1 |
commit: 19ff5b04b9db6b1319b35e9a6da3d26972bf04b5 |
2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Jun 4 15:13:03 2016 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jun 4 15:29:57 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19ff5b04 |
7 |
|
8 |
mail-filter/spamassassin: new revision with LibreSSL and spamd fixes. |
9 |
|
10 |
This new revision adds another patch for upstream bugs 7093/7199. The |
11 |
sslv3 option for spamd didn't do what it was supposed to do, and |
12 |
moreover, it broke LibreSSL which no longer supports SSLv3. The patch |
13 |
removes the option and makes it an error. There is a simple fix for |
14 |
users, to remove the --ssl-version option if they are using it. Thanks |
15 |
to Reuben Farrelly for reporting the issue. |
16 |
|
17 |
The second round of changes addresses a few old Gentoo bugs regarding |
18 |
the spamd init scripts and configuration. First, the init script was |
19 |
missing a call to "checkpath" to ensure that the PID file had some |
20 |
place to live. That's now fixed. Second, it used to be the case that |
21 |
some configuration was necessary if you opted to run spamd as a |
22 |
non-root user. That is no longer the case, so all of the documentation |
23 |
surrounding that issue has been removed, and the config/init scripts |
24 |
greatly simplified. Finally, a SPAMD_TIMEOUT option was added to allow |
25 |
spamd a little bit of time when restarting or shutting down. |
26 |
|
27 |
Peter Gantner, Juan David Ibáñez Palomar, Marcin Mirosław, Frieder |
28 |
Bürzele, and a few other people helped out on those bugs. Thanks! |
29 |
|
30 |
Gentoo-Bug: 322025 |
31 |
Gentoo-Bug: 455604 |
32 |
Gentoo-Bug: 523960 |
33 |
Upstream-Bug: 7093 |
34 |
Upstream-Bug: 7199 |
35 |
|
36 |
Package-Manager: portage-2.2.28 |
37 |
|
38 |
mail-filter/spamassassin/files/3.4.1-spamd.conf | 25 ++ |
39 |
mail-filter/spamassassin/files/3.4.1-spamd.init | 56 +++++ |
40 |
.../files/spamassassin-3.4.1-bug_7199.patch | 280 +++++++++++++++++++++ |
41 |
.../spamassassin/spamassassin-3.4.1-r5.ebuild | 196 +++++++++++++++ |
42 |
4 files changed, 557 insertions(+) |
43 |
|
44 |
diff --git a/mail-filter/spamassassin/files/3.4.1-spamd.conf b/mail-filter/spamassassin/files/3.4.1-spamd.conf |
45 |
new file mode 100644 |
46 |
index 0000000..0cb7cbb |
47 |
--- /dev/null |
48 |
+++ b/mail-filter/spamassassin/files/3.4.1-spamd.conf |
49 |
@@ -0,0 +1,25 @@ |
50 |
+# Config file for /etc/init.d/spamd |
51 |
+# |
52 |
+# ***WARNING*** |
53 |
+# |
54 |
+# spamd was not designed to listed to an untrusted network. spamd |
55 |
+# is vulnerable to DoS attacks (and eternal doom) if used to listen |
56 |
+# to an untrusted network. |
57 |
+# |
58 |
+# ***WARNING*** |
59 |
+# |
60 |
+ |
61 |
+# Additional options to pass to the spamd daemon. The spamd(1) man |
62 |
+# page explains the available options. If you choose to listen on a |
63 |
+# non-default interface, you will need to use OpenRC's "rc_need" |
64 |
+# mechanism to ensure that your interface comes up before spamd |
65 |
+# starts. The openrc-run(8) man page describes rc_need. |
