--- schleuder-2.1.1.orig/contrib/schleuder-migrationhelper.pl +++ schleuder-2.1.1/contrib/schleuder-migrationhelper.pl @@ -49,10 +49,6 @@ $new->{'prefix_out'} = $old->{'mail'}->{'subout'}; $new->{'default_mime'} = lc(substr($old->{'mail'}->{'defaultenvelop'}, 1, length($old->{'mail'}->{'defaultenvelop'})-2)); -if (defined($old->{'site'}->{'logfile'})) { - $new->{'logging'} = true; -} - if (($old->{'policy'}->{'allow_plaintext_sending'} eq 'yes')||($old->{'policy'}->{'allow_plaintext_sending'} eq 'true')) { $new->{'allow_plaintext_sending'} = 'true' } else { --- schleuder-2.1.1.orig/contrib/newlist.rb +++ schleuder-2.1.1/contrib/newlist.rb @@ -1,4 +1,4 @@ -#!/usr/bin/env ruby +#!/usr/bin/env ruby1.8 $:.unshift File.dirname(__FILE__) + '/../lib' require 'schleuder' @@ -79,7 +79,7 @@ require 'highline/import' if interactive rescue LoadError => ex puts "Unable to load 'highline'.\n\n" - puts "Please install the highline gem before trying to use" + puts "Please install the libhighline-ruby1.8 package before trying to use" puts "#{$0} in interactive mode." exit 1 end @@ -100,8 +100,10 @@ list_privatekeyfile = args[:list_privatekeyfile] || 'none' list_publickeyfile = args[:list_publickeyfile] || 'none' list_passphrase = args[:list_passphrase] || 'none' - unless args[:mailuser].nil? + if ! args[:mailuser].nil? mailuser = Etc.getpwnam(args[:mailuser]).uid + elsif Process::Sys.getuid == 0 + mailuser = Etc.getpwnam('schleuder').uid else mailuser = Process::Sys.getuid end @@ -168,7 +170,7 @@ Schleuder.log.debug "Store list config..." list.config = list.config Schleuder.log.debug "Changing ownership..." - ListCreator::filepermissions(listdir,mailuser) + ListCreator::filepermissions(list,mailuser) Schleuder.log.debug "List successfully created..." ListCreator::print_list_infos(list) if interactive end @@ -227,6 +229,9 @@ _length = Schleuder.config.gpg_key_length _sub_type = Schleuder.config.gpg_subkey_type _sub_length = Schleuder.config.gpg_subkey_length + if GPGME.respond_to? 'check_version' + GPGME::check_version('0.0.0') + end GPGME::Ctx.new.genkey( ListCreator::create_gnupg_params_template(_name,_email,_pass,_type,_length,_sub_type,_sub_length), nil,nil @@ -256,7 +261,8 @@ " end - def self.filepermissions(listdir, mailuser) + def self.filepermissions(list, mailuser) + listdir = File.expand_path(File.join(Schleuder.config.lists_dir, list.listname)) File.chown(mailuser,nil,listdir) File.chmod(0700,listdir) Dir.new(listdir).each{ |f| @@ -265,12 +271,23 @@ File.chmod(0600) end } + File.chown(mailuser,nil,list.configfile) + File.chmod(0600,list.configfile) + unless list.logfile == 'syslog' + # Touch and set permissions on logfile + File.open(list.logfile, 'a').close() + File.chown(mailuser, nil, list.logfile) + File.chmod(0600, list.logfile) + end end def self.print_list_infos(list) puts "A new schleuder list #{list.config.myname} have been created." puts - puts "To get a working list you have to tell your MTA to handle this list. For various examples have a look at: http://schleuder.nadir.org/documentation/creatinglists" + puts "To get a working list you have to tell your MTA to handle this list." + puts "For various examples have a look at:" + puts " * /usr/share/doc/schleuder/README.Debian" + puts " * http://schleuder.nadir.org/documentation/creatinglists" puts puts "Lists' key fingerprint:" puts Schleuder::Utils::get_pretty_fingerprint(Schleuder::Crypt.new(list.config.gpg_password).get_key(list.config.myaddr)) --- schleuder-2.1.1.orig/debian/changelog +++ schleuder-2.1.1/debian/changelog @@ -0,0 +1,49 @@ +schleuder (2.1.1-2) unstable; urgency=medium + + * Fix Schleuder website URL in schleuder(8) manpage. (Closes: #597737) + * Fix compatibility issue in schleuder-newlist when used with + recent libgpgme-ruby1.8. + * Set urgency to medium, as the former bug breaks documented + procedure on Squeeze. + * Bump Standards-Version to 3.9.1, no changes required. + + -- Jérémy Bobbio Tue, 02 Nov 2010 22:04:52 +0100 + +schleuder (2.1.1-1) unstable; urgency=low + + * New upstream version. + * Fix logfile rotation. (Closes: #559763) + * Cherry-pick upstream d4480416 and eb50bdbb to fix compatibility with + libgpgme-ruby (>= 1.0.8). + * Set /var/lib/schleuder mode bits to 771 instead of mode 770 that prevented + the sample Exim configuration to work. (Closes: #559965) + * Remove UTF-8 characters from manpages as Pandoc is currently broken when + no locales are configured. + * Fix a spelling error in README.Debian found by Lintian. + + -- Jérémy Bobbio Sun, 09 May 2010 21:20:49 +0200 + +schleuder (2.1.0-1) unstable; urgency=low + + * New upstream version. + * Ship list configuration example. + * Ship upstream TODO list. + * Update watch file. + * Update URL to documentation in README.Debian. + * Break long lines in schleuder-newlist(8). + + -- Jérémy Bobbio Sun, 15 Nov 2009 19:24:13 +0100 + +schleuder (2.0.0+git.20090824.745f0c6-2) unstable; urgency=low + + * Correct "notifempty" directive in logrotate configuration file. + (Closes: #545033) + * Remove logs, list configuration