[gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/ - gentoo-commits

From:	Michael Orlitzky <mjo@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/
Date:	Tue, 16 Apr 2019 22:59:51
Message-Id:	`1555455226.8f7972686b2df35e61187a82e47566d402178c6c.mjo@gentoo`

1

commit:     8f7972686b2df35e61187a82e47566d402178c6c

2

Author:     Ralph Seichter <github <AT> seichter <DOT> de>

3

AuthorDate: Tue Apr 16 20:17:14 2019 +0000

4

Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>

5

CommitDate: Tue Apr 16 22:53:46 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f797268

7

8

mail-filter/opendkim: Removed 'gnutls' support, added enewgroup

9

10

Removed support for the 'gnutls' use flag. Added missing enewgroup

11

statement. These modifications address the two bugs listed below.

12

13

Closes: https://bugs.gentoo.org/682906

14

Closes: https://bugs.gentoo.org/683338

15

Signed-off-by: Ralph Seichter <gentoo <AT> seichter.de>

16

Package-Manager: Portage-2.3.62, Repoman-2.3.11

17

Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

18

19

 mail-filter/opendkim/opendkim-2.10.3-r10.ebuild | 227 ++++++++++++++++++++++++

20

 1 file changed, 227 insertions(+)

21

22

diff --git a/mail-filter/opendkim/opendkim-2.10.3-r10.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r10.ebuild

23

new file mode 100644

24

index 00000000000..8cba8ef6170

25

--- /dev/null

26

+++ b/mail-filter/opendkim/opendkim-2.10.3-r10.ebuild

27

@@ -0,0 +1,227 @@

28

+# Copyright 1999-2019 Gentoo Authors

29

+# Distributed under the terms of the GNU General Public License v2

30

+

31

+EAPI=6

32

+

33

+inherit autotools db-use eutils systemd user

34

+

35

+DESCRIPTION="A milter providing DKIM signing and verification"

36

+HOMEPAGE="http://opendkim.org/"

37

+SRC_URI="mirror://sourceforge/opendkim/${P}.tar.gz"

38

+

39

+# The GPL-2 is for the init script, bug 425960.

40

+LICENSE="BSD GPL-2 Sendmail-Open-Source"

41

+SLOT="0"

42

+KEYWORDS="~amd64 ~arm ~x86"

43

+IUSE="+berkdb ldap libressl lmdb lua memcached opendbx poll sasl selinux +ssl static-libs unbound"

44

+

45

+DEPEND="|| ( mail-filter/libmilter mail-mta/sendmail )

46

+	dev-libs/libbsd

47

+	ssl? (

48

+		!libressl? ( dev-libs/openssl:0= )

49

+		libressl? ( dev-libs/libressl:0= )

50

+	)

51

+	berkdb? ( >=sys-libs/db-3.2:* )

52

+	opendbx? ( >=dev-db/opendbx-1.4.0 )

53

+	lua? ( dev-lang/lua:* )

54

+	ldap? ( net-nds/openldap )

55

+	lmdb? ( dev-db/lmdb )

56

+	memcached? ( dev-libs/libmemcached )

57

+	sasl? ( dev-libs/cyrus-sasl )

58

+	unbound? ( >=net-dns/unbound-1.4.1:= net-dns/dnssec-root )

59

+	!unbound? ( net-libs/ldns )"

60

+

61

+RDEPEND="${DEPEND}

62

+	sys-process/psmisc

63

+	selinux? ( sec-policy/selinux-dkim )

64

+"

65

+

66

+REQUIRED_USE="sasl? ( ldap )"

67

+

68

+PATCHES=(

69

+	"${FILESDIR}/${P}-openssl-1.1.1.patch"

70

+)

71

+

72

+pkg_setup() {

73

+	# This user can read your private keys, and must therefore not be

74

+	# shared with any other package.

