mirror of
git://slackware.nl/current.git
synced 2024-12-31 10:28:29 +01:00
d46ef1440f
patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates. patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz: Upgraded. Security: this release adds support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. Sites concerned about SMTP smuggling attacks should enable this feature on Internet-facing Postfix servers. For compatibility with non-standard clients, Postfix by default excludes clients in mynetworks from this countermeasure. The recommended settings are: # Optionally disconnect remote SMTP clients that send bare newlines, # but allow local clients with non-standard SMTP implementations # such as netcat, fax machines, or load balancer health checks. # smtpd_forbid_bare_newline = yes smtpd_forbid_bare_newline_exclusions = $mynetworks The smtpd_forbid_bare_newline feature is disabled by default. For more information, see: https://www.postfix.org/smtp-smuggling.html (* Security fix *)
242 lines
9.5 KiB
Bash
Executable file
242 lines
9.5 KiB
Bash
Executable file
#!/bin/bash
|
|
#
|
|
# Copyright 2006, 2011 Alan Hicks, Lizella, GA
|
|
# Copyright 2010, 2011, 2013, 2014, 2015, 2016, 2017 Mario Preksavec, Zagreb, Croatia
|
|
# Copyright 2017, 2018, 2020 Patrick J. Volkerding, Sebeka, MN USA
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use of this script, with or without modification, is
|
|
# permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
# (Thanks also to /dev/rob0 somewhere on the Internet)
|
|
|
|
cd $(dirname $0) ; CWD=$(pwd)
|
|
|
|
PKGNAM=postfix
|
|
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
|
|
BUILD=${BUILD:-1_slack15.0}
|
|
|
|
if [ -z "$ARCH" ]; then
|
|
case "$( uname -m )" in
|
|
i?86) ARCH=i586 ;;
|
|
arm*) ARCH=arm ;;
|
|
*) ARCH=$( uname -m ) ;;
|
|
esac
|
|
fi
|
|
|
|
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
|
# the name of the created package would be, and then exit. This information
|
|
# could be useful to other scripts.
|
|
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
|
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
|
|
exit 0
|
|
fi
|
|
|
|
TMP=${TMP:-/tmp}
|
|
PKG=$TMP/package-$PKGNAM
|
|
OUTPUT=${OUTPUT:-/tmp}
|
|
|
|
if [ "$ARCH" = "i586" ]; then
|
|
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "i686" ]; then
|
|
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "x86_64" ]; then
|
|
SLKCFLAGS="-O2 -fPIC"
|
|
LIBDIRSUFFIX="64"
|
|
else
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
fi
|
|
|
|
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
|
|
|
|
if [ "$(grep "^postfix:x:91:91" /etc/passwd)" = "" -o \
|
|
"$(grep "^postfix:x:91:" /etc/group)" = "" -o \
|
|
"$(grep "^postdrop:x:92:" /etc/group)" = "" ]; then
|
|
cat << EOF
|
|
The postfix user/group and/or the postdrop group do not exist on this system.
|
|
Before running this script, please add them with the following commands:
|
|
|
|
groupadd -g 91 postfix
|
|
useradd -u 91 -d /dev/null -s /bin/false -g postfix postfix
|
|
groupadd -g 92 postdrop
|
|
|
|
EOF
|
|
exit 1
|
|
fi
|
|
|
|
rm -rf $PKG
|
|
mkdir -p $TMP $PKG $OUTPUT
|
|
cd $TMP
|
|
rm -rf $PKGNAM-$VERSION
|
|
tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
|
|
cd $PKGNAM-$VERSION || exit 1
|
|
|
|
chown -R root:root .
|
|
find -L . \
|
|
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
|
|
-o -perm 511 \) -exec chmod 755 {} \+ -o \
|
|
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
|
|
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \+
|
|
|
|
# Fix postfix-script so that it won't think a symlink in /etc/postfix is
|
|
# group writable. Only warn about regular files there.
|
|
zcat $CWD/postfix.only.warn.regular.files.diff.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Make the postfix startup message look more like the other boot notices:
|
|
zcat $CWD/postfix.script.starting.message.diff.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Postfix does not use a ./configure script (no GNU autoconf)
