3 2

[alpine-aports] [PATCH v3] testing/rspamd: upgrade to 1.4.0 + some fixups

Valery Kartel
Details
Message ID
<20161125132727.10281-1-valery.kartel@gmail.com>
Sender timestamp
1480080447
DKIM signature
missing
Download raw message
Patch: +100 -50
subpackage rename: www -> controller
subpackage add: fuzzy, utils
fix /var/lib/rspamd permissions
fix run in lxc container (create and mount /dev/shm)

---
 testing/rspamd/APKBUILD                 | 95 ++++++++++++++++++++++-----------
 testing/rspamd/rspamd.conf              | 21 ++++++--
 testing/rspamd/rspamd.initd             | 13 +++--
 testing/rspamd/rspamd.worker_controller |  9 +---
 testing/rspamd/rspamd.worker_fuzzy      |  6 +++
 testing/rspamd/rspamd.worker_normal     |  6 +--
 6 files changed, 100 insertions(+), 50 deletions(-)
 create mode 100644 testing/rspamd/rspamd.worker_fuzzy

diff --git a/testing/rspamd/APKBUILD b/testing/rspamd/APKBUILD
index ee2b2e3..350f938 100644
--- a/testing/rspamd/APKBUILD
+++ b/testing/rspamd/APKBUILD
@@ -2,9 +2,9 @@
 # Contributor: Valery Kartel <valery.kartel@gmail.com>
 # Contributor: Nathan Angelacos <nangel@alpinelinux.org>
 pkgname=rspamd
-pkgver=1.3.4
-pkgrel=1
-pkgdesc="Rapid spam filtering system"
+pkgver=1.4.0
+pkgrel=0
+pkgdesc="Fast, free and open-source spam filtering system"
 url="https://rspamd.com"
 arch="x86_64 x86 armhf"
 license="BSD"
@@ -12,15 +12,18 @@ pkgusers="rspamd"
 pkggroups="rspamd"
 depends=""
 depends_dev=""
-makedepends="$depends_dev cmake libressl-dev libevent-dev glib-dev gmime-dev
-	lua5.1-dev lua5.1 sqlite-dev hiredis-dev file-dev pcre-dev ragel"
+makedepends="$depends_dev cmake ragel perl
+	luajit-dev glib-dev pcre-dev gmime-dev libevent-dev sqlite-dev
+	libressl-dev file-dev curl-dev"
 install="$pkgname.pre-install"
-subpackages="$pkgname-doc $pkgname-web $pkgname-client"
+subpackages="$pkgname-doc $pkgname-controller::noarch $pkgname-client
+	$pkgname-fuzzy::noarch $pkgname-utils::noarch"
 source="https://rspamd.com/downloads/$pkgname-$pkgver.tar.xz
 	$pkgname.logrotated
 	$pkgname.initd
 	$pkgname.confd
 	$pkgname.conf
+	$pkgname.worker_fuzzy
 	$pkgname.worker_normal
 	$pkgname.worker_controller
 "
@@ -34,7 +37,11 @@ build() {
 		-DRUNDIR=/run/$pkgname \
 		-DRSPAMD_USER=$pkgusers \
 		-DRSPAMD_GROUP=$pkggroups \
+		-DENABLE_DB=ON \
+		-DENABLE_SQLITE=ON \
 		-DENABLE_HIREDIS=ON \
+		-DENABLE_REDIRECTOR=ON \
+		-DENABLE_URL_INCLUDE=ON \
 		-DINSTALL_EXAMPLES=ON \
 		|| return 1
 	make || return 1
@@ -43,22 +50,28 @@ build() {
 package() {
 	cd "$_builddir"
 	make DESTDIR="$pkgdir" install || return 1
-	find "$pkgdir"/usr/bin -type l -delete
-	rm -fr "$pkgdir"/etc/$pkgname/rspamd* "$pkgdir"/etc/$pkgname/worker*
 
-	sed -i -E 's~DBDIR(/rspamd.sock)~RUNDIR\1~' "$pkgdir"/etc/$pkgname/options.inc
-	install -Dm644 "$srcdir"/$pkgname.conf "$pkgdir"/etc/$pkgname/$pkgname.conf
-	install -Dm644 "$srcdir"/$pkgname.worker_normal "$pkgdir"/etc/$pkgname/worker.d/normal.conf
+	rm "$pkgdir"/etc/$pkgname/$pkgname.*
+	sed -ri -e 's~DBDIR(/rspamd.sock)~RUNDIR\1~' \
+		-e 's~rspamd_dynamic~dynamic~' \
+		"$pkgdir"/etc/$pkgname/options.inc
+
 	mkdir -p "$pkgdir"/etc/$pkgname/local.d "$pkgdir"/etc/$pkgname/override.d
+	install -Dm644 "$srcdir"/$pkgname.conf "$pkgdir"/etc/$pkgname/$pkgname.conf
+	for i in normal controller fuzzy; do
+		install -Dm644 "$srcdir"/$pkgname.worker_$i "$pkgdir"/etc/$pkgname/worker-$i.conf
+	done
 
 	install -Dm644 "$srcdir"/$pkgname.logrotated "$pkgdir"/etc/logrotate.d/$pkgname
 	install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
 	install -Dm644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
 
