From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1346968-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 1B751158086
	for <garchives@archives.gentoo.org>; Tue,  7 Dec 2021 10:42:34 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id DFBBE2BC00B;
	Tue,  7 Dec 2021 10:42:32 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 91EEA2BC00B
	for <gentoo-commits@lists.gentoo.org>; Tue,  7 Dec 2021 10:42:32 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 451AC343484
	for <gentoo-commits@lists.gentoo.org>; Tue,  7 Dec 2021 10:42:31 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id B7F8A219
	for <gentoo-commits@lists.gentoo.org>; Tue,  7 Dec 2021 10:42:29 +0000 (UTC)
From: "Florian Schmaus" <flow@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Florian Schmaus" <flow@gentoo.org>
Message-ID: <1638873735.7ef9adb36a21fda32d38eaa0c4d0cf4312ade686.flow@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-im/ejabberd/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-im/ejabberd/ejabberd-21.04-r1.ebuild
X-VCS-Directories: net-im/ejabberd/
X-VCS-Committer: flow
X-VCS-Committer-Name: Florian Schmaus
X-VCS-Revision: 7ef9adb36a21fda32d38eaa0c4d0cf4312ade686
X-VCS-Branch: master
Date: Tue,  7 Dec 2021 10:42:29 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: d80b18f5-e153-4fd5-b5c6-86b96bdb6c67
X-Archives-Hash: 240910fb7cc4a69da9c0b20724f68e80

commit:     7ef9adb36a21fda32d38eaa0c4d0cf4312ade686
Author:     Florian Schmaus <flow <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  7 10:30:13 2021 +0000
Commit:     Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Tue Dec  7 10:42:15 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ef9adb3

net-im/ejabberd: add 21.04-r1

This marks two important transitions:
- from EAPI 6 to EAPI 7
- from net-im/jabber-base to acct-user/ejabberd

The latter also means that ejabberd now runs under its own 'ejabberd'
user, and no longer used the *shared* 'jabber' user from
net-im/jabber-base. This increases the isolation of ejabberd. The
configuration directory also changes from /etc/jabber, which is a
non-standard ejabberd directory used only by Gentoo, to /etc/ejabberd,
ejabberd's standard configuration directory.

Futhermore, the custom SSL/TLS certificate handling (via the ssl-cert
eclass) is removed, as ejabberd has for a long time now a built-in
ACME client. And the certificate handling significantly increased the
complecity of the ejabberd ebuild. This also fixes bug #716968.

The ebuild also now passes the correct localstatedir to
econf. Previously ejabberd would use /var/lib/lib/ejabberd.

Ejabberd also unnecessarily created /var/lock/ejabberdctl, even though
this directory is no longer used. This is now fixed in the ebuild and
a patch was submitted and accepted upstream [1].

This also drops the non-upstream systemd tmpfile.conf. The directory
created by the tmpfile is only ever used if the user manually
configured it. And in this case, we should trust the user to also
ensure that the directory is created. This further reduces the
complexity of the ebuild.

1: https://github.com/processone/ejabberd/pull/3724

Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>
Closes: https://bugs.gentoo.org/716968

 net-im/ejabberd/ejabberd-21.04-r1.ebuild | 233 +++++++++++++++++++++++++++++++
 1 file changed, 233 insertions(+)

