[arch-commits] Commit in postfix/trunk (8 files)
David Runge
dvzrv at archlinux.org
Mon Nov 9 23:45:36 UTC 2020
Date: Monday, November 9, 2020 @ 23:45:36
Author: dvzrv
Revision: 399949
upgpkg: postfix 3.5.8-1: Upgrade to 3.5.8.
Switch to correct license (EPL).
Add a patch to set defaults in main.cf in prepare().
Split AUXLIBS into the various specific subcomponents.
Provide SHLIB_RPATH to achieve full RELRO.
Add dynamicmaps=yes so that dynamic libraries are split.
Add CPPFLAGS to OPT, so that fortify is applied.
Replace call to custom post-install script with tmpfiles.d.
Remove unneeded patch and customizations.
Apply mild hardening to the systemd service.
Add tmpfiles.d integration for sgid binaries and custom chmod
directories in /var/spool.
Update maintainer info.
Added:
postfix/trunk/postfix-3.5.8-main_defaults.patch
postfix/trunk/postfix.service
(from rev 399948, postfix/trunk/service)
postfix/trunk/postfix.sysusers
(from rev 399948, postfix/trunk/sysusers.d)
postfix/trunk/postfix.tmpfiles
Modified:
postfix/trunk/PKGBUILD
Deleted:
postfix/trunk/aliases.patch
postfix/trunk/service
postfix/trunk/sysusers.d
-----------------------------------+
PKGBUILD | 179 ++++++++++++++++++------------------
aliases.patch | 18 ---
postfix-3.5.8-main_defaults.patch | 19 +++
postfix.service | 18 +++
postfix.sysusers | 2
postfix.tmpfiles | 15 +++
service | 14 --
sysusers.d | 2
8 files changed, 144 insertions(+), 123 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-11-09 23:13:17 UTC (rev 399948)
+++ PKGBUILD 2020-11-09 23:45:36 UTC (rev 399949)
@@ -1,108 +1,109 @@
+# Maintainer: David Runge <dvzrv at archlinux.org>
+# Contributor: Gaetan Bisson <bisson at archlinux.org>
# Contributor: Jeff Brodnax <tullyarcher at bellsouth.net>
# Contributor: Paul Mattal <paul at archlinux.org>
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
pkgname=postfix
-pkgver=3.5.6
-pkgrel=2
-url='http://www.postfix.org/'
+pkgver=3.5.8
+pkgrel=1
+url="http://www.postfix.org/"
pkgdesc='Fast, easy to administer, secure mail server'
-license=('custom')
+license=('EPL')
arch=('x86_64')
-depends=('openssl' 'pcre' 'icu' 'libsasl' 'libldap' 'db' 'libnsl'
- 'mariadb-libs' 'postgresql-libs' 'sqlite' 'tinycdb')
-optdepends=('perl: postfix-collate.pl and qshape')
-source=("http://ftp.porcupine.org/mirrors/postfix-release/official/${pkgname}-${pkgver}.tar.gz"
- 'aliases.patch'
- 'sysusers.d'
- 'service')
-sha256sums=('8ec0aa671582adce157675e15da1dfa7ac2b5ff653571addba643735d0ec1e6a'
- 'f4c766efc20b4638f9fd72707ca6d4c2628279ebd79f5227276fa4ca6867c336'
- '63f39147887336bdd173fb9425998f0a0c6f00a31241f922a255c157bfd8d02e'
- '52781649c49a50cecd7d20f693f602d7dc78b985ac5f0e72c4abfa0d800e58f0')
-
-backup=('etc/postfix/'{access,aliases,canonical,generic,header_checks,main.cf,master.cf,relocated,transport,virtual})
-
