mail-mta/postfix: new package

Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Quentin Retornaz <gentoo@retornaz.com>

9 files changed, 490 insertions, 0 deletions

diff --git a/mail-mta/postfix/Manifest b/mail-mta/postfix/Manifest
new file mode 100644
index 0000000..2826b07
--- /dev/null
+++ b/mail-mta/postfix/Manifest
@@ -0,0 +1 @@
+DIST postfix-3.5.8.tar.gz 4614733 BLAKE2B 13166e854f70987f981bb5e7e5dabfaa73b3170ab16fc1ff8f70f6b98a0697ac980bdf74bbfb39fdfd1972f922a31a28882b1575b79fd8f01d81e08e68d756bc SHA512 0abb07d99e343b76e6a26b4a090af9d592f4dfd03c8c737cc72bfb0f4267dafcbb0cb0aa7b6255f8b834c9289d89a5c47b167be3758239309937cb77e0d9464b
diff --git a/mail-mta/postfix/files/postfix-libressl-certkey.patch b/mail-mta/postfix/files/postfix-libressl-certkey.patch
new file mode 100644
index 0000000..b6ab8ae
--- /dev/null
+++ b/mail-mta/postfix/files/postfix-libressl-certkey.patch
@@ -0,0 +1,13 @@
+see https://bugs.gentoo.org/678874
+
+--- a/src/tls/tls_certkey.c.orig	2019-03-07 23:57:10 UTC
++++ b/src/tls/tls_certkey.c
+@@ -144,7 +144,7 @@ static void init_pem_load_state(pem_load
+ 
+ /* use_chain - load cert, key and chain into ctx or ssl */
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL
++#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL && !defined(LIBRESSL_VERSION_NUMBER)
+ static int use_chain(pem_load_state_t *st)
+ {
+     int     ret;
diff --git a/mail-mta/postfix/files/postfix-libressl-server.patch b/mail-mta/postfix/files/postfix-libressl-server.patch
new file mode 100644
index 0000000..8573bb8
--- /dev/null
+++ b/mail-mta/postfix/files/postfix-libressl-server.patch
@@ -0,0 +1,14 @@
+see https://bugs.gentoo.org/678874
+
+--- a/src/tls/tls_server.c.orig	2018-12-26 19:21:49 UTC
++++ b/src/tls/tls_server.c
+@@ -518,7 +518,9 @@ TLS_APPL_STATE *tls_server_init(const TL
+ 	 * ticket decryption callback already (since 2.11) asks OpenSSL to
+ 	 * avoid issuing new tickets when the presented ticket is re-usable.
+ 	 */
++#ifndef LIBRESSL_VERSION_NUMBER
+ 	SSL_CTX_set_num_tickets(server_ctx, 1);
++#endif
+     }
+ #endif
+     if (!ticketable)
diff --git a/mail-mta/postfix/files/postfix.rc6.2.7 b/mail-mta/postfix/files/postfix.rc6.2.7
new file mode 100644
index 0000000..5d429a5
--- /dev/null
+++ b/mail-mta/postfix/files/postfix.rc6.2.7
@@ -0,0 +1,85 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_started_commands="reload abort flush"
+
+description_reload="Re-read configuration files. Running processes terminate at their earliest convenience."
+description_abort="Stop the Postfix mail system abruptly. Running processes are signaled to stop immediately."
+description_flush="Force delivery: attempt to deliver every message in the deferred mail queue."
+
+# Please read http://www.postfix.org/MULTI_INSTANCE_README.html for multi instance support
+CONF_DIR="/etc/postfix"
+CONF_OPT="${SVCNAME##*.}"
+if [ -n ${CONF_OPT} -a ${SVCNAME} != "postfix" ]; then
+	CONF_DIR="${CONF_DIR}.${CONF_OPT}"
+fi
+if [ "${CONF_DIR}" = "/etc/postfix" ]; then
+	CONF_PARAM=""
+	CONF_MESSAGE=""
+else
+	CONF_PARAM="-c ${CONF_DIR}"
+	CONF_MESSAGE="(${CONF_DIR})"
+fi
+
+depend() {
+	use logger dns ypbind amavisd antivirus postfix_greylist net saslauthd
+	if [ "${SVCNAME}" = "postfix" ]; then
+		provide mta
+	fi
+}
+
+start() {
+	if [ ! -z "${CONF_PARAM}" ]; then
+		einfo "Please consider updating your config for postmulti support."
