|
|
366d11d |
%global systemd (0%{?fedora} >= 18) || (0%{?rhel} >= 7)
|
|
|
d885bd8 |
# F21+ and RHEL8+ have systemd 211+ which offers RuntimeDirectory
|
|
|
d885bd8 |
# use that instead of tmpfiles.d
|
|
|
d885bd8 |
%global systemd_runtimedir (0%{?fedora} >= 21) || (0%{?rhel} >= 8)
|
|
|
d885bd8 |
%global tmpfiles ((0%{?fedora} >= 15) || (0%{?rhel} == 7)) && !%{systemd_runtimedir}
|
|
|
366d11d |
|
|
|
f932e75 |
%global pre_rel Beta3
|
|
|
366d11d |
|
|
|
366d11d |
Summary: An open source library and milter for providing ARC service
|
|
|
366d11d |
Name: openarc
|
|
|
366d11d |
Version: 1.0.0
|
|
|
65b15c0 |
Release: %{?pre_rel:0.}11%{?pre_rel:.%pre_rel}%{?dist}.1
|
|
|
366d11d |
License: BSD and Sendmail
|
|
|
366d11d |
URL: https://github.com/trusteddomainproject/OpenARC
|
|
|
d885bd8 |
# actually https://github.com/trusteddomainproject/OpenARC/archive/rel-openarc-1-0-0-Beta3.tar.gz but our local tarball is misnamed
|
|
|
d885bd8 |
Source0: openarc-1.0.0.Beta3.tar.gz
|
|
|
3f30750 |
Patch0: openarc-headerdebug.patch
|
|
|
366d11d |
|
|
|
50271b5 |
BuildRequires: make
|
|
|
366d11d |
BuildRequires: libtool gcc
|
|
|
366d11d |
BuildRequires: pkgconfig(openssl)
|
|
|
366d11d |
BuildRequires: pkgconfig(libbsd)
|
|
|
c5eb49b |
BuildRequires: pkgconfig(jansson)
|
|
|
366d11d |
|
|
|
366d11d |
# sendmail-devel renamed for F25+
|
|
|
366d11d |
%if 0%{?fedora} > 25
|
|
|
366d11d |
BuildRequires: sendmail-milter-devel
|
|
|
366d11d |
%else
|
|
|
366d11d |
BuildRequires: sendmail-devel
|
|
|
366d11d |
%endif
|
|
|
366d11d |
|
|
|
366d11d |
BuildRequires: autoconf
|
|
|
366d11d |
BuildRequires: automake
|
|
|
366d11d |
|
|
|
366d11d |
Requires: lib%{name}%{?_isa} = %{version}-%{release}
|
|
|
366d11d |
Requires: libopenarc = %{version}-%{release}
|
|
|
366d11d |
Requires(pre): shadow-utils
|
|
|
366d11d |
%if %systemd
|
|
|
366d11d |
# Required for systemd
|
|
|
366d11d |
%{?systemd_requires}
|
|
|
366d11d |
BuildRequires: systemd
|
|
|
366d11d |
%else
|
|
|
366d11d |
# Required for SysV
|
|
|
366d11d |
Requires(post): chkconfig
|
|
|
366d11d |
Requires(preun): chkconfig, initscripts
|
|
|
366d11d |
%endif
|
|
|
366d11d |
|
|
|
366d11d |
|
|
|
366d11d |
%description
|
|
|
366d11d |
The Trusted Domain Project is a community effort to develop and maintain a
|
|
|
366d11d |
C library for producing ARC-aware applications and an open source milter for
|
|
|
366d11d |
providing ARC service through milter-enabled MTAs.
|
|
|
366d11d |
|
|
|
366d11d |
%package -n libopenarc
|
|
|
366d11d |
Summary: An open source ARC library
|
|
|
366d11d |
|
|
|
366d11d |
%description -n libopenarc
|
|
|
366d11d |
This package contains the library files required for running services built
|
|
|
366d11d |
using libopenarc.
