From c8fe3982751aa4881b42f89ed080b210c4529c81 Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Sat, 17 Nov 2018 10:09:21 -0500 Subject: mail-filter/amavisd-new: new version 2.11.1. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A mostly standard version bump (bug 668494) with some improvements and bug fixes piled on: * The sys-apps/file dependency is replaced by dev-perl/File-LibMagic to improve performance a bit (bug 592802). * New user creation has been moved to pkg_setup(). This allows us to set permissions and ownership properly in src_install(), so that we don't have to "fix" them later and cause big ol' security problems (bug 630836). * The OpenRC service script has been rewritten to use start-stop-daemon. This fixes outstanding bugs 507352, 634860, and 646336. * The systemd service dependencies have been updated (bug 581452). We never really needed spamassassin (spamd) at all, and we shouldn't fail to start if postfix/clamav are absent entirely. * As part of the previous item, removed two failing "sed" calls (that were missing die() statements!) intended to modify a service file that no longer lives where it used to. Thanks are due to, * Marcin Mirosław who reported an OpenRC issue, * Nick Wiltshire for reporting and testing the OpenRC fixes, * Robin Lutz for reporting the OpenRC restart issue, * Timo Rothenpieler for reporting the systemd dependency issue. Bug: https://bugs.gentoo.org/630836 Closes: https://bugs.gentoo.org/507352 Closes: https://bugs.gentoo.org/581452 Closes: https://bugs.gentoo.org/592802 Closes: https://bugs.gentoo.org/634860 Closes: https://bugs.gentoo.org/646336 Closes: https://bugs.gentoo.org/668494 Signed-off-by: Michael Orlitzky Package-Manager: Portage-2.3.51, Repoman-2.3.11 --- mail-filter/amavisd-new/Manifest | 1 + .../amavisd-new/amavisd-new-2.11.0-r4.ebuild | 184 -------------------- mail-filter/amavisd-new/amavisd-new-2.11.1.ebuild | 190 +++++++++++++++++++++ mail-filter/amavisd-new/files/amavisd.initd-r2 | 42 +++++ mail-filter/amavisd-new/files/amavisd.service-r1 | 21 +++ 5 files changed, 254 insertions(+), 184 deletions(-) delete mode 100644 mail-filter/amavisd-new/amavisd-new-2.11.0-r4.ebuild create mode 100644 mail-filter/amavisd-new/amavisd-new-2.11.1.ebuild create mode 100644 mail-filter/amavisd-new/files/amavisd.initd-r2 create mode 100644 mail-filter/amavisd-new/files/amavisd.service-r1 (limited to 'mail-filter/amavisd-new') diff --git a/mail-filter/amavisd-new/Manifest b/mail-filter/amavisd-new/Manifest index 44fb609486f5..7b3a4228338b 100644 --- a/mail-filter/amavisd-new/Manifest +++ b/mail-filter/amavisd-new/Manifest @@ -1 +1,2 @@ +DIST amavis-amavisd-new-2.11.1.tar.gz 1093467 BLAKE2B 1e43ddea86ff269b02cbbcd125d913c51b66728b1063cde6ca3f3f24f1bd36f9f3c7f51a8baf509d2aca0d41a07a00bb9abe08dd70724391c552634715d01a75 SHA512 6ef291868908bd13d6ce913f5c8c3898b35eba490877e8eded3951a32be7549145df5db1409f124a3631ec88dd7eeb9457ce2b063ae3e3bccd76cc2a9b8741ae DIST amavisd-new-2.11.0.tar.xz 780548 BLAKE2B 59cea5219a737275411c08c7d137ff2109ebbfee8f5f567d80e0cd73cfbb22887dd186383bfd02ad9880e099e0c06b829de43b9e12dbc3151813533166e51654 SHA512 a33292c976abf54db9475392069658c926e7a6f11a4970bbe353b34b3343388bc83b40eda4729f8efa735a3a6e23fd1ed83487f6f7ccf1e9f0903220e6d26957 