Setting up Tinderbox2
The Install file in the root of the Tbox2 directory contains a lot of very useful information for setting up Tinderbox2.
One of the more maddening parts of setting up Tbox2 is the requirement that several disparate parts of the system all run using the same $UID:
- The webserver
- Cron jobs that build the tables
- Scripts that are called when build updates are mailed.
Unforunately, setting all of these up is not foolproof.
For changing the UID of the webserver, you'll have to see the documentation for the webserver. Apache 2 uses suEXEC, which can only be run on a virtual server (e.g., http://tbox2.server/). You may need to build apache specifically to enable this. Improperly setup suexec allows big gaping holes in some of the security of the webserver, so be careful when using it!
Changing the UID of the cron jobs shouldn't be too hard - an exercise left to the reader.
Changing the UID of scripts that are called upon receiving mail can be straightforward. Tbox2 expects mail sent to "tinderbox_builds@<host>" and "tinderbox_bugzilla@<host>" to be forwarded to the processmail_builds and processmail_bugs scripts, which should be run with the same UID as the rest of tinderbox.
I have a few notes on setting this up with postfix:
1. Assume a user of tbox2 on a machine called "server", with the scripts in /opt/tbox2/bin/. 2. Create an alias file for the tinderbox addresses - I used /etc/postfix/aliases.tbox. It contains:
tinderbox_builds: |/opt/tbox2/bin/processmail_builds tinderbox_bugzilla: |/opt/tbox2/bin/processmail_bugs
3. Run /usr/sbin/postalias /etc/postfix/aliases.tbox (I had to do this as root). This creates a new file /etc/postfix/aliases.tbox.db. 4. Change the owner and group of these files to the tbox2 user:
chown tbox2 /etc/postfix/aliases.tbox* chgrp tbox2 /etc/postfix/aliases.tbox*
This worked for me. YMMV.
- Webserver may not support set-uid functionality - no way around this except rebuilding the server or using apache as the tbox2 user.
- Potential to steal all mail: Using apache as the owner of the aliases.tbox file means that if apache is ever compromised, then mail can be diverted from all users.
- Potential to steal all mail: Using tbox2 as the owner of the aliases.tbox file means that if Tinderbox2 is ever compromised, then mail can be diverted from all users.