Thank you for this detailed analysis that goes far above and beyond what
one can reasonably expect! I did not expect the issue to be caused by the
patches specific to Red Hat, otherwise I wouldn't have bothered you with
this.
--On 7. Februar 2018 um 15:22:24 -0800 Mark Sapiro <m...@msapiro.net> wrote:
On 02/07/2018 01:38 PM, Sebastian Hagedorn wrote:
Hm, part of that was an artifact of running configure manually instead
of using the SPEC file I usually use to build Mailman. With the latter
and my "fix" I get the following:
$ mailman-config
Configuration and build information for Mailman
Mailman version: 2.1.26
Build Date: Wed Feb 7 13:23:45 CET 2018
prefix: /usr/lib/mailman
var_prefix: /var/lib/mailman
mailman_user: mailman
mailman_group: mailman
mail_group: mail postfix mailman nobody daemon
cgi_group: apache
configure_opts: "--prefix=/usr/lib/mailman
--with-var-prefix=/var/lib/mailman --with-config-dir=/etc/mailman
--with-lock-dir=/var/lock/mailman --with-log-dir=/var/log/mailman
--with-pid-dir=/var/run/mailman --with-queue-dir=/var/spool/mailman
--with-python=/usr/bin/python2.7 --with-mail-gid=mail postfix mailman
nobody daemon --with-cgi-id=apache --with-cgi-gid=apache
--with-mailhost=localhost.localdomain
--with-urlhost=localhost.localdomain --without-permcheck"
So it's still using --without-permcheck, but the other options are there.
When I run that command without having made any changes in the unpacked
tarball on a machine without a 'mailman' user, but with a 'mail' group,
I get this from configure
configure: WARNING: unrecognized options: --with-config-dir,
--with-lock-dir, --with-log-dir, --with-pid-dir, --with-queue-dir,
--with-cgi-id
This is expected because those options to configure were added by RedHat
as part of their FHS compliance patch. See
<https://wiki.list.org/x/8486953> and
<https://mail.python.org/pipermail/mailman-developers/2004-October/017343
.html>
Right, we've been using the Red Hat patches for many years. Even on RHEL 7
Red Hat only provides an RPM for 2.1.15, so at some point I took the SPEC
file from their source RPM and have been updating it myself.
I get this from the bin/mailman-config command
Configuration and build information for Mailman
Mailman version: 2.1.26
Build Date: Wed Feb 7 14:19:11 PST 2018
prefix: /usr/lib/mailman
var_prefix: /var/lib/mailman
mailman_user:
mailman_group:
mail_group: mail
cgi_group: apache
configure_opts: "--prefix=/usr/lib/mailman
--with-var-prefix=/var/lib/mailman --with-config-dir=/etc/mailman
--with-lock-dir=/var/lock/mailman --with-log-dir=/var/log/mailman
--with-pid-dir=/var/run/mailman --with-queue-dir=/var/spool/mailman
--with-python=/usr/bin/python2.7 --with-mail-gid=mail postfix mailman
nobody daemon --with-cgi-id=apache --with-cgi-gid=apache
--with-mailhost=localhost.localdomain
--with-urlhost=localhost.localdomain --without-permcheck"
The empty mailman_user and mailman_group is because there is no
'mailman' user/group on the system I ran it on and the fact that I get
mail_group = 'mail' rather than 'mail postfix mailman nobody daemon' is
because there is a 'mail' group (it picks the first group that exists
from that list and only yields the whole list as the result if none exist.
I suspect that your actual configure command options rather than the
ones reported by your bin/mailman-config are something like
--prefix=/usr/lib/mailman --with-var-prefix=/var/lib/mailman
--with-config-dir=/etc/mailman --with-lock-dir=/var/lock/mailman
--with-log-dir=/var/log/mailman --with-pid-dir=/var/run/mailman
--with-queue-dir=/var/spool/mailman --with-python=/usr/bin/python2.7
--with-mail-gid='"mail postfix mailman nobody daemon"'
--with-cgi-id=apache --with-cgi-gid=\"apache\"
--with-mailhost=localhost.localdomain
--with-urlhost=localhost.localdomain --without-permcheck
and that's where the extraneous quotes are coming from. I think the
passing of a list to --with-mail-gid relies on another RedHat
modification to the mail wrapper to be able to dynamically configure the
mail group and not build it in to the RPM.
In our SPEC file it looks like this:
./configure \
--prefix=%{mmdir} \
--with-var-prefix=%{varmmdir} \
--with-config-dir=%{configdir} \
--with-lock-dir=%{lockdir} \
--with-log-dir=%{logdir} \
--with-pid-dir=%{piddir} \
--with-queue-dir=%{queuedir} \
--with-python=/usr/bin/python2.7 \
--with-mail-gid=%{mailgroup} \
--with-cgi-id=%{cgiuser} \
--with-cgi-gid=%{cgigroup} \
--with-mailhost=localhost.localdomain \
--with-urlhost=localhost.localdomain \
--without-permcheck
The variables in question are defined like this:
# Now, the groups your mail spoolers run as. Sendmail uses 'mail'(12)
# and postfix used to use 'nobody', but now uses 'postfix'
%define mailgroup "mail postfix mailman nobody daemon"
# Now, the user and group the CGIs will expect to be run under. This should
# match the user and group the web server is configured to run as. The
scripts
# will error out if they are invoked by any other user.
%define cgiuser apache
%define cgigroup apache
Which explains the quotes for mailgroup, although I don't understand where
the quotes for cgigroup come from ...
The question is what are you trying to do.
If you just want to build a working Mailman 2.1.26 installation, I
suggest removing the --with-config-dir, --with-lock-dir, --with-log-dir,
--with-pid-dir, --with-queue-dir, --with-cgi-id options and setting
--with-mail-gid and --with-cgi-gid to the appropriate single groups
without any quotes.
That would be fine for a new installation but I'm wary of such a change on
an active system. In hindsight we should never have used the RPMs provided
by Red Hat in the first place.
If you are trying to build a RHEL FHS compliant Mailman, start by
porting the patch in the attachment to
<https://mail.python.org/pipermail/mailman-developers/2004-October/017343
.html> and applying it, running autoconf to regenerate configure from
configure.in
That's what we're already doing.
and take any resultant issues to RedHat.
That part is useless, unfortunately.
Note, the last I
knew, John Dennis was still at RedHat, but was no longer working with
Mailman, but that was a long time ago. In case it isn't obvious, I
recommend the first approach.
As I mentioned I "fixed" this by removing the quotes around @MAIL_GROUP@
and @CGI_GROUP@. I have included that patch in our SPEC file with a note
not to bother the community with that issue.
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