+depends=('db' 'glibc' 'libldap' 'libnsl' 'libsasl' 'openssl' 'pcre'
+'postgresql-libs' 'sqlite' 'tinycdb' 'zlib')
+makedepends=('icu' 'mariadb-libs')
+optdepends=('perl: for postfix-collate.pl and qshape')
conflicts=('smtp-server' 'smtp-forwarder' 'postfix-tools')
provides=('smtp-server' 'smtp-forwarder' 'postfix-tools')
replaces=('postfix-tools')
+backup=('etc/postfix/'{access,aliases,canonical,generic,header_checks,main.cf,master.cf,relocated,transport,virtual})
+source=("http://ftp.porcupine.org/mirrors/postfix-release/official/${pkgname}-${pkgver}.tar.gz"
+ "${pkgname}-3.5.8-main_defaults.patch"
+ "${pkgname}.service"
+ "${pkgname}.sysusers"
+ "${pkgname}.tmpfiles"
+)
+sha512sums=('0abb07d99e343b76e6a26b4a090af9d592f4dfd03c8c737cc72bfb0f4267dafcbb0cb0aa7b6255f8b834c9289d89a5c47b167be3758239309937cb77e0d9464b'
+ '7b2785aa8120ca3ff91b405baf675e9e11f8d58b18a9b842672e7ae30932febddac10556a70823d8746fcb160bceb4dbabdee45cf46b02fc0127057656fb85c4'
+ '27f54747ad480d65b560c9dbc97e12c6353e4bceca0ffe3e358e31de56db0ad79928164c9f8790c73a9f791daa378253d2ee29b5a766661778553ec889b2cf97'
+ 'a7f15970f613ae7b98ce1b84ca0a6034ce3cc7b2b9ce7160dad9731f740fb762f4a54f44acceb5f06f8744fa9e952b088086af8a69da388a600b742a3cda37f2'
+ '490ce5123005de7a82c18b68d2423ea15b9878af9419d3a29c4a174e7f5ddc21da7afde725d25ad2fc445815ee9d284b61781a62dd67b863b82f746d61db885d')
+b2sums=('13166e854f70987f981bb5e7e5dabfaa73b3170ab16fc1ff8f70f6b98a0697ac980bdf74bbfb39fdfd1972f922a31a28882b1575b79fd8f01d81e08e68d756bc'
+ 'b5f19e0619f1fb017cd889c14e341c21146b3afe7b9eefcdb7fb1eb83a357434b899d1e92f3ab0023c78ef8f2de6ae54c4599ee0f0bd04d257f4ca0a4dc9a16c'
+ '02dd441cf6e4a7c2bc0de876f020b0784d811f77a5c6102dd075d67b07158dbc53c8b4d62bc8035283d4f349008574b1c3fac03f4519d56ffd809cb5bcfb7bea'
+ 'db58b7deb24cea16fb84f56680f0000683f72e11a95039969878e3819607aad5e65af9d9f50007e7710609065c0e3ebb9b30c1d929162b74eca5e74434d82cf1'
+ 'e870b3fc67b60a492728e418a7c2753952c279418108e55d2ff01197e9150e6144dc6a210d1f5b8a3d4d661ab3d289c6026c36034deb90d67406e739a70a3b54')
+prepare() {
+ cd "${pkgname}-${pkgver}"
+ # add distribution defaults to main.cf (alias_maps and alias_database)
+ patch -Np1 -i ../"${pkgname}-3.5.8-main_defaults.patch"
+}
+
build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
+ local _ccargs=(
+ '-fPIC' '-fcommon'
+ '-DUSE_SASL_AUTH'
+ '-DUSE_CYRUS_SASL' '-I/usr/include/sasl'
+ '-DHAS_LDAP'
+ '-DUSE_TLS'
+ '-DHAS_MYSQL' '-I/usr/include/mysql'
+ '-DHAS_PGSQL' '-I/usr/include/postgresql'
+ '-DHAS_SQLITE'
+ '-DHAS_CDB'
+ '-DDEF_COMMAND_DIR=\"/usr/bin\"'
+ '-DDEF_DAEMON_DIR=\"/usr/lib/postfix/bin\"'
+ '-DDEF_SENDMAIL_PATH=\"/usr/bin/sendmail\"'
+ '-DDEF_README_DIR=\"/usr/share/doc/postfix\"'
+ '-DDEF_MANPAGE_DIR=\"/usr/share/man\"'
+ )
- CCARGS='
- -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl
- -DHAS_LDAP
- -DUSE_TLS
