1 |
commit: 8f7972686b2df35e61187a82e47566d402178c6c |
2 |
Author: Ralph Seichter <github <AT> seichter <DOT> de> |
3 |
AuthorDate: Tue Apr 16 20:17:14 2019 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Apr 16 22:53:46 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f797268 |
7 |
|
8 |
mail-filter/opendkim: Removed 'gnutls' support, added enewgroup |
9 |
|
10 |
Removed support for the 'gnutls' use flag. Added missing enewgroup |
11 |
statement. These modifications address the two bugs listed below. |
12 |
|
13 |
Closes: https://bugs.gentoo.org/682906 |
14 |
Closes: https://bugs.gentoo.org/683338 |
15 |
Signed-off-by: Ralph Seichter <gentoo <AT> seichter.de> |
16 |
Package-Manager: Portage-2.3.62, Repoman-2.3.11 |
17 |
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org> |
18 |
|
19 |
mail-filter/opendkim/opendkim-2.10.3-r10.ebuild | 227 ++++++++++++++++++++++++ |
20 |
1 file changed, 227 insertions(+) |
21 |
|
22 |
diff --git a/mail-filter/opendkim/opendkim-2.10.3-r10.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r10.ebuild |
23 |
new file mode 100644 |
24 |
index 00000000000..8cba8ef6170 |
25 |
--- /dev/null |
26 |
+++ b/mail-filter/opendkim/opendkim-2.10.3-r10.ebuild |
27 |
@@ -0,0 +1,227 @@ |
28 |
+# Copyright 1999-2019 Gentoo Authors |
29 |
+# Distributed under the terms of the GNU General Public License v2 |
30 |
+ |
31 |
+EAPI=6 |
32 |
+ |
33 |
+inherit autotools db-use eutils systemd user |
34 |
+ |
35 |
+DESCRIPTION="A milter providing DKIM signing and verification" |
36 |
+HOMEPAGE="http://opendkim.org/" |
37 |
+SRC_URI="mirror://sourceforge/opendkim/${P}.tar.gz" |
38 |
+ |
39 |
+# The GPL-2 is for the init script, bug 425960. |
40 |
+LICENSE="BSD GPL-2 Sendmail-Open-Source" |
41 |
+SLOT="0" |
42 |
+KEYWORDS="~amd64 ~arm ~x86" |
43 |
+IUSE="+berkdb ldap libressl lmdb lua memcached opendbx poll sasl selinux +ssl static-libs unbound" |
44 |
+ |
45 |
+DEPEND="|| ( mail-filter/libmilter mail-mta/sendmail ) |
46 |
+ dev-libs/libbsd |
47 |
+ ssl? ( |
48 |
+ !libressl? ( dev-libs/openssl:0= ) |
49 |
+ libressl? ( dev-libs/libressl:0= ) |
50 |
+ ) |
51 |
+ berkdb? ( >=sys-libs/db-3.2:* ) |
52 |
+ opendbx? ( >=dev-db/opendbx-1.4.0 ) |
53 |
+ lua? ( dev-lang/lua:* ) |
54 |
+ ldap? ( net-nds/openldap ) |
55 |
+ lmdb? ( dev-db/lmdb ) |
56 |
+ memcached? ( dev-libs/libmemcached ) |
57 |
+ sasl? ( dev-libs/cyrus-sasl ) |
58 |
+ unbound? ( >=net-dns/unbound-1.4.1:= net-dns/dnssec-root ) |
59 |
+ !unbound? ( net-libs/ldns )" |
60 |
+ |
61 |
+RDEPEND="${DEPEND} |
62 |
+ sys-process/psmisc |
63 |
+ selinux? ( sec-policy/selinux-dkim ) |
64 |
+" |
65 |
+ |
66 |
+REQUIRED_USE="sasl? ( ldap )" |
67 |
+ |
68 |
+PATCHES=( |
69 |
+ "${FILESDIR}/${P}-openssl-1.1.1.patch" |
70 |
+) |
71 |
+ |
72 |
+pkg_setup() { |
73 |
+ # This user can read your private keys, and must therefore not be |
74 |
+ # shared with any other package. |
75 |
+ enewgroup opendkim |
76 |
+ enewuser opendkim -1 -1 -1 opendkim |
77 |
+} |
78 |
+ |
79 |
+src_prepare() { |
80 |
+ default |
81 |
+ |
82 |
+ # We delete the "Socket" setting because it's overridden by our |
83 |
+ # conf.d file. |
84 |
+ sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \ |
85 |
+ -e '/^[[:space:]]*Socket/d' \ |
86 |
+ -i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \ |
87 |
+ stats/opendkim-reportstats{,.in} || die |
88 |
+ |
89 |
+ sed -i -e 's:dist_doc_DATA:dist_html_DATA:' libopendkim/docs/Makefile.am \ |
90 |
+ || die |
91 |
+ |
92 |