diff --git a/net-im/ejabberd/ejabberd-21.04-r1.ebuild b/net-im/ejabberd/ejabberd-21.04-r1.ebuild
new file mode 100644
index 000000000000..0d4324cb98e4
--- /dev/null
+++ b/net-im/ejabberd/ejabberd-21.04-r1.ebuild
@@ -0,0 +1,233 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit pam rebar systemd
+
+DESCRIPTION="Robust, scalable and extensible XMPP server"
+HOMEPAGE="https://www.ejabberd.im/ https://github.com/processone/ejabberd/"
+SRC_URI="https://static.process-one.net/${PN}/downloads/${PV}/${P}.tgz
+	-> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ia64 ~sparc ~x86"
+REQUIRED_USE="mssql? ( odbc )"
+# TODO: Add 'tools' flag.
+IUSE="captcha debug full-xml ldap mssql mysql odbc pam postgres redis
+	roster-gw selinux sip sqlite +stun zlib"
+
+RESTRICT="test"
+
+# TODO: Add dependencies for 'tools' flag enabled.
+# TODO: tools? (
+# TODO:		>=dev-erlang/luerl-0.3
+# TODO: )
+DEPEND=">=dev-lang/erlang-19.3[odbc?,ssl]
+	>=dev-erlang/cache_tab-1.0.28
+	>=dev-erlang/eimp-1.0.20
+	>=dev-erlang/fast_tls-1.1.12
+	>=dev-erlang/fast_xml-1.1.46
+	>=dev-erlang/fast_yaml-1.0.31
+	>=dev-erlang/yconf-1.0.11
+	>=dev-erlang/jiffy-1.0.5
+	>=dev-erlang/jose-1.9.0
+	>=dev-erlang/lager-3.6.10
+	>=dev-erlang/p1_oauth2-0.6.9
+	>=dev-erlang/p1_utils-1.0.22
+	>=dev-erlang/stringprep-1.0.25
+	>=dev-erlang/xmpp-1.5.3
+	>=dev-erlang/pkix-1.0.7
+	>=dev-erlang/mqtree-1.0.13
+	>=dev-erlang/idna-6.0.0-r1
+	>=dev-erlang/p1_acme-1.0.12
+	>=dev-erlang/base64url-1.0.1
+	>=net-im/jabber-base-0.01
+	ldap? ( =net-nds/openldap-2* )
+	mysql? ( >=dev-erlang/p1_mysql-1.0.18 )
+	odbc? ( dev-db/unixODBC )
+	pam? ( >=dev-erlang/epam-1.0.10 )
+	postgres? ( >=dev-erlang/p1_pgsql-1.1.11 )
+	redis? ( >=dev-erlang/eredis-1.0.8 )
+	sip? ( >=dev-erlang/esip-1.0.42 )
+	sqlite? ( >=dev-erlang/sqlite3-1.1.12 )
+	stun? ( >=dev-erlang/stun-1.0.43 )
+	zlib? ( >=dev-erlang/ezlib-1.0.9 )"
+RDEPEND="${DEPEND}
+	acct-user/ejabberd
+	captcha? ( media-gfx/imagemagick[truetype,png] )
+	selinux? ( sec-policy/selinux-jabber )
+"
+
+DOCS=( CHANGELOG.md README.md )
+PATCHES=( "${FILESDIR}/${PN}-19.08-ejabberdctl.patch"
+	"${FILESDIR}/${PN}-17.04-0002-Dont-overwrite-service-file.patch")
+
+# Set paths to ejabberd lib directory consistently to point always to directory
+# suffixed with version.
+correct_ejabberd_paths() {
+	sed -e "/^EJABBERDDIR[[:space:]]*=/{s:ejabberd:${P}:}" \
+		-i "${S}/Makefile.in" \
+		|| die 'failed to set ejabberd path in Makefile.in'
+	sed -e "/EJABBERD_BIN_PATH=/{s:ejabberd:${P}:}" \
+		-i "${S}/ejabberdctl.template" \
+		|| die 'failed to set ejabberd path in ejabberdctl.template'
+}
+
+# Get epam-wrapper from 'files' directory and correct path to lib directory in
+# it. epam-wrapper is placed into work directory. It is assumed no epam-wrapper
+# file exists there already.
+customize_epam_wrapper() {
+	local epam_wrapper_src="${1}"
+	local epam_wrapper_dst="${S}/epam-wrapper"
+
+	[[ -e ${epam_wrapper_dst} ]] && die 'epam-wrapper already exists'
+	sed -r -e "s@^(ERL_LIBS=).*\$@\1${EPREFIX}$(get_erl_libs)@" \
+		"${epam_wrapper_src}" >"${epam_wrapper_dst}" \
+		|| die 'failed to install epam-wrapper'
+}
+
+# Get path to ejabberd lib directory.
+#
+# This is the path ./configure script Base for this path is path set in
+# ./configure script which is /usr/lib by default. If libdir is explicitely set
+# to something else than this should be adjusted here as well.
+get_ejabberd_path() {
+	echo "/usr/$(get_libdir)/${P}"
+}
+
+# Make ejabberd.service for systemd from upstream provided template.
+make_ejabberd_service() {
+	sed -r \
+		-e 's!@ctlscriptpath@!/usr/sbin!g' \
+		-e 's!^(After)=(.*)!\1=epmd.service network.target!' \
+		-e '/^After=/ a Requires=epmd.service' \
+		"${PN}.service.template" >"${PN}.service" \
