From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CB7F51580E0 for ; Mon, 02 Jun 2025 21:42:19 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id B75B6343186 for ; Mon, 02 Jun 2025 21:42:19 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id E19641104BB; Mon, 02 Jun 2025 21:41:50 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id CEBEF1104BB for ; Mon, 02 Jun 2025 21:41:50 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 75949342FF5 for ; Mon, 02 Jun 2025 21:41:50 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 648F728FE for ; Mon, 02 Jun 2025 21:41:47 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1748900387.1eaa097a5ce69ab9d74191eeef8481fca2921581.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: mail-mta/sendmail/ X-VCS-Repository: repo/gentoo X-VCS-Files: mail-mta/sendmail/Manifest mail-mta/sendmail/metadata.xml mail-mta/sendmail/sendmail-8.18.1.10.ebuild X-VCS-Directories: mail-mta/sendmail/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 1eaa097a5ce69ab9d74191eeef8481fca2921581 X-VCS-Branch: master Date: Mon, 02 Jun 2025 21:41:47 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: c20d2556-9089-461e-9982-382aab85efe6 X-Archives-Hash: 399835c6b87c8b0e4b7ee2b7cd2f5ce7 commit: 1eaa097a5ce69ab9d74191eeef8481fca2921581 Author: Cristian Othón Martínez Vera cfuga mx> AuthorDate: Mon Jun 2 03:39:12 2025 +0000 Commit: Sam James gentoo org> CommitDate: Mon Jun 2 21:39:47 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1eaa097a mail-mta/sendmail: add 8.18.1.10 * Fix BDEPEND/RDEPEND on ```sys-devel/m4``` * Add DANE support * Add FIPS mode (experimental) Closes: https://bugs.gentoo.org/918885 Signed-off-by: Cristian Othón Martínez Vera cfuga.mx> Part-of: https://github.com/gentoo/gentoo/pull/42396 Closes: https://github.com/gentoo/gentoo/pull/42396 Signed-off-by: Sam James gentoo.org> mail-mta/sendmail/Manifest | 1 + mail-mta/sendmail/metadata.xml | 1 + mail-mta/sendmail/sendmail-8.18.1.10.ebuild | 292 ++++++++++++++++++++++++++++ 3 files changed, 294 insertions(+) diff --git a/mail-mta/sendmail/Manifest b/mail-mta/sendmail/Manifest index 2f205cf5d9f5..d9179ad2cd91 100644 --- a/mail-mta/sendmail/Manifest +++ b/mail-mta/sendmail/Manifest @@ -1,2 +1,3 @@ DIST sendmail.8.17.1.9.tar.gz 2345302 BLAKE2B 378f2f98ffff6457c49f934228964e792acec6f33fbabd89a8712f09f1dc7afc951b7c984a397aa7dd3773d86bdf57a946ea9ac54ae426bc0b8ea4c040e2ad4a SHA512 ad8198b12bdc0037de5b64b2504bd5e0a42bf054274a4834163a7c46953b9aec23d52d58063cc6b925d90199973608f35edeb40128671ae32889f4558e5c0d4b +DIST sendmail.8.18.1.10.tar.gz 2367668 BLAKE2B 22fe4f3484c3f888b909bebe3ad0dd3d66f8a753e97f668fbc3af90c466aca596112f68e54c45dde73a16ae62deb998b337b12095b2948e4eaef7f88d8d92900 SHA512 eda3dbb9a689d1e550776c96591122c484036755ba53fdaf5623130144cbab315256c9bf491161090731a8f762184e69505c45009a333aabdf40567ea226273d DIST sendmail.8.18.1.tar.gz 2401566 BLAKE2B 3afa36073fd611c7fdb43ef0ab9f02d5fb8ae388e9471bdc7275c6c9dcee0a654f46ddef505b70e978cb1b818b0da375250678e501676d8bace534d59ee40d90 SHA512 