+ # TODO: what purpose does this serve, do the tests even get run? |
93 |
+ sed -e "/sock.*mt.getcwd/s:mt.getcwd():${T}:" \ |
94 |
+ -i opendkim/tests/*.lua || die |
95 |
+ |
96 |
+ eautoreconf |
97 |
+} |
98 |
+ |
99 |
+src_configure() { |
100 |
+ local myconf=() |
101 |
+ if use berkdb ; then |
102 |
+ myconf+=( |
103 |
+ $(db_includedir) |
104 |
+ --with-db-incdir=${myconf#-I} |
105 |
+ --enable-popauth |
106 |
+ --enable-query_cache |
107 |
+ --enable-stats |
108 |
+ ) |
109 |
+ fi |
110 |
+ if use unbound; then |
111 |
+ myconf+=( --with-unbound ) |
112 |
+ else |
113 |
+ myconf+=( --with-ldns ) |
114 |
+ fi |
115 |
+ if use ldap; then |
116 |
+ myconf+=( $(use_with sasl) ) |
117 |
+ fi |
118 |
+ econf \ |
119 |
+ $(use_with berkdb db) \ |
120 |
+ $(use_with opendbx odbx) \ |
121 |
+ $(use_with lua) \ |
122 |
+ $(use_enable lua rbl) \ |
123 |
+ $(use_with ldap openldap) \ |
124 |
+ $(use_with lmdb) \ |
125 |
+ $(use_enable poll) \ |
126 |
+ $(use_enable static-libs static) \ |
127 |
+ $(use_with memcached libmemcached) \ |
128 |
+ "${myconf[@]}" \ |
129 |
+ --enable-filter \ |
130 |
+ --enable-atps \ |
131 |
+ --enable-identity_header \ |
132 |
+ --enable-rate_limit \ |
133 |
+ --enable-resign \ |
134 |
+ --enable-replace_rules \ |
135 |
+ --enable-default_sender \ |
136 |
+ --enable-sender_macro \ |
137 |
+ --enable-vbr \ |
138 |
+ --disable-live-testing |
139 |
+} |
140 |
+ |
141 |
+src_install() { |
142 |
+ default |
143 |
+ prune_libtool_files |
144 |
+ |
145 |
+ dosbin stats/opendkim-reportstats |
146 |
+ |
147 |
+ newinitd "${FILESDIR}/opendkim.init.r6" opendkim |
148 |
+ newconfd "${FILESDIR}/opendkim.confd" opendkim |
149 |
+ systemd_newunit "${FILESDIR}/opendkim.service.r4" opendkim.service |
150 |
+ systemd_install_serviced "${FILESDIR}/${PN}.service.conf" "${PN}.service" |
151 |
+ |
152 |
+ dodir /etc/opendkim |
153 |
+ keepdir /var/lib/opendkim |
154 |
+ |
155 |
+ # The OpenDKIM data (particularly, your keys) should be read-only to |
156 |
+ # the UserID that the daemon runs as. |
157 |
+ fowners root:opendkim /var/lib/opendkim |
158 |
+ fperms 750 /var/lib/opendkim |
159 |
+ |
160 |
+ # Strip the comments out of the "simple" example configuration... |
161 |
+ grep ^[^#] "${S}"/opendkim/opendkim.conf.simple \ |
162 |
+ > "${T}/opendkim.conf" || die |
163 |
+ |
164 |
+ # and tweak it a bit before installing it unconditionally. |
165 |
+ echo "# For use with unbound" >> "${T}/opendkim.conf" || die |
166 |
+ echo "#TrustAnchorFile /etc/dnssec/root-anchors.txt" \ |
167 |
+ >> "${T}/opendkim.conf" || die |
168 |
+ echo "UserID opendkim" >> "${T}/opendkim.conf" || die |
169 |
+ |
170 |
+ # The UMask is really only used for the PID file (root:root) and the |
171 |
+ # local UNIX socket, if you're using one. It should be 0117 for the |
172 |
+ # socket, so we might as well set that unconditionally here. |
173 |
+ echo "UMask 0117" >> "${T}/opendkim.conf" || die |
174 |
+ |
175 |
+ insinto /etc/opendkim |
176 |
+ doins "${T}/opendkim.conf" |
177 |
+} |
178 |
+ |
179 |
+pkg_postinst() { |
180 |
+ if [[ -z ${REPLACING_VERSION} ]]; then |
181 |
+ elog "If you want to sign your mail messages and need some help" |
182 |
+ elog "please run:" |
183 |
+ elog " emerge --config ${CATEGORY}/${PN}" |
184 |
+ elog "It will help you create your key and give you hints on how" |
185 |
+ elog "to configure your DNS and MTA." |
186 |
+ |
187 |
+ # TODO: This is tricky, we really need a good wiki page showing |
188 |
