[gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/, mail-filter/opendkim/files/ - gentoo-commits

From:	Michael Orlitzky <mjo@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/, mail-filter/opendkim/files/
Date:	Tue, 28 Jan 2020 19:51:15
Message-Id:	`1580240876.27f5cf2a6b5241f55adab59c541d18fc04fe7509.mjo@gentoo`

1

commit:     27f5cf2a6b5241f55adab59c541d18fc04fe7509

2

Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jan 28 19:28:59 2020 +0000

4

Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>

5

CommitDate: Tue Jan 28 19:47:56 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27f5cf2a

7

8

mail-filter/opendkim: new revision to fix liblua detection.

9

10

The ./configure script for OpenDKIM is all kinds of crazy when it

11

comes to detecting liblua. First, the PKG_CHECK_MODULES call was

12

looking for the wrong module, and I had to add the correct name to the

13

list. But then, once pkg-config could find liblua, it was doing the

14

wrong thing -- none of the "I have Lua support" commands were being

15

executed. So in a way it was fortunate that the old PKG_CHECK_MODULES

16

was failing. In any case, I've patched configure.ac to fix everything,

17

and will be sending a PR upstream.

18

19

This new revision adds that patch.

20

21

Closes: https://bugs.gentoo.org/704556

22

Package-Manager: Portage-2.3.84, Repoman-2.3.20

23

Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

24

25

 .../files/opendkim-2.10.3-lua-pkgconfig.patch      | 174 ++++++++++++++++

26

 mail-filter/opendkim/opendkim-2.10.3-r18.ebuild    | 228 +++++++++++++++++++++

27

 2 files changed, 402 insertions(+)

28

29

diff --git a/mail-filter/opendkim/files/opendkim-2.10.3-lua-pkgconfig.patch b/mail-filter/opendkim/files/opendkim-2.10.3-lua-pkgconfig.patch

30

new file mode 100644

31

index 00000000000..ee8d5769f76

32

--- /dev/null

33

+++ b/mail-filter/opendkim/files/opendkim-2.10.3-lua-pkgconfig.patch

34

@@ -0,0 +1,174 @@

35

+From 1f1c947a983c49677544ab08dea3ea04869a8caf Mon Sep 17 00:00:00 2001

36

+From: Michael Orlitzky <michael@××××××××.com>

37

+Date: Sun, 26 Jan 2020 22:29:16 -0500

38

+Subject: [PATCH 1/1] configure.ac: check for "lua" with pkg-config in addition

39

+ to "lua5.1".

40

+

41

+The upstream Lua pkg-config file is named lua.pc, so unless some

42

+distribution renames it, OpenDKIM should be looking for "lua"

43

+and not "lua5.1" in its PKG_CHECK_MODULES call. In any case, we

44

+should definitely be checking for "lua", so this commit appends it

45

+to the list of modules we look for. The "lua5.1" module was left

46

+alone, because I don't know enough of the history to be sure that

47

+removing it is the right thing to do.

48

+

49

+When the call to PKG_CHECK_MODULES fails, OpenDKIM falls back to

50

+a manual search that looks in /usr/lib, and this can detect 32-bit

51

+libraries on a 64-bit system. Therefore it is preferable that the

52

+PKG_CHECK_MODULES call succeed.

53

+

54

+In the process of adding this fallback, I realized that some

55

+additional actions need to be performed in the success branch of

56

+the existing (and new) PKG_CHECK_MODULES call. The following

57

+three lines were added,

58

+

59

+  AC_SEARCH_LIBS([dlopen], [dl])

60

+  AC_SUBST([LUA_MANNOTICE], "")

61

+  AC_DEFINE([USE_LUA], 1, [support for Lua scripting])

62

+

63

+to tell various parts of OpenDKIM that we do indeed have Lua support.

64

+Afterwards, it became clear that those three lines could be factored

65

+out of *every* lua check, so that has been done as well.

66

+

67

+Closes: https://github.com/trusteddomainproject/OpenDKIM/issues/62

68

+Gentoo-bug: https://bugs.gentoo.org/704556

69

+---

70

+ configure.ac | 45 +++++++++++++++++----------------------------

71

+ 1 file changed, 17 insertions(+), 28 deletions(-)

72

+

73

+diff --git a/configure.ac b/configure.ac

74

+index a478bb83..1d0db41a 100644

75

+--- a/configure.ac

76

++++ b/configure.ac

77

+@@ -1495,12 +1495,20 @@ lua_found="no"

78

+

79

+ if test \(  x"$luapath" = x"auto" -o x"$luapath" = x"yes" \) -a x"$PKG_CONFIG" != x""

80

+ then

81

+-        PKG_CHECK_MODULES([LIBLUA], [lua5.1],

82

+-	                  [

83

+-				lua_found="yes"

84

+-				LIBLUA_INCDIRS="$LIBLUA_CFLAGS"

85

+-	                  ],

86

+-			  [AC_MSG_WARN([pkg-config for Lua not found, trying manual search...])])

87

++  PKG_CHECK_MODULES([LIBLUA], [lua5.1], [

88

++      LIBLUA_INCDIRS="$LIBLUA_CFLAGS"

89

++      lua_found="yes"

90

++    ],

91

++    [

92

++      AC_MSG_WARN([pkg-config for lua5.1 not found, trying lua...])

93

++      PKG_CHECK_MODULES([LIBLUA], [lua], [

94

++          LIBLUA_INCDIRS="$LIBLUA_CFLAGS"

95

++          lua_found="yes"

96

++        ],

97

++	[AC_MSG_WARN([pkg-config for lua not found, trying manual search...])]