75

+	enewgroup opendkim

76

+	enewuser opendkim -1 -1 -1 opendkim

77

+}

78

+

79

+src_prepare() {

80

+	default

81

+

82

+	# We delete the "Socket" setting because it's overridden by our

83

+	# conf.d file.

84

+	sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \

85

+		-e '/^[[:space:]]*Socket/d' \

86

+		-i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \

87

+		stats/opendkim-reportstats{,.in} || die

88

+

89

+	sed -i -e 's:dist_doc_DATA:dist_html_DATA:' libopendkim/docs/Makefile.am \

90

+		|| die

91

+

92

+	# TODO: what purpose does this serve, do the tests even get run?

93

+	sed -e "/sock.*mt.getcwd/s:mt.getcwd():${T}:" \

94

+		-i opendkim/tests/*.lua || die

95

+

96

+	eautoreconf

97

+}

98

+

99

+src_configure() {

100

+	local myconf=()

101

+	if use berkdb ; then

102

+		myconf+=(

103

+			$(db_includedir)

104

+			--with-db-incdir=${myconf#-I}

105

+			--enable-popauth

106

+			--enable-query_cache

107

+			--enable-stats

108

+		)

109

+	fi

110

+	if use unbound; then

111

+		myconf+=( --with-unbound )

112

+	else

113

+		myconf+=( --with-ldns )

114

+	fi

115

+	if use ldap; then

116

+		myconf+=( $(use_with sasl) )

117

+	fi

118

+	econf \

119

+		$(use_with berkdb db) \

120

+		$(use_with opendbx odbx) \

121

+		$(use_with lua) \

122

+		$(use_enable lua rbl) \

123

+		$(use_with ldap openldap) \

124

+		$(use_with lmdb) \

125

+		$(use_enable poll) \

126

+		$(use_enable static-libs static) \

127

+		$(use_with memcached libmemcached) \

128

+		"${myconf[@]}" \

129

+		--enable-filter \

130

+		--enable-atps \

131

+		--enable-identity_header \

132

+		--enable-rate_limit \

133

+		--enable-resign \

134

+		--enable-replace_rules \

135

+		--enable-default_sender \

136

+		--enable-sender_macro \

137

+		--enable-vbr \

138

+		--disable-live-testing

139

+}

140

+

141

+src_install() {

142

+	default

143

+	prune_libtool_files

144

+

145

+	dosbin stats/opendkim-reportstats

146

+

147

+	newinitd "${FILESDIR}/opendkim.init.r6" opendkim

148

+	newconfd "${FILESDIR}/opendkim.confd" opendkim

149

+	systemd_newunit "${FILESDIR}/opendkim.service.r4" opendkim.service

150

+	systemd_install_serviced "${FILESDIR}/${PN}.service.conf" "${PN}.service"

151

+

152

+	dodir /etc/opendkim

153

+	keepdir /var/lib/opendkim

154

+

155

+	# The OpenDKIM data (particularly, your keys) should be read-only to

156

+	# the UserID that the daemon runs as.

157

+	fowners root:opendkim /var/lib/opendkim

158

+	fperms 750 /var/lib/opendkim

159

+

160

+	# Strip the comments out of the "simple" example configuration...

161

+	grep ^[^#] "${S}"/opendkim/opendkim.conf.simple \

162

+		 > "${T}/opendkim.conf" || die

163

+

164

+	# and tweak it a bit before installing it unconditionally.

165

+	echo "# For use with unbound" >> "${T}/opendkim.conf" || die

166

+	echo "#TrustAnchorFile /etc/dnssec/root-anchors.txt" \

167

+		 >> "${T}/opendkim.conf" || die

168

+	echo "UserID opendkim" >> "${T}/opendkim.conf" || die

169

+

170

+	# The UMask is really only used for the PID file (root:root) and the

171

+	# local UNIX socket, if you're using one. It should be 0117 for the

172

+	# socket, so we might as well set that unconditionally here.

