Hello Brian May, Thanks for your quick followup on this.
On Tue, Feb 04, 2020 at 08:16:54AM +1100, Brian May wrote: > I have no objection to this other then technical issues. Plus the lack > of time on my behalf. I'm happy to help if you can provide the testing and review (as I don't personally use amavisd-new myself). I'm quite sure we can also get additional help from pkg-systemd-maintainers if they're asked to comment. > > I tried making this change, and found it appears to be incomplete, > lintian complains with the following errors: Yes I also noticed that the patch (as described, although not super obviously) only provides a service masking the amavis init script. This is however better than nothing. I hope we can make progress by not letting perfect be the enemy of good. > > E: amavisd-new: omitted-systemd-service-for-init.d-script amavis-mc > E: amavisd-new: omitted-systemd-service-for-init.d-script > amavisd-snmp-subagent > > Maybe we need some sort of disabled by default systemd file for these > services too? Preferably yes. I found that fedora packaging already contains a couple of service files that likely needs some minor tweaking (e.g. make the service file name match the debian init script name) to be proper substitutes for the debian init scripts, see: https://src.fedoraproject.org/rpms/amavis/tree/master (The debian amavisd-snmp-subagent init script also does something funky launching different daemon binaries depending on a variable setting which isn't replicated and I'm not sure how to accomplish or if it's even desired. A drop-in snippet overriding the ExecStart line is probably better if/when someone wants to change the command being used to start the daemon.) There's still one needed for amavis-mc, but it should follow the same style as the two others there. The security hardening settings (after the Restart=... line) need careful review so I'd suggest just dropping those for now until someone with intimate knowledge about the service can add them. The best would be if upstream could provide a set of recommended service files (including security hardening settings). Regards, Andreas Henriksson