98

++      )

99

++    ]

100

++  )

101

+ fi

102

+

103

+ if test \( x"$luapath" = x"yes" -o x"$luapath" = x"auto" \) -a x"$lua_found" = x"no"

104

+@@ -1515,10 +1523,6 @@ then

105

+ 			LIBLUA_INCDIRS="-I$d/include/lua51"

106

+ 			LIBLUA_LIBDIRS="-L$d/lib/lua51"

107

+ 			LIBLUA_LIBS="-llua -lm"

108

+-			AC_SEARCH_LIBS([dlopen], [dl])

109

+-			AC_DEFINE([USE_LUA], 1,

110

+-			          [support for Lua scripting])

111

+-			AC_SUBST([LUA_MANNOTICE], "")

112

+ 			lua_found="yes"

113

+ 			break

114

+ 		elif test -f $d/include/lua52/lua.h

115

+@@ -1527,10 +1531,6 @@ then

116

+ 			LIBLUA_INCDIRS="-I$d/include/lua52"

117

+ 			LIBLUA_LIBDIRS="-L$d/lib/lua52"

118

+ 			LIBLUA_LIBS="-llua -lm"

119

+-			AC_SEARCH_LIBS([dlopen], [dl])

120

+-			AC_DEFINE([USE_LUA], 1,

121

+-			          [support for Lua scripting])

122

+-			AC_SUBST([LUA_MANNOTICE], "")

123

+ 			lua_found="yes"

124

+ 			break

125

+ 		elif test -f $d/include/lua5.1/lua.h

126

+@@ -1539,10 +1539,6 @@ then

127

+ 			LIBLUA_INCDIRS="-I$d/include/lua5.1"

128

+ 			LIBLUA_LIBDIRS="-L$d/lib"

129

+ 			LIBLUA_LIBS="-llua5.1 -lm"

130

+-			AC_SEARCH_LIBS([dlopen], [dl])

131

+-			AC_DEFINE([USE_LUA], 1,

132

+-			          [support for Lua scripting])

133

+-			AC_SUBST([LUA_MANNOTICE], "")

134

+ 			lua_found="yes"

135

+ 			break

136

+ 		elif test -f $d/include/lua5.2/lua.h

137

+@@ -1551,10 +1547,6 @@ then

138

+ 			LIBLUA_INCDIRS="-I$d/include/lua5.2"

139

+ 			LIBLUA_LIBDIRS="-L$d/lib"

140

+ 			LIBLUA_LIBS="-llua5.2 -lm"

141

+-			AC_SEARCH_LIBS([dlopen], [dl])

142

+-			AC_DEFINE([USE_LUA], 1,

143

+-			          [support for Lua scripting])

144

+-			AC_SUBST([LUA_MANNOTICE], "")

145

+ 			lua_found="yes"

146

+ 			break

147

+ 		elif test -f $d/include/lua.h

148

+@@ -1563,7 +1555,6 @@ then

149

+ 			LIBLUA_INCDIRS="-I$d/include"

150

+ 			LIBLUA_LIBDIRS="-L$d/lib"

151

+ 			LIBLUA_LIBS="-llua -lm"

152

+-			AC_SEARCH_LIBS([dlopen], [dl])

153

+ 			lua_found="yes"

154

+ 			break

155

+ 		fi

156

+@@ -1588,7 +1579,6 @@ then

157

+ 		LIBLUA_INCDIRS="-I$luapath/include/lua51"

158

+ 		LIBLUA_LIBDIRS="-L$luapath/lib/lua51"

159

+ 		LIBLUA_LIBS="-llua -lm"

160

+-		AC_SEARCH_LIBS([dlopen], [dl])

161

+ 		lua_found="yes"

162

+ 	elif test -f $luapath/include/lua52/lua.h

163

+ 	then

164

+@@ -1596,7 +1586,6 @@ then

165

+ 		LIBLUA_INCDIRS="-I$luapath/include/lua52"

166

+ 		LIBLUA_LIBDIRS="-L$luapath/lib/lua52"

167

+ 		LIBLUA_LIBS="-llua -lm"

168

+-		AC_SEARCH_LIBS([dlopen], [dl])

169

+ 		lua_found="yes"

170

+ 	elif test -f $luapath/include/lua5.1/lua.h

171

+ 	then

172

+@@ -1604,7 +1593,6 @@ then

173

+ 		LIBLUA_INCDIRS="-I$luapath/include/lua5.1"

174

+ 		LIBLUA_LIBDIRS="-L$luapath/lib"

175

+ 		LIBLUA_LIBS="-llua5.1 -lm"

176

+-		AC_SEARCH_LIBS([dlopen], [dl])

177

+ 		lua_found="yes"

178

+ 	elif test -f $luapath/include/lua5.2/lua.h

179

+ 	then

180

+@@ -1612,7 +1600,6 @@ then

181

+ 		LIBLUA_INCDIRS="-I$luapath/include/lua5.2"

182

+ 		LIBLUA_LIBDIRS="-L$luapath/lib"

183

+ 		LIBLUA_LIBS="-llua5.2 -lm"

184

+-		AC_SEARCH_LIBS([dlopen], [dl])

185

+ 		lua_found="yes"

186

+ 	elif test -f $luapath/include/lua.h

187

+ 	then

188

+@@ -1620,7 +1607,6 @@ then

189

+ 		LIBLUA_INCDIRS="-I$luapath/include"

190

+ 		LIBLUA_LIBDIRS="-L$luapath/lib"

191

+ 		LIBLUA_LIBS="-llua -lm"