173

+	echo "UMask 0117" >> "${T}/opendkim.conf" || die

174

+

175

+	insinto /etc/opendkim

176

+	doins "${T}/opendkim.conf"

177

+}

178

+

179

+pkg_postinst() {

180

+	if [[ -z ${REPLACING_VERSION} ]]; then

181

+		elog "If you want to sign your mail messages and need some help"

182

+		elog "please run:"

183

+		elog "  emerge --config ${CATEGORY}/${PN}"

184

+		elog "It will help you create your key and give you hints on how"

185

+		elog "to configure your DNS and MTA."

186

+

187

+		# TODO: This is tricky, we really need a good wiki page showing

188

+		# how to share a local socket with an MTA!

189

+		elog "If you are using a local (UNIX) socket, then you will"

190

+		elog "need to make sure that your MTA has read/write access"

191

+		elog "to the socket file. This is best accomplished by creating"

192

+		elog "a completely-new group with only your MTA user and the "

193

+		elog "\"opendkim\" user in it. You would then set \"UMask 0112\""

194

+		elog "in your opendkim.conf, and switch the primary group of your"

195

+		elog "\"opendkim\" user to the group that you just created. The"

196

+		elog "last step is necessary for the socket to be created as the"

197

+		elog "new group (and not as group \"opendkim\")".

198

+	else

199

+		ewarn "The user account for the OpenDKIM daemon has changed"

200

+		ewarn "from \"milter\" to \"opendkim\" to prevent unrelated services"

201

+		ewarn "from being able to read your private keys. You should"

202

+		ewarn "adjust your existing configuration to use the \"opendkim\""

203

+		ewarn "user and group, and change the permissions on"

204

+		ewarn "${ROOT}var/lib/opendkim to root:opendkim with mode 0750."

205

+		ewarn "The owner and group of the files within that directory"

206

+		ewarn "will likely need to be adjusted as well."

207

+	fi

208

+}

209

+

210

+pkg_config() {

211

+	local selector keysize pubkey

212

+

213

+	read -p "Enter the selector name (default ${HOSTNAME}): " selector

214

+	[[ -n "${selector}" ]] || selector="${HOSTNAME}"

215

+	if [[ -z "${selector}" ]]; then

216

+		eerror "Oddly enough, you don't have a HOSTNAME."

217

+		return 1

218

+	fi

219

+	if [[ -f "${ROOT}var/lib/opendkim/${selector}.private" ]]; then

220

+		ewarn "The private key for this selector already exists."

221

+	else

222

+		keysize=1024

223

+		# Generate the private and public keys. Note that opendkim-genkeys

224

+		# sets umask=077 on its own to keep these safe. However, we want

225

+		# them to be readable (only!) to the opendkim user, and we manage

226

+		# that by changing their groups and making everything group-readable.

227

+		opendkim-genkey -b ${keysize} -D "${ROOT}"var/lib/opendkim/ \

228

+			-s "${selector}" -d '(your domain)' && \

229

+			chgrp --no-dereference opendkim \

230

+				  "${ROOT}var/lib/opendkim/${selector}".{private,txt} || \

231

+				{ eerror "Failed to create private and public keys." ;

232

+				  return 1; }

233

+		chmod g+r "${ROOT}var/lib/opendkim/${selector}".{private,txt}

234

+	fi

235

+

236

+	# opendkim selector configuration

237

+	echo

238

+	einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:"

239

+	einfo "  Keyfile /var/lib/opendkim/${selector}.private"

240

+	einfo "  Selector ${selector}"

241

+

242

+	# MTA configuration

243

+	echo

244

+	einfo "If you are using Postfix, add following lines to your main.cf:"

245

+	einfo "  smtpd_milters     = unix:/run/opendkim/opendkim.sock"

246

+	einfo "  non_smtpd_milters = unix:/run/opendkim/opendkim.sock"

247

+	einfo "  and read http://www.postfix.org/MILTER_README.html"

248

+

249

+	# DNS configuration

250

+	einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:"

251

+	cat "${ROOT}var/lib/opendkim/${selector}.txt"

