Hi,

The mailman ebuild was a pain in the past, installing to non-fhs-locations
(/usr/local), doing lot's of strange stuff, not able to use etc-update...

mailman-2.1.9-r2 tries to fix lot's of those issues, it's much more
configurable through some variables. It's currently masked, but yesterday I
committed a bunch of changes and now I'm pretty satisfied with it.

So I'd like to unmask it soon. Please, if you're using mailman test it, tell
me if it suits your needs or just give me feedback like "worksforme", I
actually don't have a clue how many people really use this ebuild.

--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber: hanno@hboeck.de

* Hanno Böck <hanno@gentoo.org> [2007-11-26 15:39]:
> Hi,
>
> The mailman ebuild was a pain in the past, installing to non-fhs-locations
> (/usr/local), doing lot's of strange stuff, not able to use etc-update...
>
> mailman-2.1.9-r2 tries to fix lot's of those issues, it's much more
> configurable through some variables. It's currently masked, but yesterday I
> committed a bunch of changes and now I'm pretty satisfied with it.

Nice!

> So I'd like to unmask it soon. Please, if you're using mailman test it, tell
> me if it suits your needs or just give me feedback like "worksforme", I
> actually don't have a clue how many people really use this ebuild.

Any special hints/advice?
--
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
--
gentoo-dev@gentoo.org mailing list

* Hanno Böck <hanno@gentoo.org> [2007-11-26 15:39]:
> [...]
> So I'd like to unmask it soon. Please, if you're using mailman test it, tell
> me if it suits your needs or just give me feedback like "worksforme", I
> actually don't have a clue how many people really use this ebuild.

pkg_postinst() says...
--8<--
* Please read /usr/share/doc/mailman-2.1.9-r2/README.gentoo.gz for additional
* Setup information, mailman will NOT run unless you follow
* those instructions!
--8<--
...but that README actually has .bz2 instead of .gz on my system
--
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
--
gentoo-dev@gentoo.org mailing list

* Hanno Böck <hanno@gentoo.org> [2007-11-26 15:39]:
> [...]
> So I'd like to unmask it soon. Please, if you're using mailman test it, tell
> me if it suits your needs or just give me feedback like "worksforme", I
> actually don't have a clue how many people really use this ebuild.

I get this using hardened-sources with activated grsecurity
trusted path execution feature:

2007-11-27 02:15:47 +01:00; alpha; kern.alert; kernel: grsec: From 127.0.0.6:
denied untrusted exec of /usr/lib/mailman/bin/mmsitepass by
/bin/bash[bash:14178] uid/euid:280/280 gid/egid:280/280,
parent /bin/bash[bash:14173] uid/euid:280/280 gid/egid:280/280

That's because /usr/lib/mailman/bin/ is group-writable.
Is that necessary at all?!
--
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
--
gentoo-dev@gentoo.org mailing list

* Wolfram Schlich <wschlich@gentoo.org> [2007-11-27 02:24]:
> * Hanno Böck <hanno@gentoo.org> [2007-11-26 15:39]:
> > [...]
> > So I'd like to unmask it soon. Please, if you're using mailman test it, tell
> > me if it suits your needs or just give me feedback like "worksforme", I
> > actually don't have a clue how many people really use this ebuild.
>
> I get this using hardened-sources with activated grsecurity
> trusted path execution feature:
>
> 2007-11-27 02:15:47 +01:00; alpha; kern.alert; kernel: grsec: From 127.0.0.6:
> denied untrusted exec of /usr/lib/mailman/bin/mmsitepass by
> /bin/bash[bash:14178] uid/euid:280/280 gid/egid:280/280,
> parent /bin/bash[bash:14173] uid/euid:280/280 gid/egid:280/280
>
> That's because /usr/lib/mailman/bin/ is group-writable.

Ok, that's not true :]

Using this configuration...
--8<--
CONFIG_GRKERNSEC_TPE=y
# CONFIG_GRKERNSEC_TPE_ALL is not set
CONFIG_GRKERNSEC_TPE_INVERT=y
CONFIG_GRKERNSEC_TPE_GID=1005
--8<--
...I have to add 'mailman' to group 1005.
--
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
--
gentoo-dev@gentoo.org mailing list

* Wolfram Schlich <wschlich@gentoo.org> [2007-11-27 02:31]:
> * Wolfram Schlich <wschlich@gentoo.org> [2007-11-27 02:24]:
> > * Hanno Böck <hanno@gentoo.org> [2007-11-26 15:39]:
> > > [...]
> > > So I'd like to unmask it soon. Please, if you're using mailman test it, tell
> > > me if it suits your needs or just give me feedback like "worksforme", I
> > > actually don't have a clue how many people really use this ebuild.
> >
> > I get this using hardened-sources with activated grsecurity
> > trusted path execution feature:
> >
> > 2007-11-27 02:15:47 +01:00; alpha; kern.alert; kernel: grsec: From 127.0.0.6:
> > denied untrusted exec of /usr/lib/mailman/bin/mmsitepass by
> > /bin/bash[bash:14178] uid/euid:280/280 gid/egid:280/280,
> > parent /bin/bash[bash:14173] uid/euid:280/280 gid/egid:280/280
> >
> > That's because /usr/lib/mailman/bin/ is group-writable.
>
> Ok, that's not true :]
>
> Using this configuration...
> --8<--
> CONFIG_GRKERNSEC_TPE=y
> # CONFIG_GRKERNSEC_TPE_ALL is not set
> CONFIG_GRKERNSEC_TPE_INVERT=y
> CONFIG_GRKERNSEC_TPE_GID=1005
> --8<--
> ...I have to add 'mailman' to group 1005.

Ok, it get's worse: for the mailman webinterface, I'd have to add
'apache' to group 1005 as well, opening up even bigger holes.
No way! So, emerge -C mailman, that is
Too bad.
--
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
--
gentoo-dev@gentoo.org mailing list

Wolfram Schlich schrieb:
> * Hanno Böck <hanno@gentoo.org> [2007-11-26 15:39]:
>> [...]
>> So I'd like to unmask it soon. Please, if you're using mailman test it, tell
>> me if it suits your needs or just give me feedback like "worksforme", I
>> actually don't have a clue how many people really use this ebuild.
>
> pkg_postinst() says...
> --8<--
> * Please read /usr/share/doc/mailman-2.1.9-r2/README.gentoo.gz for additional
> * Setup information, mailman will NOT run unless you follow
> * those instructions!
> --8<--
> ...but that README actually has .bz2 instead of .gz on my system

Depends on what PORTAGE_COMPRESS is set to (Don't know WHERE this is
actually being set - but different systems seem to have different values
here).

- Necoro
--
gentoo-dev@gentoo.org mailing list

René 'Necoro' Neumann <lists@necoro.eu> posted 474B78FC.6070609@necoro.eu,
excerpted below, on Tue, 27 Nov 2007 02:55:08 +0100:

> Depends on what PORTAGE_COMPRESS is set to (Don't know WHERE this is
> actually being set - but different systems seem to have different values
> here).

That's a newer portage make.conf variable; see the manpage. Apparently
newer versions default to bz2, while older versions (before the setting
was exposed as a variable) may have defaulted to gz. However, the user
can now set any sort of exotic compression type he likes. (zip, rar,
7zip, zoo, anyone?)

--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman

--
gentoo-dev@gentoo.org mailing list