From 90d2a61d4322df2188ed4d5b56d1a152779435ae Mon Sep 17 00:00:00 2001 From: Sam James Date: Wed, 23 Mar 2022 00:09:49 +0000 Subject: mail-filter/opendkim: add subslot dep on OpenLDAP New OpenLDAP breaks ABI (changes SONAME) Signed-off-by: Sam James --- mail-filter/opendkim/opendkim-2.10.3-r28.ebuild | 254 ++++++++++++++++++++++++ 1 file changed, 254 insertions(+) create mode 100644 mail-filter/opendkim/opendkim-2.10.3-r28.ebuild (limited to 'mail-filter/opendkim/opendkim-2.10.3-r28.ebuild') diff --git a/mail-filter/opendkim/opendkim-2.10.3-r28.ebuild b/mail-filter/opendkim/opendkim-2.10.3-r28.ebuild new file mode 100644 index 000000000000..fb9509a1384b --- /dev/null +++ b/mail-filter/opendkim/opendkim-2.10.3-r28.ebuild @@ -0,0 +1,254 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +LUA_COMPAT=( lua5-1 lua5-2 ) + +inherit autotools db-use systemd tmpfiles lua-single + +DESCRIPTION="A milter providing DKIM signing and verification" +HOMEPAGE="http://opendkim.org/" +SRC_URI="https://downloads.sourceforge.net/project/opendkim/${P}.tar.gz" + +# The GPL-2 is for the init script, bug 425960. +LICENSE="BSD GPL-2 Sendmail-Open-Source" +SLOT="0" +KEYWORDS="amd64 ~arm ~arm64 x86" +IUSE="berkdb ldap lmdb lua memcached opendbx poll sasl selinux +ssl static-libs stats querycache test unbound" + +BDEPEND="acct-user/opendkim + test? ( ${LUA_DEPS} )" + +COMMON_DEPEND="|| ( mail-filter/libmilter mail-mta/sendmail ) + dev-libs/libbsd + sys-apps/grep + ssl? ( + dev-libs/openssl:0= + ) + berkdb? ( >=sys-libs/db-3.2:* ) + opendbx? ( >=dev-db/opendbx-1.4.0 ) + lua? ( ${LUA_DEPS} ) + ldap? ( net-nds/openldap:= ) + lmdb? ( dev-db/lmdb:= ) + memcached? ( dev-libs/libmemcached ) + sasl? ( dev-libs/cyrus-sasl ) + unbound? ( >=net-dns/unbound-1.4.1:= net-dns/dnssec-root ) + !unbound? ( net-libs/ldns:= )" + +DEPEND="${COMMON_DEPEND}" + +RDEPEND="${COMMON_DEPEND} + acct-user/opendkim + sys-process/psmisc + selinux? ( sec-policy/selinux-dkim )" + +REQUIRED_USE="sasl? ( ldap ) + stats? ( opendbx ) + querycache? ( berkdb ) + lua? ( ${LUA_REQUIRED_USE} ) + test? ( ${LUA_REQUIRED_USE} )" +RESTRICT="!test? ( test )" + +PATCHES=( + "${FILESDIR}/${P}-openrc.patch" + "${FILESDIR}/${P}-openssl-1.1.1.patch.r2" + "${FILESDIR}/${P}-lua-pkgconfig.patch" + "${FILESDIR}/${P}-lua-pkgconfig-pt2.patch" + "${FILESDIR}/${P}-define-P-macro-in-libvbr.patch" + "${FILESDIR}/${P}-fix-libmilter-search.patch" +) + +pkg_setup() { + use lua && lua-single_pkg_setup +} + +src_prepare() { + default + sed -e 's:/var/db/dkim:/var/lib/opendkim:g' \ + -i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \ + || die + sed -e 's:dist_doc_DATA:dist_html_DATA:' \ + -i libopendkim/docs/Makefile.am \ + || die + + # The existing hard-coded path under /tmp is vulnerable to exploits + # since (for example) a user can create a symlink there to a file + # that portage will clobber. Reported upstream at, + # + # https://github.com/trusteddomainproject/OpenDKIM/issues/113 + # + sed -e "s:/tmp:${T}:" -i libopendkim/tests/t-testdata.h || die + + eautoreconf +} + +src_configure() { + local myconf=() + if use berkdb ; then + myconf+=( --with-db-incdir=$(db_includedir) ) + fi + if use unbound; then + myconf+=( --with-unbound ) + else + myconf+=( --with-ldns ) + fi + if use ldap; then + myconf+=( $(use_with sasl) ) + fi + + # We install the our configuration filed under e.g. /etc/opendkim, + # so the next line is necessary to point the daemon and all of its + # documentation to the right location by default. + myconf+=( --sysconfdir="${EPREFIX}/etc/${PN}" ) + + econf \ + $(use_with berkdb db) \ + $(use_with opendbx odbx) \ + $(use_with lua) \ + $(use_enable lua rbl) \ + $(use_with ldap openldap) \ + $(use_with lmdb) \ + $(use_enable poll) \ + $(use_enable querycache query_cache) \ + $(use_enable static-libs static) \ + $(use_enable stats) \ + $(use_with memcached libmemcached) \ + "${myconf[@]}" \ + --enable-filter \ + --with-milter \ + --enable-atps \ + --enable-identity_header \ + --enable-rate_limit \ + --enable-resign \ + --enable-replace_rules \ + --enable-default_sender \ + --enable-sender_macro \ + --enable-vbr \ + --disable-live-testing \ + --with-test-socket="${T}/opendkim.sock" +} + +src_compile() { + emake runstatedir=/run +} + +src_test() { + # Needed for now due to the expected sequencing of the setup/cleanup + # tests, https://github.com/trusteddomainproject/OpenDKIM/issues/110 + emake -j1 check +} + +src_install() { + default + find "${D}" -name '*.la' -type f -delete || die + + dosbin stats/opendkim-reportstats + + newinitd "${S}/contrib/OpenRC/opendkim.openrc" "${PN}" + newtmpfiles "${S}/contrib/systemd/opendkim.tmpfiles" "${PN}.conf" + systemd_newunit "contrib/systemd/opendkim.service" "${PN}.service" + + dodir /etc/opendkim + keepdir /var/lib/opendkim + + # The OpenDKIM data (particularly, your keys) should be read-only to + # the UserID that the daemon runs as. + fowners root:opendkim /var/lib/opendkim + fperms 750 /var/lib/opendkim + + # Tweak the "simple" example configuration a bit before installing + # it unconditionally. + local cf="${T}/opendkim.conf" + # Some MTAs are known to break DKIM signatures with "simple" + # canonicalization [1], so we choose the "relaxed" policy + # over OpenDKIM's current default settings. + # [1] https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/ + sed -E -e 's:^(Canonicalization)[[:space:]]+.*:\1\trelaxed/relaxed:' \ + "${S}/opendkim/opendkim.conf.simple" >"${cf}" || die + cat >>"${cf}" <