From: "Eray Aslan" <eras@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/, mail-mta/postfix/files/
Date: Wed, 27 Jun 2018 06:07:56 +0000 (UTC) [thread overview]
Message-ID: <1530079650.07c745adf5d94a8696c7830763e3714c467f95e6.eras@gentoo> (raw)
commit: 07c745adf5d94a8696c7830763e3714c467f95e6
Author: Eray Aslan <eras <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 27 06:07:30 2018 +0000
Commit: Eray Aslan <eras <AT> gentoo <DOT> org>
CommitDate: Wed Jun 27 06:07:30 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07c745ad
mail-mta/postfix: fix eccurve selection for libressl
Closes: https://bugs.gentoo.org/659224
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../postfix/files/postfix-libressl-eccurve.patch | 16 ++
mail-mta/postfix/postfix-3.3.1-r1.ebuild | 302 +++++++++++++++++++++
2 files changed, 318 insertions(+)
diff --git a/mail-mta/postfix/files/postfix-libressl-eccurve.patch b/mail-mta/postfix/files/postfix-libressl-eccurve.patch
new file mode 100644
index 00000000000..7ce14fd17ad
--- /dev/null
+++ b/mail-mta/postfix/files/postfix-libressl-eccurve.patch
@@ -0,0 +1,16 @@
+Bug: https://bugs.gentoo.org/659224
+$OpenBSD: patch-src_tls_tls_dh_c,v 1.2 2017/02/04 22:09:44 sthen Exp $
+
+Fix building with LibreSSL
+
+--- src/tls/tls_dh.c.orig Mon Dec 26 18:47:24 2016
++++ src/tls/tls_dh.c Sat Feb 4 01:45:39 2017
+@@ -314,7 +314,7 @@ void tls_auto_eecdh_curves(SSL_CTX *ctx)
+ * This is a NOP in OpenSSL 1.1.0 and later, where curves are always
+ * auto-negotiated.
+ */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000UL
++#if OPENSSL_VERSION_NUMBER < 0x10100000UL || defined(LIBRESSL_VERSION_NUMBER)
+ if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) {
+ msg_warn("failed to enable automatic ECDHE curve selection");
+ tls_print_errors();
diff --git a/mail-mta/postfix/postfix-3.3.1-r1.ebuild b/mail-mta/postfix/postfix-3.3.1-r1.ebuild
new file mode 100644
index 00000000000..26a77df46cd
--- /dev/null
+++ b/mail-mta/postfix/postfix-3.3.1-r1.ebuild
@@ -0,0 +1,302 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit flag-o-matic pam systemd toolchain-funcs user
+
+MY_PV="${PV/_rc/-RC}"
+MY_SRC="${PN}-${MY_PV}"
+MY_URI="ftp://ftp.porcupine.org/mirrors/postfix-release/official"
+RC_VER="2.7"
+
+DESCRIPTION="A fast and secure drop-in replacement for sendmail"
+HOMEPAGE="http://www.postfix.org/"
+SRC_URI="${MY_URI}/${MY_SRC}.tar.gz"
+
+LICENSE="|| ( IBM EPL-2.0 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="+berkdb cdb doc dovecot-sasl +eai hardened ldap ldap-bind libressl lmdb memcached mbox mysql nis pam postgres sasl selinux sqlite ssl"
+
+DEPEND=">=dev-libs/libpcre-3.4
+ dev-lang/perl
+ berkdb? ( >=sys-libs/db-3.2:* )
+ cdb? ( || ( >=dev-db/tinycdb-0.76 >=dev-db/cdb-0.75-r4 ) )