66 |
+SPAMD_OPTS="--max-children=5 --create-prefs --helper-home-dir" |
67 |
+ |
68 |
+# Sets the 'nice' level of the spamd process. |
69 |
+SPAMD_NICELEVEL=0 |
70 |
+ |
71 |
+# How long (in seconds) should we wait for spamd to stop after we've |
72 |
+# asked it to? After this amount of time, if spamd is still running, |
73 |
+# we will assume that it has failed to stop. |
74 |
+SPAMD_TIMEOUT=15 |
75 |
|
76 |
diff --git a/mail-filter/spamassassin/files/3.4.1-spamd.init b/mail-filter/spamassassin/files/3.4.1-spamd.init |
77 |
new file mode 100644 |
78 |
index 0000000..7d2af81 |
79 |
--- /dev/null |
80 |
+++ b/mail-filter/spamassassin/files/3.4.1-spamd.init |
81 |
@@ -0,0 +1,56 @@ |
82 |
+#!/sbin/openrc-run |
83 |
+# Copyright 1999-2016 Gentoo Foundation |
84 |
+# Distributed under the terms of the GNU General Public License v2 |
85 |
+# $Id$ |
86 |
+ |
87 |
+PIDDIR=/run/spamd |
88 |
+PIDFILE=${PIDDIR}/spamd.pid |
89 |
+ |
90 |
+extra_started_commands="reload" |
91 |
+ |
92 |
+depend() { |
93 |
+ before mta |
94 |
+ use logger |
95 |
+@USEPOSTGRES@ use postgresql |
96 |
+@USEMYSQL@ use mysql |
97 |
+} |
98 |
+ |
99 |
+start() { |
100 |
+ ebegin "Starting spamd" |
101 |
+ |
102 |
+ # Ensure that the PID file's directory exists. |
103 |
+ checkpath --directory "${PIDDIR}" |
104 |
+ |
105 |
+ # Reloading spamd causes its PID to change, so we track it by |
106 |
+ # name instead. |
107 |
+ start-stop-daemon --start --quiet \ |
108 |
+ --name spamd \ |
109 |
+ --nicelevel ${SPAMD_NICELEVEL} \ |
110 |
+ --pidfile ${PIDFILE} \ |
111 |
+ --exec /usr/sbin/spamd -- \ |
112 |
+ --daemonize \ |
113 |
+ --pidfile=${PIDFILE} \ |
114 |
+ ${SPAMD_OPTS} |
115 |
+ |
116 |
+ retval=$? |
117 |
+ |
118 |
+ eend ${retval} "Failed to start spamd" |
119 |
+} |
120 |
+ |
121 |
+stop() { |
122 |
+ ebegin "Stopping spamd" |
123 |
+ # Retry after SPAMD_TIMEOUT seconds because spamd can take a |
124 |
+ # while to kill off all of its children. This was bug 322025. |
125 |
+ start-stop-daemon --stop \ |
126 |
+ --quiet \ |
127 |
+ --retry ${SPAMD_TIMEOUT} \ |
128 |
+ --pidfile ${PIDFILE} |
129 |
+ eend $? "Failed to stop spamd" |
130 |
+} |
131 |
+ |
132 |
+reload() { |
133 |
+ ebegin "Reloading configuration" |
134 |
+ # Warning: causes the PID of the spamd process to change. |
135 |
+ start-stop-daemon --signal HUP --quiet --pidfile ${PIDFILE} |
136 |
+ eend $? |
137 |
+} |
138 |
|
139 |
diff --git a/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7199.patch b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7199.patch |
140 |
new file mode 100644 |
141 |
index 0000000..323740c |
142 |
--- /dev/null |
143 |
+++ b/mail-filter/spamassassin/files/spamassassin-3.4.1-bug_7199.patch |
144 |
@@ -0,0 +1,280 @@ |
145 |
+The "sslv3" option doesn't do what it says (upstream bug 7093) and |
146 |
+only makes things worse. The SSLv3 support also prevents SpamAssassin |
147 |
+from working with LibreSSL, which no longer does SSLv3. |
148 |
+ |
149 |
+Index: trunk/spamc/libspamc.c |
150 |
+=================================================================== |