+		|| die 'failed to make ejabberd.service'
+}
+
+src_prepare() {
+	default
+
+	rebar_remove_deps
+	correct_ejabberd_paths
+	make_ejabberd_service
+	customize_epam_wrapper "${FILESDIR}/epam-wrapper"
+
+	rebar_fix_include_path fast_xml
+	rebar_fix_include_path p1_utils
+	rebar_fix_include_path xmpp
+
+	# Fix bug #591862. ERL_LIBS should point directly to ejabberd directory
+	# rather than its parent which is default. That way ejabberd directory
+	# takes precedence is module lookup.
+	local ejabberd_erl_libs="$(get_ejabberd_path):$(get_erl_libs)"
+	sed -e "s|\(ERL_LIBS=\){{libdir}}.*|\1${ejabberd_erl_libs}|" \
+		-i "${S}/ejabberdctl.template" \
+		|| die 'failed to set ERL_LIBS in ejabberdctl.template'
+}
+
+src_configure() {
+	econf \
+		--docdir="${EPREFIX}/usr/share/doc/${PF}/html" \
+		--localstatedir="${EPREFIX}/var" \
+		--enable-user=${PN} \
+		$(use_enable debug) \
+		$(use_enable full-xml) \
+		$(use_enable mssql) \
+		$(use_enable mysql) \
+		$(use_enable odbc) \
+		$(use_enable pam) \
+		$(use_enable postgres pgsql) \
+		$(use_enable redis) \
+		$(use_enable roster-gw roster-gateway-workaround) \
+		$(use_enable sqlite) \
+		$(use_enable sip) \
+		$(use_enable stun) \
+		$(use_enable zlib)
+
+	# more options to support
+	# --enable-elixir requires https://github.com/elixir-lang/elixir
+}
+
+src_compile() {
+	emake REBAR='rebar -v' src
+}
+
+src_install() {
+	default
+
+	if use pam; then
+		local epam_path="$(get_ejabberd_path)/priv/bin/epam"
+
+		pamd_mimic_system xmpp auth account
+		into "$(get_ejabberd_path)/priv"
+		newbin epam-wrapper epam
+	fi
+
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	systemd_dounit "${PN}.service"
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${PN}.logrotate" "${PN}"
+
+	# /var/lock/ejabberdctl is unused, see
+	# https://github.com/processone/ejabberd/pull/3724
+	rmdir "${ED}/var/lock/ejabberdctl" || die
+	rmdir "${ED}/var/lock" || die
+
+	keepdir /var/{lib,log}/ejabberd
+}
+
+pkg_preinst() {
+	if use pam; then
+		einfo "Adding ejabberd user to epam group to allow ejabberd to use PAM" \
+			"authentication"
+		# See
+		# <https://docs.ejabberd.im/admin/configuration/#pam-authentication>.
+		# epam binary is installed by dev-erlang/epam package, therefore SUID
+		# is set by that package. Instead of jabber group it uses epam group,
+		# therefore we need to add jabber user to epam group.
+		usermod -a -G epam ejabberd || die
+	fi
+}
+
+pkg_postinst() {
+	local migrate_to_etc_ejabberd=false
+
+	if [[ ! ${REPLACING_VERSIONS} ]]; then
+		echo
+		elog "For configuration instructions, please see"
+		elog "  https://docs.ejabberd.im/"
+		echo
+	else
+		for v in ${REPLACING_VERSIONS}; do
+			if ver_test "${v}" -lt 21.04-r1; then
+				migrate_to_etc_ejabberd=true
+				break
+			fi
+		done
+	fi
+
+	# Sarting with >=21.04-r1, the ejabberd configuration is now in
+	# /etc/ejabberd and no longer in /etc/jabber. See if we need to
+	# migrate the configuration. Furthermore, ejabberd no longer runs
+	# under the, shared via net-im/jabber-base, 'jabber' use, but under
+	# its own user. This increase isolation and hence robustness and
+	# security.
+	if $migrate_to_etc_ejabberd; then
+		cp -r "${EROOT}"/etc/jabber/. "${EROOT}"/etc/ejabberd || die
+		if [[ -f "${EROOT}"/etc/ejabberd/.keep_net-im_jabber-base-0 ]]; then
+			rm "${EROOT}"/etc/ejabberd/.keep_net-im_jabber-base-0 || die
+		fi
+		if ! use prefix; then
+			chown --recursive ejabberd:ejabberd "${EROOT}"/etc/ejabberd || die
+		fi
+		elog "Newer versions of the ejabberd Gentoo package use /etc/ejabberd"
+		elog "(just as upstream) and *not* /etc/ejabber."
+		elog "The files from /etc/jabber where copied to /etc/ejabberd."
+		elog "Please check your configuration and delete the file in /etc/jabber."
+	fi
+}