+ eai? ( dev-libs/icu:= )
+ ldap? ( net-nds/openldap )
+ ldap-bind? ( net-nds/openldap[sasl] )
+ lmdb? ( >=dev-db/lmdb-0.9.11 )
+ mysql? ( virtual/mysql )
+ nis? ( net-libs/libnsl )
+ pam? ( virtual/pam )
+ postgres? ( dev-db/postgresql:* )
+ sasl? ( >=dev-libs/cyrus-sasl-2 )
+ sqlite? ( dev-db/sqlite:3 )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0 )
+ libressl? ( dev-libs/libressl )
+ )"
+
+RDEPEND="${DEPEND}
+ memcached? ( net-misc/memcached )
+ net-mail/mailbase
+ !mail-mta/courier
+ !mail-mta/esmtp
+ !mail-mta/exim
+ !mail-mta/mini-qmail
+ !mail-mta/msmtp[mta]
+ !mail-mta/netqmail
+ !mail-mta/nullmailer
+ !mail-mta/qmail-ldap
+ !mail-mta/sendmail
+ !mail-mta/opensmtpd
+ !<mail-mta/ssmtp-2.64-r2
+ !>=mail-mta/ssmtp-2.64-r2[mta]
+ !net-mail/fastforward
+ selinux? ( sec-policy/selinux-postfix )"
+
+REQUIRED_USE="ldap-bind? ( ldap sasl )"
+
+S="${WORKDIR}/${MY_SRC}"
+
+pkg_setup() {
+ # Add postfix, postdrop user/group (bug #77565)
+ enewgroup postfix 207
+ enewgroup postdrop 208
+ enewuser postfix 207 -1 /var/spool/postfix postfix,mail
+}
+
+src_prepare() {
+ default
+ sed -i -e "/^#define ALIAS_DB_MAP/s|:/etc/aliases|:/etc/mail/aliases|" \
+ src/util/sys_defs.h || die "sed failed"
+ # change default paths to better comply with portage standard paths
+ sed -i -e "s:/usr/local/:/usr/:g" conf/master.cf || die "sed failed"
+ eapply -p0 "${FILESDIR}/${PN}-libressl.patch" \
+ "${FILESDIR}/${PN}-libressl-runtime.patch" \
+ "${FILESDIR}/${PN}-libressl-eccurve.patch"
+}
+
+src_configure() {
+ for name in CDB LDAP LMDB MYSQL PCRE PGSQL SDBM SQLITE
+ do
+ local AUXLIBS_${name}=""
+ done
+
+ # Make sure LDFLAGS get passed down to the executables.
+ local mycc="-DHAS_PCRE" mylibs="${LDFLAGS} -ldl"
+ AUXLIBS_PCRE="$(pcre-config --libs)"
+
+ use pam && mylibs="${mylibs} -lpam"
+
+ if use ldap; then
+ mycc="${mycc} -DHAS_LDAP"
+ AUXLIBS_LDAP="-lldap -llber"
+ fi
+
+ if use mysql; then
+ mycc="${mycc} -DHAS_MYSQL $(mysql_config --include)"
+ AUXLIBS_MYSQL="$(mysql_config --libs)"
+ fi
+
+ if use postgres; then
+ mycc="${mycc} -DHAS_PGSQL -I$(pg_config --includedir)"
+ AUXLIBS_PGSQL="-L$(pg_config --libdir) -lpq"
+ fi
+
+ if use sqlite; then
+ mycc="${mycc} -DHAS_SQLITE"
+ AUXLIBS_SQLITE="-lsqlite3 -lpthread"
+ fi
+
+ if use ssl; then
+ mycc="${mycc} -DUSE_TLS"
+ mylibs="${mylibs} -lssl -lcrypto"
+ fi
+
+ if use lmdb; then
+ mycc="${mycc} -DHAS_LMDB"
+ AUXLIBS_LMDB="-llmdb -lpthread"
+ fi
+
+ if ! use eai; then
+ mycc="${mycc} -DNO_EAI"
+ fi
+
+ # broken. and "in other words, not supported" by upstream.
+ # Use inet_protocols setting in main.cf
+ #if ! use ipv6; then
+ # mycc="${mycc} -DNO_IPV6"
+ #fi
+
+ if use sasl; then
+ if use dovecot-sasl; then
+ # Set dovecot as default.