diff --git a/mail-filter/amavisd-new/amavisd-new-2.11.0-r4.ebuild b/mail-filter/amavisd-new/amavisd-new-2.11.0-r4.ebuild deleted file mode 100644 index 0efc27e64544..000000000000 --- a/mail-filter/amavisd-new/amavisd-new-2.11.0-r4.ebuild +++ /dev/null @@ -1,184 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -inherit systemd user - -MY_P="${P/_/-}" -DESCRIPTION="High-performance interface between the MTA and content checkers" -HOMEPAGE="https://www.ijs.si/software/amavisd/" -SRC_URI="https://www.ijs.si/software/amavisd/${MY_P}.tar.xz" -PORTAGE_DOHTML_WARN_ON_SKIPPED_FILES=yes - -LICENSE="GPL-2 BSD-2" -SLOT="0" -KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" -IUSE="clamav courier dkim ldap mysql postgres qmail razor snmp spamassassin zmq" - -DEPEND=">=sys-apps/sed-4 - >=dev-lang/perl-5.10.0" - -RDEPEND="${DEPEND} - >=sys-apps/coreutils-5.0-r3 - app-arch/cpio - app-arch/gzip - app-arch/bzip2 - app-arch/arc - app-arch/cabextract - app-arch/freeze - app-arch/lha - app-arch/lrzip - app-arch/lzop - app-arch/ncompress - app-arch/p7zip - app-arch/pax - app-arch/unarj - app-arch/unrar - app-arch/xz-utils - app-arch/zoo - net-mail/ripole - >=dev-perl/Archive-Zip-1.14 - >=virtual/perl-IO-Compress-1.35 - >=virtual/perl-Compress-Raw-Zlib-2.017 - net-mail/tnef - virtual/perl-MIME-Base64 - >=dev-perl/MIME-tools-5.415 - >=dev-perl/MailTools-1.58 - >=dev-perl/Net-Server-0.91 - virtual/perl-Digest-MD5 - dev-perl/IO-stringy - virtual/perl-IO-Socket-IP - >=virtual/perl-Time-HiRes-1.49 - dev-perl/Unix-Syslog - dev-perl/Net-LibIDN - sys-apps/file - >=sys-libs/db-4.4.20 - dev-perl/BerkeleyDB - dev-perl/Convert-BinHex - >=dev-perl/Mail-DKIM-0.31 - virtual/perl-File-Temp - dev-perl/Net-SSLeay - dev-perl/IO-Socket-SSL - virtual/mta - clamav? ( app-antivirus/clamav ) - ldap? ( >=dev-perl/perl-ldap-0.33 ) - mysql? ( dev-perl/DBD-mysql ) - postgres? ( dev-perl/DBD-Pg ) - razor? ( mail-filter/razor ) - snmp? ( net-analyzer/net-snmp[perl] ) - spamassassin? ( mail-filter/spamassassin dev-perl/Image-Info ) - zmq? ( dev-perl/ZMQ-LibZMQ3 )" - -AMAVIS_ROOT="/var/amavis" -S="${WORKDIR}/${MY_P}" - -src_prepare() { - # amavisd-new version 2.11.0 breaks DKIM signing of outbound mail, - # see https://bugs.gentoo.org/603582 - eapply "${FILESDIR}/amavisd-2.11.0-dkim.patch" - - if use courier ; then - eapply -p0 amavisd-new-courier.patch - fi - - if use qmail ; then - eapply -p0 amavisd-new-qmqpqq.patch - fi - - sed -i \ - -e '/daemon/s/vscan/amavis/' \ - -e "s:'/var/virusmails':\"\$MYHOME/quarantine\":" \ - "${S}/amavisd.conf" "${S}/amavis-mc" || die "missing conf file" - - if ! use dkim ; then - sed -i -e '/enable_dkim/s/1/0/' "${S}/amavisd.conf" \ - || die "missing conf file - dkim" - fi - - if use zmq ; then - sed -i -e '/enable_zmq/s/# //' "${S}/amavisd.conf" \ - || die "missing conf file - zmq" - fi - - if ! use spamassassin ; then - sed -i -e \ - "/^#[[:space:]]*@bypass_spam_checks_maps[[:space:]]*=[[:space:]]*(1)/s/^#//" \ - "${S}/amavisd.conf" || die "missing conf file - sa" - fi - eapply_user -} - -src_install() { - dosbin amavisd amavisd-agent amavisd-nanny amavisd-release \ - amavisd-signer amavisd-status - dobin p0f-analyzer.pl