The net-im/ejabberd-17.04-r2 ebuild oddly checks the config file in postinst for the path to a certificate, and if none is found installs a self-signed certificate to the fixed path /etc/ssl/ejabberd/server.pem While odd to begin with, this causes an error when the following two conditions are met: a) /etc/ssl/ejabberd/server.pem (at least as the default) does not exist b) ejabberd is installed from a binary package As a workaround the following commands will suppress the error (and not generate the self-signed certificate): # mkdir /etc/ssl/ejabberd # touch /etc/ssl/ejabberd/server.pem Reproducible: Always Steps to Reproduce: 1. emerge --buildpkg ejabberd 2. emerge -C ejabberd 3. rm -r /etc/ssl/ejabberd 4. emerge --usepkg ejabberd Actual Results: >>> Emerging binary (1 of 1) net-im/ejabberd-17.04-r2::gentoo >>> Installing (1 of 1) net-im/ejabberd-17.04-r2::gentoo >>> Failed to execute postinst for net-im/ejabberd-17.04-r2 >>> Jobs: 1 of 1 complete Load avg: 0.68, 0.30, 0.11 * Messages for package net-im/ejabberd-17.04-r2: * FAILED postinst: 1 * For configuration instructions, please see * https://docs.ejabberd.im/ * ERROR: net-im/ejabberd-17.04-r2::gentoo failed (postinst phase): * (no error message) * * Call stack: * ebuild.sh, line 125: Called pkg_postinst * environment, line 2929: Called ejabberd_cert_install * environment, line 1271: Called die * The specific snippet of code: * chown root:jabber "${EROOT%/}${EJABBERD_CERT}" || die; * * If you need support, post the output of `emerge --info '=net-im/ejabberd-17.04-r2::gentoo'`, * the complete build log and the output of `emerge -pqv '=net-im/ejabberd-17.04-r2::gentoo'`. * The complete build log is located at '/var/tmp/portage/net-im/ejabberd-17.04-r2/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/net-im/ejabberd-17.04-r2/temp/environment'. * Working directory: '/var/tmp/portage/net-im/ejabberd-17.04-r2/homedir' * S: '/var/tmp/portage/net-im/ejabberd-17.04-r2/work/ejabberd-17.04' * GNU info directory index is up-to-date. Expected Results: I would have expected to not get the error. Whether the self-signed certificate exists or not is not meaningful to me personally. When the error does occur, I would have expected a more meaningful error message. # emerge --info Timestamp of repository gentoo: Sat, 28 Mar 2020 03:30:01 +0000 Head commit of repository gentoo: d053cef9f20bf1c116d706c03f4172b7b41c0b34 sh bash 4.4_p23-r1 ld GNU ld (Gentoo 2.33.1 p2) 2.33.1 app-shells/bash: 4.4_p23-r1::gentoo dev-lang/perl: 5.30.1::gentoo dev-lang/python: 2.7.17-r1::gentoo, 3.6.10::gentoo, 3.7.6::gentoo dev-util/cmake: 3.16.5::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6-r1::gentoo sys-apps/openrc: 0.42.1::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.69-r4::gentoo sys-devel/automake: 1.16.1-r1::gentoo sys-devel/binutils: 2.33.1-r1::gentoo sys-devel/gcc: 9.2.0-r2::gentoo sys-devel/gcc-config: 2.2.1::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 5.4::gentoo (virtual/os-headers) sys-libs/glibc: 2.29-r7::gentoo Repositories: gentoo location: /srv/portage/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-metamanifest: yes sync-rsync-verify-max-age: 24 sync-rsync-extra-opts: sync-rsync-verify-jobs: 1 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=native" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.4/ext-active/ /etc/php/cgi-php7.4/ext-active/ /etc/php/cli-php7.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=native" DISTDIR="/srv/portage/distfiles/" EMERGE_DEFAULT_OPTS="--changed-deps=y --jobs=4 --load-average=8 --with-bdeps=y --usepkg=y" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ http://ftp.halifax.rwth-aachen.de/gentoo/ http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/" LANG="en_DK.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j4" PKGDIR="/srv/portage/packages/" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="acl amd64 apache2 authlib bzip2 caps crypt fam git gssapi hardened iconv icu idn ipv6 jabber jingle kerberos libtirpc mmx ncurses nls nptl openmp pam pcre pie postgres readline samba sasl seccomp snmp split-usr sse sse2 ssl ssp syslog threads unicode vhosts vim-syntax xattr xmpp xtpax zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias proxy proxy_http proxy_balancer slotmem_shm lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" RUBY_TARGETS="ruby24 ruby25" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ef9adb36a21fda32d38eaa0c4d0cf4312ade686 commit 7ef9adb36a21fda32d38eaa0c4d0cf4312ade686 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2021-12-07 10:30:13 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2021-12-07 10:42:15 +0000 net-im/ejabberd: add 21.04-r1 This marks two important transitions: - from EAPI 6 to EAPI 7 - from net-im/jabber-base to acct-user/ejabberd The latter also means that ejabberd now runs under its own 'ejabberd' user, and no longer used the *shared* 'jabber' user from net-im/jabber-base. This increases the isolation of ejabberd. The configuration directory also changes from /etc/jabber, which is a non-standard ejabberd directory used only by Gentoo, to /etc/ejabberd, ejabberd's standard configuration directory. Futhermore, the custom SSL/TLS certificate handling (via the ssl-cert eclass) is removed, as ejabberd has for a long time now a built-in ACME client. And the certificate handling significantly increased the complecity of the ejabberd ebuild. This also fixes bug #716968. The ebuild also now passes the correct localstatedir to econf. Previously ejabberd would use /var/lib/lib/ejabberd. Ejabberd also unnecessarily created /var/lock/ejabberdctl, even though this directory is no longer used. This is now fixed in the ebuild and a patch was submitted and accepted upstream [1]. This also drops the non-upstream systemd tmpfile.conf. The directory created by the tmpfile is only ever used if the user manually configured it. And in this case, we should trust the user to also ensure that the directory is created. This further reduces the complexity of the ebuild. 1: https://github.com/processone/ejabberd/pull/3724 Signed-off-by: Florian Schmaus <flow@gentoo.org> Closes: https://bugs.gentoo.org/716968 net-im/ejabberd/ejabberd-21.04-r1.ebuild | 233 +++++++++++++++++++++++++++++++ 1 file changed, 233 insertions(+)
