diff --git a/README.SUSE.md b/README.SUSE.md new file mode 100644 index 0000000..9856475 --- /dev/null +++ b/README.SUSE.md @@ -0,0 +1,72 @@ +Postorius +========= + +## Configuration + +The web application is configured in `/etc/postorius/settings_local.py` which +is included by the default configuration in +/srv/www/webapps/postorius/settings.py. + +1. Optional: Change the default secret for the application: + We already created one, but feel free to replace with a stronger + alternative. + + `/etc/postorius/settings_local.py`: + + SECRET_KEY = 'something-very-secret' + +2. Make sure to disable debugging when running in production: + + `/etc/postorius/settings_local.py`: + + DEBUG = False + +3. The valid hosts or domain names for the application need to be defined: + + `/etc/postorius/settings_local.py`: + + ALLOWED_HOSTS = [ + 'localhost', + 'lists.example.com' + ] + +4. To be able to configure a running mailman instance configuration options for + its REST API have to be added to postorius' configuration. + + `/etc/postorius/settings_local.py` + + MAILMAN_REST_API_URL = 'http://localhost:8001' + MAILMAN_REST_API_USER = 'rest_admin' + MAILMAN_REST_API_PASS = 'rest_admin_password' + + +5. Add a valid email configuration + + `/etc/postorius/settings_local.py`: + + EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' + EMAIL_HOST = 'localhost' + EMAIL_PORT = 25 + EMAIL_HOST_USER = + EMAIL_HOST_PASSWORD = + +7. Optional: Configure postgres or another database (default: sqlite3) + +6. Create and setup the database + + postorius-manage migrate + +7. Create admin user + + postorius-manage createsuperuser + +## Apache2 + +To configure postorius with Apache and uwsgi, just add the follwing lines to a vhost: + + ProxyPass /.well-known/acme-challenge ! + ProxyPassMatch ^/static ! + ProxyPass / unix:/run/uwsgi/uwsgi-postorius.sock|uwsgi://localhost/ + + Require all granted + diff --git a/postorius-1.3.0.tar.gz b/postorius-1.3.0.tar.gz deleted file mode 100644 index dbd2cc1..0000000 --- a/postorius-1.3.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:54a329128ed1934451b6e3c26dd0a6adc7b2a48cc7f7606ad7454b61d0834f89 -size 1610209 diff --git a/postorius-1.3.4.tar.gz b/postorius-1.3.4.tar.gz new file mode 100644 index 0000000..03e7eed --- /dev/null +++ b/postorius-1.3.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2f602950640dbd1d1456fa1d54cfb03338d82d991e808e1f4f8c94894fdc89b5 +size 2802672 diff --git a/postorius-manage.sh b/postorius-manage.sh new file mode 100644 index 0000000..360f9c6 --- /dev/null +++ b/postorius-manage.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +sudo -u postorius /usr/bin/python3 /srv/www/webapps/mailman/postorius/manage.py "$@" diff --git a/postorius-settings.patch b/postorius-settings.patch new file mode 100644 index 0000000..c52e273 --- /dev/null +++ b/postorius-settings.patch @@ -0,0 +1,31 @@ +Index: postorius-1.3.3/example_project/settings.py +=================================================================== +--- postorius-1.3.3.orig/example_project/settings.py ++++ postorius-1.3.3/example_project/settings.py +@@ -136,7 +136,7 @@ WSGI_APPLICATION = 'wsgi.application' + DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.sqlite3', +- 'NAME': os.path.join(BASE_DIR, 'postorius.db'), ++ 'NAME': '/var/lib/postorius/data/postorius.db', + } + } + +@@ -180,7 +180,7 @@ USE_TZ = True + # Don't put anything in this directory yourself; store your static files + # in apps' "static/" subdirectories and in STATICFILES_DIRS. + # Example: "/var/www/example.com/static/" +-STATIC_ROOT = os.path.join(BASE_DIR, 'static') ++STATIC_ROOT = '/srv/www/webapps/mailman/postorius/static' + + # URL prefix for static files. + # Example: "http://example.com/static/", "http://static.example.com/" +@@ -259,7 +259,7 @@ LOGGING = { + 'level': 'INFO', + #'class': 'logging.handlers.RotatingFileHandler', + 'class': 'logging.handlers.WatchedFileHandler', +- 'filename': os.path.join(BASE_DIR, 'logs', 'postorius.log'), ++ 'filename': '/var/log/postorius/postorius.log', + 'formatter': 'verbose', + }, + }, diff --git a/postorius.uwsgi b/postorius.uwsgi new file mode 100644 index 0000000..da9dd10 --- /dev/null +++ b/postorius.uwsgi @@ -0,0 +1,17 @@ +[uwsgi] +#plugin = apparmor +#apparmor-hat = postorius + +uid = postorius +gid = postorius + +processes = 1 +threads = 25 + +socket = /run/uwsgi/uwsgi-postorius.sock +chmod-socket = 660 +chown-socket = wwwrun:www + +plugin = python3 +chdir = /srv/www/webapps/mailman/postorius +module = wsgi diff --git a/python-postorius-rpmlintrc b/python-postorius-rpmlintrc new file mode 100644 index 0000000..af1fb83 --- /dev/null +++ b/python-postorius-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("zero-length") +addFilter("non-standard-gid") +addFilter("non-standard-uid") diff --git a/python-postorius.changes b/python-postorius.changes index 7b19bb4..f257d40 100644 --- a/python-postorius.changes +++ b/python-postorius.changes @@ -1,3 +1,130 @@ +------------------------------------------------------------------- +Wed Jun 2 06:33:53 UTC 2021 - Andreas Schneider + +- Remove the postorius-admin user + +------------------------------------------------------------------- +Tue May 25 19:29:40 UTC 2021 - Andreas Schneider + +- Create static files as part of the build process +- Fixed CVE-2021-31997 + +------------------------------------------------------------------- +Tue May 4 09:34:29 UTC 2021 - Ben Greiner + +- restrict to primary python3 flavor due to mailman + +------------------------------------------------------------------- +Fri Feb 12 10:54:02 UTC 2021 - Andreas Schneider + +- Update to version 1.3.4 + * Update the default Site when creating a domain to match the domain if it is + example.com. (Closes #427) + * Add the ability to subscribe via Primary Address instead of specific + address. (See !516) + * Fix a bug where the user's display name would be ignore when + subscribing. (Closes #429) + * Display a user's name in the pending subscription request list. (Closes #430) + * Set a user's preferrred_address in Core if it isn't already set and the user + has a Primary Address that is verified. + * Use the new APIs in Core to get the count of held messages and pending + subscriptions to improve peroformance of settings page for list + owners. (Fixes #417) + * Show held message is local time of the User. (Closes #434) + * Fix a bug where non-member options page would show an owner's options if the + same email was subscribed as owner and non-member in a list. (Closes #436) + * Switching subscription from one email address to other or Primary Address now + preserves preferences and does not require Moderator approval. (Closes #425) + * Make 'Archives' and 'List Options' urls more prominently visible in the + list summary page as buttons. (Closes #439) + * Added the ability to issue invitations from the mass subscribe view. + * Expose emergency moderation setting for MailingList. + * Fixed some minor HTML errors. (Closes #442) + * Fix the bug where ListOfStringsField couldn't be unset in Postorius. (Closes + #444) + * Allow list:user:action:invite template to be set in Postorius. (Closes + #454) + * Fix a bug where the Bans form would always use default language instead of + current request's language. (Closes #441) + * Fix the URL on cancel buttons in template's confirm delete page. (Closes + #458) + * Use server side filtering for pending subscription requests for moderator + approval. (See !559) + * Allow setting moderation action for a nonmember from Held Message modal. ( + Closes #448) + * Add a new view to confirm subscriptions or new emails for Users using + Postorius. (Fixes #459) + * Fix a bug where membership check compared email addresses in different + cases. (Closes #457) + * Mass removal now accepts address formats with display names and/or angle + brackets. (Closes #455) + * Add support to override send_welcome_message when mass subscribing to + suppress welcome messages. (Closes #99) + * Add support for Django 3.1.x. (See !574) + * The list's send_goodbye_message is now settable on the Automatic + Responses view. (Closes #466) + * Support HYPERKITTY_ENABLE_GRAVATAR setting to control the user gravatar. + (Closes #467) +- Fix building on tumbleweed + +------------------------------------------------------------------- +Sun Dec 20 14:35:33 UTC 2020 - Andreas Schneider + +- Improve documentation (README.SUSE.md) + +------------------------------------------------------------------- +Sat Dec 12 19:19:35 UTC 2020 - Andreas Schneider + +- Fix chdir path in uwsgi config +- Update README.SUSE.md + +------------------------------------------------------------------- +Sat Oct 3 07:55:13 UTC 2020 - Andreas Schneider + +- Create a postorius-web package with webroot files +- Create a postorius-web-uwsgi with uwsgi configuration +- Added postorius-settings.patch + * Sets the FHS default paths + +------------------------------------------------------------------- +Tue Aug 4 02:03:24 UTC 2020 - Stasiek Michalski + +- Update to 1.3.3 + * Expose additional list settings. + * Correct description of Digest Frequency. + * Added links to Reply-To munging articles. + * Fix "Show Headers" button to show the held message headers in the + held message popup. + * Fix the held message popup structure and increase the max width of the popup + to be 800px(modal-lg) for larger screens. + * Fix FILTER_VHOST = True option to try to find the email host corresponding + to the requesting web host. + * Allow specifying a reason when rejecting a held message. + * Allow users to set their preferred language in their preferences. + * Add support to ban addresses for the entire Mailman installation. + * Un-handled HTTPError exception raised from MailmanClient now results in an + error page and proper logging instead of mysterious KeyError in logs. + * Change List settings navigation to be vertical instead of horizontal. + * Move bounce processing settings into a new vertical tab for better + visibility. + * Add URL to edit the Web host for each domain in Domain Index page. Also, show + the SITE_ID for each webhost. + +------------------------------------------------------------------- +Tue Apr 14 08:12:34 UTC 2020 - Paolo Stivanin + +- Update to 1.3.2 (no changelog) + +------------------------------------------------------------------- +Thu Jan 23 15:44:42 UTC 2020 - pgajdos@suse.com + +- the pytest issue in 15 will be fixed on python rpm macros level + +------------------------------------------------------------------- +Fri Jan 17 11:03:31 UTC 2020 - pgajdos@suse.com + +- %check correctly also for 15 + ------------------------------------------------------------------- Mon Dec 2 10:47:16 UTC 2019 - pgajdos@suse.com diff --git a/python-postorius.spec b/python-postorius.spec index e256e78..65b14e1 100644 --- a/python-postorius.spec +++ b/python-postorius.spec @@ -1,7 +1,7 @@ # # spec file for package python-postorius # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,19 +16,47 @@ # -%{?!python_module:%define python_module() python-%{**} python3-%{**}} -%define skip_python2 1 +%global webapps_dir /srv/www/webapps + +%global postorius_pkgname postorius + +%global postorius_basedir %{webapps_dir}/mailman/postorius +%global postorius_localedir %{postorius_basedir}/locale +%global postorius_staticdir %{postorius_basedir}/static + +%global postorius_etcdir %{_sysconfdir}/postorius +%global postorius_libdir %{_localstatedir}/lib/postorius +%global postorius_logdir %{_localstatedir}/log/postorius +%global postorius_datadir %{postorius_libdir}/data + +%{?!python_module:%define python_module() python3-%{**}} +# mailman is built only for primary python3 flavor +%define pythons python3 Name: python-postorius -Version: 1.3.0 +Version: 1.3.4 Release: 0 Summary: A web user interface for GNU Mailman License: GPL-3.0-only URL: https://gitlab.com/mailman/postorius -Source: https://files.pythonhosted.org/packages/source/p/postorius/postorius-%{version}.tar.gz +# +Source0: https://files.pythonhosted.org/packages/source/p/postorius/postorius-%{version}.tar.gz +Source1: python-postorius-rpmlintrc +# +Source10: postorius-manage.sh +Source12: postorius.uwsgi +# +Source20: README.SUSE.md +# +Patch0: postorius-settings.patch +# BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} +BuildRequires: acl BuildRequires: fdupes +BuildRequires: openssl BuildRequires: python-rpm-macros +BuildRequires: rsync +BuildRequires: sudo Requires: python-Django >= 1.11 Requires: python-django-mailman3 >= 1.2.0 Requires: python-mailmanclient >= 3.2.3 @@ -48,30 +76,151 @@ BuildRequires: %{python_module pytest} BuildRequires: %{python_module readme_renderer} BuildRequires: %{python_module vcrpy} # /SECTION +%if 0%{python3_version_nodots} == 38 +# help in replacing any previously installed multiflavor package back to the primary python3 package +Provides: python38-postorius = %{version}-%{release} +Obsoletes: python38-postorius < %{version}-%{release} +%endif %python_subpackages %description A web user interface for GNU Mailman +%package -n %{postorius_pkgname}-web +Summary: The webroot for GNU Mailman +Requires: acl +Requires: openssl +Requires: python3-postorius +Requires: sudo + +%description -n %{postorius_pkgname}-web +A web user interface for GNU Mailman. + +This package holds the web interface. + +%package -n %{postorius_pkgname}-web-uwsgi +Summary: Postorius - uwsgi configuration +Requires: %{postorius_pkgname}-web +Requires: uwsgi + +%description -n %{postorius_pkgname}-web-uwsgi +A web user interface for GNU Mailman. + +This package holds the uwsgi configuration. + %prep %setup -q -n postorius-%{version} +cp %{SOURCE20} . +touch settings_local.py + +# Copy exmaple_project to just build the static files +rsync -a example_project/* build_static_files + +%autopatch -p1 %build +sed -i 's|^#!/usr/bin/env.*|#!%{_bindir}/python3|' \ + example_project/manage.py + %python_build +# Build static files +install -d -m 0755 build_static_files/logs +export PYTHONPATH=$(pwd)/src +%python_exec build_static_files/manage.py collectstatic --clear --noinput + %install %python_install %python_expand %fdupes %{buildroot}%{$python_sitelib} +install -d -m 0750 \ + %{buildroot}%{postorius_etcdir} \ + %{buildroot}%{postorius_libdir} \ + %{buildroot}%{postorius_datadir} \ + %{buildroot}%{postorius_logdir} + +install -d -m 0755 \ + %{buildroot}%{postorius_basedir} \ + %{buildroot}%{postorius_localedir} \ + %{buildroot}%{postorius_staticdir} \ + +# Copy static files +rsync -a build_static_files/static %{buildroot}%{postorius_basedir} + +rsync -a example_project/* %{buildroot}%{postorius_basedir} +chmod -x %{buildroot}%{postorius_basedir}/wsgi.py + +rm -f %{buildroot}%{postorius_basedir}/README.rst +rm -f %{buildroot}%{postorius_basedir}/mailman.cfg + +# Create an empty settings_local.py. This will be filled with a SECRET_KEY in post +install -m 0644 settings_local.py %{buildroot}%{postorius_etcdir}/settings_local.py + +ln -svf %{postorius_etcdir}/settings_local.py \ + %{buildroot}/%{postorius_basedir}/settings_local.py + +%fdupes %{buildroot}%{postorius_basedir} + +# Manage script +install -d -m 0755 %{buildroot}%{_sbindir} +install -m 0750 %{SOURCE10} %{buildroot}%{_sbindir}/postorius-manage + +install -d -m 0755 %{buildroot}%{_sysconfdir}/uwsgi/vassals +install -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/uwsgi/vassals/postorius.ini + %check pushd example_project export PYTHONPATH='../src' +export LANG=C.UTF-8 %pytest .. popd +%pre -n %{postorius_pkgname}-web +/usr/sbin/groupadd -r postorius &>/dev/null || : +/usr/sbin/useradd -g postorius -s /bin/false -r -c "Postorius" -d %{postorius_basedir} postorius &>/dev/null || : + +%post -n %{postorius_pkgname}-web +# We need a SECRET_KEY for manage to work +if ! grep -q "^SECRET_KEY.*" %{postorius_etcdir}/settings_local.py; then + echo "SECRET_KEY='$(openssl rand -base64 48)'" >> %{postorius_etcdir}/settings_local.py +fi +%{_sbindir}/postorius-manage migrate --pythonpath /srv/www/webapps/mailman/postorius/ --settings settings + %files %{python_files} %doc README.rst example_project %license COPYING %{python_sitelib}/* +%files -n %{postorius_pkgname}-web +%doc README.SUSE.md +%{_sbindir}/postorius-manage +%dir %{webapps_dir} +%dir %{webapps_dir}/mailman + +%defattr(-,root,postorius) +%dir %{postorius_basedir} +%{postorius_basedir}/__init__.py +%{postorius_basedir}/manage.py +%{postorius_basedir}/settings.py +%{postorius_basedir}/settings_local.py +%{postorius_basedir}/test_settings.py +%{postorius_basedir}/urls.py +%{postorius_basedir}/wsgi.py + +%dir %{postorius_basedir}/static +%{postorius_basedir}/static/admin +%{postorius_basedir}/static/django-mailman3 +%{postorius_basedir}/static/postorius + +%attr(750,root,postorius) %dir %{postorius_etcdir} +%attr(640,root,postorius) %config(noreplace) %{postorius_etcdir}/settings_local.py +%attr(750,root,postorius) %dir %{postorius_libdir} +%attr(750,postorius,postorius) %dir %{postorius_datadir} +%attr(750,postorius,postorius) %dir %{postorius_logdir} + +%files -n %{postorius_pkgname}-web-uwsgi +%dir %{_sysconfdir}/uwsgi +%dir %{_sysconfdir}/uwsgi/vassals +%config (noreplace) %{_sysconfdir}/uwsgi/vassals/postorius.ini + %changelog