|
|
|
366d11d |
|
|
|
366d11d |
%package -n libopenarc-devel
|
|
|
366d11d |
Summary: Development files for libopenarc
|
|
|
366d11d |
Requires: lib%{name}%{?_isa} = %{version}-%{release}
|
|
|
366d11d |
|
|
|
366d11d |
%description -n libopenarc-devel
|
|
|
366d11d |
This package contains the static libraries, headers, and other support files
|
|
|
366d11d |
required for developing applications against libopenarc.
|
|
|
366d11d |
|
|
|
366d11d |
%prep
|
|
|
f932e75 |
%autosetup -n OpenARC-rel-openarc-1-0-0-Beta3 -p1
|
|
|
cb85133 |
|
|
|
366d11d |
|
|
|
366d11d |
%build
|
|
|
366d11d |
autoreconf --install
|
|
|
366d11d |
%configure --disable-static
|
|
|
366d11d |
%make_build
|
|
|
366d11d |
|
|
|
366d11d |
%install
|
|
|
366d11d |
%make_install
|
|
|
52b7c04 |
mkdir -p -m 0700 %{buildroot}%{_sysconfdir}/%{name}
|
|
|
216bd52 |
mkdir -p -m 0750 %{buildroot}%{_rundir}/%{name}
|
|
|
366d11d |
rm -r %{buildroot}%{_prefix}/share/doc/openarc
|
|
|
366d11d |
rm %{buildroot}/%{_libdir}/*.la
|
|
|
366d11d |
|
|
|
366d11d |
|
|
|
366d11d |
cat > %{buildroot}%{_sysconfdir}/openarc.conf <
|
|
|
cbf214e |
## See openarc.conf(5) or %{_docdir}/%{name}%{?rhel:-%{version}}/openarc.conf.sample for more
|
|
|
216bd52 |
PidFile %{_rundir}/%{name}/%{name}.pid
|
|
|
366d11d |
Syslog yes
|
|
|
366d11d |
UserID openarc:openarc
|
|
|
d885bd8 |
Socket local:%{_rundir}/%{name}/%{name}.sock
|
|
|
52b7c04 |
SignHeaders to,subject,message-id,date,from,mime-version,dkim-signature
|
|
|
52b7c04 |
PeerList %{_sysconfdir}/%{name}/PeerList
|
|
|
52b7c04 |
MilterDebug 6
|
|
|
52b7c04 |
EnableCoredumps yes
|
|
|
366d11d |
|
|
|
366d11d |
## After setting Mode to "sv", running
|
|
|
366d11d |
## opendkim-genkey -D %{_sysconfdir}/openarc -s key -d `hostname --domain`
|
|
|
366d11d |
## and putting %{_sysconfdir}/openarc
|
|
|
52b7c04 |
#Mode sv
|
|
|
366d11d |
#Canonicalization relaxed/simple
|
|
|
366d11d |
#Domain example.com # change to domain
|
|
|
366d11d |
#Selector key
|
|
|
366d11d |
#KeyFile %{_sysconfdir}/openarc/key.private
|
|
|
366d11d |
#SignatureAlgorithm rsa-sha256
|
|
|
366d11d |
EOF
|
|
|
366d11d |
|
|
|
52b7c04 |
# Don't sign or validate connections from localhost
|
|
|
52b7c04 |
cat > %{buildroot}%{_sysconfdir}/%{name}/PeerList <
|
|
|
52b7c04 |
127.0.0.1/32
|
|
|
52b7c04 |
[::1]/128
|
|
|
52b7c04 |
EOF
|
|
|
52b7c04 |
chmod 0640 %{buildroot}%{_sysconfdir}/%{name}/PeerList
|
|
|
366d11d |
|
|
|
366d11d |
%if %systemd
|
|
|
366d11d |
install -d -m 0755 %{buildroot}%{_unitdir}
