aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fripost-docs.org218
1 files changed, 32 insertions, 186 deletions
diff --git a/fripost-docs.org b/fripost-docs.org
index 62a4153..7f7c390 100644
--- a/fripost-docs.org
+++ b/fripost-docs.org
@@ -162,6 +162,9 @@ sudo aptitude install logcheck syslog-summary
# | Untrusted connections should be taken care of on the client's side.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: Untrusted TLS connection established from
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [._[:alnum:]-]+\[[0-9.:]+\]: (Unt|T)rusted: subject_CN=.*, issuer=.*, fingerprint=
+# | Postfix reload
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/postfix-script\[[[:digit:]]+\]: refreshing the Postfix mail system$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/master\[[[:digit:]]+\]: reload -- version
** Configuring aptitude and friends
@@ -2159,104 +2162,21 @@ In 'Defaults.py', the DEFAULT_MSG_FOOTER should be kept to
...
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
-as we want the a fully qualified list here. But we need to patch 'HTMLFormatter.py'.
-
- sudo patch -p0 << EOF
---- Mailman/HTMLFormatter.py
-+++ Mailman/HTMLFormatter.py
-@@ -382,7 +382,8 @@
- d = {
- '<mm-mailman-footer>' : self.GetMailmanFooter(),
- '<mm-list-name>' : self.real_name,
-- '<mm-email-user>' : self._internal_name,
-+ '<mm-email-user>' : self.local_part,
-+ '<mm-complete-name>' : self.internal_name(),
- '<mm-list-description>' : Utils.websafe(self.description),
- '<mm-list-info>' :
- '<!---->' + BR.join(self.info.split(NL)) + '<!---->',
-EOF
-
-
-We need a last patch to keep fully qualified lists in URLs:
-
- sudo patch -p0 << EOF
---- Mailman/MailList.py
-+++ Mailman/MailList.py
-@@ -253,7 +253,7 @@
- # Using "local_part" here works for both site wide lists on
- # the default url host and for vhost lists on the vhost url host.
- return Utils.ScriptURL(scriptname, self.web_page_url, absolute) + \\
-- '/' + self.local_part
-+ '/' + self._internal_name
-
- def GetOptionsURL(self, user, obscure=0, absolute=0):
- url = self.GetScriptURL('options', absolute)
-EOF
-
- sudo patch -p0 << EOF
---- Mailman/Archiver/Archiver.py
-+++ Mailman/Archiver/Archiver.py
-@@ -162,7 +162,7 @@
- if hostname == mm_cfg.DEFAULT_URL_HOST:
-- fullname = self.local_part
-+ fullname = self._internal_name
- else:
-- fullname = os.path.join(hostname, self.local_part)
-+ fullname = os.path.join(hostname, self._internal_name)
- url = mm_cfg.PUBLIC_ARCHIVE_URL % {
- 'listname': fullname,
- 'hostname': hostname
-EOF
-
- sudo patch -p0 << EOF
---- bin/postfix-to-mailman.py
-+++ bin/postfix-to-mailman.py
-@@ -111,6 +111,11 @@
- 'mailman_destination_recipient_limit=1 '
- 'in main.cf?')
