Am 19.07.2013 14:21, schrieb Paul J Stevens: > On 07/19/2013 01:57 PM, Reindl Harald wrote: >> the current HEAD is broken, see errors below >> >> attached my RPM-SPEC, the only differnce in the builds is >> the used source tarball, config and systemd-units are the same > > Your build needs fixing, I assume.
i strictly disagree the SPEC file is compliant to fedora package / hardening guidelines > I cleaned up some of the autoconf stuff. Where are your modules > installed? Check the report generated after configure has completed. > Look for DM_PKGLIBDIR > > I've been trying to get dbmail to use sensible defaults. > > ../configure; make; make install but this should not break explicit configs https://fedoraproject.org/wiki/Packaging:RPMMacros http://fedoraproject.org/wiki/Packaging:Guidelines http://fedoraproject.org/wiki/Packaging:Guidelines#Compiler_flags http://fedoraproject.org/wiki/Packaging:Guidelines#Removing_Rpath > should autogenerated a dbmail.conf if /usr/local/etc/dbmail.conf is > writable /usr/local is *not* relevant - rpmbuild has it's virtual buildroot inside ~/rpmbuild/ > and will autogenerate a SQLite database in /tmp/, though that should > probably be in $HOME/dbmail.sqlite mysql - sqlite is no topic for me > I've also sanitized some of the configure switches: > --prefix > --libdir: modules go into LIBDIR/dbmail/ > --sysconfdir: location for dbmail.conf > --localstatedir: locate for the PID files maybe here is the problem > looks like you are doing some fonky edits on libtool and configure results in a hardened build (PIE, PIC, Full RELRO, canary/stack-protection, *no* RPATH) sed -i -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' -e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool removes the RPATH - that's why "/etc/ld.so.conf.d/dbmail-x86_64.conf" get installed http://fedoraproject.org/wiki/Packaging:Guidelines#Removing_Rpath [root@srv-rhsoft:~]$ cat /etc/ld.so.conf.d/dbmail-x86_64.conf /usr/lib64/dbmail export CFLAGS="%{optflags} -fPIC -fPIE -fstack-protector-all -I%{_includedir}/zdb" export CXXFLAGS="%{optflags} -fPIC -fPIE -fstack-protector-all -I%{_includedir}/zdb" export LDFLAGS="-Wl,-z,now -Wl,-z,relro,-z,noexecstack -pie" export SH_LDFLAGS="-Wl,-z,now -Wl,-z,relro,-z,noexecstack -pie" %configure --with-jemalloc=%{_prefix} --with-sieve --enable-manpages --enable-shared --enable-pie --with-pic --disable-static --without-ldap sed -i -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' -e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool %{__make} %{?_smp_mflags} > Those shouldn't be necessary if gentoo is LSB compliant Gentoo? this is Fedora - Gentoo has no RPM or rpmbuild
%global debug_package %{nil}
%define registry_uid 38
%define registry_name dbmail
%define services dbmail-imapd dbmail-pop3d dbmail-lmtpd dbmail-timsieved
%define git b2958774333d81a441061b2a36fd1f4ae8a45562
Name: dbmail
Version: 3.0.2
Release: 24%{?dist}.%git
Summary: A database backed mail storage system
Group: System Environment/Daemons
License: GPLv2+ and MIT
URL: http://www.dbmail.org
Source0: http://www.dbmail.org/download/3.0/%{name}-%{git}.tar.bz2
Source1: %{name}-imapd.service
Source2: %{name}-lmtpd.service
Source3: %{name}-pop3d.service
Source4: %{name}-timsieved.service
Source5: %{name}.cron
Source6: %{name}.logrotate
Source8: %{name}.sysconfig
Source9: %{name}.tmpfiles.d
BuildRequires: gmime-devel
BuildRequires: fileutils
BuildRequires: openssl-devel
BuildRequires: glib2-devel
BuildRequires: mhash-devel
BuildRequires: libsieve-devel
BuildRequires: libzdb-devel
BuildRequires: libevent-devel
BuildRequires: openldap-devel
BuildRequires: asciidoc
BuildRequires: xmlto
BuildRequires: jemalloc-devel
Requires: glib2
Requires: logrotate
Requires: vixie-cron
Requires: %{_sbindir}/sendmail
Requires: libzdb
Requires: sqlite
Requires: systemd-units
Provides: %{name}-sqlite = %{version}
Provides: %{name}-pgsql = %{version}
Provides: %{name}-mysql = %{version}
Requires(pre): shadow-utils, systemd-units
Requires(post): shadow-utils, systemd-units
Requires(preun): shadow-utils, systemd-units
%description
Dbmail is the name of a group of programs that enable the possiblilty of
storing and retrieving mail messages from a database
