Bug 20996 - Integrate Postfix TLS patch
Integrate Postfix TLS patch
Status: CLOSED RAWHIDE
Product: Red Hat Powertools
Classification: Retired
Component: postfix (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-16 23:01 EST by Damien Miller
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-16 23:01:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Damien Miller 2000-11-16 23:01:00 EST
There is a very good TLS patch for Postfix available at
ftp://ftp.aet.tu-cottbus.de/pub/pfixtls/, it would be great if this was
added to the Redhat package.

While you are at it, you might want to enable Cyrus SASL auth

Below is a spec file which does both. It uses a modified
postfix-chroot_setup.patch and a makedefs updated for Redhat 7.0 by the
author of Postfix (the file should be available from the Postfix mailing
list, message ID '20001115144419.591654563E@spike.porcupine.org'). I can
send both on request.

------------------------------------

%define rel 0.1djm
%define ver 20001030
%define tlsver 0.6.23
%define sslver 0.9.6
%define LDAP 1

Name: postfix
Summary: Postfix Mail Transport Agent
Group: System Environment/Daemons
Version: %{ver}
URL: http://www.postfix.org/
Source: http://postfixftp.eunet.fi/experimental/snapshot-%{version}.tar.gz
Source1: postfix-README_rpm.txt
Source2: postfix-README_maildrop_security.txt
Source3: postfix-init_script.sh
Source4: postfix-cron.daily.sh
Source5: postfix-aliases
Source6: makedefs
Source100:
ftp://ftp.aet.tu-cottbus.de/pub/pfixtls/pfixtls-%{tlsver}-snap%{ver}-%{sslver}.tar.gz
Patch0: postfix-chroot_setup.patch
Patch1: postfix-config.patch
Patch2: postfix-chroot_chk.patch
#Patch3: postfix-glibc22.patch
Patch4: postfix-nonroot.patch
Patch5: postfix-20000924-ulimit.patch
Copyright: IBM Public License -- see LICENSE for details
Prereq: /sbin/chkconfig , /sbin/service 
Provides: MTA smtpd smtpdaemon
Conflicts: sendmail
%define rel 1
%if %{LDAP}
Release: %{rel}LDAP
%else
Release: %{rel}
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-root
%if %{LDAP}
BuildPrereq: openldap-devel
Requires: openldap
%endif

%description
Postfix, see http://www.postfix.org, aims to be an alternative to the
widely-used sendmail program, which is responsible for 70 percent of
all e-mail delivered on the Internet.

Although IBM supported the Postfix development, it abstains from control
over its evolution.  The goal is to have Postfix installed on as many
systems as possible.  To this end, the software is given away with no
strings attached, so that it can evolve with input from and under control
of its users.

Be sure to read http://www.moongroup.com/postfix-faq/c22.html which covers
steps which should be taken prior to and after the installation of Postfix.

%define config_directory /etc/postfix
%define daemon_directory /usr/libexec/postfix
%define command_directory /usr/sbin
%define queue_directory /var/spool/postfix
%define newaliases_path /usr/bin/newaliases

%define mailq_path /usr/bin/mailq
%define rmail_path /usr/bin/rmail

%define init_directory /etc/rc.d/init.d
%define sendmail_path /usr/sbin/sendmail
%define cron_directory /etc/cron.daily

%define whinge logger -p mail.info -t postfix/rpm

%prep
umask 022

%setup -q -n snapshot-%{version} -a 100
%patch1 -p1 -b .config
%patch2 -p1 -b .chk
#%patch3 -p1 -b .glibc22
%patch4 -p1 -b .nonroot
%patch5 -p1 -b .ulimit

# This is Wietse's updated makedefs for RH7
cp ${RPM_SOURCE_DIR}/makedefs .

# Copy README files allowing us to just go %doc below, and have rpm(1)
# automatically tuck it in alongside the READMEs and COPYRIGHTs.
cp ${RPM_SOURCE_DIR}/postfix-README_rpm.txt README_rpm.txt
cp ${RPM_SOURCE_DIR}/postfix-README_maildrop_security.txt \
	README_maildrop_security.txt

# Apply the Postfix TLS patch
patch -p1 < pfixtls-%{tlsver}-snap%{ver}-%{sslver}/pfixtls.diff

# Fix up an errant perl path
perl -p -i -e "s/^\/usr\/local\/bin\/perl/\/usr\/bin\/perl/" \
	pfixtls-%{tlsver}-snap%{ver}-%{sslver}/contributed/loadCAcert.pl