192

+-		AC_SEARCH_LIBS([dlopen], [dl])

193

+ 		lua_found="yes"

194

+ 	else

195

+ 		AC_MSG_ERROR(not found at $luapath)

196

+@@ -1629,6 +1615,9 @@ fi

197

+

198

+ if test x"$lua_found" = x"yes"

199

+ then

200

++	AC_SUBST([LUA_MANNOTICE], "")

201

++	AC_DEFINE([USE_LUA], 1, [support for Lua scripting])

202

++	AC_SEARCH_LIBS([dlopen], [dl])

203

+ 	saved_CPPFLAGS="$CPPFLAGS"

204

+ 	CPPFLAGS="$outer_CPPFLAGS $LIBLUA_INCDIRS"

205

+ 	AC_MSG_CHECKING([Lua version])

206

+--

207

+2.24.1

208

+

209

210

diff --git a/mail-filter/opendkim/opendkim-2.10.3-r18.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r18.ebuild

211

new file mode 100644

212

index 00000000000..260010392d1

213

--- /dev/null

214

+++ b/mail-filter/opendkim/opendkim-2.10.3-r18.ebuild

215

@@ -0,0 +1,228 @@

216

+# Copyright 1999-2020 Gentoo Authors

217

+# Distributed under the terms of the GNU General Public License v2

218

+

219

+EAPI=7

220

+

221

+inherit autotools db-use eutils systemd tmpfiles

222

+

223

+DESCRIPTION="A milter providing DKIM signing and verification"

224

+HOMEPAGE="http://opendkim.org/"

225

+SRC_URI="https://downloads.sourceforge.net/project/opendkim/${P}.tar.gz"

226

+

227

+# The GPL-2 is for the init script, bug 425960.

228

+LICENSE="BSD GPL-2 Sendmail-Open-Source"

229

+SLOT="0"

230

+KEYWORDS="~amd64 ~arm ~x86"

231

+IUSE="berkdb ldap libressl lmdb lua memcached opendbx poll sasl selinux +ssl static-libs stats querycache test unbound"

232

+

233

+BDEPEND="acct-user/opendkim

234

+	test? ( dev-lang/lua:* )"

235

+

236

+COMMON_DEPEND="|| ( mail-filter/libmilter mail-mta/sendmail )

237

+	dev-libs/libbsd

238

+	sys-apps/grep

239

+	ssl? (

240

+		!libressl? ( dev-libs/openssl:0= )

241

+		libressl? ( dev-libs/libressl:0= )

242

+	)

243

+	berkdb? ( >=sys-libs/db-3.2:* )

244

+	opendbx? ( >=dev-db/opendbx-1.4.0 )

245

+	lua? ( dev-lang/lua:* )

246

+	ldap? ( net-nds/openldap )

247

+	lmdb? ( dev-db/lmdb )

248

+	memcached? ( dev-libs/libmemcached )

249

+	sasl? ( dev-libs/cyrus-sasl )

250

+	unbound? ( >=net-dns/unbound-1.4.1:= net-dns/dnssec-root )

251

+	!unbound? ( net-libs/ldns )"

252

+

253

+DEPEND="${COMMON_DEPEND}"

254

+

255

+RDEPEND="${COMMON_DEPEND}

256

+	acct-user/opendkim

257

+	sys-process/psmisc

258

+	selinux? ( sec-policy/selinux-dkim )"

259

+

260

+REQUIRED_USE="sasl? ( ldap )

261

+	stats? ( opendbx )

262

+	querycache? ( berkdb )"

263

+RESTRICT="!test? ( test )"

264

+

265

+PATCHES=(

266

+	"${FILESDIR}/${P}-openrc.patch"

267

+	"${FILESDIR}/${P}-openssl-1.1.1.patch.r2"

268

+	"${FILESDIR}/${P}-lua-pkgconfig.patch"

269

+)

270

+

271

+src_prepare() {

272

+	default

273

+	sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \

274

+		-i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \

275

+		|| die

276

+	sed -e 's:dist_doc_DATA:dist_html_DATA:' \

277

+		-i libopendkim/docs/Makefile.am \

278

+		|| die

279

+	eautoreconf

280

+}

281

+

282

+src_configure() {

283

+	local myconf=()

284

+	if use berkdb ; then

285

+		myconf+=( --with-db-incdir=$(db_includedir) )

286

+	fi

287

+	if use unbound; then

288

+		myconf+=( --with-unbound )

289

+	else

290

+		myconf+=( --with-ldns )

291

+	fi

292

+	if use ldap; then

293

+		myconf+=( $(use_with sasl) )

294

+	fi

295

+

296

+	# We install the our configuration filed under e.g. /etc/opendkim,

297

+	# so the next line is necessary to point the daemon and all of its

298

+	# documentation to the right location by default.

299

+	myconf+=( --sysconfdir="${EPREFIX}/etc/${PN}" )

300

+

301

+	econf \

302

+		$(use_with berkdb db) \

303

+		$(use_with opendbx odbx) \

304

+		$(use_with lua) \

305

+		$(use_enable lua rbl) \

306

+		$(use_with ldap openldap) \

307

+		$(use_with lmdb) \

308

+		$(use_enable poll) \

309

+		$(use_enable querycache query_cache) \

310

+		$(use_enable static-libs static) \

311

+		$(use_enable stats) \

312

+		$(use_with memcached libmemcached) \

313

+		"${myconf[@]}" \

314

+		--enable-filter \

315

+		--enable-atps \

316

+		--enable-identity_header \

317

+		--enable-rate_limit \

318

+		--enable-resign \

319

+		--enable-replace_rules \

320

+		--enable-default_sender \

321

+		--enable-sender_macro \

322

+		--enable-vbr \

323

+		--disable-live-testing \

324

+		--with-test-socket="${T}/opendkim.sock"

