1 |
commit: 93fe7824125191ae98cfdd05704a516cb78fac35 |
2 |
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Mar 3 22:53:11 2017 +0000 |
4 |
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Mar 3 22:54:02 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93fe7824 |
7 |
|
8 |
mail-filter/opendkim: support gnutls-3.4 + eapi bump |
9 |
|
10 |
Bug: 583752 |
11 |
|
12 |
Package-Manager: Portage-2.3.3, Repoman-2.3.1 |
13 |
|
14 |
.../files/opendkim-2.10.3-gnutls-3.4.patch | 52 ++++++ |
15 |
mail-filter/opendkim/opendkim-2.10.3-r3.ebuild | 204 +++++++++++++++++++++ |
16 |
2 files changed, 256 insertions(+) |
17 |
|
18 |
diff --git a/mail-filter/opendkim/files/opendkim-2.10.3-gnutls-3.4.patch b/mail-filter/opendkim/files/opendkim-2.10.3-gnutls-3.4.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..f4594efaac9 |
21 |
--- /dev/null |
22 |
+++ b/mail-filter/opendkim/files/opendkim-2.10.3-gnutls-3.4.patch |
23 |
@@ -0,0 +1,52 @@ |
24 |
+From 3eea12e5f9af7739d5d009c6888b65bd4875a554 Mon Sep 17 00:00:00 2001 |
25 |
+From: Alon Bar-Lev <alon.barlev@×××××.com> |
26 |
+Date: Sat, 4 Mar 2017 00:41:35 +0200 |
27 |
+Subject: [PATCH] crypto: support gnutls-3.4 |
28 |
+ |
29 |
+https://sourceforge.net/p/opendkim/patches/36/ |
30 |
+ |
31 |
+Signed-off-by: Alon Bar-Lev <alon.barlev@×××××.com> |
32 |
+--- |
33 |
+ libopendkim/dkim.c | 19 ++++++++++++++++++- |
34 |
+ 1 file changed, 18 insertions(+), 1 deletion(-) |
35 |
+ |
36 |
+diff --git a/libopendkim/dkim.c b/libopendkim/dkim.c |
37 |
+index d0d75a5..0c2278e 100644 |
38 |
+--- a/libopendkim/dkim.c |
39 |
++++ b/libopendkim/dkim.c |
40 |
+@@ -5301,6 +5301,8 @@ dkim_sig_process(DKIM *dkim, DKIM_SIGINFO *sig) |
41 |
+ size_t diglen = 0; |
42 |
+ #ifdef USE_GNUTLS |
43 |
+ gnutls_datum_t key; |
44 |
++ gnutls_digest_algorithm_t hash; |
45 |
++ gnutls_sign_algorithm_t sign_algo; |
46 |
+ #else /* USE_GNUTLS */ |
47 |
+ BIO *key; |
48 |
+ #endif /* USE_GNUTLS */ |
49 |
+@@ -5442,7 +5444,22 @@ dkim_sig_process(DKIM *dkim, DKIM_SIGINFO *sig) |
50 |
+ return DKIM_STAT_OK; |
51 |
+ } |
52 |
+ |
53 |
+- rsastat = gnutls_pubkey_verify_hash(rsa->rsa_pubkey, 0, |
54 |
++ hash = GNUTLS_DIG_SHA1; |
55 |
++ |
56 |
++ if (dkim_libfeature(dkim->dkim_libhandle, |
57 |
++ DKIM_FEATURE_SHA256) && |
58 |
++ sig->sig_hashtype == DKIM_HASHTYPE_SHA256) |
59 |
++ hash = GNUTLS_DIG_SHA256; |
60 |
++ |
61 |
++ sign_algo = gnutls_pk_to_sign(GNUTLS_PK_RSA, hash); |
62 |
++ if (sign_algo == GNUTLS_SIGN_UNKNOWN) |
63 |
++ { |
64 |
++ assert(0); |
65 |
++ /* NOTREACHED */ |
66 |
++ } |
67 |
++ |
68 |
++ rsastat = gnutls_pubkey_verify_hash2(rsa->rsa_pubkey, |
69 |
++ sign_algo, 0, |
70 |
+ &rsa->rsa_digest, |
71 |
