diff options
-rw-r--r-- | fripost-docs.org | 218 |
1 files changed, 32 insertions, 186 deletions
diff --git a/fripost-docs.org b/fripost-docs.org index 62a4153..7f7c390 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -162,6 +162,9 @@ sudo aptitude install logcheck syslog-summary # | Untrusted connections should be taken care of on the client's side. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: Untrusted TLS connection established from ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [._[:alnum:]-]+\[[0-9.:]+\]: (Unt|T)rusted: subject_CN=.*, issuer=.*, fingerprint= +# | Postfix reload +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/postfix-script\[[[:digit:]]+\]: refreshing the Postfix mail system$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/master\[[[:digit:]]+\]: reload -- version ** Configuring aptitude and friends @@ -2159,104 +2162,21 @@ In 'Defaults.py', the DEFAULT_MSG_FOOTER should be kept to ... %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s -as we want the a fully qualified list here. But we need to patch 'HTMLFormatter.py'. - - sudo patch -p0 << EOF ---- Mailman/HTMLFormatter.py -+++ Mailman/HTMLFormatter.py -@@ -382,7 +382,8 @@ - d = { - '<mm-mailman-footer>' : self.GetMailmanFooter(), - '<mm-list-name>' : self.real_name, -- '<mm-email-user>' : self._internal_name, -+ '<mm-email-user>' : self.local_part, -+ '<mm-complete-name>' : self.internal_name(), - '<mm-list-description>' : Utils.websafe(self.description), - '<mm-list-info>' : - '<!---->' + BR.join(self.info.split(NL)) + '<!---->', -EOF - - -We need a last patch to keep fully qualified lists in URLs: - - sudo patch -p0 << EOF ---- Mailman/MailList.py -+++ Mailman/MailList.py -@@ -253,7 +253,7 @@ - # Using "local_part" here works for both site wide lists on - # the default url host and for vhost lists on the vhost url host. - return Utils.ScriptURL(scriptname, self.web_page_url, absolute) + \\ -- '/' + self.local_part -+ '/' + self._internal_name - - def GetOptionsURL(self, user, obscure=0, absolute=0): - url = self.GetScriptURL('options', absolute) -EOF - - sudo patch -p0 << EOF ---- Mailman/Archiver/Archiver.py -+++ Mailman/Archiver/Archiver.py -@@ -162,7 +162,7 @@ - if hostname == mm_cfg.DEFAULT_URL_HOST: -- fullname = self.local_part -+ fullname = self._internal_name - else: -- fullname = os.path.join(hostname, self.local_part) -+ fullname = os.path.join(hostname, self._internal_name) - url = mm_cfg.PUBLIC_ARCHIVE_URL % { - 'listname': fullname, - 'hostname': hostname -EOF - - sudo patch -p0 << EOF ---- bin/postfix-to-mailman.py -+++ bin/postfix-to-mailman.py -@@ -111,6 +111,11 @@ - 'mailman_destination_recipient_limit=1 ' - 'in main.cf?') - sys.exit(EX_USAGE) -+ try: -+ l,d = local.split('#',2) -+ local = '%s@%s' % (l,d) -+ except ValueError: -+ l,d = local, None - - # Redirect required addresses to - if local in ('postmaster', 'abuse', 'mailer-daemon'): -@@ -140,8 +145,9 @@ - '-subscribe', - '-unsubscribe', - ): -- if local.endswith(ext): -- mlist = local[:-len(ext)] -+ if l.endswith(ext): -+ mlist = l[:-len(ext)] -+ if d: mlist = '%s@%s' % (mlist,d) - func = ext[1:] - break -EOF - - sudo patch -p0 << EOF ---- Mailman/Handlers/Decorate.py -+++ mailman/Mailman/Handlers/Decorate.py -@@ -221,7 +221,7 @@ - d = SafeDict({'real_name' : mlist.real_name, - 'list_name' : mlist.local_part, - # For backwards compatibility -- '_internal_name': mlist.local_part, -+ '_internal_name': mlist._internal_name, - 'host_name' : mlist.host_name, - 'web_page_url' : mlist.web_page_url, - 'description' : mlist.description, -EOF +as we want the a fully qualified list here. But we need to fix 'HTMLFormatter.py', and apply +other custom patches: + cd /var/lib/mailman && sudo patch -p1 < $HOME/mailman.patch sudo find -L /var/lib/mailman -type f -a \( -name '*.orig' -o -name '*.rej' \) -delete +Grab our patch in the fripost-admin repository. Our patch makes the following modifications + - Keep fully qualified lists in URLs (HTMLFormatter.py, MailList.py, Decorate.py) + - Keep fully qualified lists in archive links (Archiver.py) + - Make Postfix strips out the list command and add the domain part (postfix-to-mailman.py) -We need to pin mailman to avoid our patches being overwritten by an update. +We now need to pin mailman to avoid our patches being overwritten by an apt-get upgrade. :: /etc/apt/preferences - Explanation: We applied custom patches on many files created by this package. + Explanation: We applied custom patches to many files created by this package. Package: mailman Pin: version * Pin-Priority: -30000 @@ -2355,86 +2275,20 @@ Documentation: https://schleuder2.nadir.org/ **** Patches -The following strips the list commands out of the local part of the list name. - - sudo patch -p0 << EOF ---- /usr/bin/schleuder -+++ /usr/bin/schleuder -@@ -44,8 +44,12 @@ - arg = ARGV.shift - if arg == '-test' - process_test(ARGV) -- elsif arg =~ /[A-Za-z0-9]+/ -- process_list(arg.gsub(/-(sendkey|bounces)$/, '')) -+ elsif arg =~ /[A-Za-z0-9]+/ -+ l,d = arg.split('#') -+ l = l.gsub(/-(sendkey|bounce)$/, '') -+ list = l -+ list += '@' + d unless d.nil? -+ process_list(list) - else - usage - end -EOF - - sudo rm -f /usr/bin/schleuder.