+ mycc="${mycc} -DDEF_SASL_SERVER=\\\"dovecot\\\""
+ fi
+ if use ldap-bind; then
+ mycc="${mycc} -DUSE_LDAP_SASL"
+ fi
+ mycc="${mycc} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl"
+ mylibs="${mylibs} -lsasl2"
+ elif use dovecot-sasl; then
+ mycc="${mycc} -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\""
+ fi
+
+ if ! use nis; then
+ mycc="${mycc} -DNO_NIS"
+ fi
+
+ if ! use berkdb; then
+ mycc="${mycc} -DNO_DB"
+ if use cdb; then
+ # change default hash format from Berkeley DB to cdb
+ mycc="${mycc} -DDEF_DB_TYPE=\\\"cdb\\\""
+ fi
+ fi
+
+ if use cdb; then
+ mycc="${mycc} -DHAS_CDB -I/usr/include/cdb"
+ # Tinycdb is preferred.
+ if has_version dev-db/tinycdb ; then
+ einfo "Building with dev-db/tinycdb"
+ AUXLIBS_CDB="-lcdb"
+ else
+ einfo "Building with dev-db/cdb"
+ CDB_PATH="/usr/$(get_libdir)"
+ for i in cdb.a alloc.a buffer.a unix.a byte.a ; do
+ AUXLIBS_CDB="${AUXLIBS_CDB} ${CDB_PATH}/${i}"
+ done
+ fi
+ fi
+
+ # Robin H. Johnson <robbat2@gentoo.org> 17/Nov/2006
+ # Fix because infra boxes hit 2Gb .db files that fail a 32-bit fstat signed check.
+ mycc="${mycc} -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
+ filter-lfs-flags
+
+ # Workaround for bug #76512
+ if use hardened; then
+ [[ "$(gcc-version)" == "3.4" ]] && replace-flags -O? -Os
+ fi
+
+ # Remove annoying C++ comment style warnings - bug #378099
+ append-flags -Wno-comment
+
+ sed -i -e "/^RANLIB/s/ranlib/$(tc-getRANLIB)/g" "${S}"/makedefs
+ sed -i -e "/^AR/s/ar/$(tc-getAR)/g" "${S}"/makedefs
+
+ emake makefiles shared=yes dynamicmaps=no pie=yes \
+ shlib_directory="/usr/$(get_libdir)/postfix/MAIL_VERSION" \
+ DEBUG="" CC="$(tc-getCC)" OPT="${CFLAGS}" CCARGS="${mycc}" AUXLIBS="${mylibs}" \
+ AUXLIBS_CDB="${AUXLIBS_CDB}" AUXLIBS_LDAP="${AUXLIBS_LDAP}" \
+ AUXLIBS_LMDB="${AUXLIBS_LMDB}" AUXLIBS_MYSQL="${AUXLIBS_MYSQL}" \
+ AUXLIBS_PCRE="${AUXLIBS_PCRE}" AUXLIBS_PGSQL="${AUXLIBS_PGSQL}" \
+ AUXLIBS_SQLITE="${AUXLIBS_SQLITE}"
+}
+
+src_install () {
+ local myconf
+ use doc && myconf="readme_directory=\"/usr/share/doc/${PF}/readme\" \
+ html_directory=\"/usr/share/doc/${PF}/html\""
+
+ LD_LIBRARY_PATH="${S}/lib" \
+ /bin/sh postfix-install \
+ -non-interactive \
+ install_root="${D}" \
+ config_directory="/etc/postfix" \
+ manpage_directory="/usr/share/man" \
+ command_directory="/usr/sbin" \
+ mailq_path="/usr/bin/mailq" \
+ newaliases_path="/usr/bin/newaliases" \
+ sendmail_path="/usr/sbin/sendmail" \
+ ${myconf} \
+ || die "postfix-install failed"
+
+ # Fix spool removal on upgrade
+ rm -Rf "${D}"/var
+ keepdir /var/spool/postfix
+
+ # Install rmail for UUCP, closes bug #19127
+ dobin auxiliary/rmail/rmail
+
+ # Provide another link for legacy FSH
+ dosym ../sbin/sendmail /usr/$(get_libdir)/sendmail
+
+ # Install qshape, posttls-finger and collate
+ dobin auxiliary/qshape/qshape.pl
+ doman man/man1/qshape.1
+ dobin bin/posttls-finger
+ doman man/man1/posttls-finger.1