|
|
#
|
|
# The AUXLIBS variable is for dynamic library linking, which as of this
|
|
# writing is the only means of adding SASL and TLS support. But most map
|
|
# types now can be loaded as plugins at runtime. We build our Postfix
|
|
# package with LDAP, MySQL, PCRE and sqlite3 plugins. In addition,
|
|
# Berkeley DB support (required) is automatically detected and built.
|
|
|
|
# Build with SASL support
|
|
SASLARGS="-DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL"
|
|
SASLLIBS="-L/usr/lib${LIBDIRSUFFIX}/sasl2 -lsasl2"
|
|
# Note: this enables both server SASL types (Cyrus and Dovecot) as well as
|
|
# client SASL with Cyrus. See SASL_README if you wish to customize this.
|
|
# For example, you might not wish to link against Cyrus SASL if not using
|
|
# client SASL. For Dovecot (server) SASL only, comment SASLLIBS, and set:
|
|
# SASLARGS="-DUSE_SASL_AUTH"
|
|
|
|
# Build with TLS support, see TLS_README
|
|
TLSARGS="-DUSE_TLS"
|
|
TLSLIBS="-lssl -lcrypto"
|
|
|
|
# Build with LDAP client support, see LDAP_README
|
|
LDAPARGS="-DHAS_LDAP"
|
|
# MySQL database support, see MYSQL_README
|
|
MYSQLARGS="-I/usr/include/mysql -DHAS_MYSQL"
|
|
# PCRE (perl-compatible regular expressions) support, see PCRE_README
|
|
PCREARGS="-DHAS_PCRE $( pcre-config --cflags )"
|
|
# SQLite3 database support, see SQLITE_README
|
|
SQLITEARGS="-DHAS_SQLITE"
|
|
# Finally, DBARGS lumps it all together:
|
|
DBARGS="$LDAPARGS $MYSQLARGS $PCREARGS $SQLITEARGS"
|
|
|
|
### ADDITIONAL MAP TYPE PLUGINS
|
|
#
|
|
# Those who have installed other map types not included in Slackware could
|
|
# add support as follows:
|
|
#
|
|
# * AUXLIBS_CDB for CDB support, see /usr/doc/postfix/readme/CDB_README
|
|
# * AUXLIBS_LMDB for LMDB support, see /usr/doc/postfix/readme/LMDB_README
|
|
# * AUXLIBS_PGSQL for PostgreSQL support, see /usr/doc/postfix/readme/PGSQL_README
|
|
# * AUXLIBS_SDBM for SDBM support, see /usr/doc/postfix/readme/SDBM_README
|
|
#
|
|
# Note that each of these additional map types will require additions to
|
|
# the CCARGS variable. Typically this would be done by adding what is
|
|
# needed to $DBARGS.
|
|
|
|
### CHANGING BUILT-IN DOCUMENTATION PATH SETTINGS
|
|
#
|
|
# If we try to use postfix-$VERSION in any of these paths, we'll get a compile
|
|
# failure: "error: too many decimal points in number"
|
|
# So we're pretty much forced to leave things as postfix expects them.
|
|
PATHARGS="'-DDEF_HTML_DIR=\"/usr/doc/postfix/html\"' \
|
|
'-DDEF_MANPAGE_DIR=\"/usr/man\"' \
|
|
'-DDEF_README_DIR=\"/usr/doc/postfix/readme\"'"
