Skip to content

fix: expand tmpfiles.d for MTA services (CO-2524) #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
M0Rf30 merged 9 commits into from
Jan 15, 2026
Merged

fix: expand tmpfiles.d for MTA services (CO-2524) #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
77bcc80
fix: expand tmpfiles.d for MTA services (CO-2524)
M0Rf30 Jan 7, 2026
f04a8c1
fix: call systemd-tmpfiles with specific config file (CO-2524)
M0Rf30 Jan 7, 2026
002fa3d
refactor: move ClamAV directory to carbonio-clamav package (CO-2524)
M0Rf30 Jan 7, 2026
4225fc5
refactor: move third-party directories to respective packages (CO-2524)
M0Rf30 Jan 7, 2026
951775a
refactor: move postfix directories to carbonio-postfix (CO-2524)
M0Rf30 Jan 7, 2026
65b9c01
fix: correct sysusers.d syntax for carbonio-mta group (CO-2524)
M0Rf30 Jan 8, 2026
9dc9940
fix: silence systemd-sysusers and tmpfiles to prevent postinst failur…
M0Rf30 Jan 9, 2026
c972849
fix: remove redundant mkdir/chown from postinst scripts
M0Rf30 Jan 9, 2026
1d60849
chore: add SPDX license headers to systemd configs
M0Rf30 Jan 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
191 changes: 31 additions & 160 deletions mta/PKGBUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ source=(
"postfix_tag_as_foreign.re.in"
"postfix_tag_as_originating.re.in"
"service-protocol.json"
"systemd-sysuser.conf"
"systemd-tmpfile.conf"
)

sha256sums=(
Expand All @@ -75,25 +77,27 @@ sha256sums=(
'859386aa88ca443617c5c7b575333513e81555ad3ae6c2bd8ed61e577370fbd1'
'4c86497fd1a5ec0bcca2250e10f477f5c4f4f178dc4a62173383f0b4e53a5829'
'18aec2fc0c687f24f40bad9a6f64bb4f00ea513a218e6a3c5cdf3c900dff8a40'
'6f69c0041b463cbb24c80d980042298b8c29fed70bac6a221e5fec5fcd995a2c'
'630adfda297f6483fc5de6b63d3c82732db122600b465d27ee5f1b4783cf02e6'
)

package() {
cd "${srcdir}"

# consul for mta
install -Dm 755 "${pkgname}.sh" \
install -Dm755 "${pkgname}.sh" \
"${pkgdir}/usr/bin/${pkgname}"
install -Dm 644 "${pkgname}-sidecar.service" \
install -Dm644 "${pkgname}-sidecar.service" \
"${pkgdir}/usr/lib/systemd/system/${pkgname}-sidecar.service"
install -Dm 644 "${pkgname}.hcl" \
install -Dm644 "${pkgname}.hcl" \
"${pkgdir}/etc/zextras/service-discover/${pkgname}.hcl"
install -Dm 644 "211-${pkgname}.sh" \
install -Dm644 "211-${pkgname}.sh" \
"${pkgdir}/etc/zextras/pending-setups.d/211-${pkgname}.sh"
install -Dm 644 policies.json \
install -Dm644 policies.json \
"${pkgdir}/etc/carbonio/mta/service-discover/policies.json"
install -Dm 644 intentions.json \
install -Dm644 intentions.json \
"${pkgdir}/etc/carbonio/mta/service-discover/intentions.json"
install -Dm 644 service-protocol.json \
install -Dm644 service-protocol.json \
"${pkgdir}/etc/carbonio/mta/service-discover/service-protocol.json"

# postfix
Expand All @@ -111,10 +115,17 @@ package() {
mkdir -p "${pkgdir}/opt/zextras/data/opendkim/"
mkdir -p "${pkgdir}/opt/zextras/data/postfix/"

# systemd sysusers.d
install -Dm644 "${srcdir}/systemd-sysuser.conf" \
"${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
# systemd tmpfiles.d
install -Dm644 "${srcdir}/systemd-tmpfile.conf" \
"${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"