+ &rsa->rsa_sig); |
72 |
+ if (rsastat < 0) |
73 |
+-- |
74 |
+2.10.2 |
75 |
+ |
76 |
|
77 |
diff --git a/mail-filter/opendkim/opendkim-2.10.3-r3.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r3.ebuild |
78 |
new file mode 100644 |
79 |
index 00000000000..a58a39496e5 |
80 |
--- /dev/null |
81 |
+++ b/mail-filter/opendkim/opendkim-2.10.3-r3.ebuild |
82 |
@@ -0,0 +1,204 @@ |
83 |
+# Copyright 1999-2017 Gentoo Foundation |
84 |
+# Distributed under the terms of the GNU General Public License v2 |
85 |
+ |
86 |
+EAPI=6 |
87 |
+ |
88 |
+inherit autotools db-use eutils systemd user |
89 |
+ |
90 |
+# for betas |
91 |
+#MY_P=${P/_b/.B} |
92 |
+#S=${WORKDIR}/${PN}-2.8.0 |
93 |
+#SRC_URI="mirror://sourceforge/opendkim/${MY_P}.tar.gz" |
94 |
+ |
95 |
+DESCRIPTION="A milter-based application to provide DKIM signing and verification" |
96 |
+HOMEPAGE="http://opendkim.org" |
97 |
+SRC_URI="mirror://sourceforge/opendkim/${P}.tar.gz" |
98 |
+ |
99 |
+LICENSE="Sendmail-Open-Source BSD" |
100 |
+SLOT="0" |
101 |
+KEYWORDS="~amd64 ~arm ~x86" |
102 |
+IUSE="+berkdb gnutls ldap libressl lmdb lua memcached opendbx poll sasl selinux +ssl static-libs unbound" |
103 |
+ |
104 |
+DEPEND="|| ( mail-filter/libmilter mail-mta/sendmail ) |
105 |
+ dev-libs/libbsd |
106 |
+ ssl? ( |
107 |
+ !libressl? ( dev-libs/openssl:0= ) |
108 |
+ libressl? ( dev-libs/libressl:0= ) |
109 |
+ ) |
110 |
+ berkdb? ( >=sys-libs/db-3.2:* ) |
111 |
+ opendbx? ( >=dev-db/opendbx-1.4.0 ) |
112 |
+ lua? ( dev-lang/lua:* ) |
113 |
+ ldap? ( net-nds/openldap ) |
114 |
+ lmdb? ( dev-db/lmdb ) |
115 |
+ memcached? ( dev-libs/libmemcached ) |
116 |
+ sasl? ( dev-libs/cyrus-sasl ) |
117 |
+ unbound? ( >=net-dns/unbound-1.4.1 net-dns/dnssec-root ) |
118 |
+ !unbound? ( net-libs/ldns ) |
119 |
+ gnutls? ( >=net-libs/gnutls-3.3 )" |
120 |
+ |
121 |
+RDEPEND="${DEPEND} |
122 |
+ sys-process/psmisc |
123 |
+ selinux? ( sec-policy/selinux-dkim ) |
124 |
+" |
125 |
+ |
126 |
+REQUIRED_USE="sasl? ( ldap )" |
127 |
+ |
128 |
+PATCHES=( |
129 |
+ "${FILESDIR}/${P}-gnutls-3.4.patch" |
130 |
+) |
131 |
+ |
132 |
+pkg_setup() { |
133 |
+ enewgroup milter |
134 |
+ # mail-milter/spamass-milter creates milter user with this home directory |
135 |
+ # For consistency reasons, milter user must be created here with this home directory |
136 |
+ # even though this package doesn't need a home directory for this user (#280571) |
137 |
+ enewuser milter -1 -1 /var/lib/milter milter |
138 |
+} |
139 |
+ |
140 |
+src_prepare() { |
141 |
+ default |
142 |
+ |
143 |
+ sed -i -e 's:/var/db/dkim:/etc/opendkim:g' \ |
144 |
+ -e 's:/var/db/opendkim:/var/lib/opendkim:g' \ |
145 |
+ -e 's:/etc/mail:/etc/opendkim:g' \ |