{orig,rej} - - -Unlike GNU Mailman, schleuder-newlist imposes an initial member upon list creation. -The following patch makes it optional: - - sudo patch -p0 << EOF ---- /usr/bin/schleuder-newlist -+++ /usr/bin/schleuder-newlist -@@ -128,17 +128,19 @@ - end - - # Verify init member -- Schleuder.log.debug "Verifying init member..." -- list_initmember = ListCreator::verify_emailvar( -- args[:list_initmember] || '', -- interactive, -- "Email address of the lists' initial member" -- ) -- list_initmemberkey = ListCreator::verify_filevar( -- args[:list_initmemberkey] || '', -- interactive, -- "the public key of the lists' initial member" -- ) -+ unless args[:list_initmember].nil? and args[:list_initmemberkey].nil? and !interactive -+ Schleuder.log.debug "Verifying init member..." -+ list_initmember = ListCreator::verify_emailvar( -+ args[:list_initmember], -+ interactive, -+ "Email address of the lists' initial member" -+ ) -+ list_initmemberkey = ListCreator::verify_filevar( -+ args[:list_initmemberkey], -+ interactive, -+ "the public key of the lists' initial member" -+ ) -+ end - Schleuder.log.debug "Arguments verified..." - - Schleuder.log.debug "Initialize list..." -@@ -162,7 +164,7 @@ - Schleuder.log.debug "Import list's keypair..." - ListCreator::import_keypair(list,list_privatekeyfile,list_publickeyfile) - end -- if (list_initmember != 'none' and list_initmemberkey != 'none') then -+ unless list_initmember.nil? and list_initmemberkey.nil? - Schleuder.log.debug "Add initmember to list..." - ListCreator::add_init_member(list,list_initmember,list_initmemberkey) - end -EOF +We apply custom patches to: + - strip the list commands out of the local part of the list name (schleuder) + - allow lists not to have any members (schleuder-newlist,list.rb), which avoid doing +to much on our panel. - sudo rm -f /usr/bin/schleuder-newlist.{orig,rej} + sudo patch -p1 < $HOME/schleuder.patch +(Grab our patch in the fripost-admin repository.) -We need to pin schleuder to avoid our patches being overwritten by an update. +We now need to pin schleuder to avoid our patches being overwritten by an update. :: /etc/apt/preferences - Explanation: We applied custom patches on /usr/bin/schleuder and /usr/bin/schleuder-newlist. + Explanation: We applied custom patches to /usr/bin/schleuder, /usr/bin/schleuder-newlist, + Explanation: and /usr/lib/ruby/1.8/schleuder/list.rb Package: schleuder Pin: version * Pin-Priority: -30000 @@ -2461,7 +2315,7 @@ To add members, from the command line: To delete a list: - sudo rm -rf {/var/lib,/var/log,/etc}/schleuder/listname + sudo rm -rf /var/lib/schleuder/listname/ /var/log/schleuder/listname.log /etc/schleuder/lists/listname.conf **** Web server configuration @@ -2475,25 +2329,15 @@ http://webschleuder.nadir.org/documentation/installation.html sudo chown nobody /opt/webschleuder cd /opt sudo -u nobody git clone git://git.immerda.ch/webschleuder.git webschleuder - + sudo chmod +x /opt/webschleuder/contrib/enable_webschleuder.rb -A patch is needed because our camping is too old (2.0). - sudo patch -p0 << EOF ---- webschleuder/webschleuder.rb -+++ webschleuder/webschleuder.rb -@@ -23,8 +23,8 @@ - - - module Webschleuder -- set :secret, Webschleuder::Models::WebConfig.loadconfig.session_secret - include Camping::Session -+ secret Webschleuder::Models::WebConfig.loadconfig.session_secret - - def r404(path) - "Sorry, but I can't find #{path}." -EOF +Grab our patch in the fripost-admin repository. It fixes camping's version +(Squeeze's version is too old: 2.0), and allows password to be given from +STDIN, to avoid leaking them through the proccess table. + cd /opt/webschleuder + sudo patch -p1 < $HOME/webschleuder.patch sudo find -L /opt/webschleuder -type f -a \( -name '*.orig' -o -name '*.rej' \) -delete sudo chown -R 'nobody:schleuder' /opt/webschleuder @@ -2525,15 +2369,17 @@ Passenger setuid to the owner of 'config.ru'. In our case, webschleuder *must* be run by schleuder as it has to read list configuration and the public keyring. sudo chown 'schleuder:schleuder' /opt/webschleuder/config.ru - sudo mkdir -p /var/tmp/webschleuder/data/ + sudo mkdir -m 0700 -p /var/tmp/webschleuder/{data,upload}/ sudo chown 'schleuder:schleuder' /var/tmp/webschleuder/data/ + sudo chown 'www-data:www-data' /var/tmp/webschleuder/upload/ sudo ln -s ../mods-available/passenger.load ../mods-available/passenger.conf /etc/apache2/mods-enabled/ :: /etc/apache2/site-enabled/000-default <VirtualHost *:80> ... - PassengerTempDir /var/tmp/webschleuder/data + PassengerTempDir /var/tmp/webschleuder/data/ + PassengerUploadBufferDir /var/tmp/webschleuder/upload/ DocumentRoot /opt/webschleuder/static/ Alias /static/ /opt/webschleuder/static/ <Directory /var/local/lib/webschleuder/static/> |