# systemd units and target
mkdir -p "${pkgdir}/usr/lib/systemd/system/carbonio.target.wants"
mkdir "${pkgdir}/usr/lib/systemd/system/${pkgname}.target.wants"
install -Dm 644 "${pkgname}.target" \
install -Dm644 "${pkgname}.target" \
"${pkgdir}/usr/lib/systemd/system/${pkgname}.target"
ln -sf "/usr/lib/systemd/system/${pkgname}.target" \
"${pkgdir}/usr/lib/systemd/system/carbonio.target.wants/${pkgname}.target"
Expand Down Expand Up @@ -161,32 +172,7 @@ postinst__apt() {
fi
fi

chown zextras:zextras /opt/zextras/common/conf/master.cf.in
chmod 440 /opt/zextras/common/conf/master.cf.in
chown zextras:zextras /opt/zextras/common/conf/tag_as_*.re.in

mkdir -p /opt/zextras/data/amavisd/db
mkdir -p /opt/zextras/data/amavisd/tmp
mkdir -p /opt/zextras/data/amavisd/var
mkdir -p /opt/zextras/data/amavisd/quarantine
chown -R zextras:zextras /opt/zextras/data/amavisd/*

mkdir -p /opt/zextras/data/opendkim
chown -R zextras:zextras /opt/zextras/data/opendkim

mkdir -p /opt/zextras/data/clamav/db
chown -R zextras:zextras /opt/zextras/data/clamav/db

mkdir -p /opt/zextras/data/postfix/spool/pid
chown postfix:zextras /opt/zextras/data/postfix
chown root:postfix /opt/zextras/data/postfix/spool
chown postfix:root /opt/zextras/data/postfix/spool/pid

chown zextras:zextras /opt/zextras/data

if [ -f /opt/zextras/common/conf/main.cf ]; then
chown zextras:zextras /opt/zextras/common/conf/main.cf
fi
# Note: Directory creation for amavisd, clamav, postfix handled by their respective packages' tmpfiles.d

if [ ! -e /etc/aliases ] || [ -L /etc/aliases ]; then
if [ -L /etc/aliases ]; then
Expand All @@ -200,18 +186,8 @@ postinst__apt() {
fi
fi

if [ -x "/opt/zextras/libexec/zmfixperms" ]; then
/opt/zextras/libexec/zmfixperms
fi

chgrp zextras /opt/zextras/common/conf
chmod g+w /opt/zextras/common/conf

# mta consul
getent group 'carbonio-mta' >/dev/null \
|| groupadd -r 'carbonio-mta'
getent passwd 'carbonio-mta' >/dev/null \
|| useradd -r -M -g 'carbonio-mta' -s /sbin/nologin 'carbonio-mta'
systemd-sysusers >/dev/null 2>&1 || :
systemd-tmpfiles --create /usr/lib/tmpfiles.d/carbonio-mta.conf >/dev/null 2>&1 || :

if [ -d /run/systemd/system ]; then
systemctl daemon-reload &>/dev/null || :
Expand Down Expand Up @@ -239,32 +215,7 @@ postinst__ubuntu_noble() {
fi
fi

chown zextras:zextras /opt/zextras/common/conf/master.cf.in
chmod 440 /opt/zextras/common/conf/master.cf.in
chown zextras:zextras /opt/zextras/common/conf/tag_as_*.re.in

mkdir -p /opt/zextras/data/amavisd/db
mkdir -p /opt/zextras/data/amavisd/tmp
mkdir -p /opt/zextras/data/amavisd/var
mkdir -p /opt/zextras/data/amavisd/quarantine
chown -R zextras:zextras /opt/zextras/data/amavisd/*

mkdir -p /opt/zextras/data/opendkim
chown -R zextras:zextras /opt/zextras/data/opendkim

mkdir -p /opt/zextras/data/clamav/db
chown -R zextras:zextras /opt/zextras/data/clamav/db

mkdir -p /opt/zextras/data/postfix/spool/pid
chown postfix:zextras /opt/zextras/data/postfix
chown root:postfix /opt/zextras/data/postfix/spool
chown postfix:root /opt/zextras/data/postfix/spool/pid

chown zextras:zextras /opt/zextras/data

if [ -f /opt/zextras/common/conf/main.cf ]; then
chown zextras:zextras /opt/zextras/common/conf/main.cf
fi
# Note: Directory creation for amavisd, clamav, postfix handled by their respective packages' tmpfiles.d

