chore: use proper global variable for state dir

Signed-off-by: georglauterbach <44545919+georglauterbach@users.noreply.github.com>

target/scripts/startup/setup.d/mail_state.sh

@@ -3,12 +3,10 @@
 # Consolidate all states into a single directory
 # (/var/mail-state) to allow persistence using docker volumes
 function _setup_save_states() {
-  local DEST DESTDIR STATEDIR SERVICEDIR SERVICEDIRS SERVICEFILE SERVICEFILES
+  local DEST DESTDIR SERVICEDIR SERVICEDIRS SERVICEFILE SERVICEFILES
 
-  STATEDIR='/var/mail-state'
-
-  if [[ -d ${STATEDIR} ]]; then
-    _log 'debug' "Consolidating all state onto ${STATEDIR}"
+  if [[ -d ${DMS_STATE_DIR} ]]; then
+    _log 'debug' "Consolidating all state onto ${DMS_STATE_DIR}"
 
     # Always enabled features:
     SERVICEDIRS=(
@@ -36,7 +34,7 @@ function _setup_save_states() {
     [[ ${ENABLE_SRS}          -eq 1 ]] && SERVICEFILES+=('/etc/postsrsd.secret')
 
     for SERVICEFILE in "${SERVICEFILES[@]}"; do
-      DEST="${STATEDIR}/${SERVICEFILE}"
+      DEST="${DMS_STATE_DIR}/${SERVICEFILE}"
       DESTDIR="${DEST%/*}"
 
       mkdir -p "${DESTDIR}"
@@ -50,7 +48,7 @@ function _setup_save_states() {
         mv "${SERVICEFILE}" "${DEST}"
         # Apply SELinux security context to match the state directory, so access
         # is not restricted to the current running container:
-        chcon -R --reference="${STATEDIR}" "${DEST}" 2>/dev/null || true
+        chcon -R --reference="${DMS_STATE_DIR}" "${DEST}" 2>/dev/null || true
       fi
 
       # Symlink the original file in the container ($SERVICEFILE) to be
@@ -59,7 +57,7 @@ function _setup_save_states() {
     done
 
     for SERVICEDIR in "${SERVICEDIRS[@]}"; do
-      DEST="${STATEDIR}/${SERVICEDIR//\//-}"
+      DEST="${DMS_STATE_DIR}/${SERVICEDIR//\//-}"
       SERVICEDIR="/var/${SERVICEDIR}"
 
       # If relevant content is found in /var/mail-state (presumably a volume mount),
@@ -74,7 +72,7 @@ function _setup_save_states() {
         mv "${SERVICEDIR}" "${DEST}"
         # Apply SELinux security context to match the state directory, so access
         # is not restricted to the current running container:
-        chcon -R --reference="${STATEDIR}" "${DEST}" 2>/dev/null || true
+        chcon -R --reference="${DMS_STATE_DIR}" "${DEST}" 2>/dev/null || true
       else
         _log 'error' "${SERVICEDIR} should exist but is missing"
       fi
@@ -84,29 +82,29 @@ function _setup_save_states() {
       ln -s "${DEST}" "${SERVICEDIR}"
     done
   else
-    _log 'debug' "'${STATEDIR}' is not present; Not consolidating state"
+    _log 'debug' "'${DMS_STATE_DIR}' is not present; Not consolidating state"
   fi
 }
 