|
|
|
|
make $NUMJOBS makefiles dynamicmaps=yes pie=yes shared=yes \
|
|
shlib_directory=/usr/lib${LIBDIRSUFFIX}/postfix/MAIL_VERSION \
|
|
CCARGS="$TLSARGS $SASLARGS $DBARGS $PATHARGS" \
|
|
AUXLIBS="$TLSLIBS $SASLLIBS" \
|
|
AUXLIBS_LDAP="-lldap -llber" \
|
|
AUXLIBS_MYSQL="-L/usr/lib${LIBDIRSUFFIX}/mysql -lmysqlclient -lz -lm" \
|
|
AUXLIBS_PCRE="$( pcre-config --libs )" \
|
|
AUXLIBS_SQLITE="-lsqlite3 -lpthread" \
|
|
OPT="$SLKCFLAGS" DEBUG="" || exit 1
|
|
|
|
# We put our documentation files in version-specific directories, but we'll
|
|
# use a symlink to provide the compiled-in path in /usr/doc/postfix/.
|
|
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
|
|
ln -s $PKGNAM-$VERSION $PKG/usr/doc/$PKGNAM
|
|
|
|
make $NUMJOBS non-interactive-package \
|
|
install_root=$PKG \
|
|
tempdir=$TMP/$PKGNAM-temp \
|
|
sample_directory=no || exit 1
|
|
|
|
rm -f $PKG/etc/postfix/{TLS_,}LICENSE
|
|
|
|
install -D -m 0644 -oroot -groot $CWD/rc.postfix $PKG/etc/rc.d/rc.postfix.new
|
|
|
|
# Add greylist.pl per postfix documentation:
|
|
cp -a examples/smtpd-policy/greylist.pl $PKG/usr/libexec/postfix
|
|
chown root:root $PKG/usr/libexec/postfix/greylist.pl
|
|
chmod 755 $PKG/usr/libexec/postfix/greylist.pl
|
|
|
|
# Add some additional tools:
|
|
install -m 0755 -oroot -groot bin/posttls-finger $PKG/usr/bin/ || exit 1
|
|
install -m 0644 -oroot -groot man/man1/posttls-finger.1 $PKG/usr/man/man1/ || exit 1
|
|
install -m 0644 -oroot -groot html/posttls-finger.1.html $PKG/usr/doc/$PKGNAM-$VERSION/html/ || exit 1
|
|
install -m 0755 -oroot -groot auxiliary/qshape/qshape.pl $PKG/usr/bin/ || exit 1
|
|
install -m 0644 -oroot -groot man/man1/qshape.1 $PKG/usr/man/man1/ || exit 1
|
|
install -m 0644 -oroot -groot html/qshape.1.html $PKG/usr/doc/$PKGNAM-$VERSION/html/ || exit 1
|
|
install -m 0755 -oroot -groot auxiliary/collate/collate.pl $PKG/usr/bin/ || exit 1
|
|
cp -a auxiliary/collate/README $PKG/usr/doc/$PKGNAM-$VERSION/readme/README.collate || exit 1
|
|
install -m 0755 -oroot -groot bin/{smtp,qmqp}-{source,sink} $PKG/usr/sbin/ || exit 1
|
|
install -m 0644 -oroot -groot man/man1/{smtp,qmqp}-{source,sink}.1 $PKG/usr/man/man1/ || exit 1
|
|
|
|
# Move configuration files to filename.new:
|
|
find $PKG/etc/postfix -type f ! -name "*.default" ! -name "*.proto" ! -name "*.out" \
|
|
! -name "postfix-files" -exec mv {} {}.new \;
|
|
|
|
# The aliases file is expected to be in /etc, so let's put it there:
|
|
mv $PKG/etc/postfix/aliases.new $PKG/etc/aliases.new
|
|
# Leave a symlink in /etc/postfix to point out this location:
|
|
( cd $PKG/etc/postfix ; ln -sf ../aliases . )
|
|
|
|
# Strip binaries:
|
|
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
|
|
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
|
|
|
|
# Set proper permissions:
|
|
chown root:postdrop $PKG/usr/sbin/{postdrop,postqueue}
|
|
chmod 2755 $PKG/usr/sbin/{postdrop,postqueue}
|
|
chown postfix:root $PKG/var/lib/postfix
|
|
chown -R postfix:root $PKG/var/spool/postfix/*
|
|
chown root:root $PKG/var/spool/postfix/pid
|
|
chown postfix:postdrop $PKG/var/spool/postfix/{maildrop,public}
|
|
|
|
# Compress man pages:
|
|
find $PKG/usr/man -type f -exec gzip -9 {} \+
|
|
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
|
|
|
|
sed -i $PKG/etc/postfix/postfix-files \
|
|
-e 's#\($manpage_directory/man[158]/.\+\.[158]\)\(:.*\)#\1.gz\2#' \
|
|
-e '/$config_directory\/LICENSE:f:root:-:644:1/ d' \
|
|
-e '/$config_directory\/TLS_LICENSE:f:root:-:644:1/ d'
|
|
|
|
# Add documentation files:
|
|
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
|
|
cp -a AAAREADME COMPATIBILITY COPYRIGHT HISTORY IPv6-ChangeLog LICENSE PORTING \
|
|
RELEASE_NOTES* TLS_* US_PATENT_* examples implementation-notes \
|
|
$PKG/usr/doc/$PKGNAM-$VERSION
|
|
|
|
mkdir -p $PKG/install
|
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
|
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
|
|
|
|
cd $PKG
|
|
/sbin/makepkg -l y -c n --prepend $OUTPUT/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
|