# This needs to go in after pfixtls
%patch0 -p1 -b .chroot

%build
umask 022
%if %{LDAP}
make DEBUG="" OPT="$RPM_OPT_FLAGS -DHAS_LDAP -DHAS_PCRE -DHAS_SSL
-DUSE_SASL_AUTH" \
	AUXLIBS="-lldap -llber -lsasl -lpcre -lssl -lcrypto"
%else
make DEBUG="" OPT="$RPM_OPT_FLAGS -DHAS_PCRE -DHAS_SSL -DUSE_SASL_AUTH" \
	AUXLIBS="-lpcre -lssl -lsasl -lcrypto"
%endif

%install
umask 022
/bin/rm -rf ${RPM_BUILD_ROOT}
mkdir -p ${RPM_BUILD_ROOT}

strip -R .comment bin/* libexec/*

# Move the TLS docs to something more readable
mv pfixtls-%{tlsver}-snap%{ver}-%{sslver} pfixtls
rm -f pfixtls/pfixtls.diff

sh INSTALL.sh <<EOF
${RPM_BUILD_ROOT}

%{config_directory}
%{daemon_directory}
%{command_directory}
%{queue_directory}
%{sendmail_path}
%{newaliases_path}
%{mailq_path}
mail
mail
%{_mandir}
EOF

# Change the default directory for alias_maps and alias_database
# to %{config_directory}
bin/postconf -c ${RPM_BUILD_ROOT}%{config_directory} -e \
	"alias_maps = hash:%{config_directory}/aliases" \
	"alias_database = hash:%{config_directory}/aliases" \
|| exit 1 

# This installs into the /etc/rc.d/init.d directory
mkdir -p ${RPM_BUILD_ROOT}%{init_directory}
install -c ${RPM_SOURCE_DIR}/postfix-init_script.sh
${RPM_BUILD_ROOT}%{init_directory}/postfix

# These set up the chroot directory structure
mkdir -p ${RPM_BUILD_ROOT}%{queue_directory}/etc
mkdir -p ${RPM_BUILD_ROOT}%{queue_directory}/lib
mkdir -p ${RPM_BUILD_ROOT}%{queue_directory}/usr/lib/zoneinfo

# This is the /etc/cron.daily directory
mkdir -p ${RPM_BUILD_ROOT}%{cron_directory}

install -c ${RPM_SOURCE_DIR}/postfix-cron.daily.sh
${RPM_BUILD_ROOT}%{cron_directory}/postfix
install -c auxiliary/rmail/rmail ${RPM_BUILD_ROOT}%{rmail_path}

gzip -9f ${RPM_BUILD_ROOT}%{_mandir}/man{1,5,8}/* ||:

#
# copy new aliases files and build the aliases.db (ghost) file
#
cp -f  ${RPM_SOURCE_DIR}/postfix-aliases
${RPM_BUILD_ROOT}%{config_directory}/aliases
chmod 644 ${RPM_BUILD_ROOT}%{config_directory}/aliases
${RPM_BUILD_ROOT}/%{command_directory}/postalias -c
${RPM_BUILD_ROOT}/%{config_directory}
${RPM_BUILD_ROOT}/%{config_directory}/aliases

mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/active
mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/bounce
mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/corrupt
mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/defer
mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/deferred
mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/incoming
mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/pid
mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/private
mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/public
mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/saved

%post
/sbin/chkconfig --add postfix
%{newaliases_path}

%preun
umask 022
if [ "$1" = 0 ]; then
    %{command_directory}/postfix stop
    /sbin/chkconfig --del postfix                    

    rm -f %{queue_directory}/etc/localtime
    rm -f %{queue_directory}/etc/services
    rm -f %{queue_directory}/etc/resolv.conf
    rm -f %{queue_directory}/usr/lib/zoneinfo/localtime
    rm -f %{queue_directory}/lib/libnss_dns.so.1
    rm -f %{queue_directory}/lib/libnss_dns.so.2
fi

%postun

if [ "$1" != 0 ]; then
    (%{command_directory}/postfix stop && sleep 2 &&
%{command_directory}/postfix start) || true
fi

%clean
rm -rf ${RPM_BUILD_ROOT}

%files
%defattr(-, root, root)
%verify(not md5 size mtime) %config %dir %{config_directory}
%attr(0755, root, root) %config %{config_directory}/postfix-script
%attr(0644, root, root) %verify(not md5 size mtime) %config
%{config_directory}/main.cf
%attr(0644, root, root) %verify(not md5 size mtime) %config
%{config_directory}/master.cf
%attr(0644, root, root) %verify(not md5 size mtime) %config
%{config_directory}/install.cf
%attr(0644, root, root) %verify(not md5 size mtime) %config(noreplace)
%{config_directory}/aliases
%attr(0644, root, root) %verify(not md5 size mtime) %ghost            
%{config_directory}/aliases.db

