Use ebuild by Wolfram Schlich <wschlich at gentoo.org>, bug #149175 for 1.13. This makes mailgraph not run as root.

(Portage version: 2.1.2.3)

5 files changed, 188 insertions, 12 deletions

diff --git a/net-mail/mailgraph/ChangeLog b/net-mail/mailgraph/ChangeLog
index 4d79233d9c37..1b350b90f698 100644
--- a/net-mail/mailgraph/ChangeLog
+++ b/net-mail/mailgraph/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-mail/mailgraph
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/mailgraph/ChangeLog,v 1.18 2007/04/01 18:36:39 ticho Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/mailgraph/ChangeLog,v 1.19 2007/04/01 19:30:00 ticho Exp $
+
+  01 Apr 2007; Andrej Kacian <ticho@gentoo.org> +files/mailgraph.confd-new,
+  +files/mailgraph.initd-new, +files/mailgraph.logrotate-new,
+  mailgraph-1.13.ebuild:
+  Use ebuild by Wolfram Schlich <wschlich at gentoo.org>, bug #149175 for
+  1.13. This makes mailgraph not run as root.
 
 *mailgraph-1.13 (01 Apr 2007)
 
diff --git a/net-mail/mailgraph/files/mailgraph.confd-new b/net-mail/mailgraph/files/mailgraph.confd-new
new file mode 100644
index 000000000000..8ac31ca3c3d0
--- /dev/null
+++ b/net-mail/mailgraph/files/mailgraph.confd-new
@@ -0,0 +1,19 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-mail/mailgraph/files/mailgraph.confd-new,v 1.1 2007/04/01 19:30:00 ticho Exp $
+
+# Location of logfile that all (!) mail software (MTA, spamfilter etc.) logs to.
+# mailgraph defaults to /var/log/syslog if unspecified
+MG_LOGFILE="/var/log/messages"
+
+# Required daemon settings
+MG_DAEMON_UID="mgraph"
+MG_DAEMON_GID="adm"
+MG_DAEMON_UMASK="0022"
+MG_DAEMON_LOG="/var/log/mailgraph/mailgraph.log"
+MG_DAEMON_PID="/var/run/mailgraph/mailgraph.pid"
+MG_DAEMON_RRD="/var/lib/mailgraph"
+
+# Specify any extra options here.
+# If MG_LOGFILE is in metalog format, add "-t metalog" to MG_DAEMON_OPTS
+MG_DAEMON_OPTS="--ignore-localhost"
diff --git a/net-mail/mailgraph/files/mailgraph.initd-new b/net-mail/mailgraph/files/mailgraph.initd-new
new file mode 100644
index 000000000000..57b20cb1c80f
--- /dev/null
+++ b/net-mail/mailgraph/files/mailgraph.initd-new
@@ -0,0 +1,28 @@
+#!/sbin/runscript
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-mail/mailgraph/files/mailgraph.initd-new,v 1.1 2007/04/01 19:30:00 ticho Exp $
+
+start() {
+	ebegin "Starting mailgraph"
+
+	# read mail log messages somewhere other than /var/log/syslog?
+	[[ -n "${MG_LOGFILE}" ]] && MG_DAEMON_OPTS="${MG_DAEMON_OPTS} -l ${MG_LOGFILE}"
+
+	UMASK=$(umask)
+	umask ${MG_DAEMON_UMASK:-0077}
+	start-stop-daemon --start \
+		-c "${MG_DAEMON_UID}:${MG_DAEMON_GID}" \
+		--exec /usr/bin/mailgraph -- -v --daemon \
+		--daemon-log="${MG_DAEMON_LOG}" \
+		--daemon-pid="${MG_DAEMON_PID}" \
+		--daemon-rrd=/var/lib/mailgraph ${MG_DAEMON_OPTS}
+	eend $?
+	umask "${UMASK}"
+}
+
+stop() {
+	ebegin "Shutting down mailgraph"
+	start-stop-daemon --stop --quiet --pidfile "${MG_DAEMON_PID}"
+	eend $?
+}
diff --git a/net-mail/mailgraph/files/mailgraph.logrotate-new b/net-mail/mailgraph/files/mailgraph.logrotate-new
new file mode 100644
index 000000000000..0049b8b0307d
--- /dev/null
+++ b/net-mail/mailgraph/files/mailgraph.logrotate-new
@@ -0,0 +1,31 @@
+# $Header: /var/cvsroot/gentoo-x86/net-mail/mailgraph/files/mailgraph.logrotate-new,v 1.1 2007/04/01 19:30:00 ticho Exp $
+# logrotate config for mailgraph log
+
+/var/log/mailgraph/mailgraph.log {
+	## rotate daily
+	daily
+	## keep 30 old copies
+	rotate 30
+	## use .YYYYMMDD instead of .0,.1,.2 etc.
+	dateext
+	## also rotate empty logfiles to strictly retain chronology
+	ifempty
+	## re-create source logfile with original permissions
+	## do NOT use copy or copytruncate!
+	create
+	## compress on next logrotate run (e.g. next day) to give
+	## programs the chance to close the old logfile
+	delaycompress
+	## compress logfiles
+	compress
+	compresscmd /bin/gzip
+	compressoptions -9
+	uncompresscmd /bin/gunzip
+	## don't throw an error when a file doesn't exist
+	missingok
+	## restart mailgraph after rotating all logfiles
+	sharedscripts
+	postrotate
+		/etc/init.d/mailgraph restart >/dev/null
+	endscript
+}
diff --git a/net-mail/mailgraph/mailgraph-1.13.ebuild b/net-mail/mailgraph/mailgraph-1.13.ebuild
index 1428ccd9849d..5bec1535c32a 100644
--- a/net-mail/mailgraph/mailgraph-1.13.ebuild
+++ b/net-mail/mailgraph/mailgraph-1.13.ebuild
@@ -1,27 +1,37 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/mailgraph/mailgraph-1.13.ebuild,v 1.1 2007/04/01 18:36:39 ticho Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/mailgraph/mailgraph-1.13.ebuild,v 1.2 2007/04/01 19:30:00 ticho Exp $
 