+ dobin auxiliary/collate/collate.pl
+ newdoc auxiliary/collate/README README.collate
+
+ # Performance tuning tools and their manuals
+ dosbin bin/smtp-{source,sink} bin/qmqp-{source,sink}
+ doman man/man1/smtp-{source,sink}.1 man/man1/qmqp-{source,sink}.1
+
+ keepdir /etc/postfix
+ if use mbox; then
+ mypostconf="mail_spool_directory=/var/spool/mail"
+ else
+ mypostconf="home_mailbox=.maildir/"
+ fi
+ LD_LIBRARY_PATH="${S}/lib" \
+ "${D}"/usr/sbin/postconf -c "${D}"/etc/postfix \
+ -e ${mypostconf} || die "postconf failed"
+
+ insinto /etc/postfix
+ newins "${FILESDIR}"/smtp.pass saslpass
+ fperms 600 /etc/postfix/saslpass
+
+ newinitd "${FILESDIR}"/postfix.rc6.${RC_VER} postfix
+ # do not start mysql/postgres unnecessarily - bug #359913
+ use mysql || sed -i -e "s/mysql //" "${D}/etc/init.d/postfix"
+ use postgres || sed -i -e "s/postgresql //" "${D}/etc/init.d/postfix"
+
+ dodoc *README COMPATIBILITY HISTORY PORTING RELEASE_NOTES*
+ use doc && mv "${S}"/examples "${D}"/usr/share/doc/${PF}/
+
+ pamd_mimic_system smtp auth account
+
+ if use sasl; then
+ insinto /etc/sasl2
+ newins "${FILESDIR}"/smtp.sasl smtpd.conf
+ fi
+
+ # header files
+ insinto /usr/include/postfix
+ doins include/*.h
+
+ if has_version mail-mta/postfix; then
+ # let the sysadmin decide when to change the compatibility_level
+ sed -i -e /^compatibility_level/"s/^/#/" "${D}"/etc/postfix/main.cf || die
+ fi
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+}
+
+pkg_postinst() {
+ if [[ ! -e /etc/mail/aliases.db ]] ; then
+ ewarn
+ ewarn "You must edit /etc/mail/aliases to suit your needs"
+ ewarn "and then run /usr/bin/newaliases. Postfix will not"
+ ewarn "work correctly without it."
+ ewarn
+ fi
+
+ # check and fix file permissions
+ "${EROOT}"/usr/sbin/postfix set-permissions 2>/dev/null
+
+ # configure tls
+ if use ssl ; then
+ if "${EROOT}"/usr/sbin/postfix tls all-default-client; then
+ elog "To configure client side TLS settings:"
+ elog "${EROOT}"usr/sbin/postfix tls enable-client
+ fi
+ if "${EROOT}"/usr/sbin/postfix tls all-default-server; then
+ elog "To configure server side TLS settings:"
+ elog "${EROOT}"usr/sbin/postfix tls enable-server
+ fi
+ fi
+}
next reply other threads:[~2018-06-27 6:08 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-27 6:07 Eray Aslan [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-10-08 9:24 [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/, mail-mta/postfix/files/ Eray Aslan
2022-03-21 10:51 Eray Aslan
2020-05-27 12:07 Eray Aslan
2020-02-04 10:02 Eray Aslan
2019-09-24 4:53 Eray Aslan
2019-08-08 5:43 Eray Aslan
2019-04-24 8:58 Eray Aslan
2018-11-20 5:38 Eray Aslan
2016-09-23 6:33 Patrick McLean
2016-06-05 13:39 Eray Aslan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1530079650.07c745adf5d94a8696c7830763e3714c467f95e6.eras@gentoo \
--to=eras@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox