From 6856c259160cea35ed0d9dc4a0b5b6a62abf3a6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20F=C3=B6rster?= Date: Sat, 16 Dec 2023 23:57:18 +0100 Subject: [PATCH] [mail-filter/amavisd-new] add from PR --- mail-filter/amavisd-new/Manifest | 1 + .../amavisd-new/amavisd-new-2.13.0.ebuild | 267 ++++++++++++++++++ .../files/amavisd-snmp-subagent.initd | 25 ++ .../amavisd-new/files/amavisd.initd-r2 | 42 +++ .../amavisd-new/files/amavisd.service-r1 | 21 ++ mail-filter/amavisd-new/metadata.xml | 17 ++ 6 files changed, 373 insertions(+) create mode 100644 mail-filter/amavisd-new/Manifest create mode 100644 mail-filter/amavisd-new/amavisd-new-2.13.0.ebuild create mode 100644 mail-filter/amavisd-new/files/amavisd-snmp-subagent.initd create mode 100644 mail-filter/amavisd-new/files/amavisd.initd-r2 create mode 100644 mail-filter/amavisd-new/files/amavisd.service-r1 create mode 100644 mail-filter/amavisd-new/metadata.xml diff --git a/mail-filter/amavisd-new/Manifest b/mail-filter/amavisd-new/Manifest new file mode 100644 index 0000000..b3eca6a --- /dev/null +++ b/mail-filter/amavisd-new/Manifest @@ -0,0 +1 @@ +DIST amavis-v2.13.0.tar.bz2 890721 BLAKE2B ceb2d020a9066b530a7a05de30c1a3483010f018e9344a354a6a372581bc6442ac74990b733cf4fd4d2e63d3adfe7140ebaca7d050becb69cc26cd010d032afd SHA512 b4d623b212bd2bbdcd192cee603941af3854bcd6c09ed1d6194138c0d7e10160ab1fece821bdd134ae86a1f8e5ccd4b3f92643f2f2b4c73c3f0c1e30e4b97441 diff --git a/mail-filter/amavisd-new/amavisd-new-2.13.0.ebuild b/mail-filter/amavisd-new/amavisd-new-2.13.0.ebuild new file mode 100644 index 0000000..09f4259 --- /dev/null +++ b/mail-filter/amavisd-new/amavisd-new-2.13.0.ebuild @@ -0,0 +1,267 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd perl-module + +DESCRIPTION="High-performance interface between the MTA and content checkers" +HOMEPAGE="https://gitlab.com/amavis/amavis" +SRC_URI="https://gitlab.com/amavis/amavis/-/archive/v${PV}/amavis-v${PV}.tar.bz2" + +LICENSE="GPL-2 BSD-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="clamav dkim ldap mysql postgres razor rspamd rspamd-https selinux snmp spamassassin test" +RESTRICT="!test? ( test )" +REQUIRED_USE="test? ( spamassassin )" + +MY_RSPAMD_DEPEND="dev-perl/HTTP-Message + dev-perl/JSON + dev-perl/LWP-UserAgent-Determined" +DEPEND="acct-user/amavis" +RDEPEND="${DEPEND} + app-arch/arc + app-arch/bzip2 + app-arch/cabextract + app-arch/cpio + app-arch/gzip + app-arch/lha + app-arch/lrzip + app-arch/lzop + app-arch/p7zip + app-arch/pax + app-arch/arj + app-arch/unrar + app-arch/xz-utils + app-arch/zoo + dev-lang/perl:* + dev-perl/Archive-Zip + dev-perl/BerkeleyDB + dev-perl/Convert-BinHex + dev-perl/File-LibMagic + dev-perl/IO-Socket-SSL + dev-perl/IO-stringy + >=dev-perl/Mail-DKIM-0.31 + >=dev-perl/MailTools-1.58 + >=dev-perl/MIME-tools-5.415 + dev-perl/Net-LibIDN2 + >=dev-perl/Net-Server-0.91 + dev-perl/Net-SSLeay + dev-perl/Unix-Syslog + net-mail/ripole + net-mail/tnef + >=sys-apps/coreutils-5.0-r3 + >=sys-libs/db-4.4.20 + virtual/mta + virtual/perl-Compress-Raw-Zlib + virtual/perl-Digest-MD5 + virtual/perl-File-Temp + virtual/perl-IO-Compress + virtual/perl-IO-Socket-IP + virtual/perl-MIME-Base64 + virtual/perl-Time-HiRes + clamav? ( app-antivirus/clamav ) + ldap? ( >=dev-perl/perl-ldap-0.33 ) + mysql? ( dev-perl/DBD-mysql ) + postgres? ( dev-perl/DBD-Pg ) + razor? ( mail-filter/razor ) + rspamd? ( ${MY_RSPAMD_DEPEND} ) + rspamd-https? ( ${MY_RSPAMD_DEPEND} + dev-perl/LWP-Protocol-https + dev-perl/Net-SSLeay ) + selinux? ( sec-policy/selinux-amavis ) + snmp? ( net-analyzer/net-snmp[perl] ) + spamassassin? ( mail-filter/spamassassin dev-perl/Image-Info )" + +BDEPEND="${RDEPEND} + dev-perl/Dist-Zilla + virtual/perl-ExtUtils-MakeMaker + test? ( + virtual/perl-Test-Harness + dev-perl/Test-Class + dev-perl/DBI + dev-perl/perl-ldap + dev-perl/NetAddr-IP + dev-perl/Test-Most + )" + +AMAVIS_ROOT="/var/lib/amavishome" +S="${WORKDIR}/amavis-v${PV}" + +dzil_to_distdir() { + local dzil_root dest has_missing modname dzil_version + dzil_root="$1" + dest="$2" + + cd "${dzil_root}" || die "Can't enter workdir '${dzil_root}'"; + + dzil_version="$(dzil version)" || die "Error invoking 'dzil version'" + einfo "Generating CPAN dist with ${dzil_version}" + + has_missing="" + + einfo "Checking dzil authordeps" + while IFS= read -d $'\n' -r modname; do + if [[ -z "${has_missing}" ]]; then + has_missing=1 + eerror "'dzil authordeps' indicates missing build dependencies" + eerror "These will prevent building, please report a bug" + eerror "Missing:" + fi + S= eerror " ${modname}" + done < <( dzil authordeps --missing --versions ) + + [[ -z "${has_missing}" ]] || die "Satisfy all missing authordeps first" + + einfo "Checking dzil build deps" + while IFS= read -d $'\n' -r modname; do + if [[ -z "${has_missing}" ]]; then + has_missing=1 + ewarn "'dzil listdeps' indicates missing build dependencies" + ewarn "These may prevent building, please report a bug if they do" + ewarn "Missing:" + fi + ewarn " ${modname}" + done < <( dzil listdeps --missing --versions --author ) + + einfo "Generating release" + dzil build --notgz --in "${dest}" || die "Unable to build CPAN dist in '${dest}'" +} + +src_prepare() { + # perl-module doesn't account for this being a directory + mv README_FILES READ_FILES || die + + # We need to fix the daemon_user and daemon_group in amavis-mc even + # though we're going to run it in the foreground, because it calls + # "drop_priv" unconditionally and will crash if its user/group + # doesn't exist. + sed -i \ + -e '/daemon/s/vscan/amavis/' \ + -e "s:'/var/virusmails':\"\$MYHOME/quarantine\":" \ + "${S}/conf/amavisd.conf" "${S}/bin/amavis-mc" || die "missing conf file" + + if ! use dkim ; then + sed -i -e '/enable_dkim/s/1/0/' "${S}/conf/amavisd.conf" \ + || die "missing conf file - dkim" + fi + + if ! use spamassassin ; then + sed -i -e \ + "/^#[[:space:]]*@bypass_spam_checks_maps[[:space:]]*=[[:space:]]*(1)/s/^#//" \ + "${S}/conf/amavisd.conf" || die "missing conf file - sa" + fi + + # needs ZMQ::LibZMQ3 which only suports net-libs/zeromq-3*, + # long since removed from tree + perl_rm_files t/Amavis/ZMQTest.t + sed -e '/^ZMQ::LibZMQ3 =/d' \ + -i dist.ini || die "Can't patch dist.ini" + + rm bin/{amavis-services,amavis-mc,amavisd-snmp-subagent-zmq} + + if ! use snmp ; then + rm bin/amavisd-snmp-subagent + fi + + eapply_user + + # prevent distdir-in-distdir + mv "${S}" "${T}" || die + dzil_to_distdir "${T}/amavis-v${PV}" "${S}" + + perl-module_src_prepare +} + +src_test() { + prove -lr t || die +} + +src_install() { + perl-module_src_install + mkdir "${ED}"/usr/sbin + mv "${ED}"/usr/bin/amavisd "${ED}"/usr/sbin/amavisd || die + mv "${ED}"/usr/bin/amavisd-agent "${ED}"/usr/sbin/amavisd-agent || die + mv "${ED}"/usr/bin/amavisd-nanny "${ED}"/usr/sbin/amavisd-nanny || die + mv "${ED}"/usr/bin/amavisd-release "${ED}"/usr/sbin/amavisd-release || die + mv "${ED}"/usr/bin/amavisd-signer "${ED}"/usr/sbin/amavisd-signer || die + mv "${ED}"/usr/bin/amavisd-status "${ED}"/usr/sbin/amavisd-status || die + dobin contrib/p0f-analyzer.pl + + if use snmp ; then + mv "${ED}"/usr/bin/amavisd-snmp-subagent "${ED}"/usr/sbin/amavisd-snmp-subagent || die + newinitd "${FILESDIR}/amavisd-snmp-subagent.initd" \ + amavisd-snmp-subagent + dodoc AMAVIS-MIB.txt + fi + + perl_fix_packlist + + if use ldap ; then + insinto /etc/openldap/schema + newins contrib/LDAP.schema "${PN}.schema" + fi + + # The config file should be root:amavis so that the amavis user can + # read (only) it after dropping privileges. And of course he should + # own everything in his home directory. + insinto /etc + insopts -m0640 -g amavis + doins conf/amavisd.conf + + # Implementation detail? Keepdir calls dodir under the hood. + diropts -o amavis -g amavis + keepdir "${AMAVIS_ROOT}"/{,db,quarantine,tmp,var} + + # BEWARE: + # + # Anything below this line is using the mangled insopts/diropts from + # above! + # + + newinitd "${FILESDIR}/amavisd.initd-r2" amavisd + + systemd_newunit "${FILESDIR}/amavisd.service-r1" amavisd.service + + dodoc AAAREADME.first RELEASE_NOTES TODO \ + conf/amavisd.conf-default conf/amavisd-custom.conf \ + conf/amavisd-docker.conf + + docinto README_FILES + dodoc READ_FILES/README* + dodoc -r READ_FILES/*.{html,css} + docinto README_FILES/images + dodoc READ_FILES/images/*.png + docinto README_FILES/images/callouts + dodoc READ_FILES/images/callouts/*.png + + docinto test-messages + dodoc t/messages/README + dodoc t/messages/sample.tar.gz.compl +} + +pkg_preinst() { + # TODO: the following is done as root, but should probably be done + # as the amavis user. + if use razor ; then + if [ ! -d "${ROOT}${AMAVIS_ROOT}/.razor" ] ; then + elog "Setting up initial razor config files..." + + razor-admin -create -home="${D}/${AMAVIS_ROOT}/.razor" + sed -i -e "s:debuglevel\([ ]*\)= .:debuglevel\1= 0:g" \ + "${D}/${AMAVIS_ROOT}/.razor/razor-agent.conf" || die + fi + fi +} + +pkg_postinst() { + local d="/var/amavis" + if [ -d ${d} ]; then + elog "Existing data found. Please make sure to manually copy it to amavis' new" + elog "home directory by executing the following command as root from a shell:" + elog + elog " cp -a ${d}/* ${d}/.??* ${AMAVIS_ROOT}/ && rm -r ${d}" + elog + fi +} diff --git a/mail-filter/amavisd-new/files/amavisd-snmp-subagent.initd b/mail-filter/amavisd-new/files/amavisd-snmp-subagent.initd new file mode 100644 index 0000000..84784b6 --- /dev/null +++ b/mail-filter/amavisd-new/files/amavisd-snmp-subagent.initd @@ -0,0 +1,25 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +command="/usr/sbin/amavisd-snmp-subagent" +pidfile="/run/${RC_SVCNAME}.pid" + +# The RELEASE_NOTES say "it is safe to run it as root, although +# perhaps not necessary." I'm not in a position to test, but I bet +# it's safe to run this as amavis:amavis. Since the program itself +# doesn't have the ability to drop privileges, we'd have to let OpenRC +# do that; and in that case, the easiest way to deal with the PID file +# is