if [ ! -e /etc/aliases ] || [ -L /etc/aliases ]; then
if [ -L /etc/aliases ]; then
Expand All @@ -278,18 +229,8 @@ postinst__ubuntu_noble() {
fi
fi

if [ -x "/opt/zextras/libexec/zmfixperms" ]; then
/opt/zextras/libexec/zmfixperms
fi

chgrp zextras /opt/zextras/common/conf
chmod g+w /opt/zextras/common/conf

# mta consul
getent group 'carbonio-mta' >/dev/null \
|| groupadd -r 'carbonio-mta'
getent passwd 'carbonio-mta' >/dev/null \
|| useradd -r -M -g 'carbonio-mta' -s /sbin/nologin 'carbonio-mta'
systemd-sysusers >/dev/null 2>&1 || :
systemd-tmpfiles --create /usr/lib/tmpfiles.d/carbonio-mta.conf >/dev/null 2>&1 || :

if [ -d /run/systemd/system ]; then
systemctl daemon-reload &>/dev/null || :
Expand All @@ -304,32 +245,7 @@ postinst__ubuntu_noble() {
}

postinst__rocky_8() {
chown zextras:zextras /opt/zextras/common/conf/master.cf.in
chmod 440 /opt/zextras/common/conf/master.cf.in
chown zextras:zextras /opt/zextras/common/conf/tag_as_*.re.in

mkdir -p /opt/zextras/data/amavisd/db
mkdir -p /opt/zextras/data/amavisd/tmp
mkdir -p /opt/zextras/data/amavisd/var
mkdir -p /opt/zextras/data/amavisd/quarantine
chown -R zextras:zextras /opt/zextras/data/amavisd/*

mkdir -p /opt/zextras/data/opendkim
chown -R zextras:zextras /opt/zextras/data/opendkim

mkdir -p /opt/zextras/data/clamav/db
chown -R zextras:zextras /opt/zextras/data/clamav/db

mkdir -p /opt/zextras/data/postfix/spool/pid
chown postfix:zextras /opt/zextras/data/postfix
chown root:postfix /opt/zextras/data/postfix/spool
chown postfix:root /opt/zextras/data/postfix/spool/pid

chown zextras:zextras /opt/zextras/data

if [ -f /opt/zextras/common/conf/main.cf ]; then
chown zextras:zextras /opt/zextras/common/conf/main.cf
fi
# Note: Directory creation for amavisd, clamav, postfix handled by their respective packages' tmpfiles.d

if [ ! -e /etc/aliases ] || [ -L /etc/aliases ]; then
if [ -L /etc/aliases ]; then
Expand All @@ -343,18 +259,8 @@ postinst__rocky_8() {
fi
fi

if [ -x "/opt/zextras/libexec/zmfixperms" ]; then
/opt/zextras/libexec/zmfixperms
fi

chgrp zextras /opt/zextras/common/conf
chmod g+w /opt/zextras/common/conf

# mta consul
getent group 'carbonio-mta' >/dev/null \
|| groupadd -r 'carbonio-mta'
getent passwd 'carbonio-mta' >/dev/null \
|| useradd -r -M -g 'carbonio-mta' -s /sbin/nologin 'carbonio-mta'
systemd-sysusers >/dev/null 2>&1 || :
systemd-tmpfiles --create /usr/lib/tmpfiles.d/carbonio-mta.conf >/dev/null 2>&1 || :

if [ -d /run/systemd/system ]; then
systemctl daemon-reload &>/dev/null || :
Expand All @@ -368,32 +274,7 @@ postinst__rocky_8() {
}

postinst__rocky_9() {
chown zextras:zextras /opt/zextras/common/conf/master.cf.in
chmod 440 /opt/zextras/common/conf/master.cf.in
chown zextras:zextras /opt/zextras/common/conf/tag_as_*.re.in

mkdir -p /opt/zextras/data/amavisd/db
mkdir -p /opt/zextras/data/amavisd/tmp
mkdir -p /opt/zextras/data/amavisd/var
mkdir -p /opt/zextras/data/amavisd/quarantine
chown -R zextras:zextras /opt/zextras/data/amavisd/*