325

+}

326

+

327

+src_compile() {

328

+	emake runstatedir=/run

329

+}

330

+

331

+src_install() {

332

+	default

333

+	find "${D}" -name '*.la' -type f -delete || die

334

+

335

+	dosbin stats/opendkim-reportstats

336

+

337

+	newinitd "${S}/contrib/OpenRC/opendkim.openrc" "${PN}"

338

+	systemd_newtmpfilesd "${S}/contrib/systemd/opendkim.tmpfiles" "${PN}.conf"

339

+	systemd_newunit "contrib/systemd/opendkim.service" "${PN}.service"

340

+

341

+	dodir /etc/opendkim

342

+	keepdir /var/lib/opendkim

343

+

344

+	# The OpenDKIM data (particularly, your keys) should be read-only to

345

+	# the UserID that the daemon runs as.

346

+	fowners root:opendkim /var/lib/opendkim

347

+	fperms 750 /var/lib/opendkim

348

+

349

+	# Tweak the "simple" example configuration a bit before installing

350

+	# it unconditionally.

351

+	local cf="${T}/opendkim.conf"

352

+	# Some MTAs are known to break DKIM signatures with "simple"

353

+	# canonicalization [1], so we choose the "relaxed" policy

354

+	# over OpenDKIM's current default settings.

355

+	# [1] https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/

356

+	sed -E -e 's:^(Canonicalization)[[:space:]]+.*:\1\trelaxed/relaxed:' \

357

+		"${S}/opendkim/opendkim.conf.simple" >"${cf}" || die

358

+	cat >>"${cf}" <<EOT || die

359

+

360

+# The UMask is really only used for the PID file (root:root) and the

361

+# local UNIX socket, if you're using one. It should be 0117 for the

362

+# socket.

363

+UMask			0117

364

+UserID			opendkim

365

+

366

+# For use with unbound

367

+#TrustAnchorFile	/etc/dnssec/root-anchors.txt

368

+EOT

369

+	insinto /etc/opendkim

370

+	doins "${cf}"

371

+}

372

+

373

+pkg_postinst() {

374

+	tmpfiles_process "${PN}.conf"

375

+	if [[ -z ${REPLACING_VERSION} ]]; then

376

+		elog "If you want to sign your mail messages and need some help"

377

+		elog "please run:"

378

+		elog "	emerge --config ${CATEGORY}/${PN}"

379

+		elog "It will help you create your key and give you hints on how"

380

+		elog "to configure your DNS and MTA."

381

+

382

+		elog "If you are using a local (UNIX) socket, then you will"

383

+		elog "need to make sure that your MTA has read/write access"

384

+		elog "to the socket file. This is best accomplished by creating"

385

+		elog "a completely-new group with only your MTA user and the"

386

+		elog "\"opendkim\" user in it. Step-by-step instructions can be"

387

+		elog "found on our Wiki, at https://wiki.gentoo.org/wiki/OpenDKIM ."

388

+	else

389

+		ewarn "The user account for the OpenDKIM daemon has changed"

390

+		ewarn "from \"milter\" to \"opendkim\" to prevent unrelated services"

391

+		ewarn "from being able to read your private keys. You should"

392

+		ewarn "adjust your existing configuration to use the \"opendkim\""

393

+		ewarn "user and group, and change the permissions on"

394

+		ewarn "${ROOT}/var/lib/opendkim to root:opendkim with mode 0750."

395

+		ewarn "The owner and group of the files within that directory"

396

+		ewarn "will likely need to be adjusted as well."

397

+	fi

398

+}

399

+

400

+pkg_config() {

401

+	local selector keysize pubkey

402

+

403

+	read -p "Enter the selector name (default ${HOSTNAME}): " selector

404

+	[[ -n "${selector}" ]] || selector="${HOSTNAME}"

405

+	if [[ -z "${selector}" ]]; then

406

+		eerror "Oddly enough, you don't have a HOSTNAME."

407

+		return 1

408

+	fi

409

+	if [[ -f "${ROOT}/var/lib/opendkim/${selector}.private" ]]; then

410

+		ewarn "The private key for this selector already exists."

411

+	else

412

+		keysize=1024

413

+		# Generate the private and public keys. Note that opendkim-genkeys

414

+		# sets umask=077 on its own to keep these safe. However, we want

415

+		# them to be readable (only!) to the opendkim user, and we manage

416

+		# that by changing their groups and making everything group-readable.

417

+		opendkim-genkey -b ${keysize} -D "${ROOT}/var/lib/opendkim/" \

418

+			-s "${selector}" -d '(your domain)' && \

419

+			chgrp --no-dereference opendkim \

420

+				"${ROOT}/var/lib/opendkim/${selector}".{private,txt} || \

421

+				{ eerror "Failed to create private and public keys."; return 1; }

422

+		chmod g+r "${ROOT}/var/lib/opendkim/${selector}".{private,txt}

423

+	fi

424

+

425

+	# opendkim selector configuration

426

+	echo

427

+	einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:"

428

+	einfo "  Keyfile /var/lib/opendkim/${selector}.private"

429

+	einfo "  Selector ${selector}"

430

+

431

+	# MTA configuration

432

+	echo

433

+	einfo "If you are using Postfix, add following lines to your main.cf:"

434

+	einfo "  smtpd_milters	   = unix:/run/opendkim/opendkim.sock"