9ce713b44439d4de6faa9e3cdfa2226b44b4fbeb352a5f81584c062570e9472da244158287e489aabe258d28fe54ca4964565c7b0adc7e1763d212be42f98061 diff --git a/mail-mta/sendmail/metadata.xml b/mail-mta/sendmail/metadata.xml index 588af3680863..b3106f7b2adb 100644 --- a/mail-mta/sendmail/metadata.xml +++ b/mail-mta/sendmail/metadata.xml @@ -11,6 +11,7 @@ Add support for SMTPUTF8 + Add support for FIPS mode (experimental) Add support for using dev-db/tinycdb for lookup tables diff --git a/mail-mta/sendmail/sendmail-8.18.1.10.ebuild b/mail-mta/sendmail/sendmail-8.18.1.10.ebuild new file mode 100644 index 000000000000..71e85d6860e5 --- /dev/null +++ b/mail-mta/sendmail/sendmail-8.18.1.10.ebuild @@ -0,0 +1,292 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Note: please bump this together with mail-filter/libmilter and app-shells/smrsh + +inherit systemd toolchain-funcs + +DESCRIPTION="Widely-used Mail Transport Agent (MTA)" +HOMEPAGE="https://www.sendmail.org/" +if [[ -n $(ver_cut 4) ]] ; then + # Snapshots have an extra version component (e.g. 8.17.1 vs 8.17.1.9) + SRC_URI="https://ftp.sendmail.org/snapshots/${PN}.${PV}.tar.gz" +fi +SRC_URI+=" https://ftp.sendmail.org/${PN}.${PV}.tar.gz" +SRC_URI+=" https://ftp.sendmail.org/past-releases/${PN}.${PV}.tar.gz" + +LICENSE="Sendmail GPL-2" # GPL-2 is here for initscript +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+berkdb eai fips ipv6 ldap mbox nis sasl selinux sockets ssl tinycdb tcpd" +REQUIRED_USE=" + || ( berkdb tinycdb ) + fips? ( ssl ) +" + +DEPEND=" + acct-group/smmsp + >=acct-user/smmsp-0-r2 + net-mail/mailbase + berkdb? ( >=sys-libs/db-3.2:= ) + eai? ( dev-libs/icu:= ) + elibc_musl? ( virtual/libcrypt:= ) + ldap? ( net-nds/openldap:= ) + nis? ( net-libs/libnsl:= ) + sasl? ( >=dev-libs/cyrus-sasl-2.1.10 ) + ssl? ( + dev-libs/openssl:= + fips? ( >=dev-libs/openssl-3:=[fips] ) + ) + tcpd? ( sys-apps/tcp-wrappers ) + tinycdb? ( dev-db/tinycdb ) +" +RDEPEND=" + ${DEPEND} + >=mail-filter/libmilter-1.0.2_p2 + sys-devel/m4 + !mail-mta/courier + !mail-mta/esmtp + !mail-mta/exim + !mail-mta/msmtp[mta] + !mail-mta/netqmail + !mail-mta/notqmail + !mail-mta/nullmailer + !mail-mta/opensmtpd + !mail-mta/postfix + !>=mail-mta/ssmtp-2.64-r2[mta] + selinux? ( sec-policy/selinux-sendmail ) +" +BDEPEND=" + sys-devel/m4 + virtual/pkgconfig +" +PDEPEND=" + !mbox? ( + || ( + mail-filter/procmail + mail-filter/maildrop + ) + ) +" + +src_prepare() { + eapply "${FILESDIR}"/${PN}-8.16.1-build-system.patch + eapply -p0 "${FILESDIR}"/${PN}-delivered_hdr.patch + eapply_user + + local confCCOPTS="${CFLAGS}" + local confENVDEF="-DMAXDAEMONS=64 -DHAS_GETHOSTBYNAME2=1" + local confLDOPTS="${LDFLAGS}" + local confLIBS= + local confMAPDEF="-DMAP_REGEX" + local conf_sendmail_LIBS= + + if use berkdb; then + # See bug #808954 for FLOCK + confENVDEF+=" -DHASFLOCK=1" + confMAPDEF+=" -DNEWDB" + confLIBS+=" -ldb" + else + confMAPDEF+=" -UNEWDB" + fi + + if use eai; then + confCCOPTS+=" $($(tc-getPKG_CONFIG) --cflags icu-uc)" + confENVDEF+=" -DUSE_EAI" + confLIBS+=" $($(tc-getPKG_CONFIG) --libs icu-uc)" + fi + + if use ldap; then + confMAPDEF+=" -DLDAPMAP" + confLIBS+=" -lldap -llber" + fi + + if use sasl; then + confCCOPTS+=" $($(tc-getPKG_CONFIG) --cflags libsasl2)" + confENVDEF+=" -DSASL=2" + conf_sendmail_LIBS+=" $($(tc-getPKG_CONFIG) --libs libsasl2)" + fi + + if use ssl; then + # Bug #542370 - lets add support for modern crypto (PFS) + confCCOPTS+=" $($(tc-getPKG_CONFIG) --cflags openssl)" + confENVDEF+=" -DSTARTTLS -D_FFR_DEAL_WITH_ERROR_SSL" + confENVDEF+=" -D_FFR_TLS_1 -D_FFR_TLS_EC" + # Bug #944822 - fix certification chain with intermediate cert file + confENVDEF+=" -D_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE" + confENVDEF+=" -DDANE" + + if use fips; then + confENVDEF+=" -D_FFR_FIPSMODE" + fi + + conf_sendmail_LIBS+=" $($(tc-getPKG_CONFIG) --libs openssl)" + fi + + if use tcpd; then + confENVDEF+=" -DTCPWRAPPERS" + confLIBS+=" -lwrap" + fi + + if use tinycdb; then + confMAPDEF+=" -DCDB=2" + confLIBS+=" -lcdb" + else + confMAPDEF+=" -UCDB" + fi + + use ipv6 && confENVDEF+=" -DNETINET6" + use nis && confENVDEF+=" -DNIS" + use sockets && confENVDEF+=" -DSOCKETMAP" + + if use elibc_musl; then + confENVDEF+=" -DHASSTRERROR -DHASRRESVPORT=0" + use ipv6 && confENVDEF+=" -DNEEDSGETIPNODE" + + eapply "${FILESDIR}"/${PN}-musl-stack-size.patch + eapply "${FILESDIR}"/${PN}-musl-disable-cdefs.patch + fi + + sed -e "s|@@confCC@@|$(tc-getCC)|" \ + -e "s|@@confCCOPTS@@|${confCCOPTS}|" \ + -e "s|@@confENVDEF@@|${confENVDEF}|" \ + -e "s|@@confLDOPTS@@|${confLDOPTS}|" \ + -e "s|@@confLIBS@@|${confLIBS}|" \ + -e "s|@@confMAPDEF@@|${confMAPDEF}|" \ + -e "s|@@conf_sendmail_LIBS@@|${conf_sendmail_LIBS}|" \ + "${FILESDIR}"/site.config.m4 > devtools/Site/site.config.m4 \ + || die "failed to generate site.config.m4" + + echo "APPENDDEF(\`confLIBDIRS', \`-L${EPREFIX}/usr/$(get_libdir)')" \ + >> devtools/Site/site.config.m4 || die "failed adding to site.config.m4" +} + +src_compile() { + sh Build AR="$(tc-getAR)" RANLIB="$(tc-getRANLIB)" || die "compilation failed in main build script" +} + +src_install() { + dodir /usr/{bin,$(get_libdir)} + dodir /usr/share/man/man{1,5,8} /usr/sbin /usr/share/sendmail-cf + dodir /var/spool/{mqueue,clientmqueue} /etc/conf.d + + keepdir /var/spool/{clientmqueue,mqueue} + + local emakeargs=( + DESTDIR="${D}" LIBDIR="/usr/$(get_libdir)" + MANROOT=/usr/share/man/man + SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root + MANOWN=root MANGRP=root INCOWN=root INCGRP=root + LIBOWN=root LIBGRP=root GBINOWN=root GBINGRP=root + MSPQOWN=root CFOWN=root CFGRP=root + ) + + local dir + for dir in libsmutil sendmail mailstats praliases smrsh makemap vacation editmap; do + emake -j1 -C obj.*/${dir} "${emakeargs[@]}" install + done + for dir in rmail mail.local; do + emake -j1 -C obj.