From nobody Sat Aug 31 07:13:54 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwmTZ5ZQvz5TlxW; Sat, 31 Aug 2024 07:13:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwmTZ54Ndz4h3f; Sat, 31 Aug 2024 07:13:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725088434; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=j4Se7HlDOHrvEesKg1eNwdDNXWJeF9ENJFspSi2aYtg=; b=haRmcG7IRQeeJOB/dC8VXURB+dhcRxux0PADGXi8LB798izS00Xuh1HFdVL7wptveUVo1f SlkWwehFsBLSkGdnL0O6J7BOMkzWjTLPMZ/3SqZkmbWPydKZMPt3amSUp74tKq5tQ/GuwE O92XsTSwpeB9M4nv0ib//y7r1GGGNtkTYdI3ubzDaz41YrTnjqByI03BoYnh3QHJC/gf2r ydSln9DJ/db2ZD7hwOoevhiYn43Lh0i06iH35STJzfPttOR9AERqH4FLAHgZytmv41cMvs FcuH8afBEA+lIuxAvVGLq/jnmclQL6zF7c5UCBt7Aegz7GaNsJlrfYtjIxQqvA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725088434; a=rsa-sha256; cv=none; b=xssuNBvG6My7bXC6CJJL0SF3FPZFEWS5NfSu/Om4YLznt2uNGmkQ/Fk+qg/UqjgIdMNGXJ LydUY1feXBr2SYGGabWI/biyo+z37IOHlzElgduQDU4GuXfrcz2D9SovPvQcB9UO2wlFbo Nhbm+1YId1z3G3wVWOHSN9Bsk5yPZ20CMg4RRt2GKYBnVzIVAJkrZSvKLm0gCbJAvUOF7f pOp+rgr6zcROO68RZOJlDyi9vdvIdP0GBO8yG0ZY8/vhF7RtvaHI2GUcOc1k2S6aeK65vi /8QKBXGc+la8kFzS55Pr6v7qMa6Q5ETqiqumDvrjCoLamu2u2zs8JpURgm2wvw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725088434; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=j4Se7HlDOHrvEesKg1eNwdDNXWJeF9ENJFspSi2aYtg=; b=jxM3xEF+fK8Q81jyJmwPdFY8xHjWtu+YTt53BAU6WrouhPmXr+ZsXyLhdtx/ZhREOIAkQK yyfhuOjfD1eCdldxz2YRXaXySxCJ8Pggjv/HOWGUWysYJOx1yH8KUa8X96+PfIA0l//VgV wUWfReMvFrYaeQxhFgZDifWkkhsTE43gOzsjI/ImqI1albstoq0qL2Xw6HTT0O9pjx8Fb6 2POC1xKYIBG0tPhebhEt6aSf/FqcYSRUMghlnubG8ekCLgizQvf51JpsO2MnNuDIzYpkki xVJtHtZveRGS0nmwqAQRJvS/bRIEApwixMoGpXGmt69xyopANglKpYkWxKuU1w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwmTZ3Ylnzbb3; Sat, 31 Aug 2024 07:13:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47V7Dssv067040; Sat, 31 Aug 2024 07:13:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47V7DswF067037; Sat, 31 Aug 2024 07:13:54 GMT (envelope-from git) Date: Sat, 31 Aug 2024 07:13:54 GMT Message-Id: <202408310713.47V7DswF067037@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Norikatsu Shigemura Subject: git: ffae45917307 - main - mail/py-postfix-mta-sts-resolver: Update to 1.4.0 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: nork X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ffae45917307f2c041121fb752cac040e1b758ac Auto-Submitted: auto-generated The branch main has been updated by nork: URL: https://cgit.FreeBSD.org/ports/commit/?id=ffae45917307f2c041121fb752cac040e1b758ac commit ffae45917307f2c041121fb752cac040e1b758ac Author: Norikatsu Shigemura AuthorDate: 2024-08-31 07:12:52 +0000 Commit: Norikatsu Shigemura CommitDate: 2024-08-31 07:12:52 +0000 mail/py-postfix-mta-sts-resolver: Update to 1.4.0 - portlint/portfmt/portclippy happy. - Cosmetic change and fix some minor issues. - Add PostgreSQL backend support, and enable all backends. - Add support to output operation logs, and default to syslog via daemon(8). ChangeLogs: https://github.com/Snawoot/postfix-mta-sts-resolver/compare/v1.1.2...v1.4.0 Approved by: hrs (mentor) --- mail/py-postfix-mta-sts-resolver/Makefile | 35 ++++++++++--------- mail/py-postfix-mta-sts-resolver/distinfo | 6 ++-- mail/py-postfix-mta-sts-resolver/files/mta_sts.in | 42 ++++++++++++++++++----- mail/py-postfix-mta-sts-resolver/pkg-descr | 14 ++++---- 4 files changed, 63 insertions(+), 34 deletions(-) diff --git a/mail/py-postfix-mta-sts-resolver/Makefile b/mail/py-postfix-mta-sts-resolver/Makefile index 61a29fd3faeb..4b045a5c09cf 100644 --- a/mail/py-postfix-mta-sts-resolver/Makefile +++ b/mail/py-postfix-mta-sts-resolver/Makefile @@ -1,7 +1,6 @@ PORTNAME= postfix-mta-sts-resolver -PORTVERSION= 1.1.2 -DISTVERSIONPREFIX=v -PORTREVISION= 1 +PORTVERSION= 1.4.0 +DISTVERSIONPREFIX= v CATEGORIES= mail python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,33 +11,37 @@ WWW= https://pypi.python.org/pypi/postfix-mta-sts-resolver LICENSE= MIT BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}wheel>0:devel/py-wheel@${PY_FLAVOR} -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiodns>=3.0.0:dns/py-aiodns@${PY_FLAVOR} \ +RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss \ + ${PYTHON_PKGNAMEPREFIX}aiodns>=3.0.0:dns/py-aiodns@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}aiohttp>=3.4.4:www/py-aiohttp@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pyyaml>=3.12:devel/py-pyyaml@${PY_FLAVOR} \ - ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss + ${PYTHON_PKGNAMEPREFIX}pyyaml>=3.12:devel/py-pyyaml@${PY_FLAVOR} USES= python USE_GITHUB= yes -USE_PYTHON= autoplist distutils - GH_ACCOUNT= Snawoot - -OPTIONS_DEFINE= REDIS SQLITE UVLOOP - -REDIS_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aioredis>=1.2.0:databases/py-aioredis@${PY_FLAVOR} -SQLITE_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiosqlite>=1.10.0:databases/py-aiosqlite@${PY_FLAVOR} -UVLOOP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}uvloop>=0.11.0:devel/py-uvloop@${PY_FLAVOR} - +USE_PYTHON= autoplist distutils USE_RC_SUBR= mta_sts +NO_ARCH= yes + SUB_LIST= PYTHON_CMD=${PYTHON_CMD} PLIST_FILES= "@sample etc/mta-sts-daemon.yml.sample" +OPTIONS_DEFINE= PGSQL REDIS SQLITE UVLOOP +OPTIONS_DEFAULT= PGSQL REDIS SQLITE UVLOOP + +UVLOOP_DESC= Event loop support +PGSQL_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}asyncpg>=0.27.0:databases/py-asyncpg@${PY_FLAVOR} +REDIS_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}redis>=4.2.0:databases/py-redis@${PY_FLAVOR} +SQLITE_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiosqlite>=0.10.0:databases/py-aiosqlite@${PY_FLAVOR} +UVLOOP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}uvloop>=0.11.0:devel/py-uvloop@${PY_FLAVOR} + post-extract: ${REINPLACE_CMD} -e 's|/etc/|${PREFIX}/etc/|' \ ${WRKSRC}/postfix_mta_sts_resolver/defaults.py post-install: - ${CP} ${WRKSRC}/config_examples/mta-sts-daemon.yml.internal ${STAGEDIR}${PREFIX}/etc/mta-sts-daemon.yml.sample + ${INSTALL_DATA} ${WRKSRC}/config_examples/mta-sts-daemon.yml.internal \ + ${STAGEDIR}${PREFIX}/etc/mta-sts-daemon.yml.sample .include diff --git a/mail/py-postfix-mta-sts-resolver/distinfo b/mail/py-postfix-mta-sts-resolver/distinfo index 58fe68480400..404f125166fa 100644 --- a/mail/py-postfix-mta-sts-resolver/distinfo +++ b/mail/py-postfix-mta-sts-resolver/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1657391229 -SHA256 (Snawoot-postfix-mta-sts-resolver-v1.1.2_GH0.tar.gz) = c7e49ce3e441ebe2d2a4644d6fde21b4eaecf84479314f56a20fec018b9f8e9e -SIZE (Snawoot-postfix-mta-sts-resolver-v1.1.2_GH0.tar.gz) = 51618 +TIMESTAMP = 1695492126 +SHA256 (Snawoot-postfix-mta-sts-resolver-v1.4.0_GH0.tar.gz) = 