146 |
+ -e 's:mailnull:milter:g' \ |
147 |
+ -e 's:^#[[:space:]]*PidFile.*:PidFile /run/opendkim/opendkim.pid:' \ |
148 |
+ opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \ |
149 |
+ stats/opendkim-reportstats{,.in} || die |
150 |
+ |
151 |
+ sed -i -e 's:dist_doc_DATA:dist_html_DATA:' libopendkim/docs/Makefile.am \ |
152 |
+ || die |
153 |
+ |
154 |
+ sed -i -e '/sock.*mt.getcwd/s:mt.getcwd():"/tmp":' opendkim/tests/*.lua |
155 |
+ sed -i -e '/sock.*mt.getcwd/s:mt.getcwd():"/proc/self/cwd":' opendkim/tests/*.lua |
156 |
+ |
157 |
+ eautoreconf |
158 |
+} |
159 |
+ |
160 |
+src_configure() { |
161 |
+ local myconf=() |
162 |
+ if use berkdb ; then |
163 |
+ myconf+=( |
164 |
+ $(db_includedir) |
165 |
+ --with-db-incdir=${myconf#-I} |
166 |
+ --enable-popauth |
167 |
+ --enable-query_cache |
168 |
+ --enable-stats |
169 |
+ ) |
170 |
+ fi |
171 |
+ if use unbound; then |
172 |
+ myconf+=( --with-unbound ) |
173 |
+ else |
174 |
+ myconf+=( --with-ldns ) |
175 |
+ fi |
176 |
+ if use ldap; then |
177 |
+ myconf+=( $(use_with sasl) ) |
178 |
+ fi |
179 |
+ econf \ |
180 |
+ $(use_with berkdb db) \ |
181 |
+ $(use_with opendbx odbx) \ |
182 |
+ $(use_with lua) \ |
183 |
+ $(use_enable lua rbl) \ |
184 |
+ $(use_with ldap openldap) \ |
185 |
+ $(use_with lmdb) \ |
186 |
+ $(use_enable poll) \ |
187 |
+ $(use_enable static-libs static) \ |
188 |
+ $(use_with gnutls) \ |
189 |
+ $(use_with memcached libmemcached) \ |
190 |
+ ${myconf[@]} \ |
191 |
+ --enable-filter \ |
192 |
+ --enable-atps \ |
193 |
+ --enable-identity_header \ |
194 |
+ --enable-rate_limit \ |
195 |
+ --enable-resign \ |
196 |
+ --enable-replace_rules \ |
197 |
+ --enable-default_sender \ |
198 |
+ --enable-sender_macro \ |
199 |
+ --enable-vbr \ |
200 |
+ --disable-live-testing |
201 |
+ #--with-test-socket=/tmp/opendkim-$(echo ${RANDOM})-S |
202 |
+ #--disable-rpath |
203 |
+} |
204 |
+ |
205 |
+src_install() { |
206 |
+ default |
207 |
+ prune_libtool_files |
208 |
+ |
209 |
+ dosbin stats/opendkim-reportstats |
210 |
+ |
211 |
+ newinitd "${FILESDIR}/opendkim.init.r3" opendkim |
212 |
+ systemd_newunit "${FILESDIR}/opendkim-r1.service" opendkim.service |
213 |
+ |
214 |
+ dodir /etc/opendkim /var/lib/opendkim |
215 |
+ fowners milter:milter /var/lib/opendkim |
216 |
+ |
217 |
+ # default configuration |
218 |
+ if [ ! -f "${ROOT}"/etc/opendkim/opendkim.conf ]; then |
219 |
+ grep ^[^#] "${S}"/opendkim/opendkim.conf.simple \ |
220 |
+ > "${D}"/etc/opendkim/opendkim.conf |
221 |
+ if use unbound; then |
222 |
+ echo TrustAnchorFile /etc/dnssec/root-anchors.txt >> "${D}"/etc/opendkim/opendkim.conf |
223 |
+ fi |
224 |
+ echo UserID milter >> "${D}"/etc/opendkim/opendkim.conf |
