From: "Michael Orlitzky" <mjo@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/
Date: Wed, 9 Dec 2020 15:05:59 +0000 (UTC) [thread overview]
Message-ID: <1607526107.4b33152c76d8149fe3120cacdb7435b894395a3b.mjo@gentoo> (raw)
commit: 4b33152c76d8149fe3120cacdb7435b894395a3b
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 9 15:01:33 2020 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Dec 9 15:01:47 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b33152c
mail-filter/opendkim: new masked revision with slotted lua.
This is relatively untested, of course, but at least I've picked out
the compatible versions of Lua and have put the eclass variables in
approximately the right places.
Bug: https://bugs.gentoo.org/752738
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
mail-filter/opendkim/opendkim-2.10.3-r25.ebuild | 235 ++++++++++++++++++++++++
1 file changed, 235 insertions(+)
diff --git a/mail-filter/opendkim/opendkim-2.10.3-r25.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r25.ebuild
new file mode 100644
index 00000000000..8ca7f3a8623
--- /dev/null
+++ b/mail-filter/opendkim/opendkim-2.10.3-r25.ebuild
@@ -0,0 +1,235 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+LUA_COMPAT=( lua5-1 lua5-2} )
+
+inherit autotools db-use eutils systemd tmpfiles lua-single
+
+DESCRIPTION="A milter providing DKIM signing and verification"
+HOMEPAGE="http://opendkim.org/"
+SRC_URI="https://downloads.sourceforge.net/project/opendkim/${P}.tar.gz"
+
+# The GPL-2 is for the init script, bug 425960.
+LICENSE="BSD GPL-2 Sendmail-Open-Source"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+IUSE="berkdb ldap libressl lmdb lua memcached opendbx poll sasl selinux +ssl static-libs stats querycache test unbound"
+
+BDEPEND="acct-user/opendkim
+ test? ( ${LUA_DEPS} )"
+
+COMMON_DEPEND="|| ( mail-filter/libmilter mail-mta/sendmail )
+ dev-libs/libbsd
+ sys-apps/grep
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )
+ berkdb? ( >=sys-libs/db-3.2:* )
+ opendbx? ( >=dev-db/opendbx-1.4.0 )
+ lua? ( ${LUA_DEPS} )
+ ldap? ( net-nds/openldap )
+ lmdb? ( dev-db/lmdb )
+ memcached? ( dev-libs/libmemcached )
+ sasl? ( dev-libs/cyrus-sasl )
+ unbound? ( >=net-dns/unbound-1.4.1:= net-dns/dnssec-root )
+ !unbound? ( net-libs/ldns )"
+
+DEPEND="${COMMON_DEPEND}"
+
+RDEPEND="${COMMON_DEPEND}
+ acct-user/opendkim
+ sys-process/psmisc
+ selinux? ( sec-policy/selinux-dkim )"
+
+REQUIRED_USE="sasl? ( ldap )
+ stats? ( opendbx )
+ querycache? ( berkdb )
+ lua? ( ${LUA_REQUIRED_USE} )
+ test? ( ${LUA_REQUIRED_USE} )"
+RESTRICT="!test? ( test )"
+
+PATCHES=(
+ "${FILESDIR}/${P}-openrc.patch"
+ "${FILESDIR}/${P}-openssl-1.1.1.patch.r2"
+ "${FILESDIR}/${P}-lua-pkgconfig.patch"
+ "${FILESDIR}/${P}-define-P-macro-in-libvbr.patch"
+ "${FILESDIR}/${P}-fix-libmilter-search.patch"
+)
+
+src_prepare() {
+ default
+ sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \
+ -i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \
+ || die
+ sed -e 's:dist_doc_DATA:dist_html_DATA:' \
+ -i libopendkim/docs/Makefile.am \
+ || die
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=()
+ if use berkdb ; then
+ myconf+=( --with-db-incdir=$(db_includedir) )
+ fi
+ if use unbound; then
+ myconf+=( --with-unbound )
+ else
+ myconf+=( --with-ldns )
+ fi
+ if use ldap; then
+ myconf+=( $(use_with sasl) )
+ fi
+
+ # We install the our configuration filed under e.g. /etc/opendkim,
+ # so the next line is necessary to point the daemon and all of its
+ # documentation to the right location by default.
