMTP port (sendmail)'
-ExecStartPre=-/etc/mail/system/sm.pre
-Environment="SENDMAIL_ARGS=-L sendmail -Am -bd -q30m -om"
+ExecStartPre=-/bin/sh -c 'make -C /etc/mail'
+Environment="SENDMAIL_ARGS=-L sendmail -Am -bD -q30m -om"
EnvironmentFile=-/etc/sysconfig/mail
EnvironmentFile=-/etc/sysconfig/sendmail
ExecStart=/usr/sbin/sendmail $SENDMAIL_ARGS
++++++ sendmail.tmpfiles ++++++
d /run/sendmail 0750 root mail -