 inherit eutils webapp
 
 DESCRIPTION="A mail statistics RRDtool frontend for Postfix"
-HOMEPAGE="http://mailgraph.schweikert.ch"
-SRC_URI="http://mailgraph.schweikert.ch/pub/${P}.tar.gz"
+HOMEPAGE="http://mailgraph.schweikert.ch/"
+SRC_URI="http://mailgraph.schweikert.ch//pub/${P}.tar.gz"
 
 LICENSE="GPL-2"
 KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
-IUSE=""
+IUSE="logrotate"
 
 RDEPEND="dev-lang/perl
 	dev-perl/File-Tail
-	>=net-analyzer/rrdtool-1.2.2"
-DEPEND=">=sys-apps/sed-4
-	>=net-analyzer/rrdtool-1.2.2"
+	>=net-analyzer/rrdtool-1.2.2
+	logrotate? ( app-admin/logrotate )"
+DEPEND=">=sys-apps/sed-4"
+
+user_group_setup() {
+	# add user and group for mailgraph daemon
+	# also add mgraph to the group adm so it's able to
+	# read syslog logfile /var/log/messages (should be owned by
+	# root:adm with permission 0640)
+	enewgroup mgraph
+	enewuser mgraph -1 -1 /var/empty mgraph,adm
+}
 
 pkg_setup() {
 	webapp_pkg_setup
 	built_with_use net-analyzer/rrdtool perl \
 		|| die "net-analyzer/rrdtool must be built with USE=perl"
+	user_group_setup
 }
 
 src_unpack() {
@@ -33,12 +43,41 @@ src_unpack() {
 		mailgraph.cgi || die "sed mailgraph.cgi failed"
 }
 
+pkg_preinst() {
+	user_group_setup
+}
+
 src_install() {
 	webapp_src_preinst
+	# be sure to run webapp_src_install *before* doing the directories below
+	# because it cripples all other permissions :-(
+	webapp_src_install
 