435

+	einfo "  non_smtpd_milters = unix:/run/opendkim/opendkim.sock"

436

+	einfo "  and read http://www.postfix.org/MILTER_README.html"

437

+

438

+	# DNS configuration

439

+	einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:"

440

+	cat "${ROOT}/var/lib/opendkim/${selector}.txt"

441

+	einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:"

442

+	einfo "  http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text"

443

+}

1	commit: 27f5cf2a6b5241f55adab59c541d18fc04fe7509
2	Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jan 28 19:28:59 2020 +0000
4	Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
5	CommitDate: Tue Jan 28 19:47:56 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27f5cf2a
7
8	mail-filter/opendkim: new revision to fix liblua detection.
9
10	The ./configure script for OpenDKIM is all kinds of crazy when it
11	comes to detecting liblua. First, the PKG_CHECK_MODULES call was
12	looking for the wrong module, and I had to add the correct name to the
13	list. But then, once pkg-config could find liblua, it was doing the
14	wrong thing -- none of the "I have Lua support" commands were being
15	executed. So in a way it was fortunate that the old PKG_CHECK_MODULES
16	was failing. In any case, I've patched configure.ac to fix everything,
17	and will be sending a PR upstream.
18
19	This new revision adds that patch.
20
21	Closes: https://bugs.gentoo.org/704556
22	Package-Manager: Portage-2.3.84, Repoman-2.3.20
23	Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
24
25	.../files/opendkim-2.10.3-lua-pkgconfig.patch \| 174 ++++++++++++++++
26	mail-filter/opendkim/opendkim-2.10.3-r18.ebuild \| 228 +++++++++++++++++++++
27	2 files changed, 402 insertions(+)
28
29	diff --git a/mail-filter/opendkim/files/opendkim-2.10.3-lua-pkgconfig.patch b/mail-filter/opendkim/files/opendkim-2.10.3-lua-pkgconfig.patch
30	new file mode 100644
31	index 00000000000..ee8d5769f76
32	--- /dev/null
33	+++ b/mail-filter/opendkim/files/opendkim-2.10.3-lua-pkgconfig.patch
34	@@ -0,0 +1,174 @@
35	+From 1f1c947a983c49677544ab08dea3ea04869a8caf Mon Sep 17 00:00:00 2001
36	+From: Michael Orlitzky <michael@××××××××.com>
37	+Date: Sun, 26 Jan 2020 22:29:16 -0500
38	+Subject: [PATCH 1/1] configure.ac: check for "lua" with pkg-config in addition
39	+ to "lua5.1".
40	+
41	+The upstream Lua pkg-config file is named lua.pc, so unless some
42	+distribution renames it, OpenDKIM should be looking for "lua"
43	+and not "lua5.1" in its PKG_CHECK_MODULES call. In any case, we
44	+should definitely be checking for "lua", so this commit appends it
45	+to the list of modules we look for. The "lua5.1" module was left
46	+alone, because I don't know enough of the history to be sure that
47	+removing it is the right thing to do.
48	+
49	+When the call to PKG_CHECK_MODULES fails, OpenDKIM falls back to
50	+a manual search that looks in /usr/lib, and this can detect 32-bit
51	+libraries on a 64-bit system. Therefore it is preferable that the
52	+PKG_CHECK_MODULES call succeed.
53	+
54	+In the process of adding this fallback, I realized that some
55	+additional actions need to be performed in the success branch of
56	+the existing (and new) PKG_CHECK_MODULES call. The following
57	+three lines were added,
58	+
59	+ AC_SEARCH_LIBS([dlopen], [dl])
60	+ AC_SUBST([LUA_MANNOTICE], "")
61	+ AC_DEFINE([USE_LUA], 1, [support for Lua scripting])
62	+
63	+to tell various parts of OpenDKIM that we do indeed have Lua support.
64	+Afterwards, it became clear that those three lines could be factored
65	+out of every lua check, so that has been done as well.
66	+
67	+Closes: https://github.com/trusteddomainproject/OpenDKIM/issues/62
68	+Gentoo-bug: https://bugs.gentoo.org/704556
69	+---
70	+ configure.ac \| 45 +++++++++++++++++----------------------------
71	+ 1 file changed, 17 insertions(+), 28 deletions(-)
72	+
73	+diff --git a/configure.ac b/configure.ac
74	+index a478bb83..1d0db41a 100644
75	+--- a/configure.ac
76	++++ b/configure.ac
77	+@@ -1495,12 +1495,20 @@ lua_found="no"
78	+
79	+ if test \( x"$luapath" = x"auto" -o x"$luapath" = x"yes" \) -a x"$PKG_CONFIG" != x""
80	+ then
81	+- PKG_CHECK_MODULES([LIBLUA], [lua5.1],
82	+- [
83	+- lua_found="yes"
