cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import archiveopteryx 3.1.3:

Browse Source 
Archiveopteryx is a mail server system optimised for long-term storage
and heavy access. It comprises a set of server programs that provide
access to mail stored in a relational database (PostgreSQL).

With feedback from ajacoutot@ and JG Pailloncy, reads ok to ajacoutot@
This commit is contained in:
landry 2011-01-09 09:36:21 +00:00
parent 0c4e382bcf
commit f69d285399
20 changed files with 534 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
mail/archiveopteryx/Makefile Normal file
View File

@ -0,0 +1,48 @@
# $OpenBSD: Makefile,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
COMMENT = mail server storing messages in a database
DISTNAME = archiveopteryx-3.1.3
CATEGORIES = mail databases
HOMEPAGE = http://www.archiveopteryx.org/
MAINTAINER = Landry Breuil <gaston@gcu.info>
# GPLv2
PERMIT_PACKAGE_CDROM = Yes
PERMIT_PACKAGE_FTP = Yes
PERMIT_DISTFILES_CDROM = Yes
PERMIT_DISTFILES_FTP = Yes
WANTLIB = c crypto m pthread ssl stdc++ z
MASTER_SITES = ${HOMEPAGE}/download/
EXTRACT_SUFX = .tar.bz2
BUILD_DEPENDS = devel/jam
JAMDEBUG = -d x # display command-lines
JAMDEBUG += -q # die quickly on build failure
MAKE_ENV += CC=${CC} CXX=${CXX}
JAMFLAGS = \
-sAOXUSER=_aox \
-sAOXGROUP=_aox \
-sBUILD= \
-sOPTIM="${CFLAGS}" \
-sCXXFLAGS="${CXXFLAGS}" \
-sLDFLAGS="${LDFLAGS}"
pre-configure:
${SUBST_CMD} ${WRKSRC}/Jam{rules,settings}
do-build:
cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} jam ${JAMDEBUG} ${JAMFLAGS}
do-install:
cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} jam ${JAMDEBUG} ${JAMFLAGS} install
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/archiveopteryx
${INSTALL_DATA} ${FILESDIR}/*.conf ${PREFIX}/share/examples/archiveopteryx
.include <bsd.port.mk>

5
mail/archiveopteryx/distinfo Normal file
View File

@ -0,0 +1,5 @@
MD5 (archiveopteryx-3.1.3.tar.bz2) = h24zRAnY5WLacbGA+cNBKQ==
RMD160 (archiveopteryx-3.1.3.tar.bz2) = lbQIFZr0pf6Xp49x1Kx9Yt8D2EY=
SHA1 (archiveopteryx-3.1.3.tar.bz2) = GW4bAqUIEZLaK/+ARx1ZCuzuNdM=
SHA256 (archiveopteryx-3.1.3.tar.bz2) = uTqRiqo2+pNxyIqpU1GHu0eW6xXV5rEKym5CcBo8PIk=
SIZE (archiveopteryx-3.1.3.tar.bz2) = 2593628

7
mail/archiveopteryx/files/aoxsuper.conf Normal file
View File

@ -0,0 +1,7 @@
# default config file provided by the OpenBSD package
# Security note: Anyone who can read this password can do
# anything to the database, including delete all mail.
db-owner = aoxsuper
db-owner-password = '(database owner password here)'

43
mail/archiveopteryx/files/archiveopteryx-openssl.conf Normal file
View File

@ -0,0 +1,43 @@
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
prompt = no
dirstring_type = nobmp
[ req_distinguished_name ]
# country (2 letter code)
#C=FI
# State or Province Name (full name)
#ST=
# Locality Name (eg. city)
#L=
# Organization (eg. company)
#O=
# Organizational Unit Name (eg. section)
OU=IMAP server
# Common Name (*.example.com is also possible)
CN=imap.example.com
# E-mail contact
emailAddress=postmaster@example.com
[ req_attributes ]
challengePassword = ""
[ v3_ca ]
nsCertType = server
nsComment = "Automatically generated self-signed certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true

7
mail/archiveopteryx/files/archiveopteryx.conf Normal file
View File

@ -0,0 +1,7 @@
# default config file provided by the OpenBSD package
db-address = 127.0.0.1
db-port = 5432
db-name = archiveopteryx
db-user = aox
db-password = '(database user password here)'

3
mail/archiveopteryx/notes Normal file
View File

@ -0,0 +1,3 @@
TlsCertFile dans conf vs selfSignCertificate()
tlsproxy only used when use_cryptlib=yes
aox stop not stopping sometimes ?

