api: spamassassin: update local channels

This patch adds a helper to loop over all present Spamassassin
channels files in /etc/mail/spamassassin/channel.d and:
* import the included gpg key into sa-update's keyring
* run sa-update for each channel separately

the verbose argument of the helper is for reusing the code in
pmg-daily (where we only want to log errors and be less informative)

the $SA_UPDATE variable hardcoding the path of /usr/bin/sa-update was
dropped in favor of using 'sa-update' without path since we do have a
sensible setting of PATH everywhere, and hardcoding paths is
problematic (especially in usr-merged systems).

The choice of invoking sa-update for each channel separately, instead
of providing multiple '--channel' and '--gpgkey' options to a single
command was made to prevent downloading signatures, which were signed
by a key not configured for the channel.

Importing gpg-keys is also done with individual sa-update invocations,
because sa-update only imports the last present --import argument
(wrong use of Getopt::Long)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/src/PMG/API2/SpamAssassin.pm b/src/PMG/API2/SpamAssassin.pm
index 6b9f8f98e373c2d87a9c220c6451e9b22e9065b2..441fd7e793eba6adaa684d71a53d345edf914127 100644 (file)
--- a/src/PMG/API2/SpamAssassin.pm
+++ b/src/PMG/API2/SpamAssassin.pm
@@ -18,8 +18,6 @@ use Mail::SpamAssassin;
 
 use base qw(PVE::RESTHandler);
 
-my $SAUPDATE = '/usr/bin/sa-update';
-
 __PACKAGE__->register_method ({
     name => 'index',
     path => '',
@@ -108,7 +106,7 @@ __PACKAGE__->register_method({
            }
            # call sa-update to see if updates are available
 
-           my $cmd = "$SAUPDATE -v --checkonly --channel $channel";
+           my $cmd = "sa-update -v --checkonly --channel $channel";
            PVE::Tools::run_command($cmd, noerr => 1, logfunc => sub {
                my ($line) = @_;
 
@@ -171,9 +169,11 @@ __PACKAGE__->register_method({
                $ENV{http_proxy} = $http_proxy;
            }
 
-           my $cmd = "$SAUPDATE -v";
+           my $cmd = "sa-update -v";
 
            PVE::Tools::run_command($cmd, noerr => 1);
+
+           PMG::Utils::update_local_spamassassin_channels(1);
        };
 
        return $rpcenv->fork_worker('saupdate', undef, $authuser, $realcmd);

diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
index e3863b07f63c673814477735556b0b9eaf2727a0..149bcdc75ce423ee0df0285268ede8aa4037b303 100644 (file)
--- a/src/PMG/Utils.pm
+++ b/src/PMG/Utils.pm
@@ -1475,4 +1475,32 @@ sub local_spamassassin_channels {
     return $res;
 }
 
+sub update_local_spamassassin_channels {
+    my ($verbose) = @_;
+    # import all configured channel's gpg-keys to sa-update's keyring
+    my $localchannels = PMG::Utils::local_spamassassin_channels();
+    for my $channel (@$localchannels) {
+       my $importcmd = ['sa-update', '--import', $channel->{filename}];
+       push @$importcmd, '-v' if $verbose;
+
+       print "Importing gpg key from $channel->{filename}\n" if $verbose;
+       PVE::Tools::run_command($importcmd);
+    }
+
+    my $fresh_updates = 0;
+
+    for my $channel (@$localchannels) {
+       my $cmd = ['sa-update', '--channel', $channel->{channelurl}, '--gpgkey', $channel->{keyid}];
+       push @$cmd, '-v' if $verbose;
+
+       print "Updating $channel->{channelurl}\n" if $verbose;
+       my $ret = PVE::Tools::run_command($cmd, noerr => 1);
+       die "updating $channel->{channelurl} failed - sa-update exited with $ret\n" if $ret >= 2;
+
+       $fresh_updates = 1 if $ret == 0;
+    }
+
+    return $fresh_updates
+}
+
 1;