151 |
+--- trunk.orig/spamc/libspamc.c |
152 |
++++ trunk/spamc/libspamc.c |
153 |
+@@ -1187,7 +1187,7 @@ int message_filter(struct transport *tp, |
154 |
+ unsigned int throwaway; |
155 |
+ SSL_CTX *ctx = NULL; |
156 |
+ SSL *ssl = NULL; |
157 |
+- SSL_METHOD *meth; |
158 |
++ const SSL_METHOD *meth; |
159 |
+ char zlib_on = 0; |
160 |
+ unsigned char *zlib_buf = NULL; |
161 |
+ int zlib_bufsiz = 0; |
162 |
+@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp, |
163 |
+ if (flags & SPAMC_USE_SSL) { |
164 |
+ #ifdef SPAMC_SSL |
165 |
+ SSLeay_add_ssl_algorithms(); |
166 |
+- if (flags & SPAMC_TLSV1) { |
167 |
+- meth = TLSv1_client_method(); |
168 |
+- } else { |
169 |
+- meth = SSLv3_client_method(); /* default */ |
170 |
+- } |
171 |
++ meth = SSLv23_client_method(); |
172 |
+ SSL_load_error_strings(); |
173 |
+ ctx = SSL_CTX_new(meth); |
174 |
+ #else |
175 |
+@@ -1596,7 +1592,7 @@ int message_tell(struct transport *tp, c |
176 |
+ int failureval; |
177 |
+ SSL_CTX *ctx = NULL; |
178 |
+ SSL *ssl = NULL; |
179 |
+- SSL_METHOD *meth; |
180 |
++ const SSL_METHOD *meth; |
181 |
+ |
182 |
+ assert(tp != NULL); |
183 |
+ assert(m != NULL); |
184 |
+@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c |
185 |
+ if (flags & SPAMC_USE_SSL) { |
186 |
+ #ifdef SPAMC_SSL |
187 |
+ SSLeay_add_ssl_algorithms(); |
188 |
+- meth = SSLv3_client_method(); |
189 |
++ meth = SSLv23_client_method(); |
190 |
+ SSL_load_error_strings(); |
191 |
+ ctx = SSL_CTX_new(meth); |
192 |
+ #else |
193 |
+Index: trunk/spamc/spamc.c |
194 |
+=================================================================== |
195 |
+--- trunk.orig/spamc/spamc.c |
196 |
++++ trunk/spamc/spamc.c |
197 |
+@@ -368,16 +368,11 @@ read_args(int argc, char **argv, |
198 |
+ case 'S': |
199 |
+ { |
200 |
+ flags |= SPAMC_USE_SSL; |
201 |
+- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) { |
202 |
+- flags |= SPAMC_SSLV3; |
203 |
+- } |
204 |
+- else if (strcmp(spamc_optarg,"tlsv1") == 0) { |
205 |
+- flags |= SPAMC_TLSV1; |
206 |
+- } |
207 |
+- else { |
208 |
+- libspamc_log(flags, LOG_ERR, "Please specify a legal ssl version (%s)", spamc_optarg); |
209 |
+- ret = EX_USAGE; |
210 |
+- } |
211 |
++ if(spamc_optarg) { |
212 |
++ libspamc_log(flags, LOG_ERR, |
213 |
++ "Explicit specification of an SSL/TLS version no longer supported."); |
214 |
++ ret = EX_USAGE; |
215 |
++ } |
216 |
+ break; |
217 |
+ } |
218 |
+ #endif |
219 |
+Index: trunk/spamd/spamd.raw |
220 |
+=================================================================== |
221 |
+--- trunk.orig/spamd/spamd.raw |
222 |
++++ trunk/spamd/spamd.raw |
223 |
+@@ -409,7 +409,6 @@ GetOptions( |
224 |
+ 'sql-config!' => \$opt{'sql-config'}, |
225 |
+ 'ssl' => \$opt{'ssl'}, |
226 |
+ 'ssl-port=s' => \$opt{'ssl-port'}, |
227 |
+- 'ssl-version=s' => \$opt{'ssl-version'}, |
228 |
+ 'syslog-socket=s' => \$opt{'syslog-socket'}, |
229 |
+ 'syslog|s=s' => \$opt{'syslog'}, |
230 |
+ 'log-timestamp-fmt:s' => \$opt{'log-timestamp-fmt'}, |
231 |
+@@ -744,11 +743,6 @@ if ( defined $ENV{'HOME'} ) { |
232 |
+ |
233 |
