From cdd03f807a0d8346bc0fe7d1187ee0befe356624 Mon Sep 17 00:00:00 2001 From: Lee Starnes Date: Sat, 19 Sep 2020 00:12:15 +0000 Subject: user/rspamd: import from Alpine, disable JIT, and use lua5.3 --- user/rspamd/10-conf-split-workers.patch | 88 ++++++++++++++++ user/rspamd/20-lua-cmake.patch | 39 +++++++ user/rspamd/APKBUILD | 175 ++++++++++++++++++++++++++++++++ user/rspamd/rspamd.confd | 13 +++ user/rspamd/rspamd.initd | 51 ++++++++++ user/rspamd/rspamd.logrotated | 11 ++ user/rspamd/rspamd.pre-install | 6 ++ 7 files changed, 383 insertions(+) create mode 100644 user/rspamd/10-conf-split-workers.patch create mode 100644 user/rspamd/20-lua-cmake.patch create mode 100644 user/rspamd/APKBUILD create mode 100644 user/rspamd/rspamd.confd create mode 100644 user/rspamd/rspamd.initd create mode 100644 user/rspamd/rspamd.logrotated create mode 100644 user/rspamd/rspamd.pre-install (limited to 'user/rspamd') diff --git a/user/rspamd/10-conf-split-workers.patch b/user/rspamd/10-conf-split-workers.patch new file mode 100644 index 000000000..505d2c72e --- /dev/null +++ b/user/rspamd/10-conf-split-workers.patch @@ -0,0 +1,88 @@ +Since we split workers into subpackages, we have to split the main config +that defines workers to be loaded. + +NOTE: This is intentionally done in patch file instead of modifying the config +with sed and generating the worker configs to avoid silent breakages when +upgrading the aport! + +--- a/conf/rspamd.conf ++++ b/conf/rspamd.conf +@@ -35,33 +35,4 @@ + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc" + } + +-worker "normal" { +- bind_socket = "localhost:11333"; +- .include "$CONFDIR/worker-normal.inc" +- .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc" +- .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc" +-} +- +-worker "controller" { +- bind_socket = "localhost:11334"; +- .include "$CONFDIR/worker-controller.inc" +- .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-controller.inc" +- .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-controller.inc" +-} +- +-worker "rspamd_proxy" { +- bind_socket = "localhost:11332"; +- .include "$CONFDIR/worker-proxy.inc" +- .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-proxy.inc" +- .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-proxy.inc" +-} +- +-# Local fuzzy storage is disabled by default +- +-worker "fuzzy" { +- bind_socket = "localhost:11335"; +- count = -1; # Disable by default +- .include "$CONFDIR/worker-fuzzy.inc" +- .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-fuzzy.inc" +- .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-fuzzy.inc" +-} ++.include(glob=true) "$CONFDIR/worker-*.conf" +--- /dev/null ++++ b/conf/worker-normal.conf +@@ -0,0 +1,8 @@ ++# Included from top-level .conf file ++ ++worker "normal" { ++ bind_socket = "localhost:11333"; ++ .include "$CONFDIR/worker-normal.inc" ++ .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc" ++ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc" ++} +--- /dev/null ++++ b/conf/worker-controller.conf +@@ -0,0 +1,8 @@ ++# Included from top-level .conf file ++ ++worker "controller" { ++ bind_socket = "localhost:11334"; ++ .include "$CONFDIR/worker-controller.inc" ++ .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-controller.inc" ++ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-controller.inc" ++} +--- /dev/null ++++ b/conf/worker-proxy.conf +@@ -0,0 +1,8 @@ ++# Included from top-level .conf file ++ ++worker "rspamd_proxy" { ++ bind_socket = "localhost:11332"; ++ .include "$CONFDIR/worker-proxy.inc" ++ .