From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1489303-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 9C93C15802F
	for <garchives@archives.gentoo.org>; Thu, 23 Feb 2023 01:03:20 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 670F7E0718;
	Thu, 23 Feb 2023 01:03:19 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 76738E070D
	for <gentoo-commits@lists.gentoo.org>; Thu, 23 Feb 2023 01:03:18 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 4AA03340AF0
	for <gentoo-commits@lists.gentoo.org>; Thu, 23 Feb 2023 01:03:17 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 628B575
	for <gentoo-commits@lists.gentoo.org>; Thu, 23 Feb 2023 01:03:15 +0000 (UTC)
From: "Michael Orlitzky" <mjo@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Michael Orlitzky" <mjo@gentoo.org>
Message-ID: <1677114134.770d624809c1f462eb5c6c8feb2f818a75e4900b.mjo@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/
X-VCS-Repository: repo/gentoo
X-VCS-Files: mail-filter/opendkim/opendkim-2.10.3-r30.ebuild
X-VCS-Directories: mail-filter/opendkim/
X-VCS-Committer: mjo
X-VCS-Committer-Name: Michael Orlitzky
X-VCS-Revision: 770d624809c1f462eb5c6c8feb2f818a75e4900b
X-VCS-Branch: master
Date: Thu, 23 Feb 2023 01:03:15 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: f5602a15-e581-4ef3-a65c-bc9e06aeab59
X-Archives-Hash: 7318e06d3fa487e4de224038266166df

commit:     770d624809c1f462eb5c6c8feb2f818a75e4900b
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 23 00:56:19 2023 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Thu Feb 23 01:02:14 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=770d6248

mail-filter/opendkim: new revision to drop the net-libs/ldns dependency.

This just... doesn't do anything. And the logic was backwards this whole
time, so I'm extra sure that it doesn't do anything.

Thanks to Gil Kloepfer for noticing it!

Closes: https://bugs.gentoo.org/895944
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 mail-filter/opendkim/opendkim-2.10.3-r30.ebuild | 249 ++++++++++++++++++++++++
 1 file changed, 249 insertions(+)