-	install -dm750 -o $pkgusers -g $pkggroups "$pkgdir"/var/lib/$pkgname/rspamd_dynamic
+	install -dm750 -g $pkggroups "$pkgdir"/var/lib/$pkgname/dynamic
 	install -dm750 -g $pkggroups "$pkgdir"/var/log/$pkgname
+	chown $pkgusers: "$pkgdir"/var/lib/$pkgname
 
 	mkdir "$pkgdir"/usr/sbin
+	find "$pkgdir"/usr/bin -type l -delete
 	mv "$pkgdir"/usr/bin/rspamd-$pkgver "$pkgdir"/usr/sbin/rspamd
 	mv "$pkgdir"/usr/bin/rspamadm-$pkgver "$pkgdir"/usr/bin/rspamadm
 
@@ -68,14 +81,13 @@ package() {
 		"$pkgdir"/usr/share/doc/$pkgname
 }
 
-web() {
-	arch="noarch"
+controller() {
 	license="MIT"
 	depends="$pkgname"
-	pkgdesc="$pkgdesc (web control interface)"
-	mkdir -p "$subpkgdir"/usr/share/$pkgname "$subpkgdir"/etc/$pkgname/worker.d
+	pkgdesc="$pkgdesc (controller web interface)"
+	mkdir -p "$subpkgdir"/usr/share/$pkgname "$subpkgdir"/etc/$pkgname
 	mv "$pkgdir"/usr/share/$pkgname/www "$subpkgdir"/usr/share/$pkgname/
-	install -Dm644 "$srcdir"/$pkgname.worker_controller "$subpkgdir"/etc/$pkgname/worker.d/controller.conf
+	mv "$pkgdir"/etc/$pkgname/worker-controller.* "$subpkgdir"/etc/$pkgname
 }
 
 client() {
@@ -84,24 +96,43 @@ client() {
 	mv "$pkgdir"/usr/bin/rspamc-$pkgver "$subpkgdir"/usr/bin/rspamc
 }
 