+ # Do whitelist later in tmp dir. Side effect: this will be done as -u user. |
234 |
+ |
235 |
+-my $sslversion = $opt{'ssl-version'} || 'sslv3'; |
236 |
+-if ($sslversion !~ /^(?:sslv3|tlsv1)$/) { |
237 |
+- die "spamd: invalid ssl-version: $opt{'ssl-version'}\n"; |
238 |
+-} |
239 |
+- |
240 |
+ $opt{'server-key'} ||= "$LOCAL_RULES_DIR/certs/server-key.pem"; |
241 |
+ $opt{'server-cert'} ||= "$LOCAL_RULES_DIR/certs/server-cert.pem"; |
242 |
+ |
243 |
+@@ -899,9 +893,8 @@ sub compose_listen_info_string { |
244 |
+ $socket_info->{ip_addr}, $socket_info->{port})); |
245 |
+ |
246 |
+ } elsif ($socket->isa('IO::Socket::SSL')) { |
247 |
+- push(@listeninfo, sprintf("SSL [%s]:%s, ssl version %s", |
248 |
+- $socket_info->{ip_addr}, $socket_info->{port}, |
249 |
+- $opt{'ssl-version'}||'sslv3')); |
250 |
++ push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr}, |
251 |
++ $socket_info->{port})); |
252 |
+ } |
253 |
+ } |
254 |
+ |
255 |
+@@ -1072,7 +1065,6 @@ sub server_sock_setup_inet { |
256 |
+ $sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP' |
257 |
+ && IO::Socket::IP->VERSION >= 0.09; |
258 |
+ %sockopt = (%sockopt, ( |
259 |
+- SSL_version => $sslversion, |
260 |
+ SSL_verify_mode => 0x00, |
261 |
+ SSL_key_file => $opt{'server-key'}, |
262 |
+ SSL_cert_file => $opt{'server-cert'}, |
263 |
+@@ -1093,7 +1085,8 @@ sub server_sock_setup_inet { |
264 |
+ if (!$server_inet) { |
265 |
+ $diag = sprintf("could not create %s socket on [%s]:%s: %s", |
266 |
+ $ssl ? 'IO::Socket::SSL' : $io_socket_module_name, |
267 |
+- $adr, $port, $!); |
268 |
++ $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ? |
269 |
++ "$!,$IO::Socket::SSL::SSL_ERROR" : $!); |
270 |
+ push(@diag_fail, $diag); |
271 |
+ } else { |
272 |
+ $diag = sprintf("created %s socket on [%s]:%s", |
273 |
+@@ -3238,7 +3231,6 @@ Options: |
274 |
+ -H [dir], --helper-home-dir[=dir] Specify a different HOME directory |
275 |
+ --ssl Enable SSL on TCP connections |
276 |
+ --ssl-port port Override --port setting for SSL connections |
277 |
+- --ssl-version sslversion Specify SSL protocol version to use |
278 |
+ --server-key keyfile Specify an SSL keyfile |
279 |
+ --server-cert certfile Specify an SSL certificate |
280 |
+ --socketpath=path Listen on a given UNIX domain socket |
281 |
+@@ -3727,14 +3719,6 @@ Optionally specifies the port number for |
282 |
+ SSL connections (default: whatever --port uses). See B<--ssl> for |
283 |
+ more details. |
284 |
+ |
285 |
+-=item B<--ssl-version>=I<sslversion> |
286 |
+- |
287 |
+-Specify the SSL protocol version to use, one of B<sslv3> or B<tlsv1>. |
288 |
+-The default, B<sslv3>, is the most flexible, accepting a SSLv3 or |
289 |
+-higher hello handshake, then negotiating use of SSLv3 or TLSv1 |
290 |
+-protocol if the client can accept it. Specifying B<--ssl-version> |
291 |
+-implies B<--ssl>. |
292 |
+- |
293 |
+ =item B<--server-key> I<keyfile> |
294 |
+ |
295 |
+ Specify the SSL key file to use for SSL connections. |
296 |
+Index: trunk/spamc/spamc.pod |
297 |
+=================================================================== |