files and data directories on purge. + + -- Jérémy Bobbio Sat, 05 Sep 2009 00:22:13 +0200 + +schleuder (2.0.0+git.20090824.745f0c6-1) unstable; urgency=low + + * Initial release. (Closes: #544234) + + -- Jérémy Bobbio Wed, 02 Sep 2009 02:39:06 +0200 --- schleuder-2.1.1.orig/debian/README.Debian +++ schleuder-2.1.1/debian/README.Debian @@ -0,0 +1,169 @@ +Schleuder for Debian +==================== + +Setting up Schleuder +-------------------- + +1. Edit /etc/schleuder/schleuder.conf to suit the site configuration. + + Most defaults should be fine with most setups but you might want to adjust + `superadminaddr`. + +2. Create a new mailing list using schleuder-newlist(8). + + e.g. # schleuder-newlist test + + (Using interactive mode as above requires you to have the package + libhighline-ruby1.8 installed.) + +3. Adjust list settings in /etc/schleuder/lists/LISTNAME.conf + + More information on the various settings can be found in + /etc/schleuder/default-list.conf. + +4. Setup the MTA to pipe messages to Schleuder addresses + + See below for how it can be done with Exim 4 and Postfix. + +5. Send an email with "send key!" as the subject and nothing in the body to + test@host.local.domain. If everything goes fine, you should get a reply + containing the list public key. If it does not, check the various log + files for any clues. + +6. Add more members! The easiest way is to: + + i) Send an encrypted email to the list having in the body: + + X-ADD-KEY: + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: GnuPG v1.4.9 (GNU/Linux) + + mQGiBEjVO7oRBADQvT6wtD2IzzIiK0NbrcilCKCp4MWb8cYXTXguwPQI6y0Nerz4 + dsK6J0X1Vgeo02tqA4xd3EDK8rdqL2yZfl/2egH8+85R3gDk+kqkfEp4pwCgp6VO + [...] + pNlF/qkaWwRb048h+iMrW21EkouLKTDPFkdFbapV2X5KJZIcfhO1zEbwc1ZKF3Ju + =xTv3 + -----END PGP PUBLIC KEY BLOCK----- + + Replace the KEY BLOCK with an ascii export of the new members' public key. + + ii) Edit /var/lib/schleuder/$LISTNAME/members.conf and add at the end: + + - email: new.member@example.org + - email: another.member@example.com + + Membership options are detailed in schleuder(8). + +7. Enjoy! + +Using Schleuder with Exim 4 +--------------------------- + +The file names presented here assume that you have opted for the split +Exim configuration. + +In /etc/exim4/conf.d/router/550_schleuder, write: + + schleuder: + debug_print = "R: schleuder for $local_part@$domain" + driver = accept + local_part_suffix_optional + local_part_suffix = +* : -bounce : -sendkey + domains = +local_domains + require_files = schleuder:/var/lib/schleuder/${local_part}/ + transport = schleuder_transport + +Then, in /etc/exim4/conf.d/transport/30_schleuder, write: + + schleuder_transport: + debug_print = "T: schleuder_transport for $local_part@$domain" + driver = pipe + user = schleuder + group = schleuder + home_directory = "/var/lib/schleuder/$local_part" + command = "/usr/bin/schleuder $local_part" + +Finally, regenerate a full configuration file: + + # update-exim4.conf + +New lists created in `/var/lib/schleuder` (default when using +schleuder-newlist(8)) will automatically work when using this setup. + +For another advanced Exim setup, using an SQL database and multiple Unix +accounts, please have a look at: + + http://schleuder.nadir.org/documentation/configurationeximplus.html + +Using Schleuder with Postfix +---------------------------- + +The proposed setup for Postfix is to use a dedicated "schleuder" +transport. List addresses will be manually directed to use this +specific transport using `transport_maps`, see transport(5) for +details. + +1. In `/etc/postfix/master.cf`, add: + + schleuder unix - n n - - pipe + flags=DRhu user=schleuder argv=/usr/bin/schleuder ${user} + +2. Then, in `/etc/postfix/main.cf`, add: + + schleuder_destination_recipient_limit = 1 + transport_maps = hash:/etc/postfix/transports + +3. a. If you want to have mailing lists managed by Schleuder with other + addresses under the same domain you must list every mailing list + in `/etc/postfix/transports`, like the following: + + LISTNAME@host.tld schleuder: + LISTNAME-bounces@host.tld schleuder: + LISTNAME-sendkey@host.tld schleuder: + + b. Or, if you dedicate a specific domain-name to Schleuder lists, + simply add the following line to `/etc/postfix/transports`: + + host.tld schleuder: + +4. Refresh the transport map by doing: + + # postmap /etc/postfix/transports + +Other Schleuder setups +---------------------- + +If you manage to get a nice working setup with your favorite MTA, please +send an email to `schleuder2@nadir.org`, add it to Schleuder wiki or +submit a wishlist bug against the `schleuder` package in debian. + +Using `/etc/aliases` and `sudo` might be the best fallback if you can't figure +it out. + +Logging +------- + +To respect Debian policy, Schleuder has been modified to keep list logs +by default under `/var/log/schleuder/.log`. + +Logging can also be done using syslog(3) (under the `mail` facility) by +specifying "syslog" for the `lists_logfile` and `logfile` parameters in +`/etc/schleuder/schleuder.conf`. + +schleuder account +----------------- + +The Debian package for Schleuder creates a "schleuder" account on +installation. The list creation program, schleuder-newlist(8), will +default to use this account when creating new lists. If you wish to +have schleuder(8) running with other account credentials, you will need +to make those users members of the "schleuder" group to allow them to +write to `/var/log/schleuder`. + +WebSchleuder +------------ + +The web management interface for Schleuder has not yet been packaged for +Debian. Any help is highly welcome. + + -- Jérémy Bobbio Sat, 29 Aug 2009 23:21:23 +0200 --- schleuder-2.1.1.orig/debian/README.source +++ schleuder-2.1.1/debian/README.source @@ -0,0 +1,15 @@ +README.source for the schleuder package +======================================= + +schleuder is managed in a Git repository using git-buildpackage. It follows +most of the advices provided by Russ Allbery at: +http://www.eyrie.org/~eagle/notes/debian/git.html + +The branches are organized as follow: + + * upstream: tracks the "master" branch of upstream repository [1] + * feature/*: new features added to upstream source + * bugs/*: upstream bug fixes + * master: merge of the feature/* and bugs/* branches and Debian specific changes + +[1] git://git.immerda.ch/schleuder.git --- schleuder-2.1.1.orig/debian/docs +++ schleuder-2.1.1/debian/docs @@ -0,0 +1,2 @@ +README +TODO --- schleuder-2.1.1.orig/debian/schleuder.manpages +++ schleuder-2.1.1/debian/schleuder.manpages @@ -0,0 +1,2 @@ +debian/schleuder.8 +debian/schleuder-newlist.8 --- schleuder-2.1.1.orig/debian/schleuder.dirs +++ schleuder-2.1.1/debian/schleuder.dirs @@ -0,0 +1,4 @@ +var/log/schleuder +var/lib/schleuder +etc/schleuder/plugins +etc/schleuder/lists --- schleuder-2.1.1.orig/debian/compat +++ schleuder-2.1.1/debian/compat @@ -0,0 +1 @@ +7 --- schleuder-2.1.1.orig/debian/schleuder.install +++ schleuder-2.1.1/debian/schleuder.install @@ -0,0 +1,6 @@ +bin/schleuder usr/bin +ext/default-list.conf etc/schleuder +ext/schleuder.conf etc/schleuder +lib/* usr/lib/ruby/1.8 +plugins/*.rb usr/share/schleuder/plugins +plugins/README usr/share/doc/schleuder/README.plugins --- schleuder-2.1.1.orig/debian/schleuder.8.mdwn +++ schleuder-2.1.1/debian/schleuder.8.mdwn @@ -0,0 +1,191 @@ +% SCHLEUDER(8) Schleuder +% schleuder2@nadir.org +% August 31, 2009 + +NAME +==== + +schleuder - GnuPG enabled mailing list manager with remailer-capabilities + +SYNOPSIS +======== + +schleuder *LISTNAME* < EMAIL + +schleuder -test [*LISTNAME*] + +DESCRIPTION +=========== + +Schleuder is designed as a tool for group communication: subscribers +can communicate encrypted (and pseudonymously) among themselves, receive emails +from non-subscribers and send emails to non-subscribers via the list. + +Schleuder takes care of all decryption and encryption, stripping of headers, +format conversions, etc. Schleuder can also send out its own public key +upon request and process administrative commands received by email. + +Email cryptography is handled by using GnuPG. Schleuder understands all common +encapsulation formats: `inline`, `multipart/encrypted` and `multipart/signed`. + +`schleuder`(8) is usually called in delivery mode by a *Mail Transport Agent* +with an incoming email piped to its standard input. For more informations on +how to integrate Schleuder with your existing mail setup, please look in +`/usr/share/doc/schleuder/README.Debian`. + +The `-test` option checks that basic settings are correct. + +`schleuder-newlist`(8) automates the creation of new mailing lists. + +AUTOMATIC SENDING OF LIST PUBLIC KEY +==================================== + +To receive the public key of the mailing list anybody can send an email to the +list with `send key!` as the subject: + + Subject: send key! + +The body of the email must be left blank. Schleuder will reply +with the public key of the list without forwarding the request to the list +members. + +EMAIL COMMANDS +============== + +Schleuder provides some special commands for advanced features to be used by +list members. Generally they are called by keywords written into the first +non-blank line of an email. Schleuder scans for those keywords in every +incoming email that is encrypted and validly signed by a list member. + +Please note that depending on the list configuration, some commands might +only be accessible to the administrators of the list. + +To receive the list of members: +: X-GET-MEMBERS + +: You will receive the raw content of the `members.conf` file. For details on + that file and its formatting see **FILES**. + +To store the (changed) list of members: +: X-SAVE-MEMBERS: + - email: you@example.net + - email: me@example.net + mime: PLAIN + +: Please take care of correct YAML-formatting. You can break the list with + wrongly formatted data. (see if you are unsure) + +To receive the list of public keys known to the list +: X-LIST-KEYS + +To receive a certain public key known to the list +: X-SEND-KEY: foobar@example.com + +To add a public key to the list +: X-ADD-KEY: + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: GnuPG v1.4.9 (GNU/Linux) + +: mQGiBEjVO7oRBADQvT6wtD2IzzIiK0NbrcilCKCp4MWb8cYXTXguwPQI6y0Nerz4 + dsK6J0X1Vgeo02tqA4xd3EDK8rdqL2yZfl/2egH8+85R3gDk+kqkfEp4pwCgp6VO + [...] + pNlF/qkaWwRb048h+iMrW21EkouLKTDPFkdFbapV2X5KJZIcfhO1zEbwc1ZKF3Ju + Q9X5GRmY62hz9SCZnsC0jeYAni8OUQV9NXfXlS/vePBUnOL08NQB + =xTv3 + -----END PGP PUBLIC KEY BLOCK----- + +To send out an email to an external recipient (encrypted if possible, otherwise in the clear) +: X-RESEND: emailaddress@example.net + +Or to send it only if encryption is available +: X-RESEND-ENCRYPTED-ONLY: emailaddress@example.net + +EXIT STATUS +=========== + +0 +: Incoming email was processed without errors. + +: Configuration is correct in test mode. + +1 +: Internal failure in incoming email processing. + +: Bad configuration in test mode. + +100 +: Unable to decrypt the received message. + +: Unable to verify the signature when configured to only accept signed + messages. + +: Message is cleartext when only encrypted messages are allowed. + +: Message is not authenticated as coming from a list member when + authentication is required. + +FILES +===== + +/etc/schleuder/schleuder.conf +: Global Schleuder configuration + +/etc/schleuder/default-list.conf +: Default list settings + +/etc/schleuder/LISTNAME/list.conf +: List settings + +/etc/schleuder/LISTNAME/members.conf +: List susbcribers. + +: Each member must have the email-attribute set. All other attributes are + optional. + +: The following attributes are available: + +: * mime: defines the 'pgp-variant' to send to the member, possible values are + `MIME` (for pgp/mime-formatted mail according to RFC 3156), and `PLAIN` (for + inline-pgp). The fallback-default for this is defined in the + list.conf. + * key: defines a specific key to use for the member. Normally public keys + are found via the email-attribute matching some key-id. If no such key + or multiple of them exist you may want to use this setting. + * encrypted_only: schleuder tries to encrypt every outgoing email. If + that is not possible under some conditions it sends the email + unecrypted. If this attribute is set the member will never receive + unencrypted emails; the member will be skipped if encrypting is not + possible. + +: Example: + +: - email: you@example.net + - email: me@example.org + mime: PLAIN + - email: them@example.com + encrypted_only: true + +/var/lib/schleuder/LISTNAME +: List internal data + +/var/log/schleuder +: Schleuder logs directory + +All configuration files are formatted as YAML. See for +more details. + +BUGS +==== + +Known bugs are listed on the Schleuder website. + +SEE ALSO +======== + +`schleuder-newlist`(8), +`/usr/share/doc/schleuder/README.Debian`, +`gnupg`(7). + +Schleuder website: + +YAML website: --- schleuder-2.1.1.orig/debian/watch +++ schleuder-2.1.1/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://schleuder.nadir.org/ download/schleuder-(.+)\.tar\.gz --- schleuder-2.1.1.orig/debian/copyright +++ schleuder-2.1.1/debian/copyright @@ -0,0 +1,15 @@ +Name: Schleuder +Source: http://schleuder.nadir.org/ + +Copyright: 2009, paz, ng et al. +License: GPL-2 + On Debian systems the full text of the GNU General Public + License can be found in the `/usr/share/common-licenses/GPL-2' + file. + +Files: debian/* +Copyright: 2009, Jérémy Bobbio +License: GPL-2+ + On Debian systems the full text of the GNU General Public + License can be found in the `/usr/share/common-licenses/GPL-2' + file. --- schleuder-2.1.1.orig/debian/schleuder-newlist.8.mdwn +++ schleuder-2.1.1/debian/schleuder-newlist.8.mdwn @@ -0,0 +1,144 @@ +% SCHLEUDER-NEWLIST(8) Schleuder +% schleuder2@nadir.org +% August 31, 2009 + +NAME +==== + +schleuder-newlist - create new Schleuder mailing list + +SYNOPSIS +======== + +schleuder-newlist *LISTNAME* +\ [-email *list@example.org*] +\ [-realname *\'Foo\ List\'*] +\ [-adminaddress *listadmin@example.net*] +\ [-initmember *member1@example.net* +\ \ -initmemberkey */path/to/initmember_publickey*] +\ [-privatekeyfile */path/to/privatekey* +\ \ -publickeyfile */path/to/publickey* +\ \ -passphrase *key_passphrase*] +\ [-mailuser mail] +\ [-nointeractive] + +DESCRIPTION +=========== + +`schleuder-newlist` automates the creation of new Schleuder mailing lists. For +more information on Schleuder, please look at `schleuder`(8). + +`schleuder-newlist` does various input validation, and can generate a key or +import one. It will give you as well an easy interface to build new lists in a +scripted manner. + +It also supports an interactive mode, with which the user will be prompted for +missing mandatory options. The interactive mode can be disabled, using the +`-nointercative` flag; it is automatically disabled if the script isn't run +within a valid tty. + +If no `-privatekeyfile`, `-publickeyfile` and `-passphrase` are provided, the +list will create a new keypair with a random password. The type and length of +the generated keypair is specified in `/etc/schleuder/schleuder.conf`. + +OPTIONS +======= + +-email *list@example.org* +: Specify the email address of the mailing list. + +-realname *\'Foo List'\* +: Specify the name of the mailing list. + +-adminaddress *listadmin@example.net* +: Specify the email address of a list administrator. This address will be + notified of errors, and depending on configuration may also be allowed + to send restricted email commands. + +-initmember *member1@example.net* +: Specify the first subscribed list member address. Can be the same as the + administrator address. This option must be accompanied by + `-initmemberkey`. + +-initmemberkey */path/to/initmember_publickey* +: Specify the path to first subscribed list member public key. `-initmember` + must also be specified. + +-privatekeyfile */path/to/privatekey* +: Specify the path to a previously-generated private key for the list. + This option must be accompanied by `-publickeyfile` and `-passphrase`. + +-publickeyfile */path/to/publickey* +: Specify the path to a previously-generated public key for the list. + This option must be accompanied by `-privatekeyfile` and `-passphrase`. + +-passphrase *\'key passphrase\'* +: Specify the passphrase needed to access the private key specified in + `-privatekeyfile`. This option must be accompanied by `-publickeyfile` + as well. + +-mailuser *schleuder* +: Specify the system user account under which `schleuder`(8) will be + executed. (when run as root, this defaults to "schleuder") + +-nointeractive +: When specified, no questions will be asked to complete missing + information. + +EXAMPLES +======== + +This creates a new list called `test1` with the initial member `foo@bar.ch`. +A new keypair will be generated for the list. + + schleuder-newlist test1 -email foobar@example.org \ + -realname "bal jak" \ + -adminaddress admin@example.org \ + -initmember foo@example.com -initmemberkey /tmp/foo.pub + +The list test2 will be created, a keypair from the following files with the +passphrase `test` will be imported. + + schleuder-newlist test2 -email test2@example.com \ + -realname "bal jak" \ + -adminaddress foobar@example.org \ + -privatekeyfile ~/tmp/test2.priv \ + -publickeyfile /tmp/test2.pub \ + -passphrase test + +FILES +===== + +/etc/schleuder/schleuder.conf +: Global Schleuder configuration + +/etc/schleuder/default-list.conf +: Default list settings + +/etc/schleuder/LISTNAME/list.conf +: List settings + +/etc/schleuder/LISTNAME/members.conf +: List susbcribers. + +/var/lib/schleuder/LISTNAME +: List internal data + +All configuration files are formatted as YAML. See for +more details. + +BUGS +==== + +Known bugs are listed on the Schleuder website. + +SEE ALSO +======== + +`schleuder`(8), +`aliases`(5), +`gnupg`(7). + +Schleuder website: + +YAML website: --- schleuder-2.1.1.orig/debian/schleuder.postrm +++ schleuder-2.1.1/debian/schleuder.postrm @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +case "$1" in + purge) + rm -rf /etc/schleuder/lists + rm -rf /var/lib/schleuder + rm -rf /var/log/schleuder + ;; + *) + ;; +esac + +#DEBHELPER# --- schleuder-2.1.1.orig/debian/schleuder.postinst +++ schleuder-2.1.1/debian/schleuder.postinst @@ -0,0 +1,31 @@ +#!/bin/sh + +set -e + +case "$1" in + configure) + if ! id schleuder >/dev/null 2>&1; then + adduser --system --group --gecos "Schleuder mailing list" --no-create-home \ + --home /var/lib/schleuder schleuder >/dev/null + fi + if ! dpkg-statoverride --list "/var/lib/schleuder"; then + chown schleuder:schleuder /var/lib/schleuder + chmod 771 /var/lib/schleuder + fi + if ! dpkg-statoverride --list "/var/log/schleuder"; then + chown root:schleuder /var/log/schleuder + chmod 770 /var/log/schleuder + touch /var/log/schleuder/schleuder.log + chmod 660 /var/log/schleuder/schleuder.log + chown schleuder:schleuder /var/log/schleuder/schleuder.log + fi + if ! dpkg-statoverride --list "/etc/schleuder/lists"; then + chown root:schleuder /etc/schleuder/lists + chmod 750 /etc/schleuder/lists + fi + ;; + *) + ;; +esac + +#DEBHELPER# --- schleuder-2.1.1.orig/debian/schleuder.logrotate +++ schleuder-2.1.1/debian/schleuder.logrotate @@ -0,0 +1,9 @@ +/var/log/schleuder/*.log { + daily + missingok + rotate 10 + compress + delaycompress + notifempty + create 640 schleuder schleuder +} --- schleuder-2.1.1.orig/debian/schleuder.examples +++ schleuder-2.1.1/debian/schleuder.examples @@ -0,0 +1,4 @@ +contrib/mutt-schleuder-colors.rc +contrib/schleuder-mutt-resend.vim +contrib/schleuder-migrationhelper.pl +ext/list.conf.example --- schleuder-2.1.1.orig/debian/rules +++ schleuder-2.1.1/debian/rules @@ -0,0 +1,16 @@ +#!/usr/bin/make -f +%: + dh $@ + +override_dh_install: + dh_install + cp contrib/newlist.rb debian/schleuder/usr/bin/schleuder-newlist + +override_dh_installman: + pandoc -s -w man -o debian/schleuder.8 debian/schleuder.8.mdwn + pandoc -s -w man -o debian/schleuder-newlist.8 debian/schleuder-newlist.8.mdwn + dh_installman + +override_dh_clean: + rm -f debian/schleuder.8 debian/schleuder-newlist.8 + dh_clean --- schleuder-2.1.1.orig/debian/control +++ schleuder-2.1.1/debian/control @@ -0,0 +1,26 @@ +Source: schleuder +Section: mail +Priority: optional +Maintainer: Jérémy Bobbio +Build-Depends: debhelper (>= 7.0.50~), pandoc +Standards-Version: 3.9.1 +Homepage: http://schleuder.nadir.org/ +Vcs-Git: git://git.debian.org/git/collab-maint/schleuder.git +Vcs-Browser: http://git.debian.org/?p=collab-maint/schleuder.git + +Package: schleuder +Architecture: all +Depends: + ${misc:Depends}, + adduser, + exim4 | mail-transport-agent, + ruby1.8, libtmail-ruby1.8, libgpgme-ruby1.8 (>= 1.0.2) +Recommends: libhighline-ruby1.8 +Description: GnuPG enabled mailing list manager with remailer-capabilities + Schleuder is designed as a tool for group communication: subscribers + can communicate encrypted (and pseudonymously) among themselves, receive + emails from non-subscribers and send emails to non-subscribers via the list. + . + Schleuder takes care of all decryption and encryption, stripping of headers, + formatting conversions, etc. Schleuder can also send out its own public key + upon request and process administrative commands by email. --- schleuder-2.1.1.orig/ext/default-list.conf +++ schleuder-2.1.1/ext/default-list.conf @@ -51,15 +51,9 @@ # cause fatal damage) list them here. #keywords_admin_only: ['SAVE-MEMBERS', 'DEL-KEY'] # -# list-specific logging? true||false -#logging: true -# # list-specific loglevel: ERROR || WARN || INFO || DEBUG #loglevel: ERROR # -# How many logfiles to keep when rotating (daily) -#log_rotate_keep: 3 -# # speaks for itself, no? #public_footer: # --- schleuder-2.1.1.orig/ext/schleuder.conf +++ schleuder-2.1.1/ext/schleuder.conf @@ -10,7 +10,7 @@ #gpg_key_type: RSA # # Set the length of a key we might create for new lists. -#gpg_key_length: 2048 +#gpg_key_length: 4096 # # Set the type of the subkey of a key we might create # for new lists. @@ -18,28 +18,33 @@ # # Set the length of the subkey of a key we might create # for new lists. -#gpg_subkey_length: 2048 +#gpg_subkey_length: 4096 # -# Name of the per list config file. -#lists_configfile: list.conf -# -# Per list logfile name. Will be written into the directory -# of the list. -#lists_logfile: list.log +# Name of the per list config file. Either: +# - a file name that resides in the list data directory, +# - a directory, ending with '/', having a "$LISTNAME.conf" file. +#lists_configfile: /etc/schleuder/lists/ +# +# Per list logfile location: +# - specify a filename to log under that name in the directory of the +# list, +# - specify a directory, ending with '/' to put a file named +# "$LISTNAME.log" in that directory, +# - specify "syslog" to log through the syslog(3) facility. +#lists_logfile: /var/log/schleuder/ # # Name of the per list file containing all members and their # options. #lists_memberfile: members.conf # # Where we find the global options for all lists. -# Note: the following notion isn't valid. You have -# to provide a fully qualified path. -#lists_default_conf: conf_dir + '/default-list.conf' +#lists_default_conf: /etc/schleuder/default-list.conf # # Location of the various schleuderlists' directory. -#lists_dir: /var/schleuderlists +#lists_dir: /var/lib/schleuder # -# Location of the global logfile. +# Location of the global logfile. Specify "syslog" to log through +# the syslog(3) facility. #logfile: /var/log/schleuder/schleuder.log # # Global schleuder log level, might change after the list config @@ -47,9 +52,15 @@ # Possible values: ERROR || WARN || INFO || DEBUG #loglevel: ERROR # -# Location of schleuder plugins. Note: the following notion -# isn't valid. You have to provide a fully qualified path. -#plugins_dir = schleuder_base + '/plugins' +# How many logfiles to keep when rotating (daily) +# (specifying 0 will disable logfile rotation) +#log_rotate_keep: 0 +# +# Location of schleuder plugins. +# Multiple plugins directory are supported. +#plugins_dir: +#- /usr/share/schleuder/plugins +#- /etc/schleuder/plugins # # The super administrator of this schleuder installation. This # address will receive all notices which can'tbe delivered to --- schleuder-2.1.1.orig/bin/schleuder +++ schleuder-2.1.1/bin/schleuder @@ -1,4 +1,4 @@ -#!/usr/bin/env ruby +#!/usr/bin/env ruby1.8 # TODO: # - make code comments rdoc-compatible. --- schleuder-2.1.1.orig/plugins/send_log_plugin.rb +++ schleuder-2.1.1/plugins/send_log_plugin.rb @@ -5,7 +5,7 @@ end def process(mail) - log = File.read(File.join(Schleuder.config.lists_dir, Schleuder.list.listname, Schleuder.config.lists_logfile)) + log = File.read(Schleuder.list.logfile) reply(mail, log) end end --- schleuder-2.1.1.orig/lib/schleuder.rb +++ schleuder-2.1.1/lib/schleuder.rb @@ -1,5 +1,4 @@ # third party -require 'rubygems' require 'tmail' require 'net/smtp' --- schleuder-2.1.1.orig/lib/schleuder/list.rb +++ schleuder-2.1.1/lib/schleuder/list.rb @@ -11,8 +11,7 @@ def initialize(listname,newlist=false) @listname = listname @listdir = File.expand_path(File.join(Schleuder.config.lists_dir, listname)) - file = File.join(@listdir, Schleuder.config.lists_logfile) - @log = SchleuderLogger.new("Schleuder #{listname}", file) + @log = SchleuderLogger.new("schleuder-#{listname}", logfile) # setting GNUPGHOME to list's home, to make use of the keys there @log.debug "setting ENV[GNUPGHOME] to #{@listdir}" @@ -24,11 +23,6 @@ # logged regardless of the loglevel set in the config (as the # SchleuderLogger uses WARN as default). @log.sev_threshold = eval("Logger::" + config.loglevel.upcase) - - # delete out-of-age logfiles. Do it here and not in - # schleuder_logger because that one also cares for the global log - removed = File.unlink(*Dir["#{file}.20[0-9]*"].sort.slice(0..-self.config.log_rotate_keep)) - @log.info "Removed #{removed} old logfiles" if removed > 0 end # Provides an array of Schleuder::Member's, read from +members.conf+ @@ -101,11 +95,22 @@ @_config end + # Returns path to the list configuration file + def configfile + # If `lists_configfile` ends with a '/', assume its pointing to a + # directory where configuration files are named "$LISTNAME.conf". + if Schleuder.config.lists_configfile.end_with? '/' then + file = File.join(Schleuder.config.lists_configfile, "#{@listname}.conf") + else + file = File.join(@listdir, Schleuder.config.lists_configfile) + end + end + # Loads the configuration # fromfile = Wether to load the config from file. def _load_config(fromfile=true) @log.debug("reading list-config for: #{@listname}") unless @log.nil? - @_config = ListConfig.new(File.join(@listdir, Schleuder.config.lists_configfile),fromfile) + @_config = ListConfig.new(configfile,fromfile) end # Saves +data+ into the list-config-file (default: list.conf). +data+ must @@ -117,7 +122,7 @@ else @_config = ListConfig.new(data) end - _write(YAML::dump(@_config.to_hash), File.join(@listdir, Schleuder.config.lists_configfile)) + _write(YAML::dump(@_config.to_hash), configfile) end # Builds the bounce-address for the list @@ -130,6 +135,19 @@ self.config.myaddr.gsub(/^(.*)@(.*)$/, '\1-sendkey@\2') end + # builds the logfile path + def logfile + # If lists_logfile ends with a '/' assume that it's a directory, and log + # to "#{lists_logfile}#{listname}.log" + if Schleuder.config.lists_logfile.end_with? '/' then + File.join(Schleuder.config.lists_logfile, "#{@listname}.log") + elsif Schleuder.config.lists_logfile == 'syslog' then + Schleuder.config.lists_logfile + else + File.join(@listdir, Schleuder.config.lists_logfile) + end + end + private def _write(data,filename) --- schleuder-2.1.1.orig/lib/schleuder/crypt.rb +++ schleuder-2.1.1/lib/schleuder/crypt.rb @@ -7,6 +7,9 @@ # Instantiates and stores password def initialize(password) @password = password + if GPGME.respond_to? 'check_version' + GPGME::check_version('0.0.0') + end @ctx = GPGME::Ctx.new # feed the passphrase into the Context @ctx.set_passphrase_cb(method(:passfunc)) --- schleuder-2.1.1.orig/lib/schleuder/schleuder_config.rb +++ schleuder-2.1.1/lib/schleuder/schleuder_config.rb @@ -13,6 +13,8 @@ attr_accessor :logfile # Global loglevel: (ERROR || WARN || INFO || DEBUG) attr_accessor :loglevel + # How many logfiles to keep when rotating (daily) + attr_accessor :log_rotate_keep # Directory which holds plugin-files attr_accessor :plugins_dir # Directory which holds one subdirectory for each list @@ -38,7 +40,7 @@ def initialize(config_file=nil) conf_dir = '/etc/schleuder' config_file = conf_dir + '/schleuder.conf' unless config_file - base = File.expand_path(File.dirname(__FILE__) + '/../..') + base = '/usr/share/schleuder' # These are some "vendor defaults". # If you need to change these, put them into schleuder.conf @smtp_host = 'localhost' @@ -46,20 +48,24 @@ @superadminaddr = 'root@localhost' @logfile = '/var/log/schleuder/schleuder.log' @loglevel = 'ERROR' - @plugins_dir = base + '/plugins' - @lists_dir = '/var/schleuderlists' - @lists_configfile = 'list.conf' - @lists_logfile = 'list.log' + @log_rotate_keep = 0 + @plugins_dir = [base + '/plugins', '/etc/schleuder/plugins'] + @lists_dir = '/var/lib/schleuder' + @lists_configfile = '/etc/schleuder/lists/' + @lists_logfile = '/var/log/schleuder/' @lists_memberfile = 'members.conf' @lists_default_conf = conf_dir + '/default-list.conf' @gpg_key_type = 'RSA' - @gpg_key_length = 2048 + @gpg_key_length = 4096 @gpg_subkey_type = 'RSA' - @gpg_subkey_length = 2048 + @gpg_subkey_length = 4906 # overload with config_file super config_file + + # turn @plugins_dir into an array if needed + @plugins_dir = [@plugins_dir] unless @plugins_dir.class == Array end end end --- schleuder-2.1.1.orig/lib/schleuder/processor.rb +++ schleuder-2.1.1/lib/schleuder/processor.rb @@ -5,7 +5,7 @@ Schleuder.list.log else unless @log - @log = SchleuderLogger.new('Schleuder', config.logfile, config.loglevel) + @log = SchleuderLogger.new('schleuder', config.logfile, config.loglevel) end @log end --- schleuder-2.1.1.orig/lib/schleuder/schleuder_logger.rb +++ schleuder-2.1.1/lib/schleuder/schleuder_logger.rb @@ -4,13 +4,67 @@ class SchleuderLogger < Logger # instantiates a Logger and sets @+progname+ and @+sev_threshold+ def initialize(progname, logfile, loglevel="warn") - # rotate daily - super logfile, 'daily' + logfile = nil if logfile == 'syslog' + if Schleuder.config.log_rotate_keep > 0 && ! logfile.nil? then + # rotate daily + super logfile, 'daily' + else + super logfile + end @progname = progname + if logfile.nil? + init_syslog + end # By specifying the log-level we can define what messages are actually # logged. For 'ageing' logfiles and/or set a maximum size see # documentation for +Logger+. @sev_threshold = eval("Logger::" + loglevel.upcase) + + if Schleuder.config.log_rotate_keep > 0 && ! logfile.nil? then + # delete out-of-age logfiles + removed = File.unlink(*Dir["#{logfile}.20[0-9]*"].sort.slice(0..