- -DHAS_MYSQL -I/usr/include/mysql
- -DHAS_PGSQL -I/usr/include/postgresql
- -DHAS_SQLITE
- -DHAS_CDB
- -DDEF_COMMAND_DIR=\"/usr/bin\"
- -DDEF_DAEMON_DIR=\"/usr/lib/postfix/bin\"
- -DDEF_SENDMAIL_PATH=\"/usr/bin/sendmail\"
- -DDEF_README_DIR=\"/usr/share/doc/postfix\"
- -DDEF_MANPAGE_DIR=\"/usr/share/man\"
- '
- AUXLIBS='
- -lsasl2
- -lldap -llber
- -lssl -lcrypto
- -lmysqlclient -lz -lm
- -lpq
- -lsqlite3 -lpthread
- -lcdb
- '
- make makefiles \
- DEBUG='' \
- pie=yes \
- shared=yes \
- CCARGS="${CCARGS//$'\n'/}" \
- AUXLIBS="${AUXLIBS//$'\n'/}" \
- OPT="${CFLAGS} ${LDFLAGS}" \
+ cd "${pkgname}-${pkgver}"
+ # NOTE: descriptions of variables in makedefs
+ make makefiles \
+ DEBUG='' \
+ pie=yes \
+ shared=yes \
+ dynamicmaps=yes \
+ CCARGS="${_ccargs[*]}" \
+ AUXLIBS="$(pkgconf --libs openssl libsasl2) -lnsl" \
+ AUXLIBS_LDAP='-lldap -llber' \
+ AUXLIBS_LMDB="$(pkgconf --libs lmdb)" \
+ AUXLIBS_PCRE="$(pkgconf --libs pcre)" \
+ AUXLIBS_MYSQL="$(pkgconf --libs mariadb)" \
+ AUXLIBS_PGSQL="$(pkgconf --libs libpq)" \
+ AUXLIBS_SQLITE="$(pkgconf --libs sqlite3)" \
+ AUXLIBS_CDB='-lcdb' \
+ SHLIB_RPATH="-Wl,-rpath,/usr/lib/postfix ${LDFLAGS}" \
+ OPT="${CFLAGS} ${CPPFLAGS} ${LDFLAGS}"
- make
+ make
}
package() {
- cd "${srcdir}/postfix-${pkgver}"
+ local _name
+ depends+=('libicuuc.so' 'libmariadb.so')
- sed 's:bin/postconf -dhx:bin/postconf -c conf -dhx:g' -i postfix-install
- LD_LIBRARY_PATH=lib:$LD_LIBRARY_PATH \
- sh postfix-install -non-interactive install_root="${pkgdir}"
+ cd "${pkgname}-${pkgver}"
+ LD_LIBRARY_PATH="lib:$LD_LIBRARY_PATH" \
+ sh postfix-install -non-interactive install_root="${pkgdir}"
- install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
- install -Dm644 ../service "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
- install -Dm644 ../sysusers.d "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
-
- for name in posttls-finger {smtp,qmqp}-{sink,source}; do
- install -Dm644 "man/man1/${name}.1" "${pkgdir}/usr/share/man/man1/${name}.1"
- install -Dm755 "bin/${name}" "${pkgdir}/usr/bin/${name}"
- done
-
- name=qshape
- install -Dm644 "man/man1/${name}.1" "${pkgdir}/usr/share/man/man1/${name}.1"
- install -Dm755 "auxiliary/${name}/${name}.pl" "${pkgdir}/usr/bin/${name}"
-
- install -Dm755 "auxiliary/collate/collate.pl" "${pkgdir}/usr/bin/postfix-collate.pl"
-
- # now set permissions right to appease the pacman gods
- sed -r \
- -e '/override=1/d' \
- -e '/absolute path name/d' \
- -e 's/\$POSTCONF -/$POSTCONF -c .\/etc\/postfix -/g' \
- -e '/(if \[|chmod|chown|find|mkdir|test)/s/\$path/.\/$path/g' \
- libexec/post-install > ../arch-post-install
- cd "${pkgdir}"
- LD_LIBRARY_PATH=usr/lib/postfix:$LD_LIBRARY_PATH \
- sh "${srcdir}/arch-post-install" \
- command_directory=usr/bin \
- config_directory=etc/postfix \
- meta_directory=etc/postfix \