298 |
+--- trunk.orig/spamc/spamc.pod |
299 |
++++ trunk/spamc/spamc.pod |
300 |
+@@ -177,12 +177,10 @@ The default is 1 time (ie. one attempt a |
301 |
+ Sleep for I<sleep> seconds between failed spamd filtering attempts. |
302 |
+ The default is 1 second. |
303 |
+ |
304 |
+-=item B<-S>, B<--ssl>, B<--ssl>=I<sslversion> |
305 |
++=item B<-S>, B<--ssl>, B<--ssl> |
306 |
+ |
307 |
+ If spamc was built with support for SSL, encrypt data to and from the |
308 |
+ spamd process with SSL; spamd must support SSL as well. |
309 |
+-I<sslversion> specifies the SSL protocol version to use, either |
310 |
+-C<sslv3>, or C<tlsv1>. The default, is C<sslv3>. |
311 |
+ |
312 |
+ =item B<-t> I<timeout>, B<--timeout>=I<timeout> |
313 |
+ |
314 |
+Index: trunk/t/spamd_ssl_tls.t |
315 |
+=================================================================== |
316 |
+--- trunk.orig/t/spamd_ssl_tls.t |
317 |
++++ /dev/null |
318 |
+@@ -1,28 +0,0 @@ |
319 |
+-#!/usr/bin/perl |
320 |
+- |
321 |
+-use lib '.'; use lib 't'; |
322 |
+-use SATest; sa_t_init("spamd_ssl_tls"); |
323 |
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); |
324 |
+- |
325 |
+-exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); |
326 |
+- |
327 |
+-# --------------------------------------------------------------------------- |
328 |
+- |
329 |
+-%patterns = ( |
330 |
+- |
331 |
+-q{ Return-Path: sb55sb55@×××××.com}, 'firstline', |
332 |
+-q{ Subject: There yours for FREE!}, 'subj', |
333 |
+-q{ X-Spam-Status: Yes, score=}, 'status', |
334 |
+-q{ X-Spam-Flag: YES}, 'flag', |
335 |
+-q{ X-Spam-Level: **********}, 'stars', |
336 |
+-q{ TEST_ENDSNUMS}, 'endsinnums', |
337 |
+-q{ TEST_NOREALNAME}, 'noreal', |
338 |
+-q{ This must be the very last line}, 'lastline', |
339 |
+- |
340 |
+- |
341 |
+-); |
342 |
+- |
343 |
+-ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert", |
344 |
+- "--ssl=tlsv1 < data/spam/001", |
345 |
+- \&patterns_run_cb)); |
346 |
+-ok_all_patterns(); |
347 |
+Index: trunk/t/spamd_ssl_v3.t |
348 |
+=================================================================== |
349 |
+--- trunk.orig/t/spamd_ssl_v3.t |
350 |
++++ /dev/null |
351 |
+@@ -1,28 +0,0 @@ |
352 |
+-#!/usr/bin/perl |
353 |
+- |
354 |
+-use lib '.'; use lib 't'; |
355 |
+-use SATest; sa_t_init("spamd_sslv3"); |
356 |
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); |
357 |
+- |
358 |
+-exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); |
359 |
+- |
360 |
+-# --------------------------------------------------------------------------- |
361 |
+- |
362 |
+-%patterns = ( |
363 |
+- |
364 |
+-q{ Return-Path: sb55sb55@×××××.com}, 'firstline', |
365 |
+-q{ Subject: There yours for FREE!}, 'subj', |
366 |
+-q{ X-Spam-Status: Yes, score=}, 'status', |
367 |
+-q{ X-Spam-Flag: YES}, 'flag', |
368 |
+-q{ X-Spam-Level: **********}, 'stars', |
369 |
+-q{ TEST_ENDSNUMS}, 'endsinnums', |
370 |
+-q{ TEST_NOREALNAME}, 'noreal', |
371 |
+-q{ This must be the very last line}, 'lastline', |
372 |
+- |
373 |
+- |
374 |
+-); |
375 |
+- |
376 |
+-ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert", |