%attr(0755, root, root) %{init_directory}/postfix
%dir %attr(-, root, root) %verify(not md5 size mtime) %{queue_directory}
%dir %attr(-, root, root) %verify(not md5 size mtime)
%{queue_directory}/etc
%dir %attr(-, root, root) %verify(not md5 size mtime)
%{queue_directory}/lib
%dir %attr(-, root, root) %verify(not md5 size mtime)
%{queue_directory}/usr/lib
%dir %attr(-, root, root) %verify(not md5 size mtime)
%{queue_directory}/usr/lib/zoneinfo

%dir %attr(0700, mail, root) %verify(not md5 size mtime)
%{queue_directory}/active
%dir %attr(0700, mail, root) %verify(not md5 size mtime)
%{queue_directory}/bounce
%dir %attr(0700, mail, root) %verify(not md5 size mtime)
%{queue_directory}/corrupt
%dir %attr(0700, mail, root) %verify(not md5 size mtime)
%{queue_directory}/defer
%dir %attr(0700, mail, root) %verify(not md5 size mtime)
%{queue_directory}/deferred
%dir %attr(0700, mail, root) %verify(not md5 size mtime)
%{queue_directory}/incoming
%dir %attr(1730, mail, mail) %verify(not md5 size mtime)
%{queue_directory}/maildrop
%dir %attr(0755, mail, root) %verify(not md5 size mtime)
%{queue_directory}/pid
%dir %attr(0700, mail, root) %verify(not md5 size mtime)
%{queue_directory}/private
%dir %attr(0755, mail, root) %verify(not md5 size mtime)
%{queue_directory}/public
%dir %attr(0700, mail, root) %verify(not md5 size mtime)
%{queue_directory}/saved
%attr(0755, root, root) %{cron_directory}/postfix

%doc 0README BEWARE COMPATIBILITY DEBUG_README HISTORY INSTALL INSTALL.sh
%doc LDAP_README LICENSE MYSQL_README PCRE_README PORTING
%doc README_maildrop_security.txt README_rpm.txt RELEASE_NOTES
%doc RESTRICTION_CLASS TODO ULTRIX_README UUCP_README

%doc README_rpm.txt README_maildrop_security.txt

%doc conf/access conf/aliases conf/canonical conf/main.cf
%doc conf/main.cf.default conf/master.cf conf/postfix-script
%doc conf/postfix-script-nosgid conf/postfix-script-sgid conf/relocated
%doc conf/sample-aliases.cf conf/sample-canonical.cf conf/sample-debug.cf
%doc conf/sample-ldap.cf conf/sample-local.cf conf/sample-misc.cf
%doc conf/sample-pcre.cf conf/sample-rate.cf conf/sample-regexp.cf
%doc conf/sample-relocated.cf conf/sample-resource.cf
%doc conf/sample-rewrite.cf conf/sample-smtp.cf conf/sample-smtpd.cf
%doc conf/sample-transport.cf conf/sample-virtual.cf conf/transport
%doc conf/virtual

%doc html

%dir %{daemon_directory}
%{daemon_directory}/*

%{command_directory}/postalias
%{command_directory}/postcat
%{command_directory}/postconf
%attr(2755, root, mail) %{command_directory}/postdrop
%{command_directory}/postfix
%{command_directory}/postkick
%{command_directory}/postlock
%{command_directory}/postlog
%{command_directory}/postmap
%{command_directory}/postsuper

%{sendmail_path}
%{mailq_path}
%{newaliases_path}
%attr(0755, root, root) %{rmail_path}

%{_mandir}/*/*

%changelog
* Fri Nov 17 2000 Damien Miller <djm@ibs.com.au>
- Add Postfix TLS patch
- Enable PCRE maps
- Link with Cyrus SASL library
- Modify init script to check chroot files at daemon start time
- Cleanup patches to suit above

* Fri Sep 29 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- Update to 20000924
- Run newaliases in %post (postfix doesn't run if it can't access the
  alias databases.)
- Fix a relatively major glibc 2.2 interoperability problem - the maximum
  size of the mailspool is NOT supposed to be the maximum size of a
message.

