From fbba865c6cde881bf9012f13cc081a4287e25833 Mon Sep 17 00:00:00 2001 From: georglauterbach <44545919+georglauterbach@users.noreply.github.com> Date: Sun, 19 Jan 2025 11:39:39 +0100 Subject: [PATCH] chore: use proper global variable for state dir Signed-off-by: georglauterbach <44545919+georglauterbach@users.noreply.github.com> --- target/scripts/startup/setup.d/mail_state.sh | 52 ++++++++++---------- target/scripts/startup/variables-stack.sh | 17 +++++++ 2 files changed, 42 insertions(+), 27 deletions(-) diff --git a/target/scripts/startup/setup.d/mail_state.sh b/target/scripts/startup/setup.d/mail_state.sh index d2fed814..5e72e0ef 100644 --- a/target/scripts/startup/setup.d/mail_state.sh +++ b/target/scripts/startup/setup.d/mail_state.sh @@ -3,12 +3,10 @@ # Consolidate all states into a single directory # (/var/mail-state) to allow persistence using docker volumes function _setup_save_states() { - local DEST DESTDIR STATEDIR SERVICEDIR SERVICEDIRS SERVICEFILE SERVICEFILES + local DEST DESTDIR SERVICEDIR SERVICEDIRS SERVICEFILE SERVICEFILES - STATEDIR='/var/mail-state' - - if [[ -d ${STATEDIR} ]]; then - _log 'debug' "Consolidating all state onto ${STATEDIR}" + if [[ -d ${DMS_STATE_DIR} ]]; then + _log 'debug' "Consolidating all state onto ${DMS_STATE_DIR}" # Always enabled features: SERVICEDIRS=( @@ -36,7 +34,7 @@ function _setup_save_states() { [[ ${ENABLE_SRS} -eq 1 ]] && SERVICEFILES+=('/etc/postsrsd.secret') for SERVICEFILE in "${SERVICEFILES[@]}"; do - DEST="${STATEDIR}/${SERVICEFILE}" + DEST="${DMS_STATE_DIR}/${SERVICEFILE}" DESTDIR="${DEST%/*}" mkdir -p "${DESTDIR}" @@ -50,7 +48,7 @@ function _setup_save_states() { mv "${SERVICEFILE}" "${DEST}" # Apply SELinux security context to match the state directory, so access # is not restricted to the current running container: - chcon -R --reference="${STATEDIR}" "${DEST}" 2>/dev/null || true + chcon -R --reference="${DMS_STATE_DIR}" "${DEST}" 2>/dev/null || true fi # Symlink the original file in the container ($SERVICEFILE) to be @@ -59,7 +57,7 @@ function _setup_save_states() { done for SERVICEDIR in "${SERVICEDIRS[@]}"; do - DEST="${STATEDIR}/${SERVICEDIR//\//-}" + DEST="${DMS_STATE_DIR}/${SERVICEDIR//\//-}" SERVICEDIR="/var/${SERVICEDIR}" # If relevant content is found in /var/mail-state (presumably a volume mount), @@ -74,7 +72,7 @@ function _setup_save_states() { mv "${SERVICEDIR}" "${DEST}" # Apply SELinux security context to match the state directory, so access # is not restricted to the current running container: - chcon -R --reference="${STATEDIR}" "${DEST}" 2>/dev/null || true + chcon -R --reference="${DMS_STATE_DIR}" "${DEST}" 2>/dev/null || true else _log 'error' "${SERVICEDIR} should exist but is missing" fi @@ -84,29 +82,29 @@ function _setup_save_states() { ln -s "${DEST}" "${SERVICEDIR}" done else - _log 'debug' "'${STATEDIR}' is not present; Not consolidating state" + _log 'debug' "'${DMS_STATE_DIR}' is not present; Not consolidating state" fi } function _setup_adjust_state_permissions() { - if [[ -d ${STATEDIR} ]]; then + if [[ -d ${DMS_STATE_DIR} ]]; then # This ensures the user and group of the files from the external mount have their # numeric ID values in sync. New releases where the installed packages order changes # can change the values in the Docker image, causing an ownership mismatch. # NOTE: More details about users and groups added during image builds are documented here: # https://github.com/docker-mailserver/docker-mailserver/pull/3011#issuecomment-1399120252 - _log 'trace' "Fixing ${STATEDIR}/* permissions" - [[ ${ENABLE_AMAVIS} -eq 1 ]] && chown -R amavis:amavis "${STATEDIR}/lib-amavis" - [[ ${ENABLE_CLAMAV} -eq 1 ]] && chown -R clamav:clamav "${STATEDIR}/lib-clamav" - [[ ${ENABLE_FETCHMAIL} -eq 1 ]] && chown -R fetchmail:nogroup "${STATEDIR}/lib-fetchmail" - [[ ${ENABLE_MTA_STS} -eq 1 ]] && chown -R _mta-sts:_mta-sts "${STATEDIR}/lib-mta-sts" - [[ ${ENABLE_POSTGREY} -eq 1 ]] && chown -R postgrey:postgrey "${STATEDIR}/lib-postgrey" - [[ ${ENABLE_RSPAMD} -eq 1 ]] && chown -R _rspamd:_rspamd "${STATEDIR}/lib-rspamd" - [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && chown -R redis:redis "${STATEDIR}/lib-redis" - [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && chown -R debian-spamd:debian-spamd "${STATEDIR}/lib-spamassassin" + _log 'trace' "Fixing ${DMS_STATE_DIR}/* permissions" + [[ ${ENABLE_AMAVIS} -eq 1 ]] && chown -R amavis:amavis "${DMS_STATE_DIR}/lib-amavis" + [[ ${ENABLE_CLAMAV} -eq 1 ]] && chown -R clamav:clamav "${DMS_STATE_DIR}/lib-clamav" + [[ ${ENABLE_FETCHMAIL} -eq 1 ]] && chown -R fetchmail:nogroup "${DMS_STATE_DIR}/lib-fetchmail" + [[ ${ENABLE_MTA_STS} -eq 1 ]] && chown -R _mta-sts:_mta-sts "${DMS_STATE_DIR}/lib-mta-sts" + [[ ${ENABLE_POSTGREY} -eq 1 ]] && chown -R postgrey:postgrey "${DMS_STATE_DIR}/lib-postgrey" + [[ ${ENABLE_RSPAMD} -eq 1 ]] && chown -R _rspamd:_rspamd "${DMS_STATE_DIR}/lib-rspamd" + [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && chown -R redis:redis "${DMS_STATE_DIR}/lib-redis" + [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && chown -R debian-spamd:debian-spamd "${DMS_STATE_DIR}/lib-spamassassin" - chown -R root:root "${STATEDIR}/lib-logrotate" - chown -R postfix:postfix "${STATEDIR}/lib-postfix" + chown -R root:root "${DMS_STATE_DIR}/lib-logrotate" + chown -R postfix:postfix "${DMS_STATE_DIR}/lib-postfix" # NOTE: The Postfix spool location has mixed owner/groups to take into account: # UID = postfix(101): active, bounce, corrupt, defer, deferred, flush, hold, incoming, maildrop, private, public, saved, trace @@ -115,15 +113,15 @@ function _setup_adjust_state_permissions() { # GID for all other directories is root(0) # NOTE: `spool-postfix/private/` will be set to `postfix:postfix` when Postfix starts / restarts # Set most common ownership: - chown -R postfix:root "${STATEDIR}/spool-postfix" - chown root:root "${STATEDIR}/spool-postfix" + chown -R postfix:root "${DMS_STATE_DIR}/spool-postfix" + chown root:root "${DMS_STATE_DIR}/spool-postfix" # These two require the postdrop(103) group: - chgrp -R postdrop "${STATEDIR}"/spool-postfix/{maildrop,public} + chgrp -R postdrop "${DMS_STATE_DIR}"/spool-postfix/{maildrop,public} # These permissions rely on the `postdrop` binary having the SGID bit set. # Ref: https://github.com/docker-mailserver/docker-mailserver/pull/3625 - chmod 730 "${STATEDIR}/spool-postfix/maildrop" - chmod 710 "${STATEDIR}/spool-postfix/public" + chmod 730 "${DMS_STATE_DIR}/spool-postfix/maildrop" + chmod 710 "${DMS_STATE_DIR}/spool-postfix/public" fi } diff --git a/target/scripts/startup/variables-stack.sh b/target/scripts/startup/variables-stack.sh index 1f5c44d3..8753d953 100644 --- a/target/scripts/startup/variables-stack.sh +++ b/target/scripts/startup/variables-stack.sh @@ -10,6 +10,17 @@ function _early_variables_setup() { __environment_variables_export } +# Declare a variable as readonly if it is not already set. +function __declare_readonly() { + local VARIABLE_NAME=${1:?Variable name required when declaring a variable as readonly} + local VARIABLE_VALUE=${2:?Variable value required when declaring a variable as readonly} + + if [[ ! -v ${VARIABLE_NAME} ]]; then + readonly "${VARIABLE_NAME}=${VARIABLE_VALUE}" + VARS[${VARIABLE_NAME}]="${VARIABLE_VALUE}" + fi +} + # This function handles variables that are deprecated. This allows a # smooth transition period, without the need of removing a variable # completely with a single version. @@ -56,6 +67,12 @@ function __environment_variables_general_setup() { VARS[DMS_VMAIL_UID]="${DMS_VMAIL_UID:=5000}" VARS[DMS_VMAIL_GID]="${DMS_VMAIL_GID:=5000}" + # internal variables are next + + __declare_readonly 'DMS_STATE_DIR' '/var/mail-state' + + # user-customizable are last + _log 'trace' 'Setting anti-spam & anti-virus environment variables' VARS[AMAVIS_LOGLEVEL]="${AMAVIS_LOGLEVEL:=0}"