1 |
commit: 77890fca37b6a6d889cd984eb029799652442574 |
2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Feb 23 12:31:18 2022 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Feb 23 12:32:04 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77890fca |
7 |
|
8 |
mail-filter/opendkim: update sendmail/libmilter dependency. |
9 |
|
10 |
As reported in bug 833778, it would be nice if we could bind to the |
11 |
libmilter subslot with an := dependency. In the existing ebuild, that |
12 |
wasn't possible because we accepted either libmilter || sendmail, and |
13 |
using := within an any-of clause is disallowed. |
14 |
|
15 |
Fortunately, the "|| sendmail" portion of that is a relic, for |
16 |
versions of sendmail that don't themselves use libmilter. All versions |
17 |
of mail-mta/sendmail in the tree today do, so we can drop the sendmail |
18 |
portion of that any-of dependency entirely, and then afterwards add |
19 |
the := to libmilter. |
20 |
|
21 |
Closes: https://bugs.gentoo.org/833778 |
22 |
Reported-by: Daniel M. Weeks <dan <AT> danweeks.net> |
23 |
Package-Manager: Portage-3.0.30, Repoman-3.0.3 |
24 |
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org> |
25 |
|
26 |
mail-filter/opendkim/opendkim-2.10.3-r27.ebuild | 254 ++++++++++++++++++++++++ |
27 |
1 file changed, 254 insertions(+) |
28 |
|
29 |
diff --git a/mail-filter/opendkim/opendkim-2.10.3-r27.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r27.ebuild |
30 |
new file mode 100644 |
31 |
index 000000000000..129a8167f831 |
32 |
--- /dev/null |
33 |
+++ b/mail-filter/opendkim/opendkim-2.10.3-r27.ebuild |
34 |
@@ -0,0 +1,254 @@ |
35 |
+# Copyright 1999-2022 Gentoo Authors |
36 |
+# Distributed under the terms of the GNU General Public License v2 |
37 |
+ |
38 |
+EAPI=7 |
39 |
+ |
40 |
+LUA_COMPAT=( lua5-1 lua5-2 ) |
41 |
+ |
42 |
+inherit autotools db-use systemd tmpfiles lua-single |
43 |
+ |
44 |
+DESCRIPTION="A milter providing DKIM signing and verification" |
45 |
+HOMEPAGE="http://opendkim.org/" |
46 |
+SRC_URI="https://downloads.sourceforge.net/project/opendkim/${P}.tar.gz" |
47 |
+ |
48 |
+# The GPL-2 is for the init script, bug 425960. |
49 |
+LICENSE="BSD GPL-2 Sendmail-Open-Source" |
50 |
+SLOT="0" |
51 |
+KEYWORDS="~amd64 ~arm ~arm64 ~x86" |
52 |
+IUSE="berkdb ldap lmdb lua memcached opendbx poll sasl selinux +ssl static-libs stats querycache test unbound" |
53 |
+ |
54 |
+BDEPEND="acct-user/opendkim |
55 |
+ test? ( ${LUA_DEPS} )" |
56 |
+ |
57 |
+COMMON_DEPEND="mail-filter/libmilter:= |
58 |
+ dev-libs/libbsd |
59 |
+ sys-apps/grep |
60 |
+ ssl? ( |
61 |
+ dev-libs/openssl:0= |
62 |
+ ) |
63 |
+ berkdb? ( >=sys-libs/db-3.2:* ) |
64 |
+ opendbx? ( >=dev-db/opendbx-1.4.0 ) |
65 |
+ lua? ( ${LUA_DEPS} ) |
66 |
+ ldap? ( net-nds/openldap ) |
67 |
+ lmdb? ( dev-db/lmdb ) |
68 |
+ memcached? ( dev-libs/libmemcached ) |
69 |
+ sasl? ( dev-libs/cyrus-sasl ) |
70 |
+ unbound? ( >=net-dns/unbound-1.4.1:= net-dns/dnssec-root ) |
71 |
+ !unbound? ( net-libs/ldns )" |
72 |
+ |
73 |
+DEPEND="${COMMON_DEPEND}" |
74 |
+ |
75 |
+RDEPEND="${COMMON_DEPEND} |
76 |
+ acct-user/opendkim |
77 |
+ sys-process/psmisc |
78 |
+ selinux? ( sec-policy/selinux-dkim )" |
79 |
+ |
80 |
+REQUIRED_USE="sasl? ( ldap ) |
81 |
+ stats? ( opendbx ) |
82 |
+ querycache? ( berkdb ) |
83 |
+ lua? ( ${LUA_REQUIRED_USE} ) |
84 |
+ test? ( ${LUA_REQUIRED_USE} )" |
85 |
+RESTRICT="!test? ( test )" |
86 |
+ |
87 |
+PATCHES=( |
88 |
+ "${FILESDIR}/${P}-openrc.patch" |
89 |
+ "${FILESDIR}/${P}-openssl-1.1.1.patch.r2" |
90 |
+ "${FILESDIR}/${P}-lua-pkgconfig.patch" |
91 |
+ "${FILESDIR}/${P}-lua-pkgconfig-pt2.patch" |
92 |
+ "${FILESDIR}/${P}-define-P-macro-in-libvbr.patch" |
93 |
+ "${FILESDIR}/${P}-fix-libmilter-search.patch" |
94 |
+) |
95 |
+ |
96 |
+pkg_setup() { |
97 |
+ use lua && lua-single_pkg_setup |
98 |
+} |
99 |
+ |
100 |
+src_prepare() { |
101 |
+ default |
102 |
+ sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \ |
103 |
+ -i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \ |
104 |
+ || die |
105 |
+ sed -e 's:dist_doc_DATA:dist_html_DATA:' \ |
106 |
+ -i libopendkim/docs/Makefile.am \ |
107 |
+ || die |
108 |
+ |
109 |
+ # The existing hard-coded path under /tmp is vulnerable to exploits |
110 |
+ # since (for example) a user can create a symlink there to a file |
111 |
+ # that portage will clobber. Reported upstream at, |
112 |
+ # |
113 |
+ # https://github.com/trusteddomainproject/OpenDKIM/issues/113 |
114 |
+ # |
115 |
+ sed -e "s:/tmp:${T}:" -i libopendkim/tests/t-testdata.h || die |
116 |
+ |
117 |
+ eautoreconf |
118 |
+} |
119 |
+ |
120 |
+src_configure() { |
121 |
+ local myconf=() |
122 |
+ if use berkdb ; then |
123 |
+ myconf+=( --with-db-incdir=$(db_includedir) ) |
124 |
+ fi |
125 |
+ if use unbound; then |
126 |
+ myconf+=( --with-unbound ) |
127 |
+ else |
128 |
+ myconf+=( --with-ldns ) |
129 |
+ fi |
130 |
+ if use ldap; then |
131 |
+ myconf+=( $(use_with sasl) ) |
132 |
+ fi |
133 |
+ |
134 |
+ # We install the our configuration filed under e.g. /etc/opendkim, |
135 |
+ # so the next line is necessary to point the daemon and all of its |
136 |
+ # documentation to the right location by default. |
137 |
+ myconf+=( --sysconfdir="${EPREFIX}/etc/${PN}" ) |
138 |
+ |
139 |
+ econf \ |
140 |
+ $(use_with berkdb db) \ |
141 |
+ $(use_with opendbx odbx) \ |
142 |
+ $(use_with lua) \ |
143 |
+ $(use_enable lua rbl) \ |
144 |
+ $(use_with ldap openldap) \ |
145 |
+ $(use_with lmdb) \ |
146 |
+ $(use_enable poll) \ |
147 |
+ $(use_enable querycache query_cache) \ |
148 |
+ $(use_enable static-libs static) \ |
149 |
+ $(use_enable stats) \ |
150 |
+ $(use_with memcached libmemcached) \ |
151 |
+ "${myconf[@]}" \ |
152 |
+ --enable-filter \ |
153 |
+ --with-milter \ |
154 |
+ --enable-atps \ |
155 |
+ --enable-identity_header \ |
156 |
+ --enable-rate_limit \ |
157 |
+ --enable-resign \ |
158 |
+ --enable-replace_rules \ |
159 |
+ --enable-default_sender \ |
160 |
+ --enable-sender_macro \ |
161 |
+ --enable-vbr \ |
162 |
+ --disable-live-testing \ |
163 |
+ --with-test-socket="${T}/opendkim.sock" |
164 |
+} |
165 |
+ |
166 |
+src_compile() { |
167 |
+ emake runstatedir=/run |
168 |
+} |
169 |
+ |
170 |
+src_test() { |
171 |
+ # Needed for now due to the expected sequencing of the setup/cleanup |
172 |
+ # tests, https://github.com/trusteddomainproject/OpenDKIM/issues/110 |
173 |
+ emake -j1 check |
174 |
+} |
175 |
+ |
176 |
+src_install() { |
177 |
+ default |
178 |
+ find "${D}" -name '*.la' -type f -delete || die |
179 |
+ |
180 |
+ dosbin stats/opendkim-reportstats |
181 |
+ |
182 |
+ newinitd "${S}/contrib/OpenRC/opendkim.openrc" "${PN}" |
183 |
+ newtmpfiles "${S}/contrib/systemd/opendkim.tmpfiles" "${PN}.conf" |
184 |
+ systemd_newunit "contrib/systemd/opendkim.service" "${PN}.service" |
185 |
+ |
186 |
+ dodir /etc/opendkim |
187 |
+ keepdir /var/lib/opendkim |
188 |
+ |
189 |
+ # The OpenDKIM data (particularly, your keys) should be read-only to |
190 |
+ # the UserID that the daemon runs as. |
191 |
+ fowners root:opendkim /var/lib/opendkim |
192 |
+ fperms 750 /var/lib/opendkim |
193 |
+ |
194 |
+ # Tweak the "simple" example configuration a bit before installing |
195 |
+ # it unconditionally. |
196 |
+ local cf="${T}/opendkim.conf" |
197 |
+ # Some MTAs are known to break DKIM signatures with "simple" |
198 |
+ # canonicalization [1], so we choose the "relaxed" policy |
199 |
+ # over OpenDKIM's current default settings. |
200 |
+ # [1] https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/ |
201 |
+ sed -E -e 's:^(Canonicalization)[[:space:]]+.*:\1\trelaxed/relaxed:' \ |
202 |
+ "${S}/opendkim/opendkim.conf.simple" >"${cf}" || die |
203 |
+ cat >>"${cf}" <<EOT || die |
204 |
+ |
205 |
+# The UMask is really only used for the PID file (root:root) and the |
206 |
+# local UNIX socket, if you're using one. It should be 0117 for the |
207 |
+# socket. |
208 |
+UMask 0117 |
209 |
+UserID opendkim |
210 |
+ |
211 |
+# For use with unbound |
212 |
+#TrustAnchorFile /etc/dnssec/root-anchors.txt |
213 |
+EOT |
214 |
+ insinto /etc/opendkim |
215 |
+ doins "${cf}" |
216 |
+} |
217 |
+ |
218 |
+pkg_postinst() { |
219 |
+ tmpfiles_process "${PN}.conf" |
220 |
+ if [[ -z ${REPLACING_VERSION} ]]; then |
221 |
+ elog "If you want to sign your mail messages and need some help" |
222 |
+ elog "please run:" |
223 |
+ elog " emerge --config ${CATEGORY}/${PN}" |
224 |
+ elog "It will help you create your key and give you hints on how" |
225 |
+ elog "to configure your DNS and MTA." |
226 |
+ |
227 |
+ elog "If you are using a local (UNIX) socket, then you will" |
228 |
+ elog "need to make sure that your MTA has read/write access" |
229 |
+ elog "to the socket file. This is best accomplished by creating" |
230 |
+ elog "a completely-new group with only your MTA user and the" |
231 |
+ elog "\"opendkim\" user in it. Step-by-step instructions can be" |
232 |
+ elog "found on our Wiki, at https://wiki.gentoo.org/wiki/OpenDKIM ." |
233 |
+ else |
234 |
+ ewarn "The user account for the OpenDKIM daemon has changed" |
235 |
+ ewarn "from \"milter\" to \"opendkim\" to prevent unrelated services" |
236 |
+ ewarn "from being able to read your private keys. You should" |
237 |
+ ewarn "adjust your existing configuration to use the \"opendkim\"" |
238 |
+ ewarn "user and group, and change the permissions on" |
239 |
+ ewarn "${ROOT}/var/lib/opendkim to root:opendkim with mode 0750." |
240 |
+ ewarn "The owner and group of the files within that directory" |
241 |
+ ewarn "will likely need to be adjusted as well." |
242 |
+ fi |
243 |
+} |
244 |
+ |
245 |
+pkg_config() { |
246 |
+ local selector keysize pubkey |
247 |
+ |
248 |
+ read -p "Enter the selector name (default ${HOSTNAME}): " selector |
249 |
+ [[ -n "${selector}" ]] || selector="${HOSTNAME}" |
250 |
+ if [[ -z "${selector}" ]]; then |
251 |
+ eerror "Oddly enough, you don't have a HOSTNAME." |
252 |
+ return 1 |
253 |
+ fi |
254 |
+ if [[ -f "${ROOT}/var/lib/opendkim/${selector}.private" ]]; then |
255 |
+ ewarn "The private key for this selector already exists." |
256 |
+ else |
257 |
+ keysize=1024 |
258 |
+ # Generate the private and public keys. Note that opendkim-genkeys |
259 |
+ # sets umask=077 on its own to keep these safe. However, we want |
260 |
+ # them to be readable (only!) to the opendkim user, and we manage |
261 |
+ # that by changing their groups and making everything group-readable. |
262 |
+ opendkim-genkey -b ${keysize} -D "${ROOT}/var/lib/opendkim/" \ |
263 |
+ -s "${selector}" -d '(your domain)' && \ |
264 |
+ chgrp --no-dereference opendkim \ |
265 |
+ "${ROOT}/var/lib/opendkim/${selector}".{private,txt} || \ |
266 |
+ { eerror "Failed to create private and public keys."; return 1; } |
267 |
+ chmod g+r "${ROOT}/var/lib/opendkim/${selector}".{private,txt} |
268 |
+ fi |
269 |
+ |
270 |
+ # opendkim selector configuration |
271 |
+ echo |
272 |
+ einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:" |
273 |
+ einfo " Keyfile /var/lib/opendkim/${selector}.private" |
274 |
+ einfo " Selector ${selector}" |
275 |
+ |
276 |
+ # MTA configuration |
277 |
+ echo |
278 |
+ einfo "If you are using Postfix, add following lines to your main.cf:" |
279 |
+ einfo " smtpd_milters = unix:/run/opendkim/opendkim.sock" |
280 |
+ einfo " non_smtpd_milters = unix:/run/opendkim/opendkim.sock" |
281 |
+ einfo " and read http://www.postfix.org/MILTER_README.html" |
282 |
+ |
283 |
+ # DNS configuration |
284 |
+ einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:" |
285 |
+ cat "${ROOT}/var/lib/opendkim/${selector}.txt" |
286 |
+ einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:" |
287 |
+ einfo " http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text" |
288 |
+} |