252

+	einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:"

253

+	einfo "  http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text"

254

+}

1	commit: 8f7972686b2df35e61187a82e47566d402178c6c
2	Author: Ralph Seichter <github <AT> seichter <DOT> de>
3	AuthorDate: Tue Apr 16 20:17:14 2019 +0000
4	Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
5	CommitDate: Tue Apr 16 22:53:46 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f797268
7
8	mail-filter/opendkim: Removed 'gnutls' support, added enewgroup
9
10	Removed support for the 'gnutls' use flag. Added missing enewgroup
11	statement. These modifications address the two bugs listed below.
12
13	Closes: https://bugs.gentoo.org/682906
14	Closes: https://bugs.gentoo.org/683338
15	Signed-off-by: Ralph Seichter <gentoo <AT> seichter.de>
16	Package-Manager: Portage-2.3.62, Repoman-2.3.11
17	Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
18
19	mail-filter/opendkim/opendkim-2.10.3-r10.ebuild \| 227 ++++++++++++++++++++++++
20	1 file changed, 227 insertions(+)
21
22	diff --git a/mail-filter/opendkim/opendkim-2.10.3-r10.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r10.ebuild
23	new file mode 100644
24	index 00000000000..8cba8ef6170
25	--- /dev/null
26	+++ b/mail-filter/opendkim/opendkim-2.10.3-r10.ebuild
27	@@ -0,0 +1,227 @@
28	+# Copyright 1999-2019 Gentoo Authors
29	+# Distributed under the terms of the GNU General Public License v2
30	+
31	+EAPI=6
32	+
33	+inherit autotools db-use eutils systemd user
34	+
35	+DESCRIPTION="A milter providing DKIM signing and verification"
36	+HOMEPAGE="http://opendkim.org/"
37	+SRC_URI="mirror://sourceforge/opendkim/${P}.tar.gz"
38	+
39	+# The GPL-2 is for the init script, bug 425960.
40	+LICENSE="BSD GPL-2 Sendmail-Open-Source"
41	+SLOT="0"
42	+KEYWORDS="~amd64 ~arm ~x86"
43	+IUSE="+berkdb ldap libressl lmdb lua memcached opendbx poll sasl selinux +ssl static-libs unbound"
44	+
45	+DEPEND="\|\| ( mail-filter/libmilter mail-mta/sendmail )
46	+ dev-libs/libbsd
47	+ ssl? (
48	+ !libressl? ( dev-libs/openssl:0= )
49	+ libressl? ( dev-libs/libressl:0= )
50	+ )
51	+ berkdb? ( >=sys-libs/db-3.2:* )
52	+ opendbx? ( >=dev-db/opendbx-1.4.0 )
53	+ lua? ( dev-lang/lua:* )
54	+ ldap? ( net-nds/openldap )
55	+ lmdb? ( dev-db/lmdb )
56	+ memcached? ( dev-libs/libmemcached )
57	+ sasl? ( dev-libs/cyrus-sasl )
58	+ unbound? ( >=net-dns/unbound-1.4.1:= net-dns/dnssec-root )
59	+ !unbound? ( net-libs/ldns )"
60	+
61	+RDEPEND="${DEPEND}
62	+ sys-process/psmisc
63	+ selinux? ( sec-policy/selinux-dkim )
64	+"
65	+
66	+REQUIRED_USE="sasl? ( ldap )"
67	+
68	+PATCHES=(
69	+ "${FILESDIR}/${P}-openssl-1.1.1.patch"
70	+)
71	+
72	+pkg_setup() {
73	+ # This user can read your private keys, and must therefore not be
74	+ # shared with any other package.
75	+ enewgroup opendkim
76	+ enewuser opendkim -1 -1 -1 opendkim
77	+}
78	+
79	+src_prepare() {
80	+ default
81	+
82	+ # We delete the "Socket" setting because it's overridden by our
83	+ # conf.d file.
84	+ sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \
85	+ -e '/^[[:space:]]*Socket/d' \
86	+ -i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \
87	+ stats/opendkim-reportstats{,.in} \|\| die
88	+