mkdir -p /opt/zextras/data/opendkim
chown -R zextras:zextras /opt/zextras/data/opendkim

mkdir -p /opt/zextras/data/clamav/db
chown -R zextras:zextras /opt/zextras/data/clamav/db

mkdir -p /opt/zextras/data/postfix/spool/pid
chown postfix:zextras /opt/zextras/data/postfix
chown root:postfix /opt/zextras/data/postfix/spool
chown postfix:root /opt/zextras/data/postfix/spool/pid

chown zextras:zextras /opt/zextras/data

if [ -f /opt/zextras/common/conf/main.cf ]; then
chown zextras:zextras /opt/zextras/common/conf/main.cf
fi
# Note: Directory creation for amavisd, clamav, postfix handled by their respective packages' tmpfiles.d

if [ ! -e /etc/aliases ] || [ -L /etc/aliases ]; then
if [ -L /etc/aliases ]; then
Expand All @@ -407,18 +288,8 @@ postinst__rocky_9() {
fi
fi

if [ -x "/opt/zextras/libexec/zmfixperms" ]; then
/opt/zextras/libexec/zmfixperms
fi

chgrp zextras /opt/zextras/common/conf
chmod g+w /opt/zextras/common/conf

# mta consul
getent group 'carbonio-mta' >/dev/null \
|| groupadd -r 'carbonio-mta'
getent passwd 'carbonio-mta' >/dev/null \
|| useradd -r -M -g 'carbonio-mta' -s /sbin/nologin 'carbonio-mta'
systemd-sysusers >/dev/null 2>&1 || :
systemd-tmpfiles --create /usr/lib/tmpfiles.d/carbonio-mta.conf >/dev/null 2>&1 || :

if [ -d /run/systemd/system ]; then
systemctl daemon-reload &>/dev/null || :
Expand Down
8 changes: 8 additions & 0 deletions mta/systemd-sysuser.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# SPDX-FileCopyrightText: 2025 Zextras <https://www.zextras.com>
# SPDX-License-Identifier: GPL-2.0-only

# Carbonio MTA service user and group
# See sysusers.d(5) for format

g carbonio-mta -
u carbonio-mta - "Carbonio MTA Service" - /sbin/nologin
37 changes: 37 additions & 0 deletions mta/systemd-tmpfile.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# SPDX-FileCopyrightText: 2025 Zextras <https://www.zextras.com>
# SPDX-License-Identifier: GPL-2.0-only

# Carbonio MTA directories and permissions
# See tmpfiles.d(5) for format

z /opt/zextras/common/conf/master.cf.in 0440 zextras zextras

# Note: main.cf and master.cf are owned and managed by carbonio-postfix package

# Postfix bysender database
z /opt/zextras/common/conf/bysender 0644 zextras zextras
z /opt/zextras/common/conf/bysender.lmdb 0644 zextras zextras

# Postfix RE files
z /opt/zextras/common/conf/tag_as_foreign.re 0644 zextras zextras
z /opt/zextras/common/conf/tag_as_foreign.re.in 0644 zextras zextras
z /opt/zextras/common/conf/tag_as_originating.re 0644 zextras zextras
z /opt/zextras/common/conf/tag_as_originating.re.in 0644 zextras zextras

# Postfix virtual domain configuration files (group postfix for access)
z /opt/zextras/conf/*-canonical.cf 0640 zextras postfix
z /opt/zextras/conf/*-slm.cf 0640 zextras postfix
z /opt/zextras/conf/*-transport.cf 0640 zextras postfix
z /opt/zextras/conf/*-vad.cf 0640 zextras postfix
z /opt/zextras/conf/*-vam.cf 0640 zextras postfix
z /opt/zextras/conf/*-vmd.cf 0640 zextras postfix
z /opt/zextras/conf/*-vmm.cf 0640 zextras postfix

# Note: Postfix directories are managed by carbonio-postfix tmpfiles.d
# Note: Postfix setgid binaries (postqueue, postdrop) permissions are handled by carbonio-postfix postinst script

# OpenDKIM (email authentication) directory
d /opt/zextras/data/opendkim 0755 zextras zextras

# Altermime (MIME message modifier) directory
d /opt/zextras/data/altermime 0755 zextras zextras