377 |
+- "--ssl=sslv3 < data/spam/001", |
378 |
+- \&patterns_run_cb)); |
379 |
+-ok_all_patterns(); |
380 |
+Index: trunk/t/spamd_ssl_accept_fail.t |
381 |
+=================================================================== |
382 |
+--- trunk.orig/t/spamd_ssl_accept_fail.t |
383 |
++++ trunk/t/spamd_ssl_accept_fail.t |
384 |
+@@ -23,9 +23,9 @@ q{ This must be the very last line}, 'la |
385 |
+ |
386 |
+ ); |
387 |
+ |
388 |
+-ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert")); |
389 |
++ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert")); |
390 |
+ ok (spamcrun ("< data/spam/001", \&patterns_run_cb)); |
391 |
+-ok (spamcrun ("--ssl=sslv3 < data/spam/001", \&patterns_run_cb)); |
392 |
++ok (spamcrun ("--ssl < data/spam/001", \&patterns_run_cb)); |
393 |
+ ok (stop_spamd ()); |
394 |
+ |
395 |
+ ok_all_patterns(); |
396 |
+Index: trunk/t/spamd_ssl.t |
397 |
+=================================================================== |
398 |
+--- trunk.orig/t/spamd_ssl.t |
399 |
++++ trunk/t/spamd_ssl.t |
400 |
+@@ -2,10 +2,7 @@ |
401 |
+ |
402 |
+ use lib '.'; use lib 't'; |
403 |
+ use SATest; sa_t_init("spamd_ssl"); |
404 |
+-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9), |
405 |
+- onfail => sub { |
406 |
+- warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms require that you" . |
407 |
+- "\nspecify a protocol in spamc --ssl option, and possibly in spamd --ssl-version.\n\n" }; |
408 |
++use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); |
409 |
+ |
410 |
+ exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); |
411 |
+ |
412 |
+Index: trunk/MANIFEST |
413 |
+=================================================================== |
414 |
+--- trunk.orig/MANIFEST |
415 |
++++ trunk/MANIFEST |
416 |
+@@ -513,8 +513,6 @@ t/spamd_report_ifspam.t |
417 |
+ t/spamd_sql_prefs.t |
418 |
+ t/spamd_ssl.t |
419 |
+ t/spamd_ssl_accept_fail.t |
420 |
+-t/spamd_ssl_tls.t |
421 |
+-t/spamd_ssl_v3.t |
422 |
+ t/spamd_stop.t |
423 |
+ t/spamd_symbols.t |
424 |
+ t/spamd_syslog.t |
425 |
|
426 |
diff --git a/mail-filter/spamassassin/spamassassin-3.4.1-r5.ebuild b/mail-filter/spamassassin/spamassassin-3.4.1-r5.ebuild |
427 |
new file mode 100644 |
428 |
index 0000000..f127be2 |
429 |
--- /dev/null |
430 |
+++ b/mail-filter/spamassassin/spamassassin-3.4.1-r5.ebuild |
431 |
@@ -0,0 +1,196 @@ |
432 |
+# Copyright 1999-2016 Gentoo Foundation |
433 |
+# Distributed under the terms of the GNU General Public License v2 |
434 |
+# $Id$ |
435 |
+ |
436 |
+EAPI=6 |
437 |
+ |
438 |
+inherit toolchain-funcs systemd |
439 |
+ |
440 |
+MY_P=Mail-SpamAssassin-${PV//_/-} |
441 |
+S=${WORKDIR}/${MY_P} |
442 |
+DESCRIPTION="An extensible mail filter which can identify and tag spam" |
443 |
+HOMEPAGE="http://spamassassin.apache.org/" |
444 |
+SRC_URI="mirror://apache/spamassassin/source/${MY_P}.tar.bz2" |
445 |
+ |
446 |
+LICENSE="Apache-2.0 GPL-2" |
447 |
+SLOT="0" |
448 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos" |
449 |
+IUSE="+bayes berkdb ipv6 ldap libressl mysql postgres qmail sqlite ssl test" |
450 |
+ |