%package manpages
Group: System Environment/Daemons
Summary: %{name}-manpages and examples
%description manpages
%prep
%setup -q -n %{name}-%git
rm -f README*
sed -i 's/\(^driver\W*=\)\(\W*$\)/\1 sqlite/' %{name}.conf
sed -i -e 's,\(^db\W*=\)\(.*$\),\1 %{_sharedstatedir}/%{name}/%{name}.db,' -e 's/\(^authdriver\W*=\)\(\W*$\)/\1 sql/' -e 's/\(^EFFECTIVE_USER\W*=\)\(.*$\)/\1 %{name}/' -e 's/\(^EFFECTIVE_GROUP\W*=\)\(.*$\)/\1 %{name}/' %{name}.conf
sed -i 's/gmime-2.4/gmime-2.6/g' configure
%build
export CFLAGS="%{optflags} -fPIC -fPIE -fstack-protector-all -I%{_includedir}/zdb"
export CXXFLAGS="%{optflags} -fPIC -fPIE -fstack-protector-all -I%{_includedir}/zdb"
export LDFLAGS="-Wl,-z,now -Wl,-z,relro,-z,noexecstack -pie"
export SH_LDFLAGS="-Wl,-z,now -Wl,-z,relro,-z,noexecstack -pie"
%configure --with-jemalloc=%{_prefix} --with-sieve --enable-manpages --enable-shared --enable-pie --with-pic --disable-static --without-ldap
sed -i -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' -e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%{__make} %{?_smp_mflags}
%install
make install-strip DESTDIR=%{buildroot}
mkdir -p %{buildroot}%{_mandir}/man{1,5,8}
mkdir -p %{buildroot}%{_sysconfdir}/cron.daily
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
mkdir -p %{buildroot}%{_sharedstatedir}/%{name}
install -p -m 755 %SOURCE5 %{buildroot}%{_sysconfdir}/cron.daily/%{name}
install -p -m 644 %SOURCE6 %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -p -m 644 %SOURCE8 %{buildroot}%{_sysconfdir}/sysconfig/%{name}
install -p -m 600 %{name}.conf %{buildroot}%{_sysconfdir}/
install -p -m 644 man/*1 %{buildroot}%{_mandir}/man1/
install -p -m 644 man/*5 %{buildroot}%{_mandir}/man5/
install -p -m 644 man/*8 %{buildroot}%{_mandir}/man8/
mkdir -p %{buildroot}%{_unitdir}/
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/
install -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/
install -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/
mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d
install -m 0644 %{SOURCE9} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
find %{buildroot} -name \*\.la -print | xargs rm -f
rm -f %{buildroot}%{_libdir}/%{name}/libdbmail.so
mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d
echo "%{_libdir}/%{name}" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%pre
getent group %{name} >/dev/null || groupadd -r %{name}
getent passwd %{name} >/dev/null || useradd -r -M -g %{name} -d / -s %{_sbindir}/nologin -c "DBMail Daemon" %{name}
exit 0
%post
%{_bindir}/systemctl --system daemon-reload 2> /dev/null > /dev/null
%{_sbindir}/ldconfig
mkdir %{_var}/run/%{name} 2> /dev/null > /dev/null
chown %{name}:%{name} %{_var}/run/%{name} 2> /dev/null > /dev/null
chmod 755 %{_var}/run/%{name} 2> /dev/null > /dev/null
exit 0
%preun
if [ $1 == 0 ]; then
for s in %services; do
%{_bindir}/systemctl --no-reload disable $s.service 2> /dev/null > /dev/null
%{_bindir}/systemctl stop $s.service 2> /dev/null > /dev/null
done
fi
exit 0
%postun
if [ "$1" -eq "0" ]; then
%{_sbindir}/ldconfig
fi
%{_bindir}/systemctl --system daemon-reload 2> /dev/null > /dev/null
exit 0
%files
%exclude %{_mandir}/man1/*
%exclude %{_mandir}/man5/*
%exclude %{_mandir}/man8/*
%{_sbindir}/*
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/libauth_sql*
%{_libdir}/%{name}/libdbmail*
%{_libdir}/%{name}/libsort_sieve*
%attr(0644, root, root) %{_unitdir}/%{name}-*.service
%config(noreplace) %{_sysconfdir}/%{name}.conf
%config(noreplace) %{_sysconfdir}/cron.daily/%{name}
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%dir %attr(0775,root,%{name}) %{_sharedstatedir}/%{name}
%{_prefix}/lib/tmpfiles.d/%{name}.conf
%{_sysconfdir}/ld.so.conf.d/*
%files manpages
%doc INSTALL UPGRADING sql %{name}.schema
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%changelog
* Fri Jul 19 2013 Reindl Harald <h.rei...@thelounge.net>
- CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_NET_BIND_SERVICE CAP_IPC_LOCK
* Thu Jul 18 2013 Reindl Harald <h.rei...@thelounge.net>
- update to dbmail-3.0.3-pre GIT-snapshot for internal testing
- CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_KILL CAP_NET_BIND_SERVICE CAP_IPC_LOCK CAP_SYS_CHROOT
* Mon Jun 24 2013 Reindl Harald <h.rei...@thelounge.net>
- update to dbmail-3.0.3-pre GIT-snapshot for internal testing
* Fri Jun 21 2013 Reindl Harald <h.rei...@thelounge.net>
- update to dbmail-3.0.3-pre GIT-snapshot for internal testing
* Thu Jun 20 2013 Reindl Harald <h.rei...@thelounge.net>
- update to dbmail-3.0.3-pre GIT-snapshot for internal testing
* Tue Jun 18 2013 Reindl Harald <h.rei...@thelounge.net>
- fix rpath and add "%{_sysconfdir}/ld.so.conf.d/dbmail-x86_64.conf"
* Fri Mar 1 2013 Reindl Harald <h.rei...@thelounge.net>
- split docs in "dbmail-manpages" subpackage
* Wed Jan 30 2013 Reindl Harald <h.rei...@thelounge.net>
- use PrivateTmp
* Sat Apr 14 2012 Reindl Harald <h.rei...@thelounge.net>
- Build without LDAP
* Sat Apr 14 2012 Reindl Harald <h.rei...@thelounge.net>
- IMAP: fix leakage from optimize tokenizer change
* Thu Apr 12 2012 Reindl Harald <h.rei...@thelounge.net>
- IMAP: config option MAX_MESSAGE_SIZE allowed by APPEND
- IMAP: optimize tokenizer for large APPENDs
- IMAP: fix back-propagation of append errors
- DELIVERY: make soft/hard bounce on over-quota configurable
* Tue Apr 10 2012 Reindl Harald <h.rei...@thelounge.net>
- AUTOREPLY: check Precedence header
* Fri Apr 6 2012 Reindl Harald <h.rei...@thelounge.net>
- fix literal-s2c
- IMAP: fix SORT-ing on multiple criteria
* Sun Mar 11 2012 Reindl Harald <h.rei...@thelounge.net>
- Add precedence: bulk headers to auto-reply messages
- POP3: reset timeout after authentication
- IMAP: internal_date and memleaks cleanups
- IMAP: improve sorting by date
- IMAP: sanitize searchable storage of addresses
* Wed Mar 07 2012 Reindl Harald <h.rei...@thelounge.net>
- IMAP: revert another misguided LIST/LSUB change 2/2
- IMAP: revert another misguided LIST/LSUB change
- IMAP: improve searchable cache value of address headers
- IMAP: improve reliabity of SEARCH SENTON
- IMAP: improve mailboxstate tracking
- IMAP: rework \recent flag handling
* Fri Mar 02 2012 Reindl Harald <h.rei...@thelounge.net>
- push mailbox updates properly
- IMAP: fix FETCH regression
- IMAP: update test-runners
- IMAP: small leak in SEARCH unkeyword
- IMAP: fix validation of sequences
- IMAP: implement "SEARCH keyword"
* Thu Mar 01 2012 Reindl Harald <h.rei...@thelounge.net>
- IMAP: update tests
- IMAP: test and fix sequence-set builder
- IMAP: test and fix date converter
- IMAP: re-organize tests
- IMAP: fix small leak
- SIEVE: fix broken vacation reply
* Mon Feb 27 2012 Reindl Harald <h.rei...@thelounge.net>
- DELIVERY: fix check_destination during autoreply
- revert misguided LIST/LSUB change
- IMAP: small ENVELOPE fix
- IMAP: fix minor compiler warnings
- HTTP: update test-script
* Sat Feb 25 2012 Reindl Harald <h.rei...@thelounge.net>
- LMTP: fix segfault
- check results from address parser for null values
- IMAP: improve LIST/LSUB response
- don't show \hasnochildren or \haschildren when using % matching pattern
- also show first level unsubscribed mailboxes with \noselect when using % pattern
* Thu Feb 23 2012 Reindl Harald <h.rei...@thelounge.net>
- POP3: fix TOP command
- refactor regression from TOP fix in previous commit,
- bytestuff RETR response
- update the pop3 integration tests
- using the dovecot imaptest tool to test for IMAP compliance
- adds read-committed atomicity to mailbox state, if the database supports it
- LMTP: PEP8 integration tests
- add test for #960
* Wed Feb 22 2012 Reindl Harald <h.rei...@thelounge.net>
- latest GIT-HEAD
- dbmail-3.0.1
* Thu Feb 21 2012 Reindl Harald <h.rei...@thelounge.net>
- latest GIT-HEAD
- POP3 fix RETR regression
* Thu Feb 16 2012 Reindl Harald <h.rei...@thelounge.net>
- speedup maintenance run
- don't run expensive queries twice
- move referencefield caching back to header cache
* Wed Feb 15 2012 Reindl Harald <h.rei...@thelounge.net>
- several fixes from upstream
* Tue Feb 14 2012 Reindl Harald <h.rei...@thelounge.net>
- fix LMTP bug destroying line with leading DOT
* Mon Feb 13 2012 Reindl Harald <h.rei...@thelounge.net>
- several fixes from upstream
* Fri Feb 10 2012 Reindl Harald <h.rei...@thelounge.net>
- mysql: use NOW() rather than CURRENT_TIMESTAMP
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list DBmail@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