-md5sums="ab81d063861d68b1e2260d1c599bf29c  rspamd-1.3.4.tar.xz
+fuzzy() {
+	depends="$pkgname"
+	pkgdesc="$pkgdesc (local fuzzy storage)"
+	mkdir -p "$subpkgdir"/etc/$pkgname/modules.d
+	mv "$pkgdir"/etc/$pkgname/worker-fuzzy.* "$subpkgdir"/etc/$pkgname
+	mv "$pkgdir"/etc/$pkgname/modules.d/fuzzy_* "$subpkgdir"/etc/$pkgname/modules.d
+}
+
+utils() {
+	depends="perl"
+	pkgdesc="$pkgdesc (utils)"
+	mkdir -p "$subpkgdir"/usr/bin
+	mv "$pkgdir"/usr/bin/${pkgname}_stats "$subpkgdir"/usr/bin/${pkgname}-stats
+	mv "$pkgdir"/usr/bin/${pkgname}-redirector "$subpkgdir"/usr/bin
+}
+
+md5sums="923b0d5fae691916feb243d61d48609f  rspamd-1.4.0.tar.xz
 c152c6a90f6ae9e5a7a1d137dfbc0305  rspamd.logrotated
-3f32a16e76e1461ffba9231cfb1e3d17  rspamd.initd
+466908a001a41eeb9aeda7278a697575  rspamd.initd
 ecfea2a25b95727ae91c04001fbd3e46  rspamd.confd
-0ba1c9aea1820de74d831fd531cce51a  rspamd.conf
-560b2d4746510fe9a7a2fb1c09181c38  rspamd.worker_normal
-15a9f5dde0076eaab4565549b05b991c  rspamd.worker_controller"
-sha256sums="64fcabb3dc6767b5dc22c89f968414d1028f34ab8a21e1b22482aace069d527c  rspamd-1.3.4.tar.xz
+aa2864ab557ae1a8496c1a587682943a  rspamd.conf
+9c56df2d43d18f75c40ef74af2520af5  rspamd.worker_fuzzy
+30006ee74107ab0d89fd7f11c9a83df2  rspamd.worker_normal
+7d7e5553e5db4a73e576081bc5d2cdfa  rspamd.worker_controller"
+sha256sums="30c9acf93bdcc6c009524c8b2770931475929c6c9e948faa90d7412306055a1c  rspamd-1.4.0.tar.xz
 6c5e79e9052d957f3d0d634b2ae7a56bbc0901a5d6946dc991c92f19a72fce97  rspamd.logrotated
-6b531f95724b2a3990524ab09b7304ce4e811b6e082dfdbe633f201a6bc7eee3  rspamd.initd
+da0ad9b00f4cc72dd1432bdadf1bf6d26bfd2f42b19db21fb28c94978607bdf5  rspamd.initd
 82be6a663af2e2333b0dfbbbfd05a9ff3d02e05c7e506235b1b0dbd9d0b72972  rspamd.confd
-8b51fbd06a46adceb8cc4b0dc06e7b98d263336acbff913c34ff8e451173aa23  rspamd.conf
-ccb271cc6b1ff69add9d6e00edcb14e1c1ae664ee6ecf28304647f6cb32240c9  rspamd.worker_normal
-91848312e707032bb159f042da04b4a15efd43f69a17225481962cb07751e90a  rspamd.worker_controller"
-sha512sums="41a3aa9b699ca1e40d229ebc9c3fd41ef07ad99b0badda44481fe4ff3003000069352f58379fa47013f96d98b08430a3c7bea0d97cab4a7e6db17a9084b082d6  rspamd-1.3.4.tar.xz
+29dd2ffd52e07f42bb796dcafd47aa1ac52708e2c7f460dae74cb9016f85e27c  rspamd.conf
+b0aa4e9b3093b511c92c9c8a3f25996cdb94750a33f0f941d6939f136f66988c  rspamd.worker_fuzzy
+dc086c7e89a06bc8dffa9c1a559b7849ed7525b315aca3c8b59fadd12905a7a4  rspamd.worker_normal
+bbfa25e57ba3d9dbfd30653bcff7427a97d3ca8e77fdc59cb2700ba3e9f484c7  rspamd.worker_controller"
+sha512sums="39bfccee070b829f3ea5019ebde0020a850abf7fe92f7e5bb5b9212088d4c98544e6f55228984d3422c09c31f356b209237da6a6eb9c18e3feb7940429de663a  rspamd-1.4.0.tar.xz
 2efe28575c40d1fba84b189bb872860e744400db80dce2f6330be6c6287fb3f46e6511284729b957488bf40bcb9b0952e26df9934f5f138334bd2766075c45cb  rspamd.logrotated
-30b45812ef68f2b82d0d7f370b44bec52691296c7349c96c8273342eb4f9b5708c13ad97b13f63d81bee588b4e459c0da3092a62adff9e5b8938f44546df3dcd  rspamd.initd
+a837316ea5b0f84f685afe37e34c3829ba74eb7e9f72a84b149b856bff7b17f2477027b708665c09d8c11863ae8c1b2fcd0fad2f2235a3f2cc2ab3fb69acf206  rspamd.initd
 0b73b159cec9a4a1d337fbb429814f78da23b55f72c9fb8a777ab5f06634206a4f9b25e587f8dbfa7c3242ac5501ebcc90b9a0e926adfd37e14a12ac4607fa62  rspamd.confd
-856000ab9b76dd7acff95ab9a55a0eddfc66486a439fcba7fbb36ecdeaa9740f29301cf7248c982e2d5b745b1bad521abb0f4d5e240d442440a36103d3ee634d  rspamd.conf
-e669882c35891eee37c4121ea065e72545c618ac5e16044ccd19db4cdb14bed271fa87dc261e43e587a08ea6149e13952626c8cea8a797a59b649203c2ac4731  rspamd.worker_normal
-e830ccd5d7999e8cf8d0a82baba1ca80c8b8eb3a7f710c8c067af937258fff49f010cead46619adebc1d481d1131c9e0146fa654a4f4c28749437e5b2c49e755  rspamd.worker_controller"
+891713ac5b139d5aa4e3792465526265707c6b3d83e3d76c9bdc3020688cd1955295dd3f2bc18f81eecf37d95ede00c59f5ec098ac70b0e18e9537d87363e48b  rspamd.conf
+2b2bfdf722af406d7b796ec9acfd1190b681d1f9d49ad132a4ed57d61d7f153ce42b76e6da3091debdd0e84b78214c45e1dae4fff5037ee5156943599230866d  rspamd.worker_fuzzy
+8fd1402a582e915b8f99a9f1f89e95f6e1bb7a8425f20d12c84c1a75d34202a8f72e43123c7c3c9258bbd6616416fdf9c2e1b3794c05abdb938d85e485f990f6  rspamd.worker_normal
+8d662586cf2754f025e691a3ad7974b7d9766569f7f1b1505a19c578d22772d8007d3fa1c2c0401c7aaa55a938c1174ef4be2c252fb3d99e46cad69c1848fd9f  rspamd.worker_controller"
diff --git a/testing/rspamd/rspamd.conf b/testing/rspamd/rspamd.conf
index fe737f9..1e37cb7 100644
--- a/testing/rspamd/rspamd.conf
+++ b/testing/rspamd/rspamd.conf
@@ -1,9 +1,24 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
 .include "$CONFDIR/common.conf"
 
 options {
     pidfile = "$RUNDIR/rspamd.pid";
     .include "$CONFDIR/options.inc"
-    .include(try=true; priority=1) "$LOCAL_CONFDIR/local.d/options.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/options.inc"
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/options.inc"
 }
 
@@ -11,8 +26,8 @@ logging {
     type = "file";
     filename = "$LOGDIR/rspamd.log";
     .include "$CONFDIR/logging.inc"
-    .include(try=true; priority=1) "$LOCAL_CONFDIR/local.d/logging.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/logging.inc"
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc"
 }
 
-.include(glob=true) "$CONFDIR/worker.d/*.conf"
+.include(glob=true) "$CONFDIR/worker-*.conf"
diff --git a/testing/rspamd/rspamd.initd b/testing/rspamd/rspamd.initd
index a20f784..b77a431 100644
--- a/testing/rspamd/rspamd.initd
+++ b/testing/rspamd/rspamd.initd
@@ -14,24 +14,29 @@ description_reopen="Reopen log files"
 
 depend() {
 	need localmount net
-	before exim postfix
+	before mta
 }
 
 start_pre() {
 	ebegin
+	# shm fix for lxc-containers
+	if ! grep -q ^shm /proc/mounts; then
+		checkpath --directory /dev/shm
+		mount -t tmpfs -o noexec,nosuid,nodev,mode=1777 shm /dev/shm
+	fi
 	checkpath --directory --mode 750 --owner $user:$group ${pidfile%/*}
 	$command $command_args -t >/dev/null 2>>${startuplog:-/dev/null}
 	eend $?
 }
 
 reload() {
-	ebegin "Reloading ${SVCNAME}"
+	ebegin Reloading $SVCNAME
 	start-stop-daemon --signal HUP --pidfile $pidfile
 	eend $?
 }
 
 reopen() {
-	ebegin "Reopening ${SVCNAME} log files"
+	ebegin Reopening $SVCNAME log files
 	start-stop-daemon --signal USR1 --pidfile $pidfile
 	eend $?
-}
\ No newline at end of file
+}
diff --git a/testing/rspamd/rspamd.worker_controller b/testing/rspamd/rspamd.worker_controller
index 77464c1..767acdb 100644
--- a/testing/rspamd/rspamd.worker_controller
+++ b/testing/rspamd/rspamd.worker_controller
@@ -1,11 +1,6 @@
 worker {
     bind_socket = "localhost:11334";
-    type = "controller";
-    count = 1;
-    password = "q1";
-    secure_ip = "127.0.0.1";
-    secure_ip = "::1";
-    static_dir = "${WWWDIR}";
-    .include(try=true; priority=1) "$LOCAL_CONFDIR/local.d/worker-controller.inc"
+    .include "$CONFDIR/worker-controller.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-controller.inc"
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-controller.inc"
 }
diff --git a/testing/rspamd/rspamd.worker_fuzzy b/testing/rspamd/rspamd.worker_fuzzy
new file mode 100644
index 0000000..449d99b
--- /dev/null
+++ b/testing/rspamd/rspamd.worker_fuzzy
@@ -0,0 +1,6 @@
+worker {
+    bind_socket = "*:11335";
+    .include "$CONFDIR/worker-fuzzy.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-fuzzy.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-fuzzy.inc"
+}
diff --git a/testing/rspamd/rspamd.worker_normal b/testing/rspamd/rspamd.worker_normal
index 6fbee1d..fc3d7a5 100644
--- a/testing/rspamd/rspamd.worker_normal
+++ b/testing/rspamd/rspamd.worker_normal
@@ -1,8 +1,6 @@
 worker {
     bind_socket = "*:11333";
-    type = "normal";
-    mime = true;
-    task_timeout = 8s;
-    .include(try=true; priority=1) "$LOCAL_CONFDIR/local.d/worker-normal.inc"
+    .include "$CONFDIR/worker-normal.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc"
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc"
 }
-- 
2.10.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20161125130044.009c9518@ncopa-macbook.copa.dup.pw>
In-Reply-To
<20161125132727.10281-1-valery.kartel@gmail.com> (view parent)
Sender timestamp
1480086044
DKIM signature
missing
Download raw message
Thank you for working on this. Please see comments below.

On Fri, 25 Nov 2016 15:27:27 +0200
Valery Kartel <valery.kartel@gmail.com> wrote:

> subpackage rename: www -> controller
> subpackage add: fuzzy, utils
> fix /var/lib/rspamd permissions
> fix run in lxc container (create and mount /dev/shm)
> 
> ---
>  testing/rspamd/APKBUILD                 | 95 ++++++++++++++++++++++-----------
>  testing/rspamd/rspamd.conf              | 21 ++++++--
>  testing/rspamd/rspamd.initd             | 13 +++--
>  testing/rspamd/rspamd.worker_controller |  9 +---
>  testing/rspamd/rspamd.worker_fuzzy      |  6 +++
>  testing/rspamd/rspamd.worker_normal     |  6 +--
>  6 files changed, 100 insertions(+), 50 deletions(-)
>  create mode 100644 testing/rspamd/rspamd.worker_fuzzy

...

> @@ -12,15 +12,18 @@ pkgusers="rspamd"
>  pkggroups="rspamd"
>  depends=""
>  depends_dev=""
> -makedepends="$depends_dev cmake libressl-dev libevent-dev glib-dev gmime-dev
> -	lua5.1-dev lua5.1 sqlite-dev hiredis-dev file-dev pcre-dev ragel"
> +makedepends="$depends_dev cmake ragel perl
> +	luajit-dev glib-dev pcre-dev gmime-dev libevent-dev sqlite-dev
> +	libressl-dev file-dev curl-dev"
>  install="$pkgname.pre-install"

Why do we use luajit instead of "normal" lua? Does this mean that we
need to disable PaX protections?

> -subpackages="$pkgname-doc $pkgname-web $pkgname-client"
> +subpackages="$pkgname-doc $pkgname-controller::noarch $pkgname-client
> +	$pkgname-fuzzy::noarch $pkgname-utils::noarch"
>  source="https://rspamd.com/downloads/$pkgname-$pkgver.tar.xz
>  	$pkgname.logrotated
>  	$pkgname.initd
>  	$pkgname.confd
>  	$pkgname.conf
> +	$pkgname.worker_fuzzy
>  	$pkgname.worker_normal
>  	$pkgname.worker_controller
>  "

...

> @@ -84,24 +96,43 @@ client() {
>  	mv "$pkgdir"/usr/bin/rspamc-$pkgver "$subpkgdir"/usr/bin/rspamc
>  }
>  
> -md5sums="ab81d063861d68b1e2260d1c599bf29c  rspamd-1.3.4.tar.xz
> +fuzzy() {
> +	depends="$pkgname"
> +	pkgdesc="$pkgdesc (local fuzzy storage)"
> +	mkdir -p "$subpkgdir"/etc/$pkgname/modules.d
> +	mv "$pkgdir"/etc/$pkgname/worker-fuzzy.* "$subpkgdir"/etc/$pkgname
> +	mv "$pkgdir"/etc/$pkgname/modules.d/fuzzy_* "$subpkgdir"/etc/$pkgname/modules.d
> +}

Is the fuzzy subpackage just a configuration file that we provide? is
the fuzzy config file available from upstream?


> +
> +utils() {
> +	depends="perl"
> +	pkgdesc="$pkgdesc (utils)"
> +	mkdir -p "$subpkgdir"/usr/bin
> +	mv "$pkgdir"/usr/bin/${pkgname}_stats "$subpkgdir"/usr/bin/${pkgname}-stats
> +	mv "$pkgdir"/usr/bin/${pkgname}-redirector "$subpkgdir"/usr/bin
> +}
> +

+1 We want utils that depends on perl to be in subpackage.

...

> diff --git a/testing/rspamd/rspamd.conf b/testing/rspamd/rspamd.conf
> index fe737f9..1e37cb7 100644
> --- a/testing/rspamd/rspamd.conf
> +++ b/testing/rspamd/rspamd.conf
> @@ -1,9 +1,24 @@
> +# Please don't modify this file as your changes might be overwritten with
> +# the next update.

I believe this comment is false, in fact if you you don't modify the
config file it will be replaced with newer version. If you modify it,
the new updated config file will be installed as .apk-new

...

> diff --git a/testing/rspamd/rspamd.initd b/testing/rspamd/rspamd.initd
> index a20f784..b77a431 100644
> --- a/testing/rspamd/rspamd.initd
> +++ b/testing/rspamd/rspamd.initd
> @@ -14,24 +14,29 @@ description_reopen="Reopen log files"
>  
>  depend() {
>  	need localmount net
> -	before exim postfix
> +	before mta
>  }
>  
>  start_pre() {
>  	ebegin
> +	# shm fix for lxc-containers
> +	if ! grep -q ^shm /proc/mounts; then
> +		checkpath --directory /dev/shm
> +		mount -t tmpfs -o noexec,nosuid,nodev,mode=1777 shm /dev/shm
> +	fi

mounting /dev/shm from rspamd init script does not make sense. If you
need /dev/shm mounted, then you should not need install and run rspamd.
This needs to be fixed other place, like lxc config.

IIRC also python build needs /dev/shm

>  	checkpath --directory --mode 750 --owner $user:$group ${pidfile%/*}
>  	$command $command_args -t >/dev/null 2>>${startuplog:-/dev/null}
>  	eend $?
>  }
>  
>  reload() {
> -	ebegin "Reloading ${SVCNAME}"
> +	ebegin Reloading $SVCNAME

why?

>  	start-stop-daemon --signal HUP --pidfile $pidfile
>  	eend $?
>  }
>  
>  reopen() {
> -	ebegin "Reopening ${SVCNAME} log files"
> +	ebegin Reopening $SVCNAME log files

why?

>  	start-stop-daemon --signal USR1 --pidfile $pidfile
>  	eend $?
> -}
> \ No newline at end of file
> +}

...


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20161125135551.1e542d12@ncopa-macbook.copa.dup.pw>
In-Reply-To
<CAKTwcDPJi+FbSs_28d=HmUMWfFXpt4ENAnrLBB1Nrun5zi8oXw@mail.gmail.com> (view parent)
Sender timestamp
1480089351
DKIM signature
missing
Download raw message
On Fri, 25 Nov 2016 17:20:38 +0200
Valery Kartel <valery.kartel@gmail.com> wrote:

> 2016-11-25 17:00 GMT+02:00 Natanael Copa <ncopa@alpinelinux.org>:
> 
> > Thank you for working on this. Please see comments below.
> >
> > On Fri, 25 Nov 2016 15:27:27 +0200
> > Valery Kartel <valery.kartel@gmail.com> wrote:
> >  
> > > subpackage rename: www -> controller
> > > subpackage add: fuzzy, utils
> > > fix /var/lib/rspamd permissions
> > > fix run in lxc container (create and mount /dev/shm)
> > >
> > > ---
> > >  testing/rspamd/APKBUILD                 | 95  
> > ++++++++++++++++++++++-----------  
> > >  testing/rspamd/rspamd.conf              | 21 ++++++--
> > >  testing/rspamd/rspamd.initd             | 13 +++--
> > >  testing/rspamd/rspamd.worker_controller |  9 +---
> > >  testing/rspamd/rspamd.worker_fuzzy      |  6 +++
> > >  testing/rspamd/rspamd.worker_normal     |  6 +--
> > >  6 files changed, 100 insertions(+), 50 deletions(-)
> > >  create mode 100644 testing/rspamd/rspamd.worker_fuzzy  
> >
> > ...
> >  
> > > @@ -12,15 +12,18 @@ pkgusers="rspamd"
> > >  pkggroups="rspamd"
> > >  depends=""
> > >  depends_dev=""
> > > -makedepends="$depends_dev cmake libressl-dev libevent-dev glib-dev  
> > gmime-dev  
> > > -     lua5.1-dev lua5.1 sqlite-dev hiredis-dev file-dev pcre-dev ragel"
> > > +makedepends="$depends_dev cmake ragel perl
> > > +     luajit-dev glib-dev pcre-dev gmime-dev libevent-dev sqlite-dev
> > > +     libressl-dev file-dev curl-dev"
> > >  install="$pkgname.pre-install"  
> >
> > Why do we use luajit instead of "normal" lua? Does this mean that we
> > need to disable PaX protections?
> >  
> 
> It's a new building defaults I saw in debian template. I'll try to
> recompile it with lua.

yeah, we should prefer normal lua for server apps. luajit (jit in
general) does not work with PaX.
 
> BTW: what ssl is preferable libressl or openssl ?

libressl
 
> > > -subpackages="$pkgname-doc $pkgname-web $pkgname-client"
> > > +subpackages="$pkgname-doc $pkgname-controller::noarch $pkgname-client
> > > +     $pkgname-fuzzy::noarch $pkgname-utils::noarch"
> > >  source="https://rspamd.com/downloads/$pkgname-$pkgver.tar.xz
> > >       $pkgname.logrotated
> > >       $pkgname.initd
> > >       $pkgname.confd
> > >       $pkgname.conf
> > > +     $pkgname.worker_fuzzy
> > >       $pkgname.worker_normal
> > >       $pkgname.worker_controller
> > >  "  
> >
> > ...
> >  
> > > @@ -84,24 +96,43 @@ client() {
> > >       mv "$pkgdir"/usr/bin/rspamc-$pkgver "$subpkgdir"/usr/bin/rspamc
> > >  }
> > >
> > > -md5sums="ab81d063861d68b1e2260d1c599bf29c  rspamd-1.3.4.tar.xz
> > > +fuzzy() {
> > > +     depends="$pkgname"
> > > +     pkgdesc="$pkgdesc (local fuzzy storage)"
> > > +     mkdir -p "$subpkgdir"/etc/$pkgname/modules.d
> > > +     mv "$pkgdir"/etc/$pkgname/worker-fuzzy.* "$subpkgdir"/etc/$pkgname
> > > +     mv "$pkgdir"/etc/$pkgname/modules.d/fuzzy_*  
> > "$subpkgdir"/etc/$pkgname/modules.d  
> > > +}  
> >
> > Is the fuzzy subpackage just a configuration file that we provide? is
> > the fuzzy config file available from upstream?
> >
> > This config is cutted from upstream's rspamd.conf. as well as  
> worker-normal and worker-controller.
> 
> I do this to make rspamd not open 13335 tcp connection by default.
> 
> The same for controller subpackage and tcp 13334.

I think that makes sense. (disable tcp 1333[45] by default) I wonder if
we can copy the configuration from upstream, so we don't have our own
copy of it. Otherwise, if upstream changes the default config we might
end up ship the old copy unless we pay close attention.

> > > +
> > > +utils() {
> > > +     depends="perl"
> > > +     pkgdesc="$pkgdesc (utils)"
> > > +     mkdir -p "$subpkgdir"/usr/bin
> > > +     mv "$pkgdir"/usr/bin/${pkgname}_stats "$subpkgdir"/usr/bin/${  
> > pkgname}-stats  
> > > +     mv "$pkgdir"/usr/bin/${pkgname}-redirector "$subpkgdir"/usr/bin
> > > +}
> > > +  
> >
> > +1 We want utils that depends on perl to be in subpackage.
> >
> > ...
> >  
> > > diff --git a/testing/rspamd/rspamd.conf b/testing/rspamd/rspamd.conf
> > > index fe737f9..1e37cb7 100644
> > > --- a/testing/rspamd/rspamd.conf
> > > +++ b/testing/rspamd/rspamd.conf
> > > @@ -1,9 +1,24 @@
> > > +# Please don't modify this file as your changes might be overwritten  
> > with  
> > > +# the next update.  
> >
> > I believe this comment is false, in fact if you you don't modify the
> > config file it will be replaced with newer version. If you modify it,
> > the new updated config file will be installed as .apk-new
> >
> >  
> It's a upstream's comments. They suggest to do changes in local.d/ and
> override.d/ configs, not in those ones.