diff --git a/mail-filter/opendkim/opendkim-2.10.3-r30.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r30.ebuild
new file mode 100644
index 000000000000..9334c2a8071f
--- /dev/null
+++ b/mail-filter/opendkim/opendkim-2.10.3-r30.ebuild
@@ -0,0 +1,249 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+LUA_COMPAT=( lua5-1 lua5-2 )
+
+inherit autotools db-use systemd tmpfiles lua-single
+
+DESCRIPTION="A milter providing DKIM signing and verification"
+HOMEPAGE="http://opendkim.org/"
+SRC_URI="https://downloads.sourceforge.net/project/opendkim/${P}.tar.gz"
+
+# The GPL-2 is for the init script, bug 425960.
+LICENSE="BSD GPL-2 Sendmail-Open-Source"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+IUSE="berkdb ldap lmdb lua memcached opendbx poll sasl selinux +ssl static-libs stats querycache test unbound"
+
+BDEPEND="acct-user/opendkim
+	test? ( ${LUA_DEPS} )"
+
+COMMON_DEPEND="mail-filter/libmilter:=
+	dev-libs/libbsd
+	sys-apps/grep
+	ssl? (
+		dev-libs/openssl:0=
+	)
+	berkdb? ( >=sys-libs/db-3.2:* )
+	opendbx? ( >=dev-db/opendbx-1.4.0 )
+	lua? ( ${LUA_DEPS} )
+	ldap? ( net-nds/openldap:= )
+	lmdb? ( dev-db/lmdb:= )
+	memcached? ( dev-libs/libmemcached )
+	sasl? ( dev-libs/cyrus-sasl )
+	unbound? ( >=net-dns/unbound-1.4.1:= net-dns/dnssec-root )"
+
+DEPEND="${COMMON_DEPEND}"
+
+RDEPEND="${COMMON_DEPEND}
+	acct-user/opendkim
+	sys-process/psmisc
+	selinux? ( sec-policy/selinux-dkim )"
+
+REQUIRED_USE="sasl? ( ldap )
+	stats? ( opendbx )
+	querycache? ( berkdb )
+	lua? ( ${LUA_REQUIRED_USE} )
+	test? ( ${LUA_REQUIRED_USE} )"
+RESTRICT="!test? ( test )"
+
+PATCHES=(
+	"${FILESDIR}/${P}-openrc.patch"
+	"${FILESDIR}/${P}-openssl-1.1.1.patch.r2"
+	"${FILESDIR}/${P}-lua-pkgconfig.patch"
+	"${FILESDIR}/${P}-lua-pkgconfig-pt2.patch"
+	"${FILESDIR}/${P}-define-P-macro-in-libvbr.patch"
+	"${FILESDIR}/${P}-fix-libmilter-search.patch"
+)
+
+pkg_setup() {
+	use lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+	default
+	sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \
+		-i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \
+		|| die
+	sed -e 's:dist_doc_DATA:dist_html_DATA:' \
+		-i libopendkim/docs/Makefile.am \
+		|| die
+
+	# The existing hard-coded path under /tmp is vulnerable to exploits
+	# since (for example) a user can create a symlink there to a file
+	# that portage will clobber. Reported upstream at,
+	#
+	#   https://github.com/trusteddomainproject/OpenDKIM/issues/113
+	#
+	sed -e "s:/tmp:${T}:" -i libopendkim/tests/t-testdata.h || die
+
+	eautoreconf
+}
+
+src_configure() {
+	local myconf=()
+	if use berkdb ; then
+		myconf+=( --with-db-incdir=$(db_includedir) )
+	fi
+	if use ldap; then
+		myconf+=( $(use_with sasl) )
+	fi
+
+	# We install the our configuration filed under e.g. /etc/opendkim,
+	# so the next line is necessary to point the daemon and all of its
+	# documentation to the right location by default.
+	myconf+=( --sysconfdir="${EPREFIX}/etc/${PN}" )
+
+	econf \
+		$(use_with berkdb db) \
+		$(use_with opendbx odbx) \
+		$(use_with lua) \
+		$(use_enable lua rbl) \
+		$(use_with ldap openldap) \
+		$(use_with lmdb) \
+		$(use_enable poll) \
+		$(use_enable querycache query_cache) \
+		$(use_enable static-libs static) \
+		$(use_enable stats) \
+		$(use_with memcached libmemcached) \
+		$(use_with unbound) \
+		"${myconf[@]}" \
+		--enable-filter \
+		--with-milter \
+		--enable-atps \
+		--enable-identity_header \
+		--enable-rate_limit \
+		--enable-resign \
+		--enable-replace_rules \
+		--enable-default_sender \
+		--enable-sender_macro \
+		--enable-vbr \
+		--disable-live-testing \
+		--with-test-socket="${T}/opendkim.sock"
+}
+
+src_compile() {
+	emake runstatedir=/run
+}
+
+src_test() {
+	# Needed for now due to the expected sequencing of the setup/cleanup
+	# tests, https://github.com/trusteddomainproject/OpenDKIM/issues/110
+	emake -j1 check
+}
+
+src_install() {
+	default
+	find "${D}" -name '*.la' -type f -delete || die
+
+	dosbin stats/opendkim-reportstats
+
+	newinitd "${S}/contrib/OpenRC/opendkim.openrc" "${PN}"
+	newtmpfiles "${S}/contrib/systemd/opendkim.tmpfiles" "${PN}.conf"
+	systemd_newunit "contrib/systemd/opendkim.service" "${PN}.service"
+
+	dodir /etc/opendkim
+	keepdir /var/lib/opendkim
+
+	# The OpenDKIM data (particularly, your keys) should be read-only to
+	# the UserID that the daemon runs as.
+	fowners root:opendkim /var/lib/opendkim
+	fperms 750 /var/lib/opendkim
+
+	# Tweak the "simple" example configuration a bit before installing
+	# it unconditionally.
+	local cf="${T}/opendkim.conf"
+	# Some MTAs are known to break DKIM signatures with "simple"
+	# canonicalization [1], so we choose the "relaxed" policy
+	# over OpenDKIM's current default settings.
+	# [1] https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/
+	sed -E -e 's:^(Canonicalization)[[:space:]]+.*:\1\trelaxed/relaxed:' \
+		"${S}/opendkim/opendkim.conf.simple" >"${cf}" || die
+	cat >>"${cf}" <<EOT || die
+
+# The UMask is really only used for the PID file (root:root) and the
+# local UNIX socket, if you're using one. It should be 0117 for the
+# socket.
+UMask			0117
+UserID			opendkim
+
+# For use with unbound
+#TrustAnchorFile	/etc/dnssec/root-anchors.txt
+EOT
+	insinto /etc/opendkim
+	doins "${cf}"
+}
+
+pkg_postinst() {
+	tmpfiles_process "${PN}.conf"
+	if [[ -z ${REPLACING_VERSION} ]]; then
+		elog "If you want to sign your mail messages and need some help"
+		elog "please run:"
+		elog "	emerge --config ${CATEGORY}/${PN}"
+		elog "It will help you create your key and give you hints on how"
+		elog "to configure your DNS and MTA."
+
+		elog "If you are using a local (UNIX) socket, then you will"
+		elog "need to make sure that your MTA has read/write access"
+		elog "to the socket file. This is best accomplished by creating"
+		elog "a completely-new group with only your MTA user and the"
+		elog "\"opendkim\" user in it. Step-by-step instructions can be"
+		elog "found on our Wiki, at https://wiki.gentoo.org/wiki/OpenDKIM ."
+	else
+		ewarn "The user account for the OpenDKIM daemon has changed"
+		ewarn "from \"milter\" to \"opendkim\" to prevent unrelated services"
+		ewarn "from being able to read your private keys. You should"
+		ewarn "adjust your existing configuration to use the \"opendkim\""
+		ewarn "user and group, and change the permissions on"
+		ewarn "${ROOT}/var/lib/opendkim to root:opendkim with mode 0750."
+		ewarn "The owner and group of the files within that directory"
+		ewarn "will likely need to be adjusted as well."
+	fi
+}
+
+pkg_config() {
+	local selector keysize pubkey
+
+	read -p "Enter the selector name (default ${HOSTNAME}): " selector
+	[[ -n "${selector}" ]] || selector="${HOSTNAME}"
+	if [[ -z "${selector}" ]]; then
+		eerror "Oddly enough, you don't have a HOSTNAME."
+		return 1
+	fi
+	if [[ -f "${ROOT}/var/lib/opendkim/${selector}.private" ]]; then
+		ewarn "The private key for this selector already exists."
+	else
+		keysize=1024
+		# Generate the private and public keys. Note that opendkim-genkeys
+		# sets umask=077 on its own to keep these safe. However, we want
+		# them to be readable (only!) to the opendkim user, and we manage
+		# that by changing their groups and making everything group-readable.
+		opendkim-genkey -b ${keysize} -D "${ROOT}/var/lib/opendkim/" \
+			-s "${selector}" -d '(your domain)' && \
+			chgrp --no-dereference opendkim \
+				"${ROOT}/var/lib/opendkim/${selector}".{private,txt} || \
+				{ eerror "Failed to create private and public keys."; return 1; }
+		chmod g+r "${ROOT}/var/lib/opendkim/${selector}".{private,txt}
+	fi
+
+	# opendkim selector configuration
+	echo
+	einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:"
+	einfo "  Keyfile /var/lib/opendkim/${selector}.private"
+	einfo "  Selector ${selector}"
+
+	# MTA configuration
+	echo
+	einfo "If you are using Postfix, add following lines to your main.cf:"
+	einfo "  smtpd_milters	   = unix:/run/opendkim/opendkim.sock"
+	einfo "  non_smtpd_milters = unix:/run/opendkim/opendkim.sock"
+	einfo "  and read http://www.postfix.org/MILTER_README.html"
+
+	# DNS configuration
+	einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:"
+	cat "${ROOT}/var/lib/opendkim/${selector}.txt"
+	einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:"
+	einfo "  http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text"
+}