84	+- LIBLUA_INCDIRS="$LIBLUA_CFLAGS"
85	+- ],
86	+- [AC_MSG_WARN([pkg-config for Lua not found, trying manual search...])])
87	++ PKG_CHECK_MODULES([LIBLUA], [lua5.1], [
88	++ LIBLUA_INCDIRS="$LIBLUA_CFLAGS"
89	++ lua_found="yes"
90	++ ],
91	++ [
92	++ AC_MSG_WARN([pkg-config for lua5.1 not found, trying lua...])
93	++ PKG_CHECK_MODULES([LIBLUA], [lua], [
94	++ LIBLUA_INCDIRS="$LIBLUA_CFLAGS"
95	++ lua_found="yes"
96	++ ],
97	++ [AC_MSG_WARN([pkg-config for lua not found, trying manual search...])]
98	++ )
99	++ ]
100	++ )
101	+ fi
102	+
103	+ if test \( x"$luapath" = x"yes" -o x"$luapath" = x"auto" \) -a x"$lua_found" = x"no"
104	+@@ -1515,10 +1523,6 @@ then
105	+ LIBLUA_INCDIRS="-I$d/include/lua51"
106	+ LIBLUA_LIBDIRS="-L$d/lib/lua51"
107	+ LIBLUA_LIBS="-llua -lm"
108	+- AC_SEARCH_LIBS([dlopen], [dl])
109	+- AC_DEFINE([USE_LUA], 1,
110	+- [support for Lua scripting])
111	+- AC_SUBST([LUA_MANNOTICE], "")
112	+ lua_found="yes"
113	+ break
114	+ elif test -f $d/include/lua52/lua.h
115	+@@ -1527,10 +1531,6 @@ then
116	+ LIBLUA_INCDIRS="-I$d/include/lua52"
117	+ LIBLUA_LIBDIRS="-L$d/lib/lua52"
118	+ LIBLUA_LIBS="-llua -lm"
119	+- AC_SEARCH_LIBS([dlopen], [dl])
120	+- AC_DEFINE([USE_LUA], 1,
121	+- [support for Lua scripting])
122	+- AC_SUBST([LUA_MANNOTICE], "")
123	+ lua_found="yes"
124	+ break
125	+ elif test -f $d/include/lua5.1/lua.h
126	+@@ -1539,10 +1539,6 @@ then
127	+ LIBLUA_INCDIRS="-I$d/include/lua5.1"
128	+ LIBLUA_LIBDIRS="-L$d/lib"
129	+ LIBLUA_LIBS="-llua5.1 -lm"
130	+- AC_SEARCH_LIBS([dlopen], [dl])
131	+- AC_DEFINE([USE_LUA], 1,
132	+- [support for Lua scripting])
133	+- AC_SUBST([LUA_MANNOTICE], "")
134	+ lua_found="yes"
135	+ break
136	+ elif test -f $d/include/lua5.2/lua.h
137	+@@ -1551,10 +1547,6 @@ then
138	+ LIBLUA_INCDIRS="-I$d/include/lua5.2"
139	+ LIBLUA_LIBDIRS="-L$d/lib"
140	+ LIBLUA_LIBS="-llua5.2 -lm"
141	+- AC_SEARCH_LIBS([dlopen], [dl])
142	+- AC_DEFINE([USE_LUA], 1,
143	+- [support for Lua scripting])
144	+- AC_SUBST([LUA_MANNOTICE], "")
145	+ lua_found="yes"
146	+ break
147	+ elif test -f $d/include/lua.h
148	+@@ -1563,7 +1555,6 @@ then
149	+ LIBLUA_INCDIRS="-I$d/include"
150	+ LIBLUA_LIBDIRS="-L$d/lib"
151	+ LIBLUA_LIBS="-llua -lm"
152	+- AC_SEARCH_LIBS([dlopen], [dl])
153	+ lua_found="yes"
154	+ break
155	+ fi
156	+@@ -1588,7 +1579,6 @@ then
157	+ LIBLUA_INCDIRS="-I$luapath/include/lua51"
158	+ LIBLUA_LIBDIRS="-L$luapath/lib/lua51"
159	+ LIBLUA_LIBS="-llua -lm"
160	+- AC_SEARCH_LIBS([dlopen], [dl])
161	+ lua_found="yes"
162	+ elif test -f $luapath/include/lua52/lua.h
163	+ then
164	+@@ -1596,7 +1586,6 @@ then
165	+ LIBLUA_INCDIRS="-I$luapath/include/lua52"
166	+ LIBLUA_LIBDIRS="-L$luapath/lib/lua52"
167	+ LIBLUA_LIBS="-llua -lm"
168	+- AC_SEARCH_LIBS([dlopen], [dl])
169	+ lua_found="yes"
170	+ elif test -f $luapath/include/lua5.1/lua.h
171	+ then
172	+@@ -1604,7 +1593,6 @@ then
173	+ LIBLUA_INCDIRS="-I$luapath/include/lua5.1"
174	+ LIBLUA_LIBDIRS="-L$luapath/lib"
175	+ LIBLUA_LIBS="-llua5.1 -lm"
176	+- AC_SEARCH_LIBS([dlopen], [dl])
177	+ lua_found="yes"
178	+ elif test -f $luapath/include/lua5.2/lua.h
179	+ then
180	+@@ -1612,7 +1600,6 @@ then
181	+ LIBLUA_INCDIRS="-I$luapath/include/lua5.2"
182	+ LIBLUA_LIBDIRS="-L$luapath/lib"
183	+ LIBLUA_LIBS="-llua5.2 -lm"
184	+- AC_SEARCH_LIBS([dlopen], [dl])
185	+ lua_found="yes"
186	+ elif test -f $luapath/include/lua.h
187	+ then
188	+@@ -1620,7 +1607,6 @@ then
189	+ LIBLUA_INCDIRS="-I$luapath/include"
190	+ LIBLUA_LIBDIRS="-L$luapath/lib"
191	+ LIBLUA_LIBS="-llua -lm"
192	+- AC_SEARCH_LIBS([dlopen], [dl])
193	+ lua_found="yes"
194	+ else
195	+ AC_MSG_ERROR(not found at $luapath)
196	+@@ -1629,6 +1615,9 @@ fi
197	+
198	+ if test x"$lua_found" = x"yes"
199	+ then
200	++ AC_SUBST([LUA_MANNOTICE], "")
201	++ AC_DEFINE([USE_LUA], 1, [support for Lua scripting])
202	++ AC_SEARCH_LIBS([dlopen], [dl])
203	+ saved_CPPFLAGS="$CPPFLAGS"
204	+ CPPFLAGS="$outer_CPPFLAGS $LIBLUA_INCDIRS"
205	+ AC_MSG_CHECKING([Lua version])
206	+--
207	+2.24.1
208	+
209
210	diff --git a/mail-filter/opendkim/opendkim-2.10.3-r18.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r18.ebuild
211	new file mode 100644
212	index 00000000000..260010392d1
213	--- /dev/null