225 |
+ if use berkdb; then |
226 |
+ echo Statistics /var/lib/opendkim/stats.dat >> \ |
227 |
+ "${D}"/etc/opendkim/opendkim.conf |
228 |
+ fi |
229 |
+ fi |
230 |
+} |
231 |
+ |
232 |
+pkg_postinst() { |
233 |
+ if [[ -z ${REPLACING_VERSION} ]]; then |
234 |
+ elog "If you want to sign your mail messages and need some help" |
235 |
+ elog "please run:" |
236 |
+ elog " emerge --config ${CATEGORY}/${PN}" |
237 |
+ elog "It will help you create your key and give you hints on how" |
238 |
+ elog "to configure your DNS and MTA." |
239 |
+ |
240 |
+ ewarn "Make sure your MTA has r/w access to the socket file." |
241 |
+ ewarn "This can be done either by setting UMask to 002 and adding MTA's user" |
242 |
+ ewarn "to milter group or you can simply set UMask to 000." |
243 |
+ fi |
244 |
+} |
245 |
+ |
246 |
+pkg_config() { |
247 |
+ local selector keysize pubkey |
248 |
+ |
249 |
+ read -p "Enter the selector name (default ${HOSTNAME}): " selector |
250 |
+ [[ -n "${selector}" ]] || selector=${HOSTNAME} |
251 |
+ if [[ -z "${selector}" ]]; then |
252 |
+ eerror "Oddly enough, you don't have a HOSTNAME." |
253 |
+ return 1 |
254 |
+ fi |
255 |
+ if [[ -f "${ROOT}"etc/opendkim/${selector}.private ]]; then |
256 |
+ ewarn "The private key for this selector already exists." |
257 |
+ else |
258 |
+ keysize=1024 |
259 |
+ # generate the private and public keys |
260 |
+ opendkim-genkey -b ${keysize} -D "${ROOT}"etc/opendkim/ \ |
261 |
+ -s ${selector} -d '(your domain)' && \ |
262 |
+ chown milter:milter \ |
263 |
+ "${ROOT}"etc/opendkim/"${selector}".private || \ |
264 |
+ { eerror "Failed to create private and public keys." ; return 1; } |
265 |
+ chmod go-r "${ROOT}"etc/opendkim/"${selector}".private |
266 |
+ fi |
267 |
+ |
268 |
+ # opendkim selector configuration |
269 |
+ echo |
270 |
+ einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:" |
271 |
+ einfo " Keyfile /etc/opendkim/${selector}.private" |
272 |
+ einfo " Selector ${selector}" |
273 |
+ |
274 |
+ # MTA configuration |
275 |
+ echo |
276 |
+ einfo "If you are using Postfix, add following lines to your main.cf:" |
277 |
+ einfo " smtpd_milters = unix:/var/run/opendkim/opendkim.sock" |
278 |
+ einfo " non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock" |
279 |
+ einfo " and read http://www.postfix.org/MILTER_README.html" |
280 |
+ |
281 |
+ # DNS configuration |
282 |
+ einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:" |
283 |
+ cat "${ROOT}"etc/opendkim/${selector}.txt |
284 |
+ einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:" |
285 |
+ einfo " http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text" |
286 |
+} |