+	fi
+	ebegin "Starting postfix ${CONF_MESSAGE}"
+	if [ ! -d ${CONF_DIR} ]; then
+		eend 1 "${CONF_DIR} does not exist"
+		return 1
+	fi
+	/usr/sbin/postfix ${CONF_PARAM} start >/dev/null 2>&1
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping postfix ${CONF_MESSAGE}"
+	/usr/sbin/postfix ${CONF_PARAM} stop >/dev/null 2>&1
+	eend
+}
+
+status() {
+	local _retval
+	einfon ""
+	/usr/sbin/postfix ${CONF_PARAM} status
+	_retval=$?
+	if [ x${_retval} = 'x0' ]; then
+		mark_service_started "${SVCNAME}"
+		eend 0
+	else
+		mark_service_stopped "${SVCNAME}"
+		eend 3
+	fi
+}
+
+reload() {
+	ebegin "Reloading postfix ${CONF_MESSAGE}"
+	/usr/sbin/postfix ${CONF_PARAM} reload >/dev/null 2>&1
+	eend $?
+}
+
+abort() {
+	ebegin "Aborting postfix ${CONF_MESSAGE}"
+
+	if service_started "${SVCNAME}"; then
+		mark_service_stopped "${SVCNAME}"
+	fi
+	/usr/sbin/postfix ${CONF_PARAM} abort >/dev/null 2>&1
+	eend $?
+}
+
+flush() {
+	ebegin "Flushing postfix ${CONF_MESSAGE}"
+	/usr/sbin/postfix ${CONF_PARAM} flush >/dev/null 2>&1
+	eend $?
+}
diff --git a/mail-mta/postfix/files/postfix.service b/mail-mta/postfix/files/postfix.service
new file mode 100644
index 0000000..db585b3
--- /dev/null
+++ b/mail-mta/postfix/files/postfix.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=Postfix Mail Transport Agent
+After=network.target
+
+[Service]
+Type=forking
+ExecStartPre=-/usr/bin/newaliases
+ExecStart=/usr/sbin/postfix start
+ExecStop=/usr/sbin/postfix stop
+ExecReload=/usr/sbin/postfix reload
+# Hardening
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ReadWritePaths=-/etc/mail/aliases.db
+CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
+MemoryDenyWriteExecute=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
+RestrictNamespaces=true
+RestrictRealtime=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/mail-mta/postfix/files/smtp.pass b/mail-mta/postfix/files/smtp.pass
new file mode 100644
index 0000000..f9b5120
--- /dev/null
+++ b/mail-mta/postfix/files/smtp.pass
@@ -0,0 +1,2 @@
+#
+# remotehost user:password
diff --git a/mail-mta/postfix/files/smtp.sasl b/mail-mta/postfix/files/smtp.sasl
new file mode 100644
index 0000000..82f2945
--- /dev/null
+++ b/mail-mta/postfix/files/smtp.sasl
@@ -0,0 +1,2 @@
+pwcheck_method:saslauthd
+mech_list: PLAIN
diff --git a/mail-mta/postfix/metadata.xml b/mail-mta/postfix/metadata.xml
new file mode 100644
index 0000000..1193f1c
--- /dev/null
+++ b/mail-mta/postfix/metadata.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>eras@gentoo.org</email>
+		<name>
+			Eray Aslan
+		</name>
+	</maintainer>
+	<maintainer type="person">
+		<email>williamh@gentoo.org</email>
+		<name>
+			William Hubbs
+		</name>
+	</maintainer>
+	<use>
+		<flag name="dovecot-sasl">Enable <pkg>net-mail/dovecot</pkg> protocol
+			version 1 (server only) SASL implementation</flag>
+		<flag name="eai">Add support for SMTPUTF8</flag>
+		<flag name="ldap-bind">Add support for binding to LDAP backend
+			using <pkg>dev-libs/cyrus-sasl</pkg></flag>
+		<flag name="memcached">Add support for using <pkg>net-misc/memcached</pkg>
+			for lookup tables</flag>
+		<flag name="lmdb">Add support for using <pkg>dev-db/lmdb</pkg>
+			for lookup tables</flag>
+	</use>
+	<upstream>