 function _setup_adjust_state_permissions() {
-  if [[ -d ${STATEDIR} ]]; then
+  if [[ -d ${DMS_STATE_DIR} ]]; then
     # This ensures the user and group of the files from the external mount have their
     # numeric ID values in sync. New releases where the installed packages order changes
     # can change the values in the Docker image, causing an ownership mismatch.
     # NOTE: More details about users and groups added during image builds are documented here:
     # https://github.com/docker-mailserver/docker-mailserver/pull/3011#issuecomment-1399120252
-    _log 'trace' "Fixing ${STATEDIR}/* permissions"
-    [[ ${ENABLE_AMAVIS}       -eq 1 ]] && chown -R amavis:amavis             "${STATEDIR}/lib-amavis"
-    [[ ${ENABLE_CLAMAV}       -eq 1 ]] && chown -R clamav:clamav             "${STATEDIR}/lib-clamav"
-    [[ ${ENABLE_FETCHMAIL}    -eq 1 ]] && chown -R fetchmail:nogroup         "${STATEDIR}/lib-fetchmail"
-    [[ ${ENABLE_MTA_STS}      -eq 1 ]] && chown -R _mta-sts:_mta-sts         "${STATEDIR}/lib-mta-sts"
-    [[ ${ENABLE_POSTGREY}     -eq 1 ]] && chown -R postgrey:postgrey         "${STATEDIR}/lib-postgrey"
-    [[ ${ENABLE_RSPAMD}       -eq 1 ]] && chown -R _rspamd:_rspamd           "${STATEDIR}/lib-rspamd"
-    [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && chown -R redis:redis               "${STATEDIR}/lib-redis"
-    [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && chown -R debian-spamd:debian-spamd "${STATEDIR}/lib-spamassassin"
+    _log 'trace' "Fixing ${DMS_STATE_DIR}/* permissions"
+    [[ ${ENABLE_AMAVIS}       -eq 1 ]] && chown -R amavis:amavis             "${DMS_STATE_DIR}/lib-amavis"
+    [[ ${ENABLE_CLAMAV}       -eq 1 ]] && chown -R clamav:clamav             "${DMS_STATE_DIR}/lib-clamav"
+    [[ ${ENABLE_FETCHMAIL}    -eq 1 ]] && chown -R fetchmail:nogroup         "${DMS_STATE_DIR}/lib-fetchmail"
+    [[ ${ENABLE_MTA_STS}      -eq 1 ]] && chown -R _mta-sts:_mta-sts         "${DMS_STATE_DIR}/lib-mta-sts"
+    [[ ${ENABLE_POSTGREY}     -eq 1 ]] && chown -R postgrey:postgrey         "${DMS_STATE_DIR}/lib-postgrey"
+    [[ ${ENABLE_RSPAMD}       -eq 1 ]] && chown -R _rspamd:_rspamd           "${DMS_STATE_DIR}/lib-rspamd"
+    [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && chown -R redis:redis               "${DMS_STATE_DIR}/lib-redis"
+    [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && chown -R debian-spamd:debian-spamd "${DMS_STATE_DIR}/lib-spamassassin"
 
-    chown -R root:root "${STATEDIR}/lib-logrotate"
-    chown -R postfix:postfix "${STATEDIR}/lib-postfix"
+    chown -R root:root "${DMS_STATE_DIR}/lib-logrotate"
+    chown -R postfix:postfix "${DMS_STATE_DIR}/lib-postfix"
 
     # NOTE: The Postfix spool location has mixed owner/groups to take into account:
     # UID = postfix(101): active, bounce, corrupt, defer, deferred, flush, hold, incoming, maildrop, private, public, saved, trace
@@ -115,15 +113,15 @@ function _setup_adjust_state_permissions() {
     # GID for all other directories is root(0)
     # NOTE: `spool-postfix/private/` will be set to `postfix:postfix` when Postfix starts / restarts
     # Set most common ownership:
-    chown -R postfix:root "${STATEDIR}/spool-postfix"
-    chown root:root "${STATEDIR}/spool-postfix"
+    chown -R postfix:root "${DMS_STATE_DIR}/spool-postfix"
+    chown root:root "${DMS_STATE_DIR}/spool-postfix"
 
     # These two require the postdrop(103) group:
-    chgrp -R postdrop "${STATEDIR}"/spool-postfix/{maildrop,public}
+    chgrp -R postdrop "${DMS_STATE_DIR}"/spool-postfix/{maildrop,public}
 
     # These permissions rely on the `postdrop` binary having the SGID bit set.
     # Ref: https://github.com/docker-mailserver/docker-mailserver/pull/3625
-    chmod 730 "${STATEDIR}/spool-postfix/maildrop"
-    chmod 710 "${STATEDIR}/spool-postfix/public"
+    chmod 730 "${DMS_STATE_DIR}/spool-postfix/maildrop"
+    chmod 710 "${DMS_STATE_DIR}/spool-postfix/public"
   fi
 }

target/scripts/startup/variables-stack.sh

@@ -10,6 +10,17 @@ function _early_variables_setup() {
   __environment_variables_export
 }
 
+# Declare a variable as readonly if it is not already set.
+function __declare_readonly() {
+  local VARIABLE_NAME=${1:?Variable name required when declaring a variable as readonly}
+  local VARIABLE_VALUE=${2:?Variable value required when declaring a variable as readonly}
+
+  if [[ ! -v ${VARIABLE_NAME} ]]; then
+    readonly "${VARIABLE_NAME}=${VARIABLE_VALUE}"
+    VARS[${VARIABLE_NAME}]="${VARIABLE_VALUE}"
+  fi
+}
+
 # This function handles variables that are deprecated. This allows a
 # smooth transition period, without the need of removing a variable
 # completely with a single version.
@@ -56,6 +67,12 @@ function __environment_variables_general_setup() {
   VARS[DMS_VMAIL_UID]="${DMS_VMAIL_UID:=5000}"
   VARS[DMS_VMAIL_GID]="${DMS_VMAIL_GID:=5000}"
 
+  # internal variables are next
+
+  __declare_readonly 'DMS_STATE_DIR' '/var/mail-state'
+
+  # user-customizable are last
+
   _log 'trace' 'Setting anti-spam & anti-virus environment variables'
 
   VARS[AMAVIS_LOGLEVEL]="${AMAVIS_LOGLEVEL:=0}"