- setgid_group=75 \
- mail_owner=73 \
- set-permissions
-
- patch --no-backup-if-mismatch -p0 -i "${srcdir}"/aliases.patch
- sed 's/^\(\$manpage[^:]*\):/\1.gz:/' -i "etc/postfix/postfix-files"
+ # additional man pages and scripts
+ for _name in posttls-finger {smtp,qmqp}-{sink,source}; do
+ install -vDm 644 "man/man1/${_name}.1" -t "${pkgdir}/usr/share/man/man1/"
+ install -vDm 755 "bin/${_name}" -t "${pkgdir}/usr/bin/"
+ done
+ install -Dm 644 "man/man1/qshape.1" -t "${pkgdir}/usr/share/man/man1/"
+ install -Dm 755 "auxiliary/qshape/qshape.pl" "${pkgdir}/usr/bin/qshape"
+ install -Dm 755 "auxiliary/collate/collate.pl" "${pkgdir}/usr/bin/postfix-collate.pl"
+ # license
+ install -vDm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}/"
+ # systemd service
+ install -vDm 644 "../${pkgname}.service" -t "${pkgdir}/usr/lib/systemd/system/"
+ # sysusers.d
+ install -vDm 644 "../${pkgname}.sysusers" "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
+ # tmpfiles.d
+ # NOTE: follow setup in conf/postfix-files
+ install -vDm 644 "../${pkgname}.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"
}
Deleted: aliases.patch
===================================================================
--- aliases.patch 2020-11-09 23:13:17 UTC (rev 399948)
+++ aliases.patch 2020-11-09 23:45:36 UTC (rev 399949)
@@ -1,18 +0,0 @@
---- etc/postfix/main.cf.orig 2010-12-13 20:18:22.000000000 +0100
-+++ etc/postfix/main.cf 2010-12-13 20:18:24.000000000 +0100
-@@ -382,6 +382,7 @@
- #alias_maps = hash:/etc/aliases
- #alias_maps = hash:/etc/aliases, nis:mail.aliases
- #alias_maps = netinfo:/aliases
-+alias_maps = hash:/etc/postfix/aliases
-
- # The alias_database parameter specifies the alias database(s) that
- # are built with "newaliases" or "sendmail -bi". This is a separate
-@@ -392,6 +393,7 @@
- #alias_database = dbm:/etc/mail/aliases
- #alias_database = hash:/etc/aliases
- #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
-+alias_database = $alias_maps
-
- # ADDRESS EXTENSIONS (e.g., user+foo)
- #
Added: postfix-3.5.8-main_defaults.patch
===================================================================
--- postfix-3.5.8-main_defaults.patch (rev 0)
+++ postfix-3.5.8-main_defaults.patch 2020-11-09 23:45:36 UTC (rev 399949)
@@ -0,0 +1,19 @@
+diff -ruN a/conf/main.cf b/conf/main.cf
+--- a/conf/main.cf 2019-06-16 02:33:53.000000000 +0200
++++ b/conf/main.cf 2020-11-09 18:22:06.436205639 +0100
+@@ -401,6 +401,7 @@
+ #alias_maps = hash:/etc/aliases
+ #alias_maps = hash:/etc/aliases, nis:mail.aliases
+ #alias_maps = netinfo:/aliases
++alias_maps = hash:/etc/postfix/aliases
+
+ # The alias_database parameter specifies the alias database(s) that
+ # are built with "newaliases" or "sendmail -bi". This is a separate
+@@ -411,6 +412,7 @@
+ #alias_database = dbm:/etc/mail/aliases