214	+++ b/mail-filter/opendkim/opendkim-2.10.3-r18.ebuild
215	@@ -0,0 +1,228 @@
216	+# Copyright 1999-2020 Gentoo Authors
217	+# Distributed under the terms of the GNU General Public License v2
218	+
219	+EAPI=7
220	+
221	+inherit autotools db-use eutils systemd tmpfiles
222	+
223	+DESCRIPTION="A milter providing DKIM signing and verification"
224	+HOMEPAGE="http://opendkim.org/"
225	+SRC_URI="https://downloads.sourceforge.net/project/opendkim/${P}.tar.gz"
226	+
227	+# The GPL-2 is for the init script, bug 425960.
228	+LICENSE="BSD GPL-2 Sendmail-Open-Source"
229	+SLOT="0"
230	+KEYWORDS="~amd64 ~arm ~x86"
231	+IUSE="berkdb ldap libressl lmdb lua memcached opendbx poll sasl selinux +ssl static-libs stats querycache test unbound"
232	+
233	+BDEPEND="acct-user/opendkim
234	+ test? ( dev-lang/lua:* )"
235	+
236	+COMMON_DEPEND="\|\| ( mail-filter/libmilter mail-mta/sendmail )
237	+ dev-libs/libbsd
238	+ sys-apps/grep
239	+ ssl? (
240	+ !libressl? ( dev-libs/openssl:0= )
241	+ libressl? ( dev-libs/libressl:0= )
242	+ )
243	+ berkdb? ( >=sys-libs/db-3.2:* )
244	+ opendbx? ( >=dev-db/opendbx-1.4.0 )
245	+ lua? ( dev-lang/lua:* )
246	+ ldap? ( net-nds/openldap )
247	+ lmdb? ( dev-db/lmdb )
248	+ memcached? ( dev-libs/libmemcached )
249	+ sasl? ( dev-libs/cyrus-sasl )
250	+ unbound? ( >=net-dns/unbound-1.4.1:= net-dns/dnssec-root )
251	+ !unbound? ( net-libs/ldns )"
252	+
253	+DEPEND="${COMMON_DEPEND}"
254	+
255	+RDEPEND="${COMMON_DEPEND}
256	+ acct-user/opendkim
257	+ sys-process/psmisc
258	+ selinux? ( sec-policy/selinux-dkim )"
259	+
260	+REQUIRED_USE="sasl? ( ldap )
261	+ stats? ( opendbx )
262	+ querycache? ( berkdb )"
263	+RESTRICT="!test? ( test )"
264	+
265	+PATCHES=(
266	+ "${FILESDIR}/${P}-openrc.patch"
267	+ "${FILESDIR}/${P}-openssl-1.1.1.patch.r2"
268	+ "${FILESDIR}/${P}-lua-pkgconfig.patch"
269	+)
270	+
271	+src_prepare() {
272	+ default
273	+ sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \
274	+ -i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \
275	+ \|\| die
276	+ sed -e 's:dist_doc_DATA:dist_html_DATA:' \
277	+ -i libopendkim/docs/Makefile.am \
278	+ \|\| die
279	+ eautoreconf
280	+}
281	+
282	+src_configure() {
283	+ local myconf=()
284	+ if use berkdb ; then
285	+ myconf+=( --with-db-incdir=$(db_includedir) )
286	+ fi
287	+ if use unbound; then
288	+ myconf+=( --with-unbound )
289	+ else
290	+ myconf+=( --with-ldns )
291	+ fi
292	+ if use ldap; then
293	+ myconf+=( $(use_with sasl) )
294	+ fi
295	+
296	+ # We install the our configuration filed under e.g. /etc/opendkim,
297	+ # so the next line is necessary to point the daemon and all of its
298	+ # documentation to the right location by default.
299	+ myconf+=( --sysconfdir="${EPREFIX}/etc/${PN}" )
300	+
301	+ econf \
302	+ $(use_with berkdb db) \
303	+ $(use_with opendbx odbx) \
304	+ $(use_with lua) \
305	+ $(use_enable lua rbl) \
306	+ $(use_with ldap openldap) \
307	+ $(use_with lmdb) \
308	+ $(use_enable poll) \
309	+ $(use_enable querycache query_cache) \
310	+ $(use_enable static-libs static) \
311	+ $(use_enable stats) \
312	+ $(use_with memcached libmemcached) \
313	+ "${myconf[@]}" \
314	+ --enable-filter \
315	+ --enable-atps \
316	+ --enable-identity_header \
317	+ --enable-rate_limit \
318	+ --enable-resign \
319	+ --enable-replace_rules \
320	+ --enable-default_sender \
321	+ --enable-sender_macro \
322	+ --enable-vbr \
323	+ --disable-live-testing \
324	+ --with-test-socket="${T}/opendkim.sock"
325	+}
326	+
327	+src_compile() {
328	+ emake runstatedir=/run
329	+}
330	+
331	+src_install() {
332	+ default
333	+ find "${D}" -name '*.la' -type f -delete \|\| die
334	+
335	+ dosbin stats/opendkim-reportstats
336	+
337	+ newinitd "${S}/contrib/OpenRC/opendkim.openrc" "${PN}"
338	+ systemd_newtmpfilesd "${S}/contrib/systemd/opendkim.tmpfiles" "${PN}.conf"
339	+ systemd_newunit "contrib/systemd/opendkim.service" "${PN}.service"
340	+
341	+ dodir /etc/opendkim
342	+ keepdir /var/lib/opendkim
343	+
344	+ # The OpenDKIM data (particularly, your keys) should be read-only to
345	+ # the UserID that the daemon runs as.
346	+ fowners root:opendkim /var/lib/opendkim
347	+ fperms 750 /var/lib/opendkim
348	+
349	+ # Tweak the "simple" example configuration a bit before installing