56
mail/archiveopteryx/patches/patch-Jamfile Normal file
View File

@ -0,0 +1,56 @@
$OpenBSD: patch-Jamfile,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
--- Jamfile.orig Wed Mar 10 13:17:56 2010
+++ Jamfile Fri Apr 9 21:07:19 2010
@@ -14,7 +14,6 @@ SubInclude TOP recorder ;
SubInclude TOP sasl ;
SubInclude TOP schema ;
SubInclude TOP scripts ;
-SubInclude TOP installer ;
SubInclude TOP extractors ;
SubInclude TOP archiveopteryx ;
SubInclude TOP aoximport ;
@@ -50,9 +49,6 @@ actions together Prepare
}
-Prepare $(INSTALLROOT)$(JAILDIR) ;
-Prepare $(INSTALLROOT)$(MESSAGEDIR) ;
-Prepare $(INSTALLROOT)$(PIDFILEDIR) ;
Prepare $(INSTALLROOT)$(CONFIGDIR) ;
Prepare $(INSTALLROOT)$(LIBDIR)/contrib ;
if ( $(LOGFILE:D) != "" && $(LOGFILE:D) != "syslog" ) {
@@ -62,18 +58,6 @@ if ( $(USE_CRYPTLIB) = "yes" ) {
Prepare $(INSTALLROOT)$(LIBDIR)/tlsproxy/var/run ;
}
-
-# if we make JAILDIR, we should chmod it so noone can read it:
-MODE on $(INSTALLROOT)$(JAILDIR) = 700 ;
-Chmod $(INSTALLROOT)$(JAILDIR) ;
-
-# if we make MESSAGEDIR, we should chmod it similarly. AOXUSER needs to
-# be able to write to it, but we can't chown here, because the user may
-# not exist yet.
-MODE on $(INSTALLROOT)$(MESSAGEDIR) = 700 ;
-Chmod $(INSTALLROOT)$(MESSAGEDIR) ;
-
-
actions Message {
fmt <<EOM | sed 's/^/ /'
To set up the database and generate a configuration file, run
@@ -95,14 +79,12 @@ info@aox.org for help.
EOM
}
-Message install ;
-
if $(BUILDDOC) {
local s u ;
local exceptions = canonical msgdump munger renderer logdmain tests
addressparser whip cram subscribe deliver aox recorder cmdsearch
- cryptlib installer archiveopteryx aoximport aoxexport dbtest ;
+ cryptlib archiveopteryx aoximport aoxexport dbtest ;
for s in $(sets) {
if ! $(s) in $(documented-sets) && ! $(s) in $(u) &&
! $(s) in $(exceptions)

13
mail/archiveopteryx/patches/patch-Jamrules Normal file
View File

@ -0,0 +1,13 @@
$OpenBSD: patch-Jamrules,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
--- Jamrules.orig Sun Mar 28 22:32:41 2010
+++ Jamrules Sun Mar 28 22:32:54 2010
@@ -30,9 +30,6 @@ else {
C++ = g++ ;
C++FLAGS += -W -Wall ;
BUILD = build/gcc ;
- if $(OPTIM) {
- BUILD = build/gcc$(OPTIM) ;
- }
if $(COV) {
C++FLAGS += -fprofile-arcs -ftest-coverage ;

53
mail/archiveopteryx/patches/patch-Jamsettings Normal file
View File

@ -0,0 +1,53 @@
$OpenBSD: patch-Jamsettings,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
--- Jamsettings.orig Wed Mar 10 13:17:56 2010
+++ Jamsettings Mon Apr 5 23:33:00 2010
@@ -28,7 +28,7 @@ MANDIR = $(PREFIX)/man ;
# Supporting files
#
-LIBDIR = $(PREFIX)/lib ;
+LIBDIR = $(PREFIX)/libexec/archiveopteryx ;
# The startup/shutdown script's directory
#
@@ -36,24 +36,24 @@ INITDIR = $(LIBDIR) ;
# Where to write pid files for the servers
#
-PIDFILEDIR ?= $(PREFIX)/lib/pidfiles ;
+PIDFILEDIR ?= /var/run ;
# The servers chroot to an empty, unreadable jail directory at
# startup.
#
-JAILDIR = $(PREFIX)/jail ;
+JAILDIR = /var/archiveopteryx/jail ;
# This is the default message-copy-directory.
#
-MESSAGEDIR = $(PREFIX)/messages ;
+MESSAGEDIR = /var/archiveopteryx/messages ;
# The directory where the configuration file is located.
#
-CONFIGDIR = $(PREFIX) ;
+CONFIGDIR = ${SYSCONFDIR} ;
# The directory where the README and other files are installed.
#
-READMEDIR = $(PREFIX) ;
+READMEDIR = $(PREFIX)/share/doc/archiveopteryx ;
# The log file's default name. (This can be a file name or syslog/x,
# where x is a facility.)
@@ -71,8 +71,8 @@ AOXGROUP ?= aox ;
# How to compile
-C++FLAGS = -g -Werror -funsigned-char ;
-LINKFLAGS = -g ;
+C++FLAGS = -I. -I.. -g -Werror -funsigned-char ;
+LINKFLAGS = -lcrypto -g ;
# Mode for installed binaries