+ #alias_database = hash:/etc/aliases
+ #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
++alias_database = $alias_maps
+
+ # ADDRESS EXTENSIONS (e.g., user+foo)
+ #
Copied: postfix/trunk/postfix.service (from rev 399948, postfix/trunk/service)
===================================================================
--- postfix.service (rev 0)
+++ postfix.service 2020-11-09 23:45:36 UTC (rev 399949)
@@ -0,0 +1,18 @@
+[Unit]
+Description=Postfix Mail Transport Agent
+After=network.target
+
+[Service]
+CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
+ExecReload=/usr/bin/postfix reload
+ExecStart=/usr/bin/postfix start
+ExecStop=/usr/bin/postfix stop
+PIDFile=/var/spool/postfix/pid/master.pid
+PrivateDevices=true
+PrivateTmp=true
+ProtectSystem=true
+Restart=always
+Type=forking
+
+[Install]
+WantedBy=multi-user.target
Copied: postfix/trunk/postfix.sysusers (from rev 399948, postfix/trunk/sysusers.d)
===================================================================
--- postfix.sysusers (rev 0)
+++ postfix.sysusers 2020-11-09 23:45:36 UTC (rev 399949)
@@ -0,0 +1,2 @@
+g postdrop 75 -
+u postfix 73 - /var/spool/postfix
Added: postfix.tmpfiles
===================================================================
--- postfix.tmpfiles (rev 0)
+++ postfix.tmpfiles 2020-11-09 23:45:36 UTC (rev 399949)
@@ -0,0 +1,15 @@
+z /usr/bin/postdrop 2755 root postdrop
+z /usr/bin/postqueue 2755 root postdrop
+z /var/lib/postfix 700 postfix root
+z /var/spool/postfix/active 700 postfix root
+z /var/spool/postfix/bounce 700 postfix root
+z /var/spool/postfix/corrupt 700 postfix root
+z /var/spool/postfix/defer 700 postfix root
+z /var/spool/postfix/deferred 700 postfix root
+z /var/spool/postfix/flush 700 postfix root
+z /var/spool/postfix/incoming 700 postfix root
+z /var/spool/postfix/maildrop 730 postfix postdrop
+z /var/spool/postfix/private 700 postfix root
+z /var/spool/postfix/public 710 postfix postdrop
+z /var/spool/postfix/saved 700 postfix root
+z /var/spool/postfix/trace 700 postfix root
Deleted: service
===================================================================
--- service 2020-11-09 23:13:17 UTC (rev 399948)
+++ service 2020-11-09 23:45:36 UTC (rev 399949)
@@ -1,14 +0,0 @@
-[Unit]
-Description=Postfix Mail Transport Agent
-After=network.target
-
-[Service]
-Type=forking
-PIDFile=/var/spool/postfix/pid/master.pid
-ExecStart=/usr/bin/postfix start
-ExecStop=/usr/bin/postfix stop
-ExecReload=/usr/bin/postfix reload
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
Deleted: sysusers.d
===================================================================
--- sysusers.d 2020-11-09 23:13:17 UTC (rev 399948)
+++ sysusers.d 2020-11-09 23:45:36 UTC (rev 399949)
@@ -1,2 +0,0 @@
-g postdrop 75 -
-u postfix 73 - /var/spool/postfix
More information about the arch-commits
mailing list