451 |
+# You can do without a database unless you need the Bayes features. |
452 |
+REQUIRED_USE="bayes? ( || ( berkdb mysql postgres sqlite ) )" |
453 |
+ |
454 |
+DEPEND=">=dev-lang/perl-5.8.8-r8 |
455 |
+ virtual/perl-MIME-Base64 |
456 |
+ >=virtual/perl-Pod-Parser-1.510.0-r2 |
457 |
+ virtual/perl-Storable |
458 |
+ virtual/perl-Time-HiRes |
459 |
+ >=dev-perl/HTML-Parser-3.43 |
460 |
+ >=dev-perl/Mail-DKIM-0.37 |
461 |
+ >=dev-perl/Net-DNS-0.53 |
462 |
+ dev-perl/Digest-SHA1 |
463 |
+ dev-perl/libwww-perl |
464 |
+ >=virtual/perl-Archive-Tar-1.23 |
465 |
+ app-crypt/gnupg |
466 |
+ >=virtual/perl-IO-Zlib-1.04 |
467 |
+ >=dev-util/re2c-0.12.0 |
468 |
+ dev-perl/Mail-SPF |
469 |
+ >=dev-perl/NetAddr-IP-4.0.1 |
470 |
+ dev-perl/Geo-IP |
471 |
+ dev-perl/Encode-Detect |
472 |
+ dev-perl/Net-Patricia |
473 |
+ ssl? ( |
474 |
+ dev-perl/IO-Socket-SSL |
475 |
+ !libressl? ( dev-libs/openssl:0 ) |
476 |
+ libressl? ( dev-libs/libressl ) |
477 |
+ ) |
478 |
+ berkdb? ( |
479 |
+ virtual/perl-DB_File |
480 |
+ ) |
481 |
+ ldap? ( dev-perl/perl-ldap ) |
482 |
+ mysql? ( |
483 |
+ dev-perl/DBI |
484 |
+ dev-perl/DBD-mysql |
485 |
+ ) |
486 |
+ postgres? ( |
487 |
+ dev-perl/DBI |
488 |
+ dev-perl/DBD-Pg |
489 |
+ ) |
490 |
+ sqlite? ( |
491 |
+ dev-perl/DBI |
492 |
+ dev-perl/DBD-SQLite |
493 |
+ ) |
494 |
+ ipv6? ( |
495 |
+ || ( dev-perl/IO-Socket-INET6 |
496 |
+ virtual/perl-IO-Socket-IP ) |
497 |
+ )" |
498 |
+RDEPEND="${DEPEND}" |
499 |
+ |
500 |
+# Some spamd tests fail, and it looks like the whole suite eventually |
501 |
+# hangs. |
502 |
+RESTRICT=test |
503 |
+ |
504 |
+PATCHES=( |
505 |
+ "${FILESDIR}/spamassassin-3.4.1-bug_7199.patch" |
506 |
+ "${FILESDIR}/spamassassin-3.4.1-bug_7223.patch" |
507 |
+ "${FILESDIR}/spamassassin-3.4.1-bug_7231.patch" |
508 |
+ "${FILESDIR}/spamassassin-3.4.1-bug_7265.patch" |
509 |
+) |
510 |
+ |
511 |
+src_configure() { |
512 |
+ # spamc can be built with ssl support. |
513 |
+ local use_ssl="no" |
514 |
+ if use ssl; then |
515 |
+ use_ssl="yes" |
516 |
+ fi |
517 |
+ |
518 |
+ # Set SYSCONFDIR explicitly so we can't get bitten by bug 48205 again |
519 |
+ # (just to be sure, nobody knows how it could happen in the first place). |
520 |
+ # |
521 |
+ # We also set the path to the perl executable explictly. This will be |
522 |
+ # used to create the initial shebang line in the scripts (bug 62276). |
523 |
+ perl Makefile.PL \ |
524 |
+ PREFIX="${EPREFIX}/usr" \ |
525 |
+ INSTALLDIRS=vendor \ |
526 |
+ SYSCONFDIR="${EPREFIX}/etc" \ |
527 |
+ DATADIR="${EPREFIX}/usr/share/spamassassin" \ |
528 |
+ PERL_BIN="${EPREFIX}/usr/bin/perl" \ |
529 |
+ ENABLE_SSL="${use_ssl}" \ |
530 |
+ DESTDIR="${D}" \ |
531 |
+ || die "Unable to build!" |
532 |
+ |
533 |
+ # Now configure spamc. |
534 |
+ emake CC="$(tc-getCC)" LDFLAGS="${LDFLAGS}" spamc/Makefile |
535 |
+} |
536 |
+ |
537 |
+src_compile() { |
538 |
+ PERL_MM_USE_DEFAULT=1 emake |
539 |
+ |
540 |
+ if use qmail; then |
541 |
+ emake spamc/qmail-spamc |
542 |
+ fi |
543 |
+} |
544 |
+ |
545 |
+src_install () { |
546 |
+ emake install |
547 |
+ einstalldocs |