+ myconf+=( --sysconfdir="${EPREFIX}/etc/${PN}" )
+
+ econf \
+ $(use_with berkdb db) \
+ $(use_with opendbx odbx) \
+ $(use_with lua) \
+ $(use_enable lua rbl) \
+ $(use_with ldap openldap) \
+ $(use_with lmdb) \
+ $(use_enable poll) \
+ $(use_enable querycache query_cache) \
+ $(use_enable static-libs static) \
+ $(use_enable stats) \
+ $(use_with memcached libmemcached) \
+ "${myconf[@]}" \
+ --enable-filter \
+ --with-milter \
+ --enable-atps \
+ --enable-identity_header \
+ --enable-rate_limit \
+ --enable-resign \
+ --enable-replace_rules \
+ --enable-default_sender \
+ --enable-sender_macro \
+ --enable-vbr \
+ --disable-live-testing \
+ --with-test-socket="${T}/opendkim.sock"
+}
+
+src_compile() {
+ emake runstatedir=/run
+}
+
+src_install() {
+ default
+ find "${D}" -name '*.la' -type f -delete || die
+
+ dosbin stats/opendkim-reportstats
+
+ newinitd "${S}/contrib/OpenRC/opendkim.openrc" "${PN}"
+ systemd_newtmpfilesd "${S}/contrib/systemd/opendkim.tmpfiles" "${PN}.conf"
+ systemd_newunit "contrib/systemd/opendkim.service" "${PN}.service"
+
+ dodir /etc/opendkim
+ keepdir /var/lib/opendkim
+
+ # The OpenDKIM data (particularly, your keys) should be read-only to
+ # the UserID that the daemon runs as.
+ fowners root:opendkim /var/lib/opendkim
+ fperms 750 /var/lib/opendkim
+
+ # Tweak the "simple" example configuration a bit before installing
+ # it unconditionally.
+ local cf="${T}/opendkim.conf"
+ # Some MTAs are known to break DKIM signatures with "simple"
+ # canonicalization [1], so we choose the "relaxed" policy
+ # over OpenDKIM's current default settings.
+ # [1] https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/
+ sed -E -e 's:^(Canonicalization)[[:space:]]+.*:\1\trelaxed/relaxed:' \
+ "${S}/opendkim/opendkim.conf.simple" >"${cf}" || die
+ cat >>"${cf}" <<EOT || die
+
+# The UMask is really only used for the PID file (root:root) and the
+# local UNIX socket, if you're using one. It should be 0117 for the
+# socket.
+UMask 0117
+UserID opendkim
+
+# For use with unbound
+#TrustAnchorFile /etc/dnssec/root-anchors.txt
+EOT
+ insinto /etc/opendkim
+ doins "${cf}"
+}
+
+pkg_postinst() {
+ tmpfiles_process "${PN}.conf"
+ if [[ -z ${REPLACING_VERSION} ]]; then
+ elog "If you want to sign your mail messages and need some help"
+ elog "please run:"
+ elog " emerge --config ${CATEGORY}/${PN}"
+ elog "It will help you create your key and give you hints on how"
+ elog "to configure your DNS and MTA."
+
+ elog "If you are using a local (UNIX) socket, then you will"
+ elog "need to make sure that your MTA has read/write access"
+ elog "to the socket file. This is best accomplished by creating"
+ elog "a completely-new group with only your MTA user and the"
+ elog "\"opendkim\" user in it. Step-by-step instructions can be"
+ elog "found on our Wiki, at https://wiki.gentoo.org/wiki/OpenDKIM ."
+ else
+ ewarn "The user account for the OpenDKIM daemon has changed"
+ ewarn "from \"milter\" to \"opendkim\" to prevent unrelated services"
+ ewarn "from being able to read your private keys. You should"
+ ewarn "adjust your existing configuration to use the \"opendkim\""
+ ewarn "user and group, and change the permissions on"
+ ewarn "${ROOT}/var/lib/opendkim to root:opendkim with mode 0750."
+ ewarn "The owner and group of the files within that directory"
+ ewarn "will likely need to be adjusted as well."
+ fi
+}
+
+pkg_config() {
+ local selector keysize pubkey
+
+ read -p "Enter the selector name (default ${HOSTNAME}): " selector
+ [[ -n "${selector}" ]] || selector="${HOSTNAME}"
+ if [[ -z "${selector}" ]]; then
+ eerror "Oddly enough, you don't have a HOSTNAME."