79
mail/archiveopteryx/patches/patch-aox_servers_cpp Normal file
View File

@ -0,0 +1,79 @@
$OpenBSD: patch-aox_servers_cpp,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
--- aox/servers.cpp.orig Fri Mar 12 07:25:36 2010
+++ aox/servers.cpp Sun Apr 11 11:16:55 2010
@@ -27,6 +27,7 @@
#include <pwd.h>
#include <grp.h>
+#include <err.h>
static const char * buildinfo[] = {
#include "buildinfo.inc"
@@ -316,8 +317,7 @@ static void checkFilePermissions()
EString c = Configuration::text( Configuration::TlsCertFile );
#if !defined(USE_CRYPTLIB)
if ( c.isEmpty() ) {
- c = Configuration::compiledIn( Configuration::LibDir );
- c.append( "/automatic-key.pem" );
+ c = "/etc/ssl/archiveopteryx.pem";
}
#endif
addPath( Path::ReadableFile, Configuration::TlsCertFile );
@@ -1092,54 +1092,14 @@ static void selfSignCertificate()
EString keyFile( Configuration::text( Configuration::TlsCertFile ) );
if ( keyFile.isEmpty() ) {
- keyFile = Configuration::compiledIn( Configuration::LibDir );
- keyFile.append( "/automatic-key.pem" );
+ keyFile = "/etc/ssl/archiveopteryx.pem";
}
File key( keyFile );
if ( !key.contents().isEmpty() )
return; // could verify here, for the expiry date
-
- File osslcf( "/tmp/aox-ossl.conf", File::Write );
- osslcf.write( "[ req ]\n"
- " default_bits = 1024\n"
- " default_keyfile = privkey.pem\n"
- " distinguished_name = req_distinguished_name\n"
- " attributes = req_attributes\n"
- " x509_extensions = v3_ca\n"
- " prompt = no\n"
- "\n"
- " dirstring_type = nobmp\n"
- "\n"
- "[ req_distinguished_name ]\n"
- " CN=" + Configuration::hostname() + "\n"
- "\n"
- "[ req_attributes ]\n"
- " challengePassword = \"\"\n"
- "\n"
- " [ v3_ca ]\n"
- "\n"
- " nsCertType = server\n"
- " nsComment = \"Automatically generated self-signed certificate\"\n"
- " subjectKeyIdentifier=hash\n"
- " authorityKeyIdentifier=keyid:always,issuer:always\n"
- " basicConstraints = CA:true\n" );
-
-
-
- system( "openssl req -config /tmp/aox-ossl.conf -x509 -days 1764 -newkey rsa: -nodes -keyout /tmp/aox-ossl.pem -out /tmp/aox-ossl.pem" );
-
- // one one hand, File::write() does no checking. On the other,
- // this does at least not pass user-supplied data to the shell.
- File ossl( "/tmp/aox-ossl.pem" );
- File result( keyFile, File::Write );
- result.write( ossl.contents() );
- File::unlink( "/tmp/aox-ossl.pem" );
-
- printf( "Created self-signed certificate for %s in %s.\n"
- "Please verify that file's permissions.\n",
- Configuration::hostname().cstr(),
- keyFile.cstr() );
+ else
+ errx(1, "Didn't found certificate in %s, exiting\n", keyFile.cstr());
#endif
}

9
mail/archiveopteryx/patches/patch-doc_Jamfile Normal file
View File

@ -0,0 +1,9 @@
$OpenBSD: patch-doc_Jamfile,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
--- doc/Jamfile.orig Sun Apr 11 11:09:31 2010
+++ doc/Jamfile Sun Apr 11 11:09:41 2010
@@ -26,4 +26,4 @@ Man 5 : archiveopteryx.conf.man aoxsuper.conf.man ;
Man 8 :
aoximport.man aox.man archiveopteryx.man deliver.man installer.man
- logd.man recorder.man tlsproxy.man ;
+ logd.man recorder.man ;

12
mail/archiveopteryx/patches/patch-doc_archiveopteryx_conf_man Normal file
View File