+		<remote-id type="sourceforge">vda</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/mail-mta/postfix/postfix-3.5.8.ebuild b/mail-mta/postfix/postfix-3.5.8.ebuild
new file mode 100644
index 0000000..fdb966f
--- /dev/null
+++ b/mail-mta/postfix/postfix-3.5.8.ebuild
@@ -0,0 +1,317 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic pam systemd toolchain-funcs
+
+MY_PV="${PV/_rc/-RC}"
+MY_SRC="${PN}-${MY_PV}"
+MY_URI="ftp://ftp.porcupine.org/mirrors/postfix-release/official"
+RC_VER="2.7"
+
+DESCRIPTION="A fast and secure drop-in replacement for sendmail"
+HOMEPAGE="http://www.postfix.org/"
+SRC_URI="${MY_URI}/${MY_SRC}.tar.gz"
+
+LICENSE="|| ( IBM EPL-2.0 )"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86"
+IUSE="+berkdb cdb dovecot-sasl +eai hardened ldap ldap-bind libressl lmdb memcached mbox mysql nis pam postgres sasl selinux sqlite ssl"
+
+DEPEND="
+	acct-group/postfix
+	acct-group/postdrop
+	acct-user/postfix
+	>=dev-libs/libpcre-3.4
+	dev-lang/perl
+	berkdb? ( >=sys-libs/db-3.2:* )
+	cdb? ( || ( >=dev-db/tinycdb-0.76 >=dev-db/cdb-0.75-r4 ) )
+	eai? ( dev-libs/icu:= )
+	ldap? ( net-nds/openldap )
+	ldap-bind? ( net-nds/openldap[sasl] )
+	lmdb? ( >=dev-db/lmdb-0.9.11 )
+	mysql? ( dev-db/mysql-connector-c:0= )
+	nis? ( net-libs/libnsl )
+	pam? ( sys-libs/pam )
+	postgres? ( dev-db/postgresql:* )
+	sasl? (  >=dev-libs/cyrus-sasl-2 )
+	sqlite? ( dev-db/sqlite:3 )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( >=dev-libs/libressl-2.9.1:0= )
+	)"
+
+RDEPEND="${DEPEND}
+	memcached? ( net-misc/memcached )
+	net-mail/mailbase
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/exim
+	!mail-mta/mini-qmail
+	!mail-mta/msmtp[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!mail-mta/ssmtp[mta]
+	!net-mail/fastforward
+	selinux? ( sec-policy/selinux-postfix )"
+
+REQUIRED_USE="ldap-bind? ( ldap sasl )"
+
+S="${WORKDIR}/${MY_SRC}"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-libressl-certkey.patch"
+	"${FILESDIR}/${PN}-libressl-server.patch"
+)
+
+src_prepare() {
+	default
+	sed -i -e "/^#define ALIAS_DB_MAP/s|:/etc/aliases|:/etc/mail/aliases|" \
+		src/util/sys_defs.h || die "sed failed"
+	# change default paths to better comply with portage standard paths
+	sed -i -e "s:/usr/local/:/usr/:g" conf/master.cf || die "sed failed"
+}
+
+src_configure() {
+	for name in CDB LDAP LMDB MYSQL PCRE PGSQL SDBM SQLITE
+	do
+		local AUXLIBS_${name}=""
+	done
+
+	# Make sure LDFLAGS get passed down to the executables.
+	local mycc="-DHAS_PCRE" mylibs="${LDFLAGS} -ldl"
+	AUXLIBS_PCRE="$(pcre-config --libs)"
+
+	use pam && mylibs="${mylibs} -lpam"
+
+	if use ldap; then
+		mycc="${mycc} -DHAS_LDAP"
+		AUXLIBS_LDAP="-lldap -llber"
+	fi
+
+	if use mysql; then
+		mycc="${mycc} -DHAS_MYSQL $(mysql_config --include)"
+		AUXLIBS_MYSQL="$(mysql_config --libs)"
+	fi
+
+	if use postgres; then
+		mycc="${mycc} -DHAS_PGSQL -I$(pg_config --includedir)"
+		AUXLIBS_PGSQL="-L$(pg_config --libdir) -lpq"
+	fi
+
+	if use sqlite; then
+		mycc="${mycc} -DHAS_SQLITE"
+		AUXLIBS_SQLITE="-lsqlite3 -lpthread"
+	fi
+
+	if use ssl; then
+		mycc="${mycc} -DUSE_TLS"
+		mylibs="${mylibs} -lssl -lcrypto"
+	fi
+
+	if use lmdb; then
+		mycc="${mycc} -DHAS_LMDB"
+		AUXLIBS_LMDB="-llmdb -lpthread"
+	fi
+
+	if ! use eai; then
+		mycc="${mycc} -DNO_EAI"
+	fi
+
+	# broken. and "in other words, not supported" by upstream.
