FS#66718 - [opensmtpd] sendmail: this program must be setgid smtpq

Attached to Project: Community Packages
Opened by ilf (ilf) - Wednesday, 20 May 2020, 08:33 GMT
Last edited by freswa (frederik) - Tuesday, 13 October 2020, 15:34 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Bruno Pagani (ArchangeGabriel)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 4
Private No

Details

Description:
After the upgrade (6.6.4p1-2 -> 6.7.0p1-1), sending mails fails with: "sendmail: this program must be setgid smtpq"

Additional info:
* package version(s): 6.7.0p1-1
* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:

% mail -s test test
To: test
Subject: test

^D
-------
Envelope contains:
To: test
Subject: test
Send this message [yes/no, empty: recompose]? y
sendmail: this program must be setgid smtpq
/home/test/dead.letter 1/123
mail: ... message not sent
This task depends upon

Closed by  freswa (frederik)
Tuesday, 13 October 2020, 15:34 GMT
Reason for closing:  Fixed
Additional comments about closing:  6.7.1p1-4
Comment by ilf (ilf) - Wednesday, 20 May 2020, 08:35 GMT
correct title: https://bugs.archlinux.org/task/66719 (sorry for dupe)
Comment by loqs (loqs) - Thursday, 21 May 2020, 21:56 GMT
@ilf can you try rebuilding the package locally with the attached patch in a clean chroot?
It adds a makedepends on the package itself so the package will be installed before build ensuring the smtpq user is created so chgrp does not fail with

chgrp smtpq /build/opensmtpd/pkg/opensmtpd/usr/bin/smtpctl || true
chgrp: invalid group: ‘smtpq’
Comment by ilf (ilf) - Thursday, 21 May 2020, 22:27 GMT
@loqs Sorry, I don't have the time to do this now, any likely anytime soon. :/
Comment by ilf (ilf) - Friday, 22 May 2020, 08:34 GMT
For now I fixed it manually:

sudo chgrp smtpq /usr/bin/smtpctl
sudo chmod g+s /usr/bin/smtpctl
Comment by Lukas Fleischer (lfleischer) - Friday, 22 May 2020, 17:03 GMT
  • Field changed: Severity (Low → High)
loqs, you don't need to make the package depend on itself; something as simple as `chgrp 92 "$pkgdir"/usr/bin/smtpctl` would work.

That being said, I need to investigate a bit more before adding this to the package. I don't see why `make install` would not set the correct permissions if that's the only way the binary works.
Comment by ilf (ilf) - Friday, 22 May 2020, 18:08 GMT
Still present after the upgrade to 6.7.1p1-1.
Comment by loqs (loqs) - Friday, 22 May 2020, 18:14 GMT
Manually fixing up the ownership after make install is simpler. The patch was to test if the cause was the lack of the groups existence during clean chroot build.

libtool: install: /usr/bin/install -c smtpctl /build/opensmtpd/pkg/opensmtpd/usr/bin/smtpctl

libtool installs the file then chgrp is called but the group name is invalid in the chroot

chgrp smtpq /build/opensmtpd/pkg/opensmtpd/usr/bin/smtpctl || true
chgrp: invalid group: ‘smtpq’

If smtpq is replaced by 92 in the configure call then the call becomes

chgrp 92 /build/opensmtpd/pkg/opensmtpd/usr/bin/smtpctl || true

Not suggesting that approach just noting the result.

The chgrp is allowed to fail due to [1]. The chgrp call itself was added in [2]

[1] https://github.com/OpenSMTPD/OpenSMTPD/commit/198b332301f432eedfa3737be00bd7dbd159d235
[2] https://github.com/OpenSMTPD/OpenSMTPD/commit/e02d05d2ec470899363de4be658aca26de5a2466
Comment by Lukas Fleischer (lfleischer) - Friday, 22 May 2020, 21:05 GMT
Thanks for the clarification, loqs, that makes sense. Should be fixed in 6.7.1p1-2.
Comment by ilf (ilf) - Saturday, 23 May 2020, 10:58 GMT
Yes, it works in 6.7.1p1-2, thanks.
Comment by Nathan Henrie (n8henrie) - Sunday, 24 May 2020, 22:01 GMT
  • Field changed: Percent Complete (100% → 0%)
Not fixed -- it changed group ownership to `audio` on my system (which is group 92), not `smtpq`. Still get `sendmail: this program must be setgid smtpq` on 6.7.1p1-2.
Comment by Bruno Pagani (ArchangeGabriel) - Sunday, 24 May 2020, 22:19 GMT
We are aware of the issue and thinking about the proper fix. audio was historically assigned to GID 92 by the filesystem package, so all Arch install before 2017-08-30 have this.
Comment by ilf (ilf) - Thursday, 04 June 2020, 08:02 GMT
Broken again after upgrade to 6.7.1p1-3.
Comment by Bruno Pagani (ArchangeGabriel) - Thursday, 04 June 2020, 17:44 GMT
Strange. Can you give me the output of `ls -n /usr/bin/smtpctl` and `grep smtpq /etc/group`?
Comment by ilf (ilf) - Thursday, 04 June 2020, 18:17 GMT
```
$ ls -n /usr/bin/smtpctl
-r-xr-xr-x 1 0 92 155K Jun 3 11:30 /usr/bin/smtpctl*

$ grep smtpq /etc/group
smtpq:x:92:
```
Comment by Bruno Pagani (ArchangeGabriel) - Thursday, 04 June 2020, 18:24 GMT
Should be fixed in -4.
Comment by ilf (ilf) - Thursday, 04 June 2020, 19:00 GMT
Yes, works, thanks.

Loading...