to let OpenRC handle that, too. +# +# Thus as a means of future-proofing, we run $command in the +# foreground, and let OpenRC background it and write a PID file. So +# if somebody wants to try command_user="amavis:amavis" here, it might +# just work. +command_args="-f" +command_background="true" + +depend() { + use logger + before amavisd-new snmpd +} diff --git a/mail-filter/amavisd-new/files/amavisd.initd-r2 b/mail-filter/amavisd-new/files/amavisd.initd-r2 new file mode 100644 index 0000000..2e58bf9 --- /dev/null +++ b/mail-filter/amavisd-new/files/amavisd.initd-r2 @@ -0,0 +1,42 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" +command="/usr/sbin/${RC_SVCNAME}" +pidfile="/run/${RC_SVCNAME}.pid" + +# Why run in the foreground? Typically amavisd will drop privileges +# and then write its own PID file in its home directory. This is fine +# so long as you use e.g. "amavisd stop" to stop the daemon. But, we +# want to use start-stop-daemon to do it. And start-stop-daemon will +# send a signal *as root* to the PID contained in the PID file. So, we +# don't want to rely on a PID file that's controlled by a non-root +# user. +# +# As a workaround, we run amavisd in the foreground, and let +# start-stop-daemon push it into the background with its own PID +# file. We don't pass "-P" via command_args below because we don't +# want amavisd to try (and fail) to create that PID file. This does +# mean that you can't run "amavisd stop" or "amavisd reload" directly; +# sorry! +command_args="foreground" +command_background="true" + +# The amavisd daemon provides its own "stop" and "reload" functions, +# but if you read into the source, they just do what start-stop-daemon +# is going to do anyway. The "stop" command for amavisd will send a +# SIGTERM immediately, and then a SIGKILL after 60 seconds. So, we do +# that too. The "reload" command sends a SIGHUP; see reload() below. +retry="SIGTERM/15 SIGKILL/60" + +depend() { + use net logger antivirus snmpd + before mta +} + +reload() { + ebegin "Reloading ${RC_SVCNAME}" + start-stop-daemon --signal HUP --pidfile "${pidfile}" + eend $? +} diff --git a/mail-filter/amavisd-new/files/amavisd.service-r1 b/mail-filter/amavisd-new/files/amavisd.service-r1 new file mode 100644 index 0000000..0387128 --- /dev/null +++ b/mail-filter/amavisd-new/files/amavisd.service-r1 @@ -0,0 +1,21 @@ +[Unit] +Description=Amavisd Daemon +Before=postfix.service +After=clamd.service +After=network.target + +[Service] +User=amavis +Group=amavis +ExecStart=/usr/sbin/amavisd -c /etc/amavisd.conf foreground +ExecReload=/usr/sbin/amavisd -c /etc/amavisd.conf reload +PrivateTmp=true +CapabilityBoundingSet= +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +ProtectHome=true +MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target diff --git a/mail-filter/amavisd-new/metadata.xml b/mail-filter/amavisd-new/metadata.xml new file mode 100644 index 0000000..564c4ee --- /dev/null +++ b/mail-filter/amavisd-new/metadata.xml @@ -0,0 +1,17 @@ + + + + + + Add courier support + Add DomainKeys Identified Mail support + Add qmail support + Add support for mail-filter/razor + Add support for mail-filter/rspamd extension (HTTP only) + Add support for mail-filter/rspamd extension (both HTTP and HTTPS) + Add support for mail-filter/spamassassin + + + amavis/amavis + +