89	+ sed -i -e 's:dist_doc_DATA:dist_html_DATA:' libopendkim/docs/Makefile.am \
90	+ \|\| die
91	+
92	+ # TODO: what purpose does this serve, do the tests even get run?
93	+ sed -e "/sock.*mt.getcwd/s:mt.getcwd():${T}:" \
94	+ -i opendkim/tests/*.lua \|\| die
95	+
96	+ eautoreconf
97	+}
98	+
99	+src_configure() {
100	+ local myconf=()
101	+ if use berkdb ; then
102	+ myconf+=(
103	+ $(db_includedir)
104	+ --with-db-incdir=${myconf#-I}
105	+ --enable-popauth
106	+ --enable-query_cache
107	+ --enable-stats
108	+ )
109	+ fi
110	+ if use unbound; then
111	+ myconf+=( --with-unbound )
112	+ else
113	+ myconf+=( --with-ldns )
114	+ fi
115	+ if use ldap; then
116	+ myconf+=( $(use_with sasl) )
117	+ fi
118	+ econf \
119	+ $(use_with berkdb db) \
120	+ $(use_with opendbx odbx) \
121	+ $(use_with lua) \
122	+ $(use_enable lua rbl) \
123	+ $(use_with ldap openldap) \
124	+ $(use_with lmdb) \
125	+ $(use_enable poll) \
126	+ $(use_enable static-libs static) \
127	+ $(use_with memcached libmemcached) \
128	+ "${myconf[@]}" \
129	+ --enable-filter \
130	+ --enable-atps \
131	+ --enable-identity_header \
132	+ --enable-rate_limit \
133	+ --enable-resign \
134	+ --enable-replace_rules \
135	+ --enable-default_sender \
136	+ --enable-sender_macro \
137	+ --enable-vbr \
138	+ --disable-live-testing
139	+}
140	+
141	+src_install() {
142	+ default
143	+ prune_libtool_files
144	+
145	+ dosbin stats/opendkim-reportstats
146	+
147	+ newinitd "${FILESDIR}/opendkim.init.r6" opendkim
148	+ newconfd "${FILESDIR}/opendkim.confd" opendkim
149	+ systemd_newunit "${FILESDIR}/opendkim.service.r4" opendkim.service
150	+ systemd_install_serviced "${FILESDIR}/${PN}.service.conf" "${PN}.service"
151	+
152	+ dodir /etc/opendkim
153	+ keepdir /var/lib/opendkim
154	+
155	+ # The OpenDKIM data (particularly, your keys) should be read-only to
156	+ # the UserID that the daemon runs as.
157	+ fowners root:opendkim /var/lib/opendkim
158	+ fperms 750 /var/lib/opendkim
159	+
160	+ # Strip the comments out of the "simple" example configuration...
161	+ grep ^[^#] "${S}"/opendkim/opendkim.conf.simple \
162	+ > "${T}/opendkim.conf" \|\| die
163	+
164	+ # and tweak it a bit before installing it unconditionally.
165	+ echo "# For use with unbound" >> "${T}/opendkim.conf" \|\| die
166	+ echo "#TrustAnchorFile /etc/dnssec/root-anchors.txt" \
167	+ >> "${T}/opendkim.conf" \|\| die
168	+ echo "UserID opendkim" >> "${T}/opendkim.conf" \|\| die
169	+
170	+ # The UMask is really only used for the PID file (root:root) and the
171	+ # local UNIX socket, if you're using one. It should be 0117 for the
172	+ # socket, so we might as well set that unconditionally here.
173	+ echo "UMask 0117" >> "${T}/opendkim.conf" \|\| die
174	+
175	+ insinto /etc/opendkim
176	+ doins "${T}/opendkim.conf"
177	+}
178	+
179	+pkg_postinst() {
180	+ if [[ -z ${REPLACING_VERSION} ]]; then
181	+ elog "If you want to sign your mail messages and need some help"
182	+ elog "please run:"
183	+ elog " emerge --config ${CATEGORY}/${PN}"
184	+ elog "It will help you create your key and give you hints on how"
185	+ elog "to configure your DNS and MTA."
186	+
187	+ # TODO: This is tricky, we really need a good wiki page showing
188	+ # how to share a local socket with an MTA!