- sys.exit(EX_USAGE)
-+ try:
-+ l,d = local.split('#',2)
-+ local = '%s@%s' % (l,d)
-+ except ValueError:
-+ l,d = local, None
-
- # Redirect required addresses to
- if local in ('postmaster', 'abuse', 'mailer-daemon'):
-@@ -140,8 +145,9 @@
- '-subscribe',
- '-unsubscribe',
- ):
-- if local.endswith(ext):
-- mlist = local[:-len(ext)]
-+ if l.endswith(ext):
-+ mlist = l[:-len(ext)]
-+ if d: mlist = '%s@%s' % (mlist,d)
- func = ext[1:]
- break
-EOF
-
- sudo patch -p0 << EOF
---- Mailman/Handlers/Decorate.py
-+++ mailman/Mailman/Handlers/Decorate.py
-@@ -221,7 +221,7 @@
- d = SafeDict({'real_name' : mlist.real_name,
- 'list_name' : mlist.local_part,
- # For backwards compatibility
-- '_internal_name': mlist.local_part,
-+ '_internal_name': mlist._internal_name,
- 'host_name' : mlist.host_name,
- 'web_page_url' : mlist.web_page_url,
- 'description' : mlist.description,
-EOF
+as we want the a fully qualified list here. But we need to fix 'HTMLFormatter.py', and apply
+other custom patches:
+ cd /var/lib/mailman && sudo patch -p1 < $HOME/mailman.patch
sudo find -L /var/lib/mailman -type f -a \( -name '*.orig' -o -name '*.rej' \) -delete
+Grab our patch in the fripost-admin repository. Our patch makes the following modifications
+ - Keep fully qualified lists in URLs (HTMLFormatter.py, MailList.py, Decorate.py)
+ - Keep fully qualified lists in archive links (Archiver.py)
+ - Make Postfix strips out the list command and add the domain part (postfix-to-mailman.py)
-We need to pin mailman to avoid our patches being overwritten by an update.
+We now need to pin mailman to avoid our patches being overwritten by an apt-get upgrade.
:: /etc/apt/preferences
- Explanation: We applied custom patches on many files created by this package.
+ Explanation: We applied custom patches to many files created by this package.
Package: mailman
Pin: version *
Pin-Priority: -30000
@@ -2355,86 +2275,20 @@ Documentation: https://schleuder2.nadir.org/
**** Patches
-The following strips the list commands out of the local part of the list name.
-
- sudo patch -p0 << EOF
---- /usr/bin/schleuder
-+++ /usr/bin/schleuder
-@@ -44,8 +44,12 @@
- arg = ARGV.shift
- if arg == '-test'
- process_test(ARGV)
-- elsif arg =~ /[A-Za-z0-9]+/
-- process_list(arg.gsub(/-(sendkey|bounces)$/, ''))
-+ elsif arg =~ /[A-Za-z0-9]+/
-+ l,d = arg.split('#')
-+ l = l.gsub(/-(sendkey|bounce)$/, '')
-+ list = l
-+ list += '@' + d unless d.nil?
-+ process_list(list)
- else
- usage
- end
-EOF
-
- sudo rm -f /usr/bin/schleuder.{orig,rej}
-
-
-Unlike GNU Mailman, schleuder-newlist imposes an initial member upon list creation.
-The following patch makes it optional:
-
- sudo patch -p0 << EOF
---- /usr/bin/schleuder-newlist
-+++ /usr/bin/schleuder-newlist
-@@ -128,17 +128,19 @@
- end
-
- # Verify init member
-- Schleuder.log.debug "Verifying init member..."
-- list_initmember = ListCreator::verify_emailvar(
-- args[:list_initmember] || '',
-- interactive,
-- "Email address of the lists' initial member"
-- )
-- list_initmemberkey = ListCreator::verify_filevar(
-- args[:list_initmemberkey] || '',
-- interactive,
-- "the public key of the lists' initial member"
-- )
-+ unless args[:list_initmember].nil? and args[:list_initmemberkey].nil? and !interactive
-+ Schleuder.log.debug "Verifying init member..."
-+ list_initmember = ListCreator::verify_emailvar(
-+ args[:list_initmember],
-+ interactive,
-+ "Email address of the lists' initial member"
-+ )
-+ list_initmemberkey = ListCreator::verify_filevar(
-+ args[:list_initmemberkey],
-+ interactive,
-+ "the public key of the lists' initial member"
-+ )
-+ end
- Schleuder.log.debug "Arguments verified..."
-
- Schleuder.log.debug "Initialize list..."
-@@ -162,7 +164,7 @@
- Schleuder.log.debug "Import list's keypair..."
- ListCreator::import_keypair(list,list_privatekeyfile,list_publickeyfile)
- end
-- if (list_initmember != 'none' and list_initmemberkey != 'none') then
-+ unless list_initmember.nil? and list_initmemberkey.nil?