@ -0,0 +1,12 @@
$OpenBSD: patch-doc_archiveopteryx_conf_man,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
--- doc/archiveopteryx.conf.man.orig Fri Apr 9 23:54:06 2010
+++ doc/archiveopteryx.conf.man Fri Apr 9 23:54:55 2010
@@ -587,7 +587,7 @@ If
.I tls-certificate
is not specified, tlsproxy generates a private key and a self-signed
certificate at runtime and stores both in
-.IR $CONFIGDIR/automatic-key.p15 .
+.IR /etc/ssl/archiveopteryx.p15 .
.IP tls-certificate-label
is a label that uniquely identifies the key and certificate to use in
the PKCS #15 key file identified by

12
mail/archiveopteryx/patches/patch-doc_archiveopteryx_man Normal file
View File

@ -0,0 +1,12 @@
$OpenBSD: patch-doc_archiveopteryx_man,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
--- doc/archiveopteryx.man.orig Fri Apr 9 23:53:20 2010
+++ doc/archiveopteryx.man Fri Apr 9 23:54:00 2010
@@ -213,7 +213,7 @@ settings.
.SH FILES
.IP $CONFIGDIR/archiveopteryx.conf
contains the Archiveopteryx configuration.
-.IP $LIBDIR/automatic-key.p15
+.IP /etc/ssl/archiveopteryx.p15
contains a private key and self-signed certificate used by
.BR tlsproxy (8)
(and indirectly by the other servers).

17
mail/archiveopteryx/patches/patch-doc_readme_README Normal file
View File

@ -0,0 +1,17 @@
$OpenBSD: patch-doc_readme_README,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
--- doc/readme/README.orig Fri Apr 9 21:27:30 2010
+++ doc/readme/README Fri Apr 9 21:28:48 2010
@@ -33,12 +33,10 @@ Archiveopteryx for the first time (see below if you're
errors are likely to be minor, and if you tell us about them, we'd be
happy to help you resolve them.
-2. Type "make install" as root to install the software into $PREFIX
+2. Type "make install" as root to install the software
(then switch to that directory to continue).
The archiveopteryx(7) manual page introduces the software.
-
- (You may want to add $MANDIR to your MANPATH.)
3. Run "lib/installer" to create a Unix user and group, a PostgreSQL
user, the necessary database tables, and to generate an initial

15
mail/archiveopteryx/patches/patch-scripts_Jamfile Normal file
View File

@ -0,0 +1,15 @@
$OpenBSD: patch-scripts_Jamfile,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
No need to install init.d-like shell script
--- scripts/Jamfile.orig Thu Apr 8 23:46:46 2010
+++ scripts/Jamfile Thu Apr 8 23:47:10 2010
@@ -14,10 +14,6 @@ rule ShellScript {
Chmod $(t) ;
}
-
-ShellScript archiveopteryx ;
-
-
rule ContribScript {
local s t ;

13
mail/archiveopteryx/patches/patch-server_tlsthread_cpp Normal file
View File

@ -0,0 +1,13 @@
$OpenBSD: patch-server_tlsthread_cpp,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
--- server/tlsthread.cpp.orig Fri Apr 9 23:48:32 2010
+++ server/tlsthread.cpp Fri Apr 9 23:48:55 2010
@@ -95,8 +95,7 @@ void TlsThread::setup()
EString keyFile( Configuration::text( Configuration::TlsCertFile ) );
if ( keyFile.isEmpty() ) {
- keyFile = Configuration::compiledIn( Configuration::LibDir );
- keyFile.append( "/automatic-key.pem" );
+ keyFile = "/etc/ssl/archiveopteryx.pem";
}
keyFile = File::chrooted( keyFile );
if ( !SSL_CTX_use_certificate_chain_file( ctx, keyFile.cstr() ) ||

3
mail/archiveopteryx/pkg/DESCR Normal file
View File

@ -0,0 +1,3 @@
Archiveopteryx is a mail server system optimised for long-term storage
and heavy access. It comprises a set of server programs that provide
access to mail stored in a relational database (PostgreSQL).