189	+ elog "If you are using a local (UNIX) socket, then you will"
190	+ elog "need to make sure that your MTA has read/write access"
191	+ elog "to the socket file. This is best accomplished by creating"
192	+ elog "a completely-new group with only your MTA user and the "
193	+ elog "\"opendkim\" user in it. You would then set \"UMask 0112\""
194	+ elog "in your opendkim.conf, and switch the primary group of your"
195	+ elog "\"opendkim\" user to the group that you just created. The"
196	+ elog "last step is necessary for the socket to be created as the"
197	+ elog "new group (and not as group \"opendkim\")".
198	+ else
199	+ ewarn "The user account for the OpenDKIM daemon has changed"
200	+ ewarn "from \"milter\" to \"opendkim\" to prevent unrelated services"
201	+ ewarn "from being able to read your private keys. You should"
202	+ ewarn "adjust your existing configuration to use the \"opendkim\""
203	+ ewarn "user and group, and change the permissions on"
204	+ ewarn "${ROOT}var/lib/opendkim to root:opendkim with mode 0750."
205	+ ewarn "The owner and group of the files within that directory"
206	+ ewarn "will likely need to be adjusted as well."
207	+ fi
208	+}
209	+
210	+pkg_config() {
211	+ local selector keysize pubkey
212	+
213	+ read -p "Enter the selector name (default ${HOSTNAME}): " selector
214	+ [[ -n "${selector}" ]] \|\| selector="${HOSTNAME}"
215	+ if [[ -z "${selector}" ]]; then
216	+ eerror "Oddly enough, you don't have a HOSTNAME."
217	+ return 1
218	+ fi
219	+ if [[ -f "${ROOT}var/lib/opendkim/${selector}.private" ]]; then
220	+ ewarn "The private key for this selector already exists."
221	+ else
222	+ keysize=1024
223	+ # Generate the private and public keys. Note that opendkim-genkeys
224	+ # sets umask=077 on its own to keep these safe. However, we want
225	+ # them to be readable (only!) to the opendkim user, and we manage
226	+ # that by changing their groups and making everything group-readable.
227	+ opendkim-genkey -b ${keysize} -D "${ROOT}"var/lib/opendkim/ \
228	+ -s "${selector}" -d '(your domain)' && \
229	+ chgrp --no-dereference opendkim \
230	+ "${ROOT}var/lib/opendkim/${selector}".{private,txt} \|\| \
231	+ { eerror "Failed to create private and public keys." ;
232	+ return 1; }
233	+ chmod g+r "${ROOT}var/lib/opendkim/${selector}".{private,txt}
234	+ fi
235	+
236	+ # opendkim selector configuration
237	+ echo
238	+ einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:"
239	+ einfo " Keyfile /var/lib/opendkim/${selector}.private"
240	+ einfo " Selector ${selector}"
241	+
242	+ # MTA configuration
243	+ echo
244	+ einfo "If you are using Postfix, add following lines to your main.cf:"
245	+ einfo " smtpd_milters = unix:/run/opendkim/opendkim.sock"
246	+ einfo " non_smtpd_milters = unix:/run/opendkim/opendkim.sock"
247	+ einfo " and read http://www.postfix.org/MILTER_README.html"
248	+
249	+ # DNS configuration
250	+ einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:"
251	+ cat "${ROOT}var/lib/opendkim/${selector}.txt"
252	+ einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:"
253	+ einfo " http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text"
254	+}

Gentoo Archives: gentoo-commits