-Schleuder.config.log_rotate_keep)) + @log.info "Removed #{removed} old logfiles" if removed > 0 + end + end + + def init_syslog + require 'syslog' + require 'stringio' + + unless Syslog.opened? + @syslog = Syslog.open(@progname, Syslog::LOG_PID | Syslog::LOG_NDELAY, + Syslog::LOG_MAIL) + else + @syslog = Syslog.reopen(@progname, Syslog::LOG_PID | Syslog::LOG_NDELAY, + Syslog::LOG_MAIL) + end + @@LOGGER_LEVEL_TO_SYSLOG = { + Logger::DEBUG => Syslog::LOG_DEBUG, + Logger::INFO => Syslog::LOG_INFO, + Logger::WARN => Syslog::LOG_WARNING, + Logger::ERROR => Syslog::LOG_ERR, + Logger::FATAL => Syslog::LOG_CRIT, + Logger::UNKNOWN => Syslog::LOG_NOTICE, + } + # On top of using syslog(3), continue to use Logger to keep a backlog + # handy for notify_admin + @logdev = Logger::LogDevice.new(StringIO.new) + end + + def add(severity, message = nil, progname = nil, &block) + severity ||= Logger::UNKNOWN + return true if severity < @level + if message.nil? + if block_given? + message = yield + else + message = progname + end + end + + super(severity, message) + return true unless @syslog + @syslog.log(@@LOGGER_LEVEL_TO_SYSLOG[severity], '%s', message) end # extends Logger#error by sending notification to admin @@ -28,6 +82,15 @@ exit 1 end + def read_backlog + unless @syslog + logfile = File.expand_path(@logdev.instance_variable_get('@filename')) + File.read(logfile) + else + @logdev.dev.string + end + end + def notify_admin msg=nil, subject=nil self.info 'notifying (super)admin' m = Mail.new @@ -37,8 +100,7 @@ if msg.nil? msg = "Hello,\n\nan error has occurred working for list #{Schleuder.list.listname}:\n\n" - logfile = File.expand_path(@logdev.instance_variable_get('@filename')) - File.read(logfile).split(/\n[IDEFW]{1}, /).each do |line| + read_backlog.split(/\n[IDEFW]{1}, /).each do |line| msg << "#{line}\n" if line.match(/ ##{$$}\]/) end end --- schleuder-2.1.1.orig/lib/schleuder/list_config.rb +++ schleuder-2.1.1/lib/schleuder/list_config.rb @@ -31,11 +31,7 @@ # Subject prefix for outgoing mails attr_accessor :prefix_out # Wether to log or not - attr_accessor :logging - # The loglevel (ERROR || WARN || INFO || DEBUG) attr_accessor :loglevel - # How many logfiles to keep when rotating (daily) - attr_accessor :log_rotate_keep # Which headers from original mail to include into the internal meta data attr_accessor :headers_to_meta # Restrict specific plugins to admin @@ -73,9 +69,7 @@ @prefix = '' @prefix_in = '' @prefix_out = '' - @logging = true @loglevel = 'ERROR' - @log_rotate_keep = 3 @headers_to_meta = [:from, :to, :cc, :date] @keywords_admin_only = ['SAVE-MEMBERS', 'DEL-KEY'] @bounces_drop_all = false --- schleuder-2.1.1.orig/lib/schleuder/mail.rb +++ schleuder-2.1.1/lib/schleuder/mail.rb @@ -375,23 +375,27 @@ def process_plugins! if self.keywords.empty? Schleuder.log.info 'No keywords present, skipping plugins' - elsif File.directory? Schleuder.config.plugins_dir - Dir[Schleuder.config.plugins_dir + '/*_plugin.rb'].each do |plugfile| - Schleuder.log.debug "processing file #{plugfile} as plugin" - require plugfile - # interpreting class name from file name - classname = File.basename(plugfile, '.rb').split('_').collect { |p| p.capitalize }.join - plugin = instance_eval(classname).new - Schleuder.log.debug "Testing #{plugin.class}.match..." - if plugin.match(self) - Schleuder.log.debug "#{plugin.class}.match matched -- executing #{plugin.class}.process" - plugin.process(self) - else - Schleuder.log.debug "#{plugin.class}.match didn't match" + return + end + Schleuder.config.plugins_dir.each do |plugins_dir| + if File.directory? plugins_dir + Dir[plugins_dir + '/*_plugin.rb'].each do |plugfile| + Schleuder.log.debug "processing file #{plugfile} as plugin" + require plugfile + # interpreting class name from file name + classname = File.basename(plugfile, '.rb').split('_').collect { |p| p.capitalize }.join + plugin = instance_eval(classname).new + Schleuder.log.debug "Testing #{plugin.class}.match..." + if plugin.match(self) + Schleuder.log.debug "#{plugin.class}.match matched -- executing #{plugin.class}.process" + plugin.process(self) + else + Schleuder.log.debug "#{plugin.class}.match didn't match" + end end + else + Schleuder.log.error "#{plugins_dir} does not exist or is not readable!" end - else - Schleuder.log.error "#{Schleuder.config.plugins_dir} does not exist or is not readable!" end end