350	+ # it unconditionally.
351	+ local cf="${T}/opendkim.conf"
352	+ # Some MTAs are known to break DKIM signatures with "simple"
353	+ # canonicalization [1], so we choose the "relaxed" policy
354	+ # over OpenDKIM's current default settings.
355	+ # [1] https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/
356	+ sed -E -e 's:^(Canonicalization)[[:space:]]+.*:\1\trelaxed/relaxed:' \
357	+ "${S}/opendkim/opendkim.conf.simple" >"${cf}" \|\| die
358	+ cat >>"${cf}" <<EOT \|\| die
359	+
360	+# The UMask is really only used for the PID file (root:root) and the
361	+# local UNIX socket, if you're using one. It should be 0117 for the
362	+# socket.
363	+UMask 0117
364	+UserID opendkim
365	+
366	+# For use with unbound
367	+#TrustAnchorFile /etc/dnssec/root-anchors.txt
368	+EOT
369	+ insinto /etc/opendkim
370	+ doins "${cf}"
371	+}
372	+
373	+pkg_postinst() {
374	+ tmpfiles_process "${PN}.conf"
375	+ if [[ -z ${REPLACING_VERSION} ]]; then
376	+ elog "If you want to sign your mail messages and need some help"
377	+ elog "please run:"
378	+ elog " emerge --config ${CATEGORY}/${PN}"
379	+ elog "It will help you create your key and give you hints on how"
380	+ elog "to configure your DNS and MTA."
381	+
382	+ elog "If you are using a local (UNIX) socket, then you will"
383	+ elog "need to make sure that your MTA has read/write access"
384	+ elog "to the socket file. This is best accomplished by creating"
385	+ elog "a completely-new group with only your MTA user and the"
386	+ elog "\"opendkim\" user in it. Step-by-step instructions can be"
387	+ elog "found on our Wiki, at https://wiki.gentoo.org/wiki/OpenDKIM ."
388	+ else
389	+ ewarn "The user account for the OpenDKIM daemon has changed"
390	+ ewarn "from \"milter\" to \"opendkim\" to prevent unrelated services"
391	+ ewarn "from being able to read your private keys. You should"
392	+ ewarn "adjust your existing configuration to use the \"opendkim\""
393	+ ewarn "user and group, and change the permissions on"
394	+ ewarn "${ROOT}/var/lib/opendkim to root:opendkim with mode 0750."
395	+ ewarn "The owner and group of the files within that directory"
396	+ ewarn "will likely need to be adjusted as well."
397	+ fi
398	+}
399	+
400	+pkg_config() {
401	+ local selector keysize pubkey
402	+
403	+ read -p "Enter the selector name (default ${HOSTNAME}): " selector
404	+ [[ -n "${selector}" ]] \|\| selector="${HOSTNAME}"
405	+ if [[ -z "${selector}" ]]; then
406	+ eerror "Oddly enough, you don't have a HOSTNAME."
407	+ return 1
408	+ fi
409	+ if [[ -f "${ROOT}/var/lib/opendkim/${selector}.private" ]]; then
410	+ ewarn "The private key for this selector already exists."
411	+ else
412	+ keysize=1024
413	+ # Generate the private and public keys. Note that opendkim-genkeys
414	+ # sets umask=077 on its own to keep these safe. However, we want
415	+ # them to be readable (only!) to the opendkim user, and we manage
416	+ # that by changing their groups and making everything group-readable.
417	+ opendkim-genkey -b ${keysize} -D "${ROOT}/var/lib/opendkim/" \
418	+ -s "${selector}" -d '(your domain)' && \
419	+ chgrp --no-dereference opendkim \
420	+ "${ROOT}/var/lib/opendkim/${selector}".{private,txt} \|\| \
421	+ { eerror "Failed to create private and public keys."; return 1; }
422	+ chmod g+r "${ROOT}/var/lib/opendkim/${selector}".{private,txt}
423	+ fi
424	+
425	+ # opendkim selector configuration
426	+ echo
427	+ einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:"
428	+ einfo " Keyfile /var/lib/opendkim/${selector}.private"
429	+ einfo " Selector ${selector}"
430	+
431	+ # MTA configuration
432	+ echo
433	+ einfo "If you are using Postfix, add following lines to your main.cf:"
434	+ einfo " smtpd_milters = unix:/run/opendkim/opendkim.sock"
435	+ einfo " non_smtpd_milters = unix:/run/opendkim/opendkim.sock"
436	+ einfo " and read http://www.postfix.org/MILTER_README.html"
437	+
438	+ # DNS configuration
439	+ einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:"
440	+ cat "${ROOT}/var/lib/opendkim/${selector}.txt"
441	+ einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:"
442	+ einfo " http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text"
443	+}

Gentoo Archives: gentoo-commits