|
|
|
366d11d |
cat > %{buildroot}%{_unitdir}/%{name}.service << 'EOF'
|
|
|
366d11d |
[Unit]
|
|
|
366d11d |
Description=Authenticated Receive Chain (ARC) Milter
|
|
|
366d11d |
Documentation=man:%{name}(8) man:%{name}.conf(5) http://www.trusteddomain.org/%{name}/
|
|
|
366d11d |
After=network.target nss-lookup.target syslog.target
|
|
|
366d11d |
|
|
|
366d11d |
[Service]
|
|
|
366d11d |
Type=forking
|
|
|
d885bd8 |
%if %{systemd_runtimedir}
|
|
|
d885bd8 |
RuntimeDirectory=%{name}
|
|
|
d885bd8 |
RuntimeDirectoryMode=0750
|
|
|
d885bd8 |
%endif
|
|
|
216bd52 |
PIDFile=%{_rundir}/%{name}/%{name}.pid
|
|
|
366d11d |
EnvironmentFile=-%{_sysconfdir}/sysconfig/%{name}
|
|
|
366d11d |
ExecStart=/usr/sbin/%{name} $OPTIONS
|
|
|
8300c6e |
ExecStartPost=/sbin/restorecon -r -F %{_rundir}/%{name}
|
|
|
366d11d |
ExecReload=/bin/kill -USR1 $MAINPID
|
|
|
366d11d |
User=%{name}
|
|
|
366d11d |
Group=%{name}
|
|
|
216bd52 |
UMask=0007
|
|
|
216bd52 |
ProtectSystem=strict
|
|
|
d885bd8 |
ReadWritePaths=%{_rundir}/%{name}
|
|
|
216bd52 |
ProtectHome=true
|
|
|
366d11d |
|
|
|
366d11d |
[Install]
|
|
|
366d11d |
WantedBy=multi-user.target
|
|
|
366d11d |
EOF
|
|
|
366d11d |
%else
|
|
|
366d11d |
mkdir -p %{buildroot}%{_initrddir}
|
|
|
366d11d |
install -m 0755 contrib/init/redhat/%{name} %{buildroot}%{_initrddir}/%{name}
|
|
|
366d11d |
%endif
|
|
|
366d11d |
|
|
|
366d11d |
%if %{tmpfiles}
|
|
|
366d11d |
install -p -d %{buildroot}%{_tmpfilesdir}
|
|
|
366d11d |
cat > %{buildroot}%{_tmpfilesdir}/%{name}.conf <
|
|
|
216bd52 |
D %{_rundir}/%{name} 0750 %{name} %{name} -
|
|
|
366d11d |
EOF
|
|
|
366d11d |
%endif
|
|
|
366d11d |
|
|
|
366d11d |
%pre
|
|
|
216bd52 |
if ! getent passwd %{name} >/dev/null 2>&1; then
|
|
|
216bd52 |
%{_sbindir}/useradd -M -d %{_localstatedir}/lib/%{name} -r -s /sbin/nologin %{name}
|
|
|
216bd52 |
if ! getent group %{name} >/dev/null; then
|
|
|
216bd52 |
%{_sbindir}/groupadd %{name}
|
|
|
216bd52 |
%{_sbindir}/usermod -g %{name} %{name}
|
|
|
366d11d |
fi
|
|
|
366d11d |
if getent group mail >/dev/null; then
|
|
|
216bd52 |
%{_sbindir}/usermod -G mail %{name}
|
|
|
366d11d |
fi
|
|
|
366d11d |
fi
|
|
|
366d11d |
exit 0
|
|
|
366d11d |
|
|
|
366d11d |
|
|
|
366d11d |
%post
|
|
|
366d11d |
|
|
|
366d11d |
%if %systemd
|
|
|
366d11d |
%systemd_post %{name}.service
|
|
|
366d11d |
%else
|
|
|
366d11d |
/sbin/chkconfig --add %{name} || :
|
|
|
366d11d |
%endif
|
|
|
366d11d |
|
|
|
366d11d |
|
|
|
366d11d |
%preun
|
|
|
366d11d |
%if %systemd
|
|
|
366d11d |
%systemd_preun %{name}.service
|
|
|
366d11d |
%else
|
|
|
366d11d |
if [ $1 -eq 0 ]; then
|
|
|
366d11d |
service %{name} stop >/dev/null || :
|
|
|
366d11d |
/sbin/chkconfig --del %{name} || :
|
|
|
366d11d |
fi
|
|
|
366d11d |
exit 0
|
|
|
366d11d |
%endif
|
|
|
366d11d |
|
|
|
366d11d |
%ldconfig_scriptlets -n libopenarc
|
|
|
366d11d |
|
|
|
366d11d |
%files
|
|
|
366d11d |
%license LICENSE LICENSE.Sendmail
|
|
|
216bd52 |
%doc README RELEASE_NOTES %{name}/%{name}.conf.sample
|
|
|
216bd52 |
%dir %attr(0755,root,%{name}) %{_sysconfdir}/%{name}
|
|
|
216bd52 |
%config(noreplace) %attr(0644,root,%{name}) %{_sysconfdir}/%{name}.conf
|
|
|
216bd52 |
%config(noreplace) %attr(0440,%{name},%{name}) %{_sysconfdir}/%{name}/PeerList
|
|
|
366d11d |
|
|
|
366d11d |
%if %{tmpfiles}
|
|
|
366d11d |
%{_tmpfilesdir}/%{name}.conf
|
|
|
d885bd8 |
%endif
|
|
|
d885bd8 |
%if !%{tmpfiles} && !%{systemd_runtimedir}
|
|
|
216bd52 |
%dir %attr(0750,%{name},%{name}) %{_rundir}/%{name}
|
|
|
366d11d |
%endif
|
|
|
366d11d |
|
|
|
366d11d |
%if %{systemd}
|
|
|
366d11d |
%{_unitdir}/%{name}.service
|
|
|
366d11d |
%else
|
|
|
366d11d |
%{_initrddir}/%{name}
|
|
|
366d11d |
%endif
|
|
|
366d11d |
%{_mandir}/*/*
|
|
|
366d11d |
%{_sbindir}/*
|
|
|
366d11d |
|
|
|
366d11d |
|
|
|
366d11d |
%files -n libopenarc
|
|
|
366d11d |
%license LICENSE LICENSE.Sendmail
|
|
|
366d11d |
%{_libdir}/*.so.0
|
|
|
366d11d |
%{_libdir}/*.so.0.0.0
|
|
|
366d11d |
|
|
|
366d11d |
%files -n libopenarc-devel
|
|
|
366d11d |
%{_includedir}/*
|
|
|
366d11d |
%{_libdir}/*.so
|
|
|
366d11d |
%{_libdir}/pkgconfig/*.pc
|
|
|
366d11d |
|
|
|
366d11d |
%changelog
|
|
|
65b15c0 |
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-0.11.Beta3.1
|
|
|
65b15c0 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
65b15c0 |
|
|
|
8300c6e |
* Mon May 18 2020 Matt Domsch <mdomsch@fedoraproject.org> - 1.0.0-0.11.Beta3
|
|
|
8300c6e |
- set selinux labels on /run/openarc
|
|
|
8300c6e |
- restore selinux labels at service start
|
|
|
8300c6e |
|
|
|
3f30750 |
* Fri May 15 2020 Matt Domsch <mdomsch@fedoraproject.org> - 1.0.0-0.10.Beta3
|
|
|
3f30750 |
- add headerdebug patch
|
|
|
3f30750 |
|
|
|
d885bd8 |
* Fri May 1 2020 Matt Domsch <mdomsch@fedoraproject.org> - 1.0.0-0.9.Beta3
|
|
|
d885bd8 |
- fix typo in systemd service file
|
|
|
d885bd8 |
- use RuntimeDirectory and RuntimeDirectoryMode when systemd 211 or higher is present
|
|
|
d885bd8 |
rather than tmpfiles.d.
|
|
|
d885bd8 |
- use ReadWritePaths to ensure our temp directory is writable with ProtectSystem=strict
|
|
|
d885bd8 |
|
|
|
216bd52 |
* Tue Apr 21 2020 Matt Domsch <mdomsch@fedoraproject.org> - 1.0.0-0.8.Beta3
|
|
|
216bd52 |
- packaging suggestions from
|
|
|
216bd52 |
https://github.com/trusteddomainproject/OpenARC/pull/103#issuecomment-574367733
|
|
|
216bd52 |
- use systemd service ProtectHome and ProtectSystem
|
|
|
216bd52 |
|
|
|
5d0c59b |
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-0.7.Beta3.1
|
|
|
5d0c59b |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
5d0c59b |
|
|
|
73cecdf |
* Mon Dec 2 2019 Tim Landscheidt <tim@tim-landscheidt.de> - 1.0.0-0.7.Beta3
|
|
|
73cecdf |
- Remove obsolete requirement for %%postun scriptlet
|
|
|
73cecdf |
|
|
|
c5eb49b |
* Mon Dec 2 2019 Matt Domsch <mdomsch@fedoraproject.org> - 1.0.0-0.6.Beta3
|
|
|
f932e75 |
- Upstream beta3
|
|
|
a07d261 |
- Add dependency on janusson-devel, needed for new SealHeaderChecks config option
|
|
|
f932e75 |
|
|
|
4eb0073 |
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-0.5.Beta2.1
|
|
|
4eb0073 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
4eb0073 |
|
|
|
cb85133 |
* Mon Feb 11 2019 Matt Domsch
|
|
|
cb85133 |
- Upstream beta2, drop merged patch
|
|
|
cb85133 |
|
|
|
4d62f76 |
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-0.1.Beta1.1
|
|
|
4d62f76 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
4d62f76 |
|
|
|
4fd0f3d |
* Fri Sep 28 2018 Matt Domsch <matt@domsch.com> 1.0.0-0.1.Beta1
|
|
|
4fd0f3d |
- Upstream beta1
|
|
|
4fd0f3d |
|
|
|
f67d473 |
* Sat Sep 22 2018 Matt Domsch <matt@domsch.com> 1.0.0-0.4.Beta0
|
|
|
f67d473 |
- fix ownership of openarc.conf and PeerList files
|
|
|
f67d473 |
|
|
|
cbf214e |
* Sat Sep 22 2018 Matt Domsch <matt@domsch.com> 1.0.0-0.3.Beta0
|
|
|
cbf214e |
- replace header generation patch with upstream fix
|
|
|
cbf214e |
- apply specfile fixes from https://github.com/trusteddomainproject/OpenARC/pull/103
|
|
|
cbf214e |
|
|
|
fb9168e |
* Mon Sep 10 2018 Matt Domsch <matt@domsch.com> 1.0.0-0.2.Beta0
|
|
|
52b7c04 |
- Own /etc/openarc/
|
|
|
52b7c04 |
- improve default config file, add default PeerList config
|
|
|
52b7c04 |
|
|
|
366d11d |
* Wed Jul 11 2018 Xavier Bachelot <xavier@bachelot.org> 1.0.0-0.1.Beta0
|
|
|
366d11d |
- Specfile clean up.
|
|
|
366d11d |
- Update to 1.0.0 beta 0.
|
|
|
366d11d |
|
|
|
366d11d |
* Sun Jul 23 2017 Matt Domsch <matt@domsch.com> 0.1.0-1
|
|
|
366d11d |
- update to Fedora Packaging Guidelines
|