*/${dir} "${emakeargs[@]}" force-install + done + + fowners root:smmsp /usr/sbin/sendmail + fperms 2555 /usr/sbin/sendmail + fowners smmsp:smmsp /var/spool/clientmqueue + fperms 770 /var/spool/clientmqueue + fperms 700 /var/spool/mqueue + dodoc FAQ KNOWNBUGS README RELEASE_NOTES doc/op/op.ps + + dodoc sendmail/{SECURITY,TUNING} + newdoc sendmail/README README.sendmail + newdoc smrsh/README README.smrsh + + newdoc cf/README README.cf + newdoc cf/cf/README README.install-cf + + dodoc -r contrib + + cp -pPR cf/. "${ED}"/usr/share/sendmail-cf || die + + insinto /etc/mail + if use mbox; then + newins "${FILESDIR}"/sendmail.mc-r1 sendmail.mc + else + newins "${FILESDIR}"/sendmail-maildir.mc sendmail.mc + fi + + # See discussion on bug #730890 + m4 "${ED}"/usr/share/sendmail-cf/m4/cf.m4 \ + <(grep -v "${EPREFIX}"/usr/share/sendmail-cf/m4/cf.m4 "${ED}"/etc/mail/sendmail.mc) \ + > "${ED}"/etc/mail/sendmail.cf || die "cf.m4 failed" + + echo "include(\`/usr/share/sendmail-cf/m4/cf.m4')dnl" \ + > "${ED}"/etc/mail/submit.mc || die "submit.mc echo failed" + + cat "${ED}"/usr/share/sendmail-cf/cf/submit.mc \ + >> "${ED}"/etc/mail/submit.mc || die "submit.mc cat failed" + + echo "# local-host-names - include all aliases for your machine here" \ + > "${ED}"/etc/mail/local-host-names || die "local-host-names echo failed" + + cat <<- EOF > "${ED}"/etc/mail/trusted-users || die "trusted-users cat failed" + # trusted-users - users that can send mail as others without a warning + # apache, mailman, majordomo, uucp are good candidates + EOF + + cat <<- EOF > "${ED}"/etc/mail/access || die "access cat failed" + # Check the /usr/share/sendmail-cf/README file for a description + # of the format of this file. (search for access_db in that file) + # + + EOF + + cat <<- EOF > "${ED}"/etc/conf.d/sendmail || die "sendmail cat failed" + # Config file for /etc/init.d/sendmail + # add start-up options here + SENDMAIL_OPTS="-bd -q30m -L sm-mta" # default daemon mode + CLIENTMQUEUE_OPTS="-Ac -q30m -L sm-cm" # clientmqueue + KILL_OPTS="" # add -9/-15/your favorite evil SIG level here + + EOF + + if use sasl; then + dodir /etc/sasl2 + cat <<- EOF > "${ED}"/etc/sasl2/Sendmail.conf || die "Sendmail.conf cat failed" + pwcheck_method: saslauthd + mech_list: PLAIN LOGIN + + EOF + fi + + doinitd "${FILESDIR}"/sendmail + systemd_dounit "${FILESDIR}"/sendmail.service + systemd_dounit "${FILESDIR}"/sm-client.service +} + +pkg_postinst() { + if ! use berkdb; then + ewarn "If your configuration relies on userdb, you should install" + ewarn "this package with USE=berkdb." + fi + + if ! use mbox; then + elog "Starting with mail-mta/sendmail-8.18.1 you could use either" + elog "procmail or maildrop to use maildir-style mailbox in user's home directory." + elog "" + elog "If you prefer procmail (default), emerge mail-filter/procmail with USE=-mbox" + elog "and include the following lines in sendmail.mc to create your sendmail.cf" + elog "configuration file:" + elog "\tFEATURE(\`local_procmail')dnl" + elog "\tMAILER(\`procmail')dnl" + elog "" + elog "If you prefer maildrop, you'll need to ensure that you configure a mail" + elog "storage location using DEFAULT in /etc/maildroprc, for example:" + elog "\tDEFAULT=\$HOME/.maildir" + elog "" + elog "and include the following line in sendmail.mc to create your sendmail.cf" + elog "configuration file:" + elog "\tFEATURE(\`local_procmail',\`/usr/bin/maildrop',\`maildrop -d $u')dnl" + fi +}