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-proxy.inc" ++ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-proxy.inc" ++} +--- /dev/null ++++ b/conf/worker-fuzzy.conf +@@ -0,0 +1,8 @@ ++# Included from top-level .conf file ++ ++worker "fuzzy" { ++ bind_socket = "localhost:11335"; ++ .include "$CONFDIR/worker-fuzzy.inc" ++ .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-fuzzy.inc" ++ .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-fuzzy.inc" ++} diff --git a/user/rspamd/20-lua-cmake.patch b/user/rspamd/20-lua-cmake.patch new file mode 100644 index 000000000..cfd3926d6 --- /dev/null +++ b/user/rspamd/20-lua-cmake.patch @@ -0,0 +1,39 @@ +rspamd's FindLua macro fails to find our lua libs and includes, but it also +always undefines LUA_LIBRARY and LUA_INCLUDE_DIR. + +--- a/CMakeLists.txt 2020-04-01 13:57:55.000000000 +0000 ++++ b/CMakeLists.txt 2020-08-16 05:12:50.850000000 +0000 +@@ -121,31 +121,8 @@ + + # Now find libraries and headers + LIST(APPEND RSPAMD_REQUIRED_LIBRARIES "m") +-IF(ENABLE_LUAJIT MATCHES "ON") +- #ProcessPackage(LUAJIT luajit) +- SET(WITH_LUA 1) +- FindLua(VERSION_MAJOR "5" VERSION_MINOR "1" ROOT "${LUA_ROOT}") +- IF(NOT LUA_FOUND) +- MESSAGE(FATAL_ERROR "Lua not found, lua support is required") +- ELSE(NOT LUA_FOUND) +- SET(WITH_LUA 1) +- INCLUDE_DIRECTORIES("${LUA_INCLUDE_DIR}") +- ENDIF(NOT LUA_FOUND) +-ELSE(ENABLE_LUAJIT MATCHES "ON") +- FindLua(VERSION_MAJOR "5" VERSION_MINOR "3" ROOT "${LUA_ROOT}") +- IF(NOT LUA_FOUND) +- FindLua(VERSION_MAJOR "5" VERSION_MINOR "2" ROOT "${LUA_ROOT}") +- IF(NOT LUA_FOUND) +- FindLua(VERSION_MAJOR "5" VERSION_MINOR "1" ROOT "${LUA_ROOT}") +- ENDIF(NOT LUA_FOUND) +- ENDIF(NOT LUA_FOUND) +- IF(NOT LUA_FOUND) +- MESSAGE(FATAL_ERROR "Lua not found, lua support is required") +- ELSE(NOT LUA_FOUND) +- SET(WITH_LUA 1) +- INCLUDE_DIRECTORIES("${LUA_INCLUDE_DIR}") +- ENDIF(NOT LUA_FOUND) +-ENDIF(ENABLE_LUAJIT MATCHES "ON") ++ ++INCLUDE_DIRECTORIES("${LUA_INCLUDE_DIR}") + + IF(ENABLE_JEMALLOC MATCHES "ON" AND NOT SANITIZE) + ProcessPackage(JEMALLOC LIBRARY jemalloc_pic jemalloc INCLUDE jemalloc.h INCLUDE_SUFFIXES include/jemalloc diff --git a/user/rspamd/APKBUILD b/user/rspamd/APKBUILD new file mode 100644 index 000000000..71dbcb2ac --- /dev/null +++ b/user/rspamd/APKBUILD @@ -0,0 +1,175 @@ +# Contributor: Valery Kartel +# Contributor: Nathan Angelacos +# Contributor: TBK +# Contributor: Jakub Jirutka +# Contributor: Duncan Bellamy +# Maintainer: Lee Starnes +pkgname=rspamd +pkgver=2.5 +pkgrel=0 +pkgdesc="Fast, free and open-source spam filtering system" +url="https://rspamd.com/" +arch="all" +license="Apache-2.0 AND BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND LGPL-2.1+ AND LGPL-3.0-only AND MIT AND Zlib" +pkgusers="rspamd" +pkggroups="rspamd" +depends="" +checkdepends="" +makedepends=" + cmake + curl-dev + file-dev + glib-dev + icu-dev + libevent-dev + libgd-dev + libsodium-dev + lua5.3 + lua5.3-dev + openssl-dev + pcre2-dev + perl + ragel + sqlite-dev + " +checkdepends="luarocks" +install="$pkgname.pre-install" +subpackages=" + $pkgname-doc + $pkgname-client + $pkgname-libs + $pkgname-utils::noarch + $pkgname-controller::noarch + $pkgname-fuzzy::noarch + $pkgname-proxy::noarch + $pkgname-openrc + $pkgname-dbg + " +source="$pkgname-$pkgver.tar.gz::https://github.com/rspamd/rspamd/archive/$pkgver.tar.gz + $pkgname.logrotated + $pkgname.initd + $pkgname.confd + 10-conf-split-workers.patch + 20-lua-cmake.patch + " + +build() { + if [ "$CBUILD" != "$CHOST" ]; then + CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux" + fi + cmake -B build \ + -DCMAKE_BUILD_TYPE=None \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCONFDIR=/etc/$pkgname \ + -DRUNDIR=/run/$pkgname \ + -DRSPAMD_USER=$pkgusers \ + -DRSPAMD_GROUP=$pkggroups \ + -DENABLE_LUAJIT=OFF \ + -DLUA_INCLUDE_DIR=/usr/include/lua5.3 \ + -DLUA_LIBRARY=/usr/lib/lua5.3/liblua.so \ + -DENABLE_REDIRECTOR=ON \ + -DENABLE_URL_INCLUDE=ON \ + -DENABLE_PCRE2=ON \ + -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ + -DCMAKE_C_FLAGS="$CFLAGS" \ + "$CMAKE_CROSSOPTS" . + make -C build +} + +check() { + make -C build rspamd-test +} + +package() { + make -C build DESTDIR="$pkgdir" install + + cd "$pkgdir" + local path=usr/bin + for b in rspamd rspamc rspamadm; + do + rm "$path"/$b + mv "$path"/$b-$pkgver "$path"/$b + done + + mv "$path"/rspamd_stats "$path"/rspamd-stats + mkdir -p ./usr/sbin + mv usr/bin/rspamd usr/sbin/ + + mkdir -p usr/share/doc/$pkgname + mv usr/share/$pkgname/www/README.md \ + usr/share/doc/$pkgname/ + + install -Dm 644 "$srcdir"/$pkgname.logrotated etc/logrotate.d/$pkgname + install -Dm 755 "$srcdir"/$pkgname.initd etc/init.d/$pkgname + install -Dm 644 "$srcdir"/$pkgname.confd etc/conf.d/$pkgname + + mkdir -p etc/$pkgname/local.d \ + etc/$pkgname/override.d + + install -dm 750 -o rspamd -g rspamd \ + var/lib/$pkgname + install -dm 750 -o rspamd -g rspamd \ + var/log/$pkgname + install -dm 755 -o rspamd -g rspamd \ + etc/$pkgname/local.d/maps.d +} + +client() { + pkgdesc="$pkgdesc (console client)" + + mkdir -p "$subpkgdir/usr/bin" + mv "$pkgdir/usr/bin/rspamc" "$subpkgdir/usr/bin/rspamc" +} + +libs() { + pkgdesc="$pkgdesc (libraries)" + + mkdir -p "$subpkgdir/usr/lib/$subpkgname" + mv "$pkgdir/usr/lib/$pkgname/"*.so "$subpkgdir/usr/lib/$subpkgname/" +} + +utils() { + pkgdesc="$pkgdesc (utilities)" + depends="perl" + + mkdir -p "$subpkgdir/usr/bin" + mv "$pkgdir/usr/bin/${pkgname}-stats" "$subpkgdir/usr/bin/" + mv "$pkgdir/usr/bin/${pkgname}-redirector" "$subpkgdir/usr/bin/" +} + +fuzzy() { + pkgdesc="$pkgdesc (local fuzzy storage)" + license="Apache-2.0" + depends="$pkgname" + + mkdir -p "$subpkgdir/etc/$pkgname/modules.d" + mv "$pkgdir/etc/$pkgname"/worker-fuzzy.* "$subpkgdir/etc/$pkgname/" + mv "$pkgdir/etc/$pkgname"/modules.d/fuzzy_* "$subpkgdir/etc/$pkgname/modules.d/" +} + +controller() { + pkgdesc="$pkgdesc (controller web interface)" + license="MIT" + depends="$pkgname" + + mkdir -p "$subpkgdir/usr/share/$pkgname" + mv "$pkgdir/usr/share/$pkgname/www" "$subpkgdir/usr/share/$pkgname/www" + mkdir -p "$subpkgdir/etc/$pkgname" + mv "$pkgdir/etc/$pkgname"/worker-controller.* "$subpkgdir/etc/$pkgname/" +} + +proxy() { + pkgdesc="$pkgdesc (milter support)" + license="Apache-2.0" + depends="$pkgname" + + mkdir -p "$subpkgdir/etc/$pkgname" + mv "$pkgdir/etc/$pkgname"/worker-proxy.* "$subpkgdir/etc/$pkgname/" +} + +sha512sums="6068309da98eeb75f95188414b12ce9443aef31200853f820646e70e1dbf2d9d1e2c661a86df2183c175cc01cfb09f6a5c7b8ba358901a56ec6cdb9d9fef4540 rspamd-2.5.tar.gz +2efe28575c40d1fba84b189bb872860e744400db80dce2f6330be6c6287fb3f46e6511284729b957488bf40bcb9b0952e26df9934f5f138334bd2766075c45cb rspamd.logrotated +782e1126d32e450a1db0ac822c127b9a763f903093f200bdf603a6a0610a853671b94c89b0bb2d8ebdfb065e0cf62be51c1c7f451e8da34e25f252a276c2b0f3 rspamd.initd +a2003ef0c9d64a44480f59302864a2dfedcbe3a0047fcbb655408bc8aae9014b6ad0ddc6b64d4abeeb21bea0f86678afd30589ac8eed83e07ad7f87710e93702 rspamd.confd +a8aefee649bf6630339d1d3f2bb20c25ca70b21a8eaa92951e926d0fd4525f1d4ac4cc7ea66ac2b15323cf02c93c759ddf7181502f0d71b21384ced9d88c008e 10-conf-split-workers.patch +4c124eb0e5edcdb77ae0430de193da25c418f0265251d017efaaba86d419ba3db2a10dc5205fc3ae375bf005bbeaa102fb45415c05136004b4056950e1d737b6 20-lua-cmake.patch" diff --git a/user/rspamd/rspamd.confd b/user/rspamd/rspamd.confd new file mode 100644 index 000000000..620eecb94 --- /dev/null +++ b/user/rspamd/rspamd.confd @@ -0,0 +1,13 @@ +# Configuration for /etc/init.d/rspamd + +# User and group to run rspamd workers. +#command_user="rspamd:rspamd" + +# Path of the main configuration file. +#cfgfile="/etc/rspamd/rspamd.conf" + +# Where to log startup configuration checking: +# - /dev/null - silent if check pass (default) +# - /dev/stdout - always print output on the curent terminal +# - /path/filename - append output to the specified logfile +#startuplog="/var/log/rspamd/startup.log" diff --git a/user/rspamd/rspamd.initd b/user/rspamd/rspamd.initd new file mode 100644 index 000000000..aaa40428b --- /dev/null +++ b/user/rspamd/rspamd.initd @@ -0,0 +1,51 @@ +#!/sbin/openrc-run + +extra_commands="checkconfig" +extra_started_commands="reload reopen" + +description="Rapid spam filtering system" +description_checkconfig="Check configuration" +description_reload="Reload configuration" +description_reopen="Reopen log files" + +# Uppercase variables are here for backward compatibility only. +: ${command_user:="${RSPAMD_USER:-rspamd}:${RSPAMD_GROUP:-rspamd}"} +: ${cfgfile:=${RSPAMD_CONFIG:-/etc/rspamd/rspamd.conf}} +: ${startuplog:=${RSPAMD_STARTUPLOG:-/dev/null}} + +command="/usr/sbin/rspamd" +command_args="--config $cfgfile --no-fork ${command_args:-}" +command_background="yes" +pidfile="/run/rspamd/$RC_SVCNAME.pid" + +required_files="$cfgfile" + +depend() { + need localmount net + before mta + after redis +} + +start_pre() { + checkpath -d -m 755 -o "$command_user" ${pidfile%/*} + checkconfig >/dev/null 2>>"$startuplog" || checkconfig +} + +checkconfig() { + ebegin "Checking $name configuration" + + rspamadm configtest + eend $? +} + +reload() { + ebegin "Reloading $name configuration" + start_pre && start-stop-daemon --signal HUP --pidfile $pidfile + eend $? +} + +reopen() { + ebegin "Reopening $name log files" + start-stop-daemon --signal USR1 --pidfile $pidfile + eend $? +} diff --git a/user/rspamd/rspamd.logrotated b/user/rspamd/rspamd.logrotated new file mode 100644 index 000000000..2a443f2de --- /dev/null +++ b/user/rspamd/rspamd.logrotated @@ -0,0 +1,11 @@ +/var/log/rspamd/*log { + daily + rotate 10 + missingok + notifempty + compress + sharedscripts + postrotate + /etc/init.d/rspamd --ifstarted --quiet reopen + endscript +} diff --git a/user/rspamd/rspamd.pre-install b/user/rspamd/rspamd.pre-install new file mode 100644 index 000000000..b2f35bdd8 --- /dev/null +++ b/user/rspamd/rspamd.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +groupadd -r rspamd 2>/dev/null +useradd -r -d /var/lib/rspamd -s /sbin/nologin -G rspamd -g rspamd rspamd 2>/dev/null + +exit 0 -- cgit v1.2.3-70-g09d2