+ return 1
+ fi
+ if [[ -f "${ROOT}/var/lib/opendkim/${selector}.private" ]]; then
+ ewarn "The private key for this selector already exists."
+ else
+ keysize=1024
+ # Generate the private and public keys. Note that opendkim-genkeys
+ # sets umask=077 on its own to keep these safe. However, we want
+ # them to be readable (only!) to the opendkim user, and we manage
+ # that by changing their groups and making everything group-readable.
+ opendkim-genkey -b ${keysize} -D "${ROOT}/var/lib/opendkim/" \
+ -s "${selector}" -d '(your domain)' && \
+ chgrp --no-dereference opendkim \
+ "${ROOT}/var/lib/opendkim/${selector}".{private,txt} || \
+ { eerror "Failed to create private and public keys."; return 1; }
+ chmod g+r "${ROOT}/var/lib/opendkim/${selector}".{private,txt}
+ fi
+
+ # opendkim selector configuration
+ echo
+ einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:"
+ einfo " Keyfile /var/lib/opendkim/${selector}.private"
+ einfo " Selector ${selector}"
+
+ # MTA configuration
+ echo
+ einfo "If you are using Postfix, add following lines to your main.cf:"
+ einfo " smtpd_milters = unix:/run/opendkim/opendkim.sock"
+ einfo " non_smtpd_milters = unix:/run/opendkim/opendkim.sock"
+ einfo " and read http://www.postfix.org/MILTER_README.html"
+
+ # DNS configuration
+ einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:"
+ cat "${ROOT}/var/lib/opendkim/${selector}.txt"
+ einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:"
+ einfo " http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text"
+}
next reply other threads:[~2020-12-09 15:06 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-09 15:05 Michael Orlitzky [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-09-09 21:39 [gentoo-commits] repo/gentoo:master commit in: mail-filter/opendkim/ Ulrich Müller
2025-07-18 15:18 Sam James
2024-10-15 2:43 Michael Orlitzky
2024-10-14 17:50 Sam James
2024-10-14 17:50 Sam James
2024-10-14 14:12 Michael Orlitzky
2023-06-10 11:43 Michael Orlitzky
2023-06-10 4:20 Sam James
2023-06-10 4:20 Sam James
2023-02-23 1:03 Michael Orlitzky
2023-02-23 1:03 Michael Orlitzky
2022-07-29 4:17 Sam James
2022-03-23 10:35 Agostino Sarubbo
2022-03-23 9:56 Jakov Smolić
2022-03-23 0:14 Sam James
2022-02-23 12:34 Michael Orlitzky
2021-05-02 8:59 Mikle Kolyada
2021-03-25 23:31 Conrad Kostecki
2020-12-28 19:12 Michael Orlitzky
2020-12-23 18:11 Michael Orlitzky
2020-12-23 14:52 Marek Szuba
2020-12-21 13:23 Michael Orlitzky
2020-10-01 11:09 Sam James
2019-12-18 16:32 Joonas Niilola
2019-12-15 14:46 Agostino Sarubbo
2019-12-15 13:43 Agostino Sarubbo
2019-10-08 21:42 Michael Orlitzky
2019-07-22 8:58 Mikle Kolyada
2019-07-18 14:32 Thomas Deutschmann
2019-07-04 1:55 Michael Orlitzky
2019-06-14 13:39 Michael Orlitzky
2019-06-14 13:39 Michael Orlitzky
2019-05-01 3:50 Michael Orlitzky
2019-05-01 3:50 Michael Orlitzky
2019-04-16 22:59 Michael Orlitzky
2019-04-06 11:32 Michael Orlitzky
2019-04-02 1:37 Thomas Deutschmann
2019-03-31 21:16 Michael Orlitzky
2019-03-30 10:46 Agostino Sarubbo
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-03-27 17:19 Michael Orlitzky
2019-01-07 19:15 Lars Wendler
2018-09-14 22:13 Thomas Deutschmann
2017-03-31 12:09 Agostino Sarubbo
2017-03-03 23:52 Alon Bar-Lev
2016-08-05 14:14 Michał Górny
2016-06-03 13:03 Anthony G. Basile
2016-02-16 12:45 Eray Aslan
2016-02-14 10:11 Agostino Sarubbo
2016-01-15 9:03 Agostino Sarubbo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1607526107.4b33152c76d8149fe3120cacdb7435b894395a3b.mjo@gentoo \
--to=mjo@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox