[Bug 280139] security/amavisd-new: fix filename of the rc scripts to comply to the rc scripting recommendations + service jails readiness

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 05 Jul 2024 09:28:19 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280139

            Bug ID: 280139
           Summary: security/amavisd-new: fix filename of the rc scripts
                    to comply to the rc scripting recommendations +
                    service jails readiness
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: flo@FreeBSD.org
          Reporter: netchild@FreeBSD.org
          Assignee: flo@FreeBSD.org
             Flags: maintainer-feedback?(flo@FreeBSD.org)

Created attachment 251882
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=251882&action=edit
rename start script to comply to rc recommendations + service jails readiness

Hi,

The attached patch fixes some issues with the rc script.

A generic discussion about the rc scripts in the ports collection which
contains a lot more background information about the "why" of this patch is at 
    https://lists.freebsd.org/archives/freebsd-ports/2024-July/006342.html

Short:
 - the filename shall be the same as the content of the name variable inside
the script
 - (already OK) PROVIDE shall be the same as the content of the name variable
inside the script
 - this fixes the use of the script with service jails (new feature in
-current)

Additionally to what is discussed there and fixed in the patch, I made the
following additional changes:
 - add an UPATING entry (date needs to be adapted, this may conflict at the
time when you apply/commit)
 - add service jails options to the scripts to enable the use in service jails
(new feature in -current)
   the svcj_options allow the use of the host-network, if you want to allow
sysvipc you need to replace
   "net_basic" with "net_basic sysvipc" (inherits/shares the sysv stuff,
"sysipcnew" if the sysvipc parts shall be uniq to the specific service)
   if no network access is required for a service, you can set it hard to empty
(amavisX_YYY_svcj_options="")

The service jails part will not cause issues when service jails are not
enabled. If amavis works inside a jail, it will work inside service jails too,
the only question is which kind of jail permissions need to be enabled for the
services. The handbook has more info about service jails:
    https://docs.freebsd.org/en/books/handbook/jails/#service-jails
    https://docs.freebsd.org/en/articles/rc-scripting/#rcng-service-jails

You may want to run the following before applying the patch:
    git mv security/amavisd-new/files/amavisd-snmp.in
$security/amavisd-new/files/amavisd-snmp.in                                     
    git mv security/amavisd-new/files/amavis-p0fanalyzer.in
security/amavisd-new/files/amavis_p0fanalyzer.in                                

Bye,
Alexander.

-- 
You are receiving this mail because:
You are the assignee for the bug.