* Thu Aug 17 2000 Than Ngo <than@redhat.de>
- added missing directories (Bug #16404)

* Thu Aug  3 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- Add optional LDAP support (Bug #14680), leave it disabled by default
  to avoid additional dependencies
- Add nqmgr (Bug #14680)

* Wed Aug  2 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- Add some missing directories (Bug #13667 and some non-reported issues)

* Mon Jul 24 2000 Prospector <prospector@redhat.com>
- rebuilt

* Mon Jul 17 2000 Tim Powers <timp@redhat.com>
- inits now in rc.d/init.d again

* Thu Jul 06 2000 Tim Powers <timp@redhat.com>
- fixed PreReq to PreReq /etc/init.d

* Thu Jul  6 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- FHSify

* Mon Jun 19 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- 20000531
- clean up the spec file - it's a huge mess...
- FHSify
- fix build as user
- fix compilation with glibc 2.2

* Thu Jan 13 2000 Tim Powers <timp@redhat.com>
- removing the whinge stuff from the pre and post sections to meet Red Hat
	policy
- quiet setup 
- built for Powertools 6.2

* Thu Jan 13 2000 Simon Mudd <sjmudd@pobox.com>
- fix the postalias command which needed the '-c' option
  specified.  (Edward S. Marshall <emarshal@logic.net>)

- fix the rpm-3.x problem with defines not being commented out
  and comment that part of the spec file so that I don't get
  caught again. (It works on my platform with rpm-2.x!)

* Tue Jan 04 2000 Simon Mudd <sjmudd@pobox.com>
- update to work with postfix-19991231-pl02

* Tue Jan 04 2000 Simon Mudd <sjmudd@pobox.com>
- update to work with postfix-19991231-pl01
- and the ghost parameter for aliases.db

* Tue Jan 04 2000 Simon Mudd <sjmudd@pobox.com>
- Fix BEWARE problem in doc
- change man page compression to work on required files

* Fri Dec 24 1999 Simon Mudd <sjmudd@pobox.com>
- update for 19991223 snapshot
- setup the alias_maps and alias_database parameters correctly
- rebuild aliases on install (should fix this to only do this if
  required)
- fix INSTALL.sh which didn't quite work

* Thu Dec 23 1999 Simon Mudd <sjmudd@pobox.com>
- modified the aliases file somewhat.
- re-enabled the whinging after ensuring that output will NOT go to
  stderr, but only syslog.

* Wed Dec 22 1999 Chuck Mead <chuck@moongroup.com>
- added an aliases file per discussions with Tim Powers

* Wed Dec 22 1999 Tim Powers <timp@redhat.com>
- changed group so that it's a valid Red Hat group
- commented out the whinge stuff in the %pre and %post sections to conform
	with Red Hat policy
- changed BuildRoot to be in /var/tmp
- gzip man pages
- changed %%{manpath} reference in %files section so that this package
doesn't
	claim ownership of /usr/man
- commented out the Patch99 stuff since we don't need it

* Fri Dec 17 1999 Simon J Mudd <sjmudd@pobox.com>
  [19991216-1]: update for new snapshot

* Mon Dec 13 1999 Simon J Mudd <sjmudd@pobox.com>
  [19991126-1]: update for new snapshot

* Sat Dec 03 1999 Simon J Mudd <sjmudd@pobox.com>
  [19991126-1]: update for new snapshot

* Fri Nov 26 1999 Simon J Mudd <sjmudd@pobox.com>
  [19991123-4]: /etc/cron.daily/postfix was installed as well as a crontab
                - remove the crontab entry as this isn't necessary
  [19991123-3]: add a small delay between postfix stop && postfix start
  [19991123-2]: Wietse's rbl code needed, patching - include the patch

* Tue Nov 23 1999 Simon J Mudd <sjmudd@pobox.com>
  [19991123-1]: try the snapshot which looks nice (?)

* Mon Nov 22 1999 Simon J Mudd <sjmudd@pobox.com>
  [19990906-pl07-1]: patch against pl07

* Thu Nov 17 1999 Simon J Mudd <sjmudd@pobox.com>
  [19990906-pl06-2]: tidy up spec file and include rmail
Comment 1 Bernhard Rosenkraenzer 2000-11-17 09:52:47 EST
Beat you to it. ;)
We integrated the patch on Nov 14. ;)
Comment 2 Damien Miller 2000-11-19 17:24:09 EST
Where can I get the updated package?
ftp://rawhide.redhat.com/rawhide/powertools/SRPMS/postfix-20000924-1.src.rpm is
a bit old :)

Note You need to log in before you can comment on or make changes to this bug.