+ # how to share a local socket with an MTA! |
189 |
+ elog "If you are using a local (UNIX) socket, then you will" |
190 |
+ elog "need to make sure that your MTA has read/write access" |
191 |
+ elog "to the socket file. This is best accomplished by creating" |
192 |
+ elog "a completely-new group with only your MTA user and the " |
193 |
+ elog "\"opendkim\" user in it. You would then set \"UMask 0112\"" |
194 |
+ elog "in your opendkim.conf, and switch the primary group of your" |
195 |
+ elog "\"opendkim\" user to the group that you just created. The" |
196 |
+ elog "last step is necessary for the socket to be created as the" |
197 |
+ elog "new group (and not as group \"opendkim\")". |
198 |
+ else |
199 |
+ ewarn "The user account for the OpenDKIM daemon has changed" |
200 |
+ ewarn "from \"milter\" to \"opendkim\" to prevent unrelated services" |
201 |
+ ewarn "from being able to read your private keys. You should" |
202 |
+ ewarn "adjust your existing configuration to use the \"opendkim\"" |
203 |
+ ewarn "user and group, and change the permissions on" |
204 |
+ ewarn "${ROOT}var/lib/opendkim to root:opendkim with mode 0750." |
205 |
+ ewarn "The owner and group of the files within that directory" |
206 |
+ ewarn "will likely need to be adjusted as well." |
207 |
+ fi |
208 |
+} |
209 |
+ |
210 |
+pkg_config() { |
211 |
+ local selector keysize pubkey |
212 |
+ |
213 |
+ read -p "Enter the selector name (default ${HOSTNAME}): " selector |
214 |
+ [[ -n "${selector}" ]] || selector="${HOSTNAME}" |
215 |
+ if [[ -z "${selector}" ]]; then |
216 |
+ eerror "Oddly enough, you don't have a HOSTNAME." |
217 |
+ return 1 |
218 |
+ fi |
219 |
+ if [[ -f "${ROOT}var/lib/opendkim/${selector}.private" ]]; then |
220 |
+ ewarn "The private key for this selector already exists." |
221 |
+ else |
222 |
+ keysize=1024 |
223 |
+ # Generate the private and public keys. Note that opendkim-genkeys |
224 |
+ # sets umask=077 on its own to keep these safe. However, we want |
225 |
+ # them to be readable (only!) to the opendkim user, and we manage |
226 |
+ # that by changing their groups and making everything group-readable. |
227 |
+ opendkim-genkey -b ${keysize} -D "${ROOT}"var/lib/opendkim/ \ |
228 |
+ -s "${selector}" -d '(your domain)' && \ |
229 |
+ chgrp --no-dereference opendkim \ |
230 |
+ "${ROOT}var/lib/opendkim/${selector}".{private,txt} || \ |
231 |
+ { eerror "Failed to create private and public keys." ; |
232 |
+ return 1; } |
233 |
+ chmod g+r "${ROOT}var/lib/opendkim/${selector}".{private,txt} |
234 |
+ fi |
235 |
+ |
236 |
+ # opendkim selector configuration |
237 |
+ echo |
238 |
+ einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:" |
239 |
+ einfo " Keyfile /var/lib/opendkim/${selector}.private" |
240 |
+ einfo " Selector ${selector}" |
241 |
+ |
242 |
+ # MTA configuration |
243 |
+ echo |
244 |
+ einfo "If you are using Postfix, add following lines to your main.cf:" |
245 |
+ einfo " smtpd_milters = unix:/run/opendkim/opendkim.sock" |
246 |
+ einfo " non_smtpd_milters = unix:/run/opendkim/opendkim.sock" |
247 |
+ einfo " and read http://www.postfix.org/MILTER_README.html" |
248 |
+ |
249 |
+ # DNS configuration |
250 |
+ einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:" |
251 |
+ cat "${ROOT}var/lib/opendkim/${selector}.txt" |
252 |
+ einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:" |
253 |
+ einfo " http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text" |
254 |
+} |