diff options
| author | Romain Tartière <romain@FreeBSD.org> | 2020-01-11 21:50:45 +0000 |
|---|---|---|
| committer | Romain Tartière <romain@FreeBSD.org> | 2020-01-11 21:50:45 +0000 |
| commit | 4071e3e5be33d1af04fa8373ba59ad899a7ffab4 (patch) | |
| tree | 0ea03709aa42918ef09d5d6094c9028db3ef74f5 /mail | |
| parent | 2ac008519138b733a4b64aa77b9a0e90252f792c (diff) | |
New port: mail/py-postfix-mta-sts-resolver
Daemon which provides TLS client policy for Postfix via socketmap, according to
domain MTA-STS policy. Current support of RFC8461 is limited - daemon lacks
some minor features:
- Proactive policy fetch
- Fetch error reporting
- Fetch ratelimit (but actual fetch rate partially restricted with cache_grace config option).
Server has configurable cache backend which allows to store cached STS policies
in memory (internal), file (sqlite) or in Redis database (redis).
WWW: https://pypi.python.org/pypi/postfix-mta-sts-resolver
Notes
Notes:
svn path=/head/; revision=522713
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/Makefile | 1 | ||||
| -rw-r--r-- | mail/py-postfix-mta-sts-resolver/Makefile | 43 | ||||
| -rw-r--r-- | mail/py-postfix-mta-sts-resolver/distinfo | 3 | ||||
| -rw-r--r-- | mail/py-postfix-mta-sts-resolver/files/mta_sts.in | 39 | ||||
| -rw-r--r-- | mail/py-postfix-mta-sts-resolver/files/patch-postfix__mta__sts__resolver_daemon.py | 22 | ||||
| -rw-r--r-- | mail/py-postfix-mta-sts-resolver/files/patch-setup.py | 10 | ||||
| -rw-r--r-- | mail/py-postfix-mta-sts-resolver/pkg-descr | 12 |
7 files changed, 130 insertions, 0 deletions
diff --git a/mail/Makefile b/mail/Makefile index bef835a23804..166c09760eeb 100644 --- a/mail/Makefile +++ b/mail/Makefile @@ -514,6 +514,7 @@ SUBDIR += py-managesieve3 SUBDIR += py-milter SUBDIR += py-notmuch + SUBDIR += py-postfix-mta-sts-resolver SUBDIR += py-ppolicy SUBDIR += py-premailer SUBDIR += py-pymailq diff --git a/mail/py-postfix-mta-sts-resolver/Makefile b/mail/py-postfix-mta-sts-resolver/Makefile new file mode 100644 index 000000000000..6a3593ccb100 --- /dev/null +++ b/mail/py-postfix-mta-sts-resolver/Makefile @@ -0,0 +1,43 @@ +# $FreeBSD$ + +PORTNAME= postfix-mta-sts-resolver +PORTVERSION= 0.7.2 +DISTVERSIONPREFIX=v +CATEGORIES= mail python +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= romain@FreeBSD.org +COMMENT= TLS client policy for Postfix according to domain MTA-STS policy + +LICENSE= MIT + +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}wheel>0:devel/py-wheel@${PY_FLAVOR} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiodns>0:dns/py-aiodns@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aiohttp>0:www/py-aiohttp@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR} \ + ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss + +USES= python:3.5+ +USE_GITHUB= yes +USE_PYTHON= autoplist distutils + +GH_ACCOUNT= Snawoot + +OPTIONS_DEFINE= REDIS SQLITE + +REDIS_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aioredis>0:databases/py-aioredis@${PY_FLAVOR} +SQLITE_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiosqlite>0:databases/py-aiosqlite@${PY_FLAVOR} + +USE_RC_SUBR= mta_sts + +SUB_LIST= PYTHON_CMD=${PYTHON_CMD} +PLIST_FILES= "@sample etc/mta-sts-daemon.yml.sample" + +post-extract: + ${REINPLACE_CMD} -e 's|/etc/|${PREFIX}/etc/|' \ + ${WRKSRC}/postfix_mta_sts_resolver/defaults.py + +post-install: + ${CP} ${WRKSRC}/config_examples/mta-sts-daemon.yml.internal ${STAGEDIR}${PREFIX}/etc/mta-sts-daemon.yml.sample + +.include <bsd.port.mk> diff --git a/mail/py-postfix-mta-sts-resolver/distinfo b/mail/py-postfix-mta-sts-resolver/distinfo new file mode 100644 index 000000000000..0df81f5c0708 --- /dev/null +++ b/mail/py-postfix-mta-sts-resolver/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1578764689 +SHA256 (Snawoot-postfix-mta-sts-resolver-v0.7.2_GH0.tar.gz) = e5934c0ef39060e10be43d113bb81b830dd8ca02aff16022025c39993bda9526 +SIZE (Snawoot-postfix-mta-sts-resolver-v0.7.2_GH0.tar.gz) = 43533 diff --git a/mail/py-postfix-mta-sts-resolver/files/mta_sts.in b/mail/py-postfix-mta-sts-resolver/files/mta_sts.in new file mode 100644 index 000000000000..283fbe529963 --- /dev/null +++ b/mail/py-postfix-mta-sts-resolver/files/mta_sts.in @@ -0,0 +1,39 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: mta_sts +# REQUIRE: DAEMON +# KEYWORD: shutdown +# +# Add these lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# mta_sts_enable (bool): Set to NO by default. +# Set it to YES to enable mta_sts. +# mta_sts_config (path): Set to %%PREFIX%%/etc/mta-sts-daemon.yml +# by default. + +. /etc/rc.subr + +name=mta_sts +rcvar=mta_sts_enable + +load_rc_config $name + +: ${mta_sts_enable:="NO"} +: ${mta_sts_config="%%PREFIX%%/etc/mta-sts-daemon.yml"} +: ${mta_sts_user="nobody"} + +pidfile=/var/run/${name}.pid +command=%%PREFIX%%/bin/mta-sts-daemon +command_interpreter="%%PYTHON_CMD%%" + +start_cmd="${name}_start" + +mta_sts_start() +{ + /usr/sbin/daemon -u "${mta_sts_user}" -p "${pidfile}" "${command}" -c "${mta_sts_config}" +} + +run_rc_command "$1" diff --git a/mail/py-postfix-mta-sts-resolver/files/patch-postfix__mta__sts__resolver_daemon.py b/mail/py-postfix-mta-sts-resolver/files/patch-postfix__mta__sts__resolver_daemon.py new file mode 100644 index 000000000000..61789ebe9579 --- /dev/null +++ b/mail/py-postfix-mta-sts-resolver/files/patch-postfix__mta__sts__resolver_daemon.py @@ -0,0 +1,22 @@ +--- postfix_mta_sts_resolver/daemon.py.orig 2020-01-11 21:18:26 UTC ++++ postfix_mta_sts_resolver/daemon.py +@@ -7,7 +7,6 @@ import logging + import signal + from functools import partial + +-from sdnotify import SystemdNotifier + from . import utils + from . import defaults + from .responder import STSSocketmapResponder +@@ -72,11 +71,8 @@ async def amain(cfg, loop): # pragma: no cover + sig_handler = partial(exit_handler, exit_event) + signal.signal(signal.SIGTERM, sig_handler) + signal.signal(signal.SIGINT, sig_handler) +- notifier = await loop.run_in_executor(None, SystemdNotifier) +- await loop.run_in_executor(None, notifier.notify, "READY=1") + await exit_event.wait() + logger.debug("Eventloop interrupted. Shutting down server...") +- await loop.run_in_executor(None, notifier.notify, "STOPPING=1") + beat.cancel() + await responder.stop() + diff --git a/mail/py-postfix-mta-sts-resolver/files/patch-setup.py b/mail/py-postfix-mta-sts-resolver/files/patch-setup.py new file mode 100644 index 000000000000..6a8e808bd7b7 --- /dev/null +++ b/mail/py-postfix-mta-sts-resolver/files/patch-setup.py @@ -0,0 +1,10 @@ +--- setup.py.orig 2020-01-11 21:21:32 UTC ++++ setup.py +@@ -23,7 +23,6 @@ setup(name='postfix_mta_sts_resolver', + 'aiodns>=1.1.1', + 'aiohttp>=3.4.4', + 'PyYAML>=3.12', +- 'sdnotify>=0.3.2', + ], + extras_require={ + 'sqlite': 'aiosqlite>=0.10.0', diff --git a/mail/py-postfix-mta-sts-resolver/pkg-descr b/mail/py-postfix-mta-sts-resolver/pkg-descr new file mode 100644 index 000000000000..42ec038464a7 --- /dev/null +++ b/mail/py-postfix-mta-sts-resolver/pkg-descr @@ -0,0 +1,12 @@ +Daemon which provides TLS client policy for Postfix via socketmap, according to +domain MTA-STS policy. Current support of RFC8461 is limited - daemon lacks +some minor features: + + - Proactive policy fetch + - Fetch error reporting + - Fetch ratelimit (but actual fetch rate partially restricted with cache_grace config option). + +Server has configurable cache backend which allows to store cached STS policies +in memory (internal), file (sqlite) or in Redis database (redis). + +WWW: https://pypi.python.org/pypi/postfix-mta-sts-resolver |