548 |
+ |
549 |
+ # Create the stub dir used by sa-update and friends |
550 |
+ keepdir /var/lib/spamassassin |
551 |
+ |
552 |
+ # Move spamd to sbin where it belongs. |
553 |
+ dodir /usr/sbin |
554 |
+ mv "${ED}"/usr/bin/spamd "${ED}"/usr/sbin/spamd || die "move spamd failed" |
555 |
+ |
556 |
+ if use qmail; then |
557 |
+ dobin spamc/qmail-spamc |
558 |
+ fi |
559 |
+ |
560 |
+ ln -s mail/spamassassin "${ED}"/etc/spamassassin || die |
561 |
+ |
562 |
+ # Disable plugin by default |
563 |
+ sed -i -e 's/^loadplugin/\#loadplugin/g' \ |
564 |
+ "${ED}"/etc/mail/spamassassin/init.pre \ |
565 |
+ || die "failed to disable plugins by default" |
566 |
+ |
567 |
+ # Add the init and config scripts. |
568 |
+ newinitd "${FILESDIR}"/3.4.1-spamd.init spamd |
569 |
+ newconfd "${FILESDIR}"/3.4.1-spamd.conf spamd |
570 |
+ |
571 |
+ systemd_newunit "${FILESDIR}"/${PN}.service-r1 ${PN}.service |
572 |
+ systemd_install_serviced "${FILESDIR}"/${PN}.service.conf |
573 |
+ |
574 |
+ if use postgres; then |
575 |
+ sed -i -e 's:@USEPOSTGRES@::' "${ED}/etc/init.d/spamd" || die |
576 |
+ |
577 |
+ dodoc sql/*_pg.sql |
578 |
+ else |
579 |
+ sed -i -e '/@USEPOSTGRES@/d' "${ED}/etc/init.d/spamd" || die |
580 |
+ fi |
581 |
+ |
582 |
+ if use mysql; then |
583 |
+ sed -i -e 's:@USEMYSQL@::' "${ED}/etc/init.d/spamd" || die |
584 |
+ |
585 |
+ dodoc sql/*_mysql.sql |
586 |
+ else |
587 |
+ sed -i -e '/@USEMYSQL@/d' "${ED}/etc/init.d/spamd" || die |
588 |
+ fi |
589 |
+ |
590 |
+ dodoc NOTICE TRADEMARK CREDITS UPGRADE USAGE sql/README.bayes \ |
591 |
+ sql/README.awl procmailrc.example sample-nonspam.txt \ |
592 |
+ sample-spam.txt spamd/PROTOCOL spamd/README.vpopmail \ |
593 |
+ spamd-apache2/README.apache |
594 |
+ |
595 |
+ # Rename some docu files so they don't clash with others |
596 |
+ newdoc spamd/README README.spamd |
597 |
+ newdoc sql/README README.sql |
598 |
+ newdoc ldap/README README.ldap |
599 |
+ |
600 |
+ if use qmail; then |
601 |
+ dodoc spamc/README.qmail |
602 |
+ fi |
603 |
+ |
604 |
+ insinto /etc/mail/spamassassin/ |
605 |
+ insopts -m0400 |
606 |
+ newins "${FILESDIR}"/secrets.cf secrets.cf.example |
607 |
+ |
608 |
+ # Create the directory where sa-update stores its GPG key (if you |
609 |
+ # choose to import one). If this directory does not exist, the |
610 |
+ # import will fail. This is bug 396307. We expect that the import |
611 |
+ # will be performed as root, and making the directory accessible |
612 |
+ # only to root prevents a warning on the command-line. |
613 |
+ diropts -m0700 |
614 |
+ dodir /etc/mail/spamassassin/sa-update-keys |
615 |
+} |
616 |
+ |
617 |
+pkg_postinst() { |
618 |
+ elog |
619 |
+ elog "No rules are install by default. You will need to run sa-update" |
620 |
+ elog "at least once, and most likely configure SpamAssassin before it" |
621 |
+ elog "will work. You should also consider a cron job for sa-update." |
622 |
+ elog |
623 |
+ elog "Configuration and update help can be found on the wiki:" |
624 |
+ elog |
625 |
+ elog " https://wiki.gentoo.org/wiki/SpamAssassin" |
626 |
+ elog |
627 |
+} |