- Schleuder.log.debug "Add initmember to list..."
- ListCreator::add_init_member(list,list_initmember,list_initmemberkey)
- end
-EOF
+We apply custom patches to:
+ - strip the list commands out of the local part of the list name (schleuder)
+ - allow lists not to have any members (schleuder-newlist,list.rb), which avoid doing
+to much on our panel.
- sudo rm -f /usr/bin/schleuder-newlist.{orig,rej}
+ sudo patch -p1 < $HOME/schleuder.patch
+(Grab our patch in the fripost-admin repository.)
-We need to pin schleuder to avoid our patches being overwritten by an update.
+We now need to pin schleuder to avoid our patches being overwritten by an update.
:: /etc/apt/preferences
- Explanation: We applied custom patches on /usr/bin/schleuder and /usr/bin/schleuder-newlist.
+ Explanation: We applied custom patches to /usr/bin/schleuder, /usr/bin/schleuder-newlist,
+ Explanation: and /usr/lib/ruby/1.8/schleuder/list.rb
Package: schleuder
Pin: version *
Pin-Priority: -30000
@@ -2461,7 +2315,7 @@ To add members, from the command line:
To delete a list:
- sudo rm -rf {/var/lib,/var/log,/etc}/schleuder/listname
+ sudo rm -rf /var/lib/schleuder/listname/ /var/log/schleuder/listname.log /etc/schleuder/lists/listname.conf
**** Web server configuration
@@ -2475,25 +2329,15 @@ http://webschleuder.nadir.org/documentation/installation.html
sudo chown nobody /opt/webschleuder
cd /opt
sudo -u nobody git clone git://git.immerda.ch/webschleuder.git webschleuder
-
+ sudo chmod +x /opt/webschleuder/contrib/enable_webschleuder.rb
-A patch is needed because our camping is too old (2.0).
- sudo patch -p0 << EOF
---- webschleuder/webschleuder.rb
-+++ webschleuder/webschleuder.rb
-@@ -23,8 +23,8 @@
-
-
- module Webschleuder
-- set :secret, Webschleuder::Models::WebConfig.loadconfig.session_secret
- include Camping::Session
-+ secret Webschleuder::Models::WebConfig.loadconfig.session_secret
-
- def r404(path)
- "Sorry, but I can't find #{path}."
-EOF
+Grab our patch in the fripost-admin repository. It fixes camping's version
+(Squeeze's version is too old: 2.0), and allows password to be given from
+STDIN, to avoid leaking them through the proccess table.
+ cd /opt/webschleuder
+ sudo patch -p1 < $HOME/webschleuder.patch
sudo find -L /opt/webschleuder -type f -a \( -name '*.orig' -o -name '*.rej' \) -delete
sudo chown -R 'nobody:schleuder' /opt/webschleuder
@@ -2525,15 +2369,17 @@ Passenger setuid to the owner of 'config.ru'. In our case, webschleuder *must*
be run by schleuder as it has to read list configuration and the public keyring.
sudo chown 'schleuder:schleuder' /opt/webschleuder/config.ru
- sudo mkdir -p /var/tmp/webschleuder/data/
+ sudo mkdir -m 0700 -p /var/tmp/webschleuder/{data,upload}/
sudo chown 'schleuder:schleuder' /var/tmp/webschleuder/data/
+ sudo chown 'www-data:www-data' /var/tmp/webschleuder/upload/
sudo ln -s ../mods-available/passenger.load ../mods-available/passenger.conf /etc/apache2/mods-enabled/
:: /etc/apache2/site-enabled/000-default
<VirtualHost *:80>
...
- PassengerTempDir /var/tmp/webschleuder/data
+ PassengerTempDir /var/tmp/webschleuder/data/
+ PassengerUploadBufferDir /var/tmp/webschleuder/upload/
DocumentRoot /opt/webschleuder/static/
Alias /static/ /opt/webschleuder/static/
<Directory /var/local/lib/webschleuder/static/>