6fe07c9076e329fe3a9a347d7f9f8b2885526067dd7ea906b8916cd0dd5040ab +SIZE (Snawoot-postfix-mta-sts-resolver-v1.4.0_GH0.tar.gz) = 54627 diff --git a/mail/py-postfix-mta-sts-resolver/files/mta_sts.in b/mail/py-postfix-mta-sts-resolver/files/mta_sts.in index 31e442cb7585..1190e5fffe28 100644 --- a/mail/py-postfix-mta-sts-resolver/files/mta_sts.in +++ b/mail/py-postfix-mta-sts-resolver/files/mta_sts.in @@ -8,9 +8,10 @@ # to enable this service: # # mta_sts_enable (bool): Set to NO by default. -# Set it to YES to enable mta_sts. -# mta_sts_config (path): Set to %%PREFIX%%/etc/mta-sts-daemon.yml -# by default. +# Set it to YES to enable mta_sts_daemon. +# mta_sts_config (path): Set path to mta-sts-daemon.yml. +# mta_sts_logfile (path): Set log file name or 'syslog'. +# mta_sts_logverbosity (str): Set log verbosity(debug/info/warning/error/critical) . /etc/rc.subr @@ -20,18 +21,41 @@ rcvar=mta_sts_enable load_rc_config $name : ${mta_sts_enable:="NO"} -: ${mta_sts_config="%%PREFIX%%/etc/mta-sts-daemon.yml"} -: ${mta_sts_user="nobody"} - -pidfile=/var/run/${name}.pid -command=%%PREFIX%%/bin/mta-sts-daemon +: ${mta_sts_config:="%%PREFIX%%/etc/mta-sts-daemon.yml"} +: ${mta_sts_user:="mailnull"} +: ${mta_sts_group:="mailnull"} +: ${mta_sts_logfile:="syslog"} +: ${mta_sts_logverbosity:="info"} + +pidfile="/var/run/${name}.pid" +command="%%PREFIX%%/bin/mta-sts-daemon" command_interpreter="%%PYTHON_CMD%%" +start_precmd="${name}_prestart" start_cmd="${name}_start" +mta_sts_prestart() +{ + if [ "$mta_sts_logfile" = "syslog" ]; then + # NOTHING TO DO # + elif touch "$mta_sts_logfile"; then + chown "$mta_sts_user":"$mta_sts_group" "$mta_sts_logfile" + else + err 3 "$mta_sts_logfile: cannot create" + fi +} + mta_sts_start() { - /usr/sbin/daemon -u "${mta_sts_user}" -p "${pidfile}" "${command}" -c "${mta_sts_config}" + local logopts="" + local cmdopts="-v $mta_sts_logverbosity" + + if [ "$mta_sts_logfile" = "syslog" ]; then + logopts="-S -T mta_sts -l mail -s $mta_sts_logverbosity" + else + cmdopts="$cmdopts -l $mta_sts_logfile" + fi + /usr/sbin/daemon -u "$mta_sts_user" -p "$pidfile" ${logopts} "$command" -c "$mta_sts_config" ${cmdopts} } run_rc_command "$1" diff --git a/mail/py-postfix-mta-sts-resolver/pkg-descr b/mail/py-postfix-mta-sts-resolver/pkg-descr index e4b76937f0b4..f7aeb5eec042 100644 --- a/mail/py-postfix-mta-sts-resolver/pkg-descr +++ b/mail/py-postfix-mta-sts-resolver/pkg-descr @@ -1,10 +1,12 @@ Daemon which provides TLS client policy for Postfix via socketmap, according to -domain MTA-STS policy. Current support of RFC8461 is limited - daemon lacks -some minor features: +domain MTA-STS policy. Current support of RFC8461 is limited: - - Proactive policy fetch - - Fetch error reporting - - Fetch ratelimit (but actual fetch rate partially restricted with cache_grace config option). + - MTA-STS policy overrides DANE TLS authentication against RFC 8461, 2. + - Daemon lacks some minor features: + - Fetch error reporting. + - Fetch ratelimit (but actual fetch rate partially restricted with + cache_grace config option). Server has configurable cache backend which allows to store cached STS policies -in memory (internal), file (sqlite) or in Redis database (redis). +in memory (internal), file (sqlite), Redis database (redis) or in PostgreSQL +database (postgres).