 	# for the RRDs
+	dodir /var/lib
+	diropts -omgraph -gmgraph -m0750
+	dodir /var/lib/mailgraph
 	keepdir /var/lib/mailgraph
 
+	# log and pid file
+	diropts ""
+	dodir /var/log
+	dodir /var/run
+	diropts -omgraph -gadm -m0750
+	dodir /var/log/mailgraph
+	keepdir /var/log/mailgraph
+	dodir /var/run/mailgraph
+	keepdir /var/run/mailgraph
+
+	if use logrotate ; then
+		# logrotate config for mailgraph log
+		diropts ""
+		dodir /etc/logrotate.d
+		insopts -m0644
+		insinto /etc/logrotate.d
+		newins ${FILESDIR}/mailgraph.logrotate-new mailgraph
+	fi
+
 	# mailgraph daemon
 	newbin mailgraph.pl mailgraph
 
@@ -47,11 +86,64 @@ src_install() {
 	doexe mailgraph.cgi
 
 	# init/conf files for mailgraph daemon
-	newinitd ${FILESDIR}/mailgraph.initd mailgraph
-	newconfd ${FILESDIR}/mailgraph.confd mailgraph
+	newinitd ${FILESDIR}/mailgraph.initd-new mailgraph
+	newconfd ${FILESDIR}/mailgraph.confd-new mailgraph
 
 	# docs
-	dodoc README CHANGES
+	dodoc README CHANGES COPYING
+}
 
-	webapp_src_install
+pkg_postinst() {
+	# Fix ownerships - previous versions installed these with
+	# root as owner
+	if [[ has_version <=net-mail/mailgraph-1.12 ]] ; then
+		if [[ -d /var/lib/mailgraph ]] ; then
+			chown mgraph:mgraph /var/lib/mailgraph
+		fi
+		if [[ -d /var/log/mailgraph ]] ; then
+			chown mgraph:adm /var/log/mailgraph
+		fi
+		if [[ -d /var/run/mailgraph ]] ; then
+			chown mgraph:adm /var/run/mailgraph
+		fi
+	fi
+	einfo ""
+	einfo "Mailgraph will run as user mgraph with group adm by default."
+	einfo "This can be changed in /etc/conf.d/mailgraph if it doesn't fit."
+	einfo "Remember to adjust MG_DAEMON_LOG, MG_DAEMON_PID and MG_DAEMON_RRD"
+	einfo "as well!"
+	einfo ""
+	echo
+	ewarn ""
+	ewarn "Please make sure the MG_LOGFILE (default: /var/log/messages) is readable"
+	ewarn "by group adm or change MG_DAEMON_GID in /etc/conf.d/mailgraph accordingly!"
+	ewarn ""
+	ewarn "Please make sure *all* mail related logs (MTA, spamfilter, virus scanner)"
+	ewarn "go to the file /var/log/messages or change MG_LOGFILE in"
+	ewarn "/etc/conf.d/mailgraph accordingly! Otherwise mailgraph won't get to know"
+	ewarn "the corresponding events (virus/spam mail found etc.)."
+	ewarn ""
+	echo
+	einfo
+	einfo "Checking for user apache"
+	if egetent passwd apache >&/dev/null; then
+		einfo
+		einfo "Adding user apache to group mgraph so the included"
+		einfo "CGI script is able to read the mailgraph RRD files"
+		einfo
+		if ! gpasswd -a apache mgraph >&/dev/null; then
+			eerror "Failed to add user apache to group mgraph!"
+			eerror "Please check manually."
+		fi
+	else
+		einfo
+		einfo "User apache not found, maybe we will be running a"
+		einfo "webserver with a different UID?"
+		einfo "If that's the case, please add that user to the"
+		einfo "group mgraph manually to enable the included"
+		einfo "CGI script to read the mailgraph RRD files:"
+		einfo
+		einfo "\tgpasswd -a <user> mgraph"
+		einfo
+	fi
 }