53
mail/archiveopteryx/pkg/PLIST Normal file
View File

@ -0,0 +1,53 @@
@comment $OpenBSD: PLIST,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
@newgroup _aox:661
@newuser _aox:661:661:daemon:Archiveopteryx Daemon:/var/empty:/sbin/nologin
@bin bin/aox
@bin bin/aoxexport
@bin bin/aoximport
@bin bin/deliver
libexec/archiveopteryx/
libexec/archiveopteryx/contrib/
libexec/archiveopteryx/contrib/rrdglue
libexec/archiveopteryx/downgrades
libexec/archiveopteryx/field-names
libexec/archiveopteryx/flag-names
libexec/archiveopteryx/fts.pg
libexec/archiveopteryx/schema.pg
@man man/man5/aoxsuper.conf.5
@man man/man5/archiveopteryx.conf.5
@man man/man8/aox.8
@man man/man8/aoximport.8
@man man/man8/archiveopteryx.8
@man man/man8/deliver.8
@man man/man8/installer.8
@man man/man8/logd.8
@man man/man8/recorder.8
@bin sbin/archiveopteryx
@bin sbin/logd
@bin sbin/recorder
share/doc/archiveopteryx/
share/doc/archiveopteryx/COPYING
share/doc/archiveopteryx/README
share/doc/archiveopteryx/bsd.txt
share/doc/pkg-readmes/${FULLPKGNAME}
share/examples/archiveopteryx/
share/examples/archiveopteryx/archiveopteryx-openssl.conf
@sample ${SYSCONFDIR}/ssl/archiveopteryx-openssl.conf
share/examples/archiveopteryx/aoxsuper.conf
@mode 0400
@sample ${SYSCONFDIR}/aoxsuper.conf
@mode
share/examples/archiveopteryx/archiveopteryx.conf
@mode 0600
@owner _aox
@group _aox
@sample ${SYSCONFDIR}/archiveopteryx.conf
@mode 0700
@sample /var/archiveopteryx/
@sample /var/archiveopteryx/messages/
@owner
@group
@sample /var/archiveopteryx/jail/
@mode
@extraunexec rm -rf /var/archiveopteryx
@rcscript ${RCDIR}/aox

66
mail/archiveopteryx/pkg/README Normal file
View File

@ -0,0 +1,66 @@
$OpenBSD: README,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
Running Archiveopteryx on OpenBSD
=================================
Archiveopteryx is now installed, and sample configuration files were
created in ${SYSCONFDIR}/archiveopteryx.conf and ${SYSCONFDIR}/aoxsuper.conf
Before using it, you will need to create PostgreSQL users and database,
and you'll need to set aox db user password in archiveopteryx.conf,
and aoxsuper db user password in aoxsuper.conf.
Database initialisation:
------------------------
Assuming you have an administrative account named `postgres',
you can create the aox/aoxsuper users and archiveopteryx database like
this:
createuser -U postgres --pwprompt --no-superuser --no-createdb \
--no-createrole aox
createuser -U postgres --pwprompt --no-superuser --no-createdb \
--no-createrole aoxsuper
createdb -U postgres -T template0 -E UTF8 -O aoxsuper archiveopteryx
Now load the database schema:
psql -U postgres archiveopteryx -f - <<PSQL;
\set ON_ERROR_STOP
SET SESSION AUTHORIZATION aoxsuper;
SET client_min_messages TO 'ERROR';
\i ${TRUEPREFIX}/libexec/archiveopteryx/schema.pg
\i ${TRUEPREFIX}/libexec/archiveopteryx/flag-names
\i ${TRUEPREFIX}/libexec/archiveopteryx/field-names
\i ${TRUEPREFIX}/libexec/archiveopteryx/downgrades
PSQL
Grant privileges to user 'aox':
aox grant privileges aox
If performing an upgrade, you might need to update schema with:
aox upgrade schema
Certificate generation:
-----------------------
By default, archiveopteryx uses TLS (unless use-tls is set to no), so it
needs an ssl certificate file in /etc/ssl/archiveopteryx.pem containing
both private key and signed certificate to function properly. If you
don't already have one, edit /etc/ssl/archiveopteryx-openssl.conf to fit
your needs (only CA field is mandatory) and generate a self-signed
certificate with the following command:
openssl req -config /etc/ssl/archiveopteryx-openssl.conf -x509 -days \
1764 -newkey rsa -nodes -keyout /etc/ssl/archiveopteryx.pem \
-out /etc/ssl/archiveopteryx.pem
Startup/Shutdown configuration:
-------------------------------
Make sure to startup archiveopteryx after your DB server.
aox show status can give you the status of processes.
Now refer to http://www.archiveopteryx.org/ for more fine-tuned
configuration.

20
mail/archiveopteryx/pkg/aox.rc Normal file
View File

@ -0,0 +1,20 @@
#!/bin/sh
#
# $OpenBSD: aox.rc,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
daemon="${TRUEPREFIX}/bin/aox"
. /etc/rc.d/rc.subr
pexp="${TRUEPREFIX}/sbin/archiveopteryx -f"
rc_reload=NO
rc_start() {
${daemon} start >/dev/null 2>&1
}
rc_stop() {
${daemon} stop >/dev/null 2>&1
}
rc_cmd $1