+	# Use inet_protocols setting in main.cf
+	#if ! use ipv6; then
+	#	mycc="${mycc} -DNO_IPV6"
+	#fi
+
+	if use sasl; then
+		if use dovecot-sasl; then
+			# Set dovecot as default.
+			mycc="${mycc} -DDEF_SASL_SERVER=\\\"dovecot\\\""
+		fi
+		if use ldap-bind; then
+			mycc="${mycc} -DUSE_LDAP_SASL"
+		fi
+		mycc="${mycc} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl"
+		mylibs="${mylibs} -lsasl2"
+	elif use dovecot-sasl; then
+		mycc="${mycc} -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\""
+	fi
+
+	if ! use nis; then
+		mycc="${mycc} -DNO_NIS"
+	fi
+
+	if ! use berkdb; then
+		mycc="${mycc} -DNO_DB"
+		if use cdb; then
+			# change default hash format from Berkeley DB to cdb
+			mycc="${mycc} -DDEF_DB_TYPE=\\\"cdb\\\""
+		fi
+	fi
+
+	if use cdb; then
+		mycc="${mycc} -DHAS_CDB -I/usr/include/cdb"
+		# Tinycdb is preferred.
+		if has_version dev-db/tinycdb ; then
+			einfo "Building with dev-db/tinycdb"
+			AUXLIBS_CDB="-lcdb"
+		else
+			einfo "Building with dev-db/cdb"
+			CDB_PATH="/usr/$(get_libdir)"
+			for i in cdb.a alloc.a buffer.a unix.a byte.a ; do
+				AUXLIBS_CDB="${AUXLIBS_CDB} ${CDB_PATH}/${i}"
+			done
+		fi
+	fi
+
+	# Robin H. Johnson <robbat2@gentoo.org> 17/Nov/2006
+	# Fix because infra boxes hit 2Gb .db files that fail a 32-bit fstat signed check.
+	mycc="${mycc} -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
+	filter-lfs-flags
+
+	# Workaround for bug #76512
+	if use hardened; then
+		[[ "$(gcc-version)" == "3.4" ]] && replace-flags -O? -Os
+	fi
+
+	# Remove annoying C++ comment style warnings - bug #378099
+	append-flags -Wno-comment
+
+	sed -i -e "/^RANLIB/s/ranlib/$(tc-getRANLIB)/g" "${S}"/makedefs
+	sed -i -e "/^AR/s/ar/$(tc-getAR)/g" "${S}"/makedefs
+
+	emake makefiles shared=yes dynamicmaps=no pie=yes \
+		shlib_directory="/usr/$(get_libdir)/postfix/MAIL_VERSION" \
+		DEBUG="" CC="$(tc-getCC)" OPT="${CFLAGS}" CCARGS="${mycc}" AUXLIBS="${mylibs}" \
+		AUXLIBS_CDB="${AUXLIBS_CDB}" AUXLIBS_LDAP="${AUXLIBS_LDAP}" \
+		AUXLIBS_LMDB="${AUXLIBS_LMDB}" AUXLIBS_MYSQL="${AUXLIBS_MYSQL}" \
+		AUXLIBS_PCRE="${AUXLIBS_PCRE}" AUXLIBS_PGSQL="${AUXLIBS_PGSQL}" \
+		AUXLIBS_SQLITE="${AUXLIBS_SQLITE}"
+}
+
+src_install() {
+	LD_LIBRARY_PATH="${S}/lib" \
+	/bin/sh postfix-install \
+		-non-interactive \
+		install_root="${D}" \
+		config_directory="/etc/postfix" \
+		manpage_directory="/usr/share/man" \
+		command_directory="/usr/sbin" \
+		mailq_path="/usr/bin/mailq" \
+		newaliases_path="/usr/bin/newaliases" \
+		sendmail_path="/usr/sbin/sendmail" \
+		|| die "postfix-install failed"
+
+	# Fix spool removal on upgrade
+	rm -Rf "${D}"/var
+	keepdir /var/spool/postfix
+
+	# Install rmail for UUCP, closes bug #19127
+	dobin auxiliary/rmail/rmail
+
+	# Provide another link for legacy FSH
+	dosym ../sbin/sendmail /usr/$(get_libdir)/sendmail
+
+	# Install qshape, posttls-finger and collate
+	dobin auxiliary/qshape/qshape.pl
+	doman man/man1/qshape.1
+	dobin bin/posttls-finger