amavisd-submit - - if use snmp ; then - dosbin amavisd-snmp-subagent - use zmq && dosbin amavisd-snmp-subagent-zmq - dodoc AMAVIS-MIB.txt - newinitd "${FILESDIR}"/amavisd-snmp.initd amavisd-snmp - fi - - if use zmq ; then - dosbin amavis-services amavis-mc - newinitd "${FILESDIR}"/amavis-mc.initd amavis-mc - fi - - insinto /etc - insopts -m0640 - doins amavisd.conf - - newinitd "${FILESDIR}/amavisd.initd-r1" amavisd - - systemd_dounit "${FILESDIR}/amavisd.service" - use clamav || sed -i -e '/Wants=clamd/d' "${ED}"/usr/lib/systemd/system/amavisd.service - use spamassassin || sed -i -e '/Wants=spamassassin/d' "${ED}"/usr/lib/systemd/system/amavisd.service - - keepdir "${AMAVIS_ROOT}" - keepdir "${AMAVIS_ROOT}/db" - keepdir "${AMAVIS_ROOT}/quarantine" - keepdir "${AMAVIS_ROOT}/tmp" - keepdir "${AMAVIS_ROOT}/var" - - dodoc AAAREADME.first INSTALL MANIFEST RELEASE_NOTES TODO \ - amavisd.conf-default amavisd-custom.conf - - docinto README_FILES - dodoc README_FILES/README* - dodoc -r README_FILES/*.{html,css} - docinto README_FILES/images - dodoc README_FILES/images/*.png - docinto README_FILES/images/callouts - dodoc README_FILES/images/callouts/*.png - - docinto test-messages - dodoc test-messages/README - dodoc test-messages/sample.tar.gz.compl - - if use ldap ; then - dodir /etc/openldap/schema - insinto /etc/openldap/schema - insopts -o root -g root -m 644 - newins LDAP.schema ${PN}.schema || die - fi -} - -pkg_preinst() { - enewgroup amavis - enewuser amavis -1 -1 "${AMAVIS_ROOT}" amavis - if use razor ; then - if [ ! -d "${ROOT}${AMAVIS_ROOT}/.razor" ] ; then - elog "Setting up initial razor config files..." - - razor-admin -create -home="${D}/${AMAVIS_ROOT}/.razor" - sed -i -e "s:debuglevel\([ ]*\)= .:debuglevel\1= 0:g" \ - "${D}/${AMAVIS_ROOT}/.razor/razor-agent.conf" || die - fi - fi -} - -pkg_postinst() { - chown root:amavis "${ROOT}/etc/amavisd.conf" - chown -R amavis:amavis "${ROOT}/${AMAVIS_ROOT}" -} diff --git a/mail-filter/amavisd-new/amavisd-new-2.11.1.ebuild b/mail-filter/amavisd-new/amavisd-new-2.11.1.ebuild new file mode 100644 index 000000000000..3b4205bb331d --- /dev/null +++ b/mail-filter/amavisd-new/amavisd-new-2.11.1.ebuild @@ -0,0 +1,190 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit systemd user + +DESCRIPTION="High-performance interface between the MTA and content checkers" +HOMEPAGE="https://gitlab.com/amavis/amavis" +SRC_URI="${HOMEPAGE}/-/archive/${P}/amavis-${P}.tar.gz" +PORTAGE_DOHTML_WARN_ON_SKIPPED_FILES=yes + +LICENSE="GPL-2 BSD-2" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="clamav courier dkim ldap mysql postgres qmail razor snmp spamassassin zmq" + +DEPEND=">=sys-apps/sed-4 + >=dev-lang/perl-5.10.0" + +RDEPEND="${DEPEND} + >=sys-apps/coreutils-5.0-r3 + app-arch/cpio + app-arch/gzip + app-arch/bzip2 + app-arch/arc + app-arch/cabextract + app-arch/freeze + app-arch/lha + app-arch/lrzip + app-arch/lzop + app-arch/ncompress + app-arch/p7zip + app-arch/pax + app-arch/unarj + app-arch/unrar + app-arch/xz-utils + app-arch/zoo + net-mail/ripole + >=dev-perl/Archive-Zip-1.14 + >=virtual/perl-IO-Compress-1.35 + >=virtual/perl-Compress-Raw-Zlib-2.017 + net-mail/tnef + virtual/perl-MIME-Base64 + >=dev-perl/MIME-tools-5.415 + >=dev-perl/MailTools-1.58 + >=dev-perl/Net-Server-0.91 + virtual/perl-Digest-MD5 + dev-perl/IO-stringy + virtual/perl-IO-Socket-IP + >=virtual/perl-Time-HiRes-1.49 + dev-perl/Unix-Syslog + dev-perl/Net-LibIDN + dev-perl/File-LibMagic + >=sys-libs/db-4.4.20 + dev-perl/BerkeleyDB + dev-perl/Convert-BinHex + >=dev-perl/Mail-DKIM-0.31 + virtual/perl-File-Temp + dev-perl/Net-SSLeay + dev-perl/IO-Socket-SSL + virtual/mta + clamav? ( app-antivirus/clamav ) + ldap? ( >=dev-perl/perl-ldap-0.33 ) + mysql? ( dev-perl/DBD-mysql ) + postgres? ( dev-perl/DBD-Pg ) + razor? ( mail-filter/razor ) + snmp? ( net-analyzer/net-snmp[perl] ) + spamassassin? ( mail-filter/spamassassin dev-perl/Image-Info ) + zmq? ( dev-perl/ZMQ-LibZMQ3 )" + +AMAVIS_ROOT="/var/amavis" +S="${WORKDIR}/amavis-${P}" + +pkg_setup() { + # Create the user beforehand so that we can install the config file + # (and some directories) with group "amavis" in src_install(). + enewgroup amavis + enewuser amavis -1 -1 "${AMAVIS_ROOT}" amavis +} + +src_prepare() { + # amavisd-new version 2.11.0 breaks DKIM signing of outbound mail, + # see https://bugs.gentoo.org/603582 + eapply "${FILESDIR}/amavisd-2.11.0-dkim.patch" + + if use courier ; then + eapply -p0 amavisd-new-courier.patch + fi + + if use qmail ; then + eapply -p0 amavisd-new-qmqpqq.patch + fi + + sed -i \ + -e '/daemon/s/vscan/amavis/' \ + -e "s:'/var/virusmails':\"\$MYHOME/quarantine\":" \ + "${S}/amavisd.conf" "${S}/amavis-mc" || die "missing conf file" + + if ! use dkim ; then + sed -i -e '/enable_dkim/s/1/0/' "${S}/amavisd.conf" \ + || die "missing conf file - dkim" + fi + + if use zmq ; then + sed -i -e '/enable_zmq/s/# //' "${S}/amavisd.conf" \ + || die "missing conf file - zmq" + fi + + if ! use spamassassin ; then + sed -i -e \ + "/^#[[:space:]]*@bypass_spam_checks_maps[[:space:]]*=[[:space:]]*(1)/s/^#//" \ + "${S}/amavisd.conf" || die "missing conf file - sa" + fi + + eapply_user +} + +src_install() { + dosbin amavisd amavisd-agent amavisd-nanny amavisd-release \ + amavisd-signer amavisd-status + dobin p0f-analyzer.pl amavisd-submit + + if use snmp ; then + dosbin amavisd-snmp-subagent + use zmq && dosbin amavisd-snmp-subagent-zmq + dodoc AMAVIS-MIB.txt + newinitd "${FILESDIR}"/amavisd-snmp.initd amavisd-snmp + fi + + if use zmq ; then + dosbin amavis-services amavis-mc + newinitd "${FILESDIR}"/amavis-mc.initd amavis-mc + fi + + if use ldap ; then + dodir /etc/openldap/schema + insinto /etc/openldap/schema + newins LDAP.schema ${PN}.schema || die + fi + + # The config file should be root:amavis so that the amavis user can + # read (only) it after dropping privileges. And of course he should + # own everything in his home directory. + insinto /etc + insopts -m0640 -g amavis + doins amavisd.conf + + # Implementation detail? Keepdir calls dodir under the hood. + diropts -o amavis -g amavis + keepdir "${AMAVIS_ROOT}"/{,db,quarantine,tmp,var} + + # BEWARE: + # + # Anything below this line is using the mangled insopts/diropts from + # above! + # + + newinitd "${FILESDIR}/amavisd.initd-r2" amavisd + + systemd_dounit "${FILESDIR}/amavisd.service-r1" + + dodoc AAAREADME.first INSTALL MANIFEST RELEASE_NOTES TODO \ + amavisd.conf-default amavisd-custom.conf + + docinto README_FILES + dodoc README_FILES/README* + dodoc -r README_FILES/*.