Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mpack: Invoke /run/wrappers/bin/sendmail via execvp #46736

Merged
merged 1 commit into from Sep 18, 2018
Merged

mpack: Invoke /run/wrappers/bin/sendmail via execvp #46736

merged 1 commit into from Sep 18, 2018

Conversation

clefru
Copy link
Contributor

@clefru clefru commented Sep 16, 2018

Calling /run/current-sw/bin/sendmail fails under postfix because
setgid bits are not set. Switching the hardcoded path to an invocation
via execvp should cover both cases, when the sendmail binary is
setgid-wrapped and when it is not.

Motivation for this change

mpack can't send mails under a postfix installation, as the setgid bits are missing in postdrop.

$ strace -etrace=execve -f mpack -s ethereum-cc.pdf tmp.pdf clemens@endorphin.org                                                          execve("/home/clemens/.nix-profile/bin/mpack", ["mpack", "-s", "ethereum-cc.pdf", "tmp.pdf", "clemens@endorphin.org"], 0x7ffeb53e6220 /* 82 vars */) = 0
strace: Process 36692 attached
[pid 36692] execve("/usr/lib/sendmail", ["sendmail", "-oi", "clemens@endorphin.org"], 0x7ffe0fc75808 /* 82 vars */) = -1 ENOENT (No such file or directory)
[pid 36692] execve("/run/current-system/sw/bin/sendmail", ["sendmail", "-oi", "clemens@endorphin.org"], 0x7ffe0fc75808 /* 82 vars */) = 0
strace: Process 36693 attached
[pid 36693] execve("/nix/store/a9ck93r3rw8frqph73fhgr0mfvs6dzv8-postfix-3.3.1/bin/postdrop", ["/nix/store/a9ck93r3rw8frqph73fhg"..., "-r"], 0x563f5b430220 /* 2 vars */) = 0
postdrop: warning: mail_queue_enter: create file maildrop/528081.36693: Permission denied
postdrop: warning: mail_queue_enter: create file maildrop/528270.36693: Permission denied
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@clefru
Copy link
Contributor Author

clefru commented Sep 16, 2018

@peterhoeg Since you helped me out with mpack last time, maybe you have time to review this as well? :) Thanks

Mic92
Mic92 reviewed Sep 17, 2018
View reviewed changes
pkgs/tools/networking/mpack/sendmail-via-execvp.diff Outdated
#else
- execv("/usr/lib/sendmail", addr+start);
- execv("/usr/sbin/sendmail", addr+start);
+ execvp("sendmail", addr+start);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be sensible to fallback to the old behavior like this:

+    execvp("sendmail", addr+start);
     execv("/usr/lib/sendmail", addr+start);
     execv("/usr/sbin/sendmail", addr+start);

then it would almost behave the same on non-nixos platforms if PATH is empty.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated PR

@clefru
mpack: Invoke /run/wrappers/bin/sendmail via execvp
6d97096 
Calling /run/current-sw/bin/sendmail fails under postfix because
setgid bits are not set. Switching the hardcoded path to an invocation
via execvp should cover both cases, when the sendmail binary is
setgid-wrapped and when it is not.
@Mic92
Copy link
Member

Mic92 commented Sep 18, 2018

@GrahamcOfBorg build mpack

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: mpack

Partial log (click to expand)

post-installation fixup
moving /nix/store/04jf26m7892sjxndmsk9gdp9lrd5id9l-mpack-1.6/man to /nix/store/04jf26m7892sjxndmsk9gdp9lrd5id9l-mpack-1.6/share/man
shrinking RPATHs of ELF executables and libraries in /nix/store/04jf26m7892sjxndmsk9gdp9lrd5id9l-mpack-1.6
shrinking /nix/store/04jf26m7892sjxndmsk9gdp9lrd5id9l-mpack-1.6/bin/mpack
shrinking /nix/store/04jf26m7892sjxndmsk9gdp9lrd5id9l-mpack-1.6/bin/munpack
gzipping man pages under /nix/store/04jf26m7892sjxndmsk9gdp9lrd5id9l-mpack-1.6/share/man/
strip is /nix/store/h0lbngpv6ln56hjj59i6l77vxq25flbz-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/04jf26m7892sjxndmsk9gdp9lrd5id9l-mpack-1.6/bin
patching script interpreter paths in /nix/store/04jf26m7892sjxndmsk9gdp9lrd5id9l-mpack-1.6
checking for references to /build in /nix/store/04jf26m7892sjxndmsk9gdp9lrd5id9l-mpack-1.6...

@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: mpack

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowUnsupportedSystem = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowUnsupportedSystem = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: mpack

Partial log (click to expand)

moving /nix/store/lm5bydlzdcx8gwifd2ihgzwr7zm392m2-mpack-1.6/man to /nix/store/lm5bydlzdcx8gwifd2ihgzwr7zm392m2-mpack-1.6/share/man
shrinking RPATHs of ELF executables and libraries in /nix/store/lm5bydlzdcx8gwifd2ihgzwr7zm392m2-mpack-1.6
shrinking /nix/store/lm5bydlzdcx8gwifd2ihgzwr7zm392m2-mpack-1.6/bin/munpack
shrinking /nix/store/lm5bydlzdcx8gwifd2ihgzwr7zm392m2-mpack-1.6/bin/mpack
gzipping man pages under /nix/store/lm5bydlzdcx8gwifd2ihgzwr7zm392m2-mpack-1.6/share/man/
strip is /nix/store/y4ymnvgxygpq05h03kyzbj572zmh6zla-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/lm5bydlzdcx8gwifd2ihgzwr7zm392m2-mpack-1.6/bin
patching script interpreter paths in /nix/store/lm5bydlzdcx8gwifd2ihgzwr7zm392m2-mpack-1.6
checking for references to /build in /nix/store/lm5bydlzdcx8gwifd2ihgzwr7zm392m2-mpack-1.6...
/nix/store/lm5bydlzdcx8gwifd2ihgzwr7zm392m2-mpack-1.6

@Mic92 Mic92 merged commit baa8dc3 into NixOS:master Sep 18, 2018
@Mic92
Copy link
Member

Mic92 commented Sep 18, 2018

backport: f339ca5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@clefru @Mic92 @GrahamcOfBorg