+	doman man/man1/posttls-finger.1
+	dobin auxiliary/collate/collate.pl
+	newdoc auxiliary/collate/README README.collate
+
+	# Performance tuning tools and their manuals
+	dosbin bin/smtp-{source,sink} bin/qmqp-{source,sink}
+	doman man/man1/smtp-{source,sink}.1 man/man1/qmqp-{source,sink}.1
+
+	# Set proper permissions on required files/directories
+	keepdir /var/lib/postfix
+	fowners -R postfix:postfix /var/lib/postfix
+	fperms 0750 /var/lib/postfix
+	fowners root:postdrop /usr/sbin/post{drop,queue}
+	fperms 02755 /usr/sbin/post{drop,queue}
+
+	keepdir /etc/postfix
+	keepdir /etc/postfix/postfix-files.d
+	if use mbox; then
+		mypostconf="mail_spool_directory=/var/spool/mail"
+	else
+		mypostconf="home_mailbox=.maildir/"
+	fi
+	LD_LIBRARY_PATH="${S}/lib" \
+	"${D}"/usr/sbin/postconf -c "${D}"/etc/postfix \
+		-e ${mypostconf} || die "postconf failed"
+
+	insinto /etc/postfix
+	newins "${FILESDIR}"/smtp.pass saslpass
+	fperms 600 /etc/postfix/saslpass
+
+	newinitd "${FILESDIR}"/postfix.rc6.${RC_VER} postfix
+	# do not start mysql/postgres unnecessarily - bug #359913
+	use mysql || sed -i -e "s/mysql //" "${D}/etc/init.d/postfix"
+	use postgres || sed -i -e "s/postgresql //" "${D}/etc/init.d/postfix"
+
+	dodoc *README COMPATIBILITY HISTORY PORTING RELEASE_NOTES*
+	mv "${S}"/examples "${D}"/usr/share/doc/${PF}/
+	# postfix set-permissions expects uncompressed man files
+	docompress -x /usr/share/man
+
+	pamd_mimic_system smtp auth account
+
+	if use sasl; then
+		insinto /etc/sasl2
+		newins "${FILESDIR}"/smtp.sasl smtpd.conf
+	fi
+
+	# header files
+	insinto /usr/include/postfix
+	doins include/*.h
+
+	if has_version mail-mta/postfix; then
+		# let the sysadmin decide when to change the compatibility_level
+		sed -i -e /^compatibility_level/"s/^/#/" "${D}"/etc/postfix/main.cf || die
+	fi
+
+	systemd_dounit "${FILESDIR}/${PN}.service"
+}
+
+pkg_preinst() {
+	if has_version '<mail-mta/postfix-3.4'; then
+		elog
+		elog "Postfix-3.4 introduces a new master.cf service 'postlog'"
+		elog "with type 'unix-dgram' that is used by the new postlogd(8) daemon."
+		elog "Before backing out to an older Postfix version, edit the master.cf"
+		elog "file and remove the postlog entry."
+		elog
+	fi
+}
+
+pkg_postinst() {
+	if [[ ! -e /etc/mail/aliases.db ]] ; then
+		ewarn
+		ewarn "You must edit /etc/mail/aliases to suit your needs"
+		ewarn "and then run /usr/bin/newaliases. Postfix will not"
+		ewarn "work correctly without it."
+		ewarn
+	fi
+
+	# check and fix file permissions
+	"${EROOT}"/usr/sbin/postfix set-permissions
+
+	# configure tls
+	if use ssl ; then
+		if "${EROOT}"/usr/sbin/postfix tls all-default-client; then
+			elog "To configure client side TLS settings:"
+			elog "${EROOT}"/usr/sbin/postfix tls enable-client
+		fi
+		if "${EROOT}"/usr/sbin/postfix tls all-default-server; then
+			elog "To configure server side TLS settings:"
+			elog "${EROOT}"/usr/sbin/postfix tls enable-server
+		fi
+	fi
+}