Then we should use the file from upstream. can we copy it from the
source tarball instead of having our own copy in git?

> > >
> > >  start_pre() {
> > >       ebegin
> > > +     # shm fix for lxc-containers
> > > +     if ! grep -q ^shm /proc/mounts; then
> > > +             checkpath --directory /dev/shm
> > > +             mount -t tmpfs -o noexec,nosuid,nodev,mode=1777 shm  
> > /dev/shm  
> > > +     fi  
> >
> > mounting /dev/shm from rspamd init script does not make sense. If you
> > need /dev/shm mounted, then you should not need install and run rspamd.
> > This needs to be fixed other place, like lxc config.
> >
> > IIRC also python build needs /dev/shm
> >
> It's a fast hack to make rspamd run on my lxc. I want to make a patch to  
> someway use /run if no shm mounted.
> but now that's it.

I'd recommend adding /dev/shm in your /etc/lxc/default.conf:

lxc.mount.entry=shm dev/shm tmpfs nodev,nosuid,noexec,mode=1777,create=dir 0 0

in any case, we should not add this kind of hacks in the package.


> > >       checkpath --directory --mode 750 --owner $user:$group ${pidfile%/*}
> > >       $command $command_args -t >/dev/null 2>>${startuplog:-/dev/null}
> > >       eend $?
> > >  }
> > >
> > >  reload() {
> > > -     ebegin "Reloading ${SVCNAME}"
> > > +     ebegin Reloading $SVCNAME  
> >
> > why?
> >  
> > >       start-stop-daemon --signal HUP --pidfile $pidfile
> > >       eend $?
> > >  }
> > >
> > >  reopen() {
> > > -     ebegin "Reopening ${SVCNAME} log files"
> > > +     ebegin Reopening $SVCNAME log files  
> >
> > why?
> >  
> > >       start-stop-daemon --signal USR1 --pidfile $pidfile
> > >       eend $?
> > > -}
> > > \ No newline at end of file
> > > +}  
> >
> > ...
> >  
> 
> Just removed unneeded chars to reduce size ;)

not worth it.

-nc


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Valery Kartel
Details
Message ID
<CAKTwcDPJi+FbSs_28d=HmUMWfFXpt4ENAnrLBB1Nrun5zi8oXw@mail.gmail.com>
In-Reply-To
<20161125130044.009c9518@ncopa-macbook.copa.dup.pw> (view parent)
Sender timestamp
1480087238
DKIM signature
missing
Download raw message
2016-11-25 17:00 GMT+02:00 Natanael Copa <ncopa@alpinelinux.org>:

> Thank you for working on this. Please see comments below.
>
> On Fri, 25 Nov 2016 15:27:27 +0200
> Valery Kartel <valery.kartel@gmail.com> wrote:
>
> > subpackage rename: www -> controller
> > subpackage add: fuzzy, utils
> > fix /var/lib/rspamd permissions
> > fix run in lxc container (create and mount /dev/shm)
> >
> > ---
> >  testing/rspamd/APKBUILD                 | 95
> ++++++++++++++++++++++-----------
> >  testing/rspamd/rspamd.conf              | 21 ++++++--
> >  testing/rspamd/rspamd.initd             | 13 +++--
> >  testing/rspamd/rspamd.worker_controller |  9 +---
> >  testing/rspamd/rspamd.worker_fuzzy      |  6 +++
> >  testing/rspamd/rspamd.worker_normal     |  6 +--
> >  6 files changed, 100 insertions(+), 50 deletions(-)
> >  create mode 100644 testing/rspamd/rspamd.worker_fuzzy
>
> ...
>
> > @@ -12,15 +12,18 @@ pkgusers="rspamd"
> >  pkggroups="rspamd"
> >  depends=""
> >  depends_dev=""
> > -makedepends="$depends_dev cmake libressl-dev libevent-dev glib-dev
> gmime-dev
> > -     lua5.1-dev lua5.1 sqlite-dev hiredis-dev file-dev pcre-dev ragel"
> > +makedepends="$depends_dev cmake ragel perl
> > +     luajit-dev glib-dev pcre-dev gmime-dev libevent-dev sqlite-dev
> > +     libressl-dev file-dev curl-dev"
> >  install="$pkgname.pre-install"
>
> Why do we use luajit instead of "normal" lua? Does this mean that we
> need to disable PaX protections?
>

It's a new building defaults I saw in debian template. I'll try to
recompile it with lua.

BTW: what ssl is preferable libressl or openssl ?


> > -subpackages="$pkgname-doc $pkgname-web $pkgname-client"
> > +subpackages="$pkgname-doc $pkgname-controller::noarch $pkgname-client
> > +     $pkgname-fuzzy::noarch $pkgname-utils::noarch"
> >  source="https://rspamd.com/downloads/$pkgname-$pkgver.tar.xz
> >       $pkgname.logrotated
> >       $pkgname.initd
> >       $pkgname.confd
> >       $pkgname.conf
> > +     $pkgname.worker_fuzzy
> >       $pkgname.worker_normal
> >       $pkgname.worker_controller
> >  "
>
> ...
>
> > @@ -84,24 +96,43 @@ client() {
> >       mv "$pkgdir"/usr/bin/rspamc-$pkgver "$subpkgdir"/usr/bin/rspamc
> >  }
> >
> > -md5sums="ab81d063861d68b1e2260d1c599bf29c  rspamd-1.3.4.tar.xz
> > +fuzzy() {
> > +     depends="$pkgname"
> > +     pkgdesc="$pkgdesc (local fuzzy storage)"
> > +     mkdir -p "$subpkgdir"/etc/$pkgname/modules.d
> > +     mv "$pkgdir"/etc/$pkgname/worker-fuzzy.* "$subpkgdir"/etc/$pkgname
> > +     mv "$pkgdir"/etc/$pkgname/modules.d/fuzzy_*
> "$subpkgdir"/etc/$pkgname/modules.d
> > +}
>
> Is the fuzzy subpackage just a configuration file that we provide? is
> the fuzzy config file available from upstream?
>
> This config is cutted from upstream's rspamd.conf. as well as
worker-normal and worker-controller.

I do this to make rspamd not open 13335 tcp connection by default.

The same for controller subpackage and tcp 13334.


> > +
> > +utils() {
> > +     depends="perl"
> > +     pkgdesc="$pkgdesc (utils)"
> > +     mkdir -p "$subpkgdir"/usr/bin
> > +     mv "$pkgdir"/usr/bin/${pkgname}_stats "$subpkgdir"/usr/bin/${
> pkgname}-stats
> > +     mv "$pkgdir"/usr/bin/${pkgname}-redirector "$subpkgdir"/usr/bin
> > +}
> > +
>
> +1 We want utils that depends on perl to be in subpackage.
>
> ...
>
> > diff --git a/testing/rspamd/rspamd.conf b/testing/rspamd/rspamd.conf
> > index fe737f9..1e37cb7 100644
> > --- a/testing/rspamd/rspamd.conf
> > +++ b/testing/rspamd/rspamd.conf
> > @@ -1,9 +1,24 @@
> > +# Please don't modify this file as your changes might be overwritten
> with
> > +# the next update.
>
> I believe this comment is false, in fact if you you don't modify the
> config file it will be replaced with newer version. If you modify it,
> the new updated config file will be installed as .apk-new
>
>
It's a upstream's comments. They suggest to do changes in local.d/ and
override.d/ configs, not in those ones.

...
>
> > diff --git a/testing/rspamd/rspamd.initd b/testing/rspamd/rspamd.initd
> > index a20f784..b77a431 100644
> > --- a/testing/rspamd/rspamd.initd
> > +++ b/testing/rspamd/rspamd.initd
> > @@ -14,24 +14,29 @@ description_reopen="Reopen log files"
> >
> >  depend() {
> >       need localmount net
> > -     before exim postfix
> > +     before mta
> >  }
> >
> >  start_pre() {
> >       ebegin
> > +     # shm fix for lxc-containers
> > +     if ! grep -q ^shm /proc/mounts; then
> > +             checkpath --directory /dev/shm
> > +             mount -t tmpfs -o noexec,nosuid,nodev,mode=1777 shm
> /dev/shm
> > +     fi
>
> mounting /dev/shm from rspamd init script does not make sense. If you
> need /dev/shm mounted, then you should not need install and run rspamd.
> This needs to be fixed other place, like lxc config.
>
> IIRC also python build needs /dev/shm
>
> It's a fast hack to make rspamd run on my lxc. I want to make a patch to
someway use /run if no shm mounted.
but now that's it.


> >       checkpath --directory --mode 750 --owner $user:$group ${pidfile%/*}
> >       $command $command_args -t >/dev/null 2>>${startuplog:-/dev/null}
> >       eend $?
> >  }
> >
> >  reload() {
> > -     ebegin "Reloading ${SVCNAME}"
> > +     ebegin Reloading $SVCNAME
>
> why?
>
> >       start-stop-daemon --signal HUP --pidfile $pidfile
> >       eend $?
> >  }
> >
> >  reopen() {
> > -     ebegin "Reopening ${SVCNAME} log files"
> > +     ebegin Reopening $SVCNAME log files
>
> why?
>
> >       start-stop-daemon --signal USR1 --pidfile $pidfile
> >       eend $?
> > -}
> > \ No newline at end of file
> > +}
>
> ...
>

Just removed unneeded chars to reduce size ;)