{html,css} + docinto README_FILES/images + dodoc README_FILES/images/*.png + docinto README_FILES/images/callouts + dodoc README_FILES/images/callouts/*.png + + docinto test-messages + dodoc test-messages/README + dodoc test-messages/sample.tar.gz.compl +} + +pkg_preinst() { + # TODO: the following is done as root, but should probably be done + # as the amavis user. + if use razor ; then + if [ ! -d "${ROOT}${AMAVIS_ROOT}/.razor" ] ; then + elog "Setting up initial razor config files..." + + razor-admin -create -home="${D}/${AMAVIS_ROOT}/.razor" + sed -i -e "s:debuglevel\([ ]*\)= .:debuglevel\1= 0:g" \ + "${D}/${AMAVIS_ROOT}/.razor/razor-agent.conf" || die + fi + fi +} diff --git a/mail-filter/amavisd-new/files/amavisd.initd-r2 b/mail-filter/amavisd-new/files/amavisd.initd-r2 new file mode 100644 index 000000000000..2e58bf9b7a93 --- /dev/null +++ b/mail-filter/amavisd-new/files/amavisd.initd-r2 @@ -0,0 +1,42 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" +command="/usr/sbin/${RC_SVCNAME}" +pidfile="/run/${RC_SVCNAME}.pid" + +# Why run in the foreground? Typically amavisd will drop privileges +# and then write its own PID file in its home directory. This is fine +# so long as you use e.g. "amavisd stop" to stop the daemon. But, we +# want to use start-stop-daemon to do it. And start-stop-daemon will +# send a signal *as root* to the PID contained in the PID file. So, we +# don't want to rely on a PID file that's controlled by a non-root +# user. +# +# As a workaround, we run amavisd in the foreground, and let +# start-stop-daemon push it into the background with its own PID +# file. We don't pass "-P" via command_args below because we don't +# want amavisd to try (and fail) to create that PID file. This does +# mean that you can't run "amavisd stop" or "amavisd reload" directly; +# sorry! +command_args="foreground" +command_background="true" + +# The amavisd daemon provides its own "stop" and "reload" functions, +# but if you read into the source, they just do what start-stop-daemon +# is going to do anyway. The "stop" command for amavisd will send a +# SIGTERM immediately, and then a SIGKILL after 60 seconds. So, we do +# that too. The "reload" command sends a SIGHUP; see reload() below. +retry="SIGTERM/15 SIGKILL/60" + +depend() { + use net logger antivirus snmpd + before mta +} + +reload() { + ebegin "Reloading ${RC_SVCNAME}" + start-stop-daemon --signal HUP --pidfile "${pidfile}" + eend $? +} diff --git a/mail-filter/amavisd-new/files/amavisd.service-r1 b/mail-filter/amavisd-new/files/amavisd.service-r1 new file mode 100644 index 000000000000..038712853551 --- /dev/null +++ b/mail-filter/amavisd-new/files/amavisd.service-r1 @@ -0,0 +1,21 @@ +[Unit] +Description=Amavisd Daemon +Before=postfix.service +After=clamd.service +After=network.target + +[Service] +User=amavis +Group=amavis +ExecStart=/usr/sbin/amavisd -c /etc/amavisd.conf foreground +ExecReload=/usr/sbin/amavisd -c /etc/amavisd.conf reload +PrivateTmp=true +CapabilityBoundingSet= +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +ProtectHome=true +MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3-65-gdbad