# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" inherit db-use flag-o-matic toolchain-funcs pam systemd IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X" REQUIRED_USE=" arc? ( dkim spf ) dane? ( ssl !gnutls ) !dane? ( ssl? ( gnutls ) ) dmarc? ( dkim spf ) dkim? ( ssl !gnutls ) gnutls? ( ssl ) pkcs11? ( ssl ) || ( berkdb gdbm tdb ) " # NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked # for x86 and amd64 only (probably due to unbound dep) # Exim supports it but we cannot express the dep USE=dane when # USE=gnutls is in effect only in package.use.mask, the only option we # have left is to a) ignore the dependency (but that results in bug # #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are # incorrect, but b) is the only "correct" view from dep-pointofview. # Bug #925108 showed that DANE is basically non-optional with OpenSSL, # so we make -dane mandatory to use gnutls. Bleh. # We cannot express a required use for berkdb/gdbm/tdb correctly because # berkdb and gdbm are both enabled in base profile SDIR=$([[ ${PV} == *_rc* ]] && echo /test [[ ${PV} == *.*.*.* ]] && echo /fixes) COMM_URI="https://downloads.exim.org/exim4${SDIR}" GPV="r0" DESCRIPTION="A highly configurable, drop-in replacement for sendmail" SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz mirror://gentoo/system_filter.exim.gz doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )" HOMEPAGE="https://www.exim.org/" SLOT="0" LICENSE="GPL-2" KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ppc ppc64 sparc x86" COMMON_DEPEND=">=sys-apps/sed-4.0.5 dev-libs/libpcre2:= tdb? ( sys-libs/tdb:= ) !tdb? ( berkdb? ( >=sys-libs/db-3.2:= =net-nds/openldap-2.0.7:= ) elibc_glibc? ( net-libs/libnsl:= nis? ( net-libs/libtirpc:= >=net-libs/libnsl-1:= ) ) mysql? ( dev-db/mysql-connector-c:= ) postgres? ( dev-db/postgresql:= ) sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 ) redis? ( dev-libs/hiredis:= ) spf? ( >=mail-filter/libspf2-1.2.5-r1 ) dmarc? ( mail-filter/opendmarc:= ) X? ( x11-libs/libX11 x11-libs/libXmu x11-libs/libXt x11-libs/libXaw ) sqlite? ( dev-db/sqlite ) radius? ( net-dialup/freeradius-client ) virtual/libcrypt:= virtual/libiconv " # added X check for #57206 BDEPEND="virtual/pkgconfig" DEPEND="${COMMON_DEPEND}" RDEPEND="${COMMON_DEPEND} !mail-mta/courier !mail-mta/esmtp !mail-mta/msmtp[mta] !mail-mta/netqmail !mail-mta/nullmailer !mail-mta/postfix !mail-mta/sendmail !mail-mta/opensmtpd !mail-mta/ssmtp[mta] >=net-mail/mailbase-0.00-r5 virtual/logger dcc? ( mail-filter/dcc ) selinux? ( sec-policy/selinux-exim ) " S=${WORKDIR}/${P//_rc/-RC} src_prepare() { # Legacy patches which need a respin for -p1 eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426 eapply "${FILESDIR}"/exim-4.97-as-needed-ldflags.patch # 352265, 391279 eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591 eapply "${FILESDIR}"/exim-4.69-r1.27021.patch eapply "${FILESDIR}"/exim-4.97-localscan_dlopen.patch eapply "${FILESDIR}"/exim-4.97-no-exim_id_update.patch eapply "${FILESDIR}"/exim-4.97.1-memory-usage-bug-3047.patch # 922780 eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part1.patch eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part2.patch # oddity, they disable berkdb as hack, and then throw an error when # berkdb isn't enabled sed -i \ -e 's/_DB_/_DONTMESS_/' \ -e 's/define DB void/define DONTMESS void/' \ src/auths/call_radius.c || die if use maildir ; then eapply "${FILESDIR}"/exim-4.94-maildir.patch else eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606 fi eapply_user # user Exim believes it should be MAILUSER=mail MAILGROUP=mail if use prefix && [[ ${EUID} != 0 ]] ; then MAILUSER=$(id -un) MAILGROUP=$(id -gn) fi } src_configure() { # general config and paths local aliases="${EPREFIX}/etc/mail/aliases" sed -i \ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \ src/configure.default || die sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die if use elibc_musl; then sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die append-cflags -DNO_EXECINFO fi local conffile="${EPREFIX}/etc/exim/exim.conf" sed -e "48i\CFLAGS=${CFLAGS}" \ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \ -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \ -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ src/EDITME > Local/Makefile || die # work on Local/Makefile from now on cd Local cat >> Makefile <<- EOC INFO_DIRECTORY=${EPREFIX}/usr/share/info PID_FILE_PATH=${EPREFIX}/run/exim.pid SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim HAVE_ICONV=yes WITH_CONTENT_SCAN=yes EOC # configure db implementation, Exim always needs one for its hints # database, we prefer tdb and gdbm, since bdb is kind of getting # less and less support if use tdb ; then cat >> Makefile <<- EOC USE_TDB=yes DBMLIB = -ltdb EOC sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die elif use gdbm ; then cat >> Makefile <<- EOC USE_GDBM=yes DBMLIB = -lgdbm EOC sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die else # must be berkdb via required_use # use the "native" interfaces to the DBM and CDB libraries, support # passwd and directory lookups by default local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2" cat >> Makefile <<- EOC USE_DB=yes # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h CFLAGS += -I$(db_includedir ${DB_VERS}) DBMLIB = -l$(db_libname ${DB_VERS}) EOC sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die fi # if we use libiconv, now is the time to tell so if use !elibc_glibc && use !elibc_musl ; then cat >> Makefile <<- EOC EXTRALIBS_EXIM=-liconv EOC fi # support for IPv6 if use ipv6; then cat >> Makefile <<- EOC HAVE_IPV6=YES EOC fi # support i18n/IDNA if use idn; then cat >> Makefile <<- EOC SUPPORT_I18N=yes SUPPORT_I18N_2008=yes EXTRALIBS_EXIM += -lidn -lidn2 EOC fi # # mail storage formats # # mailstore is Exim's traditional storage format cat >> Makefile <<- EOC SUPPORT_MAILSTORE=yes EOC # mbox if use mbx; then cat >> Makefile <<- EOC SUPPORT_MBX=yes EOC fi # maildir if use maildir; then cat >> Makefile <<- EOC SUPPORT_MAILDIR=yes EOC fi # # lookup methods # # support passwd and directory lookups by default cat >> Makefile <<- EOC LOOKUP_CDB=yes LOOKUP_PASSWD=yes LOOKUP_DSEARCH=yes EOC if ! use dnsdb; then # DNSDB lookup is enabled by default sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die fi if use ldap; then cat >> Makefile <<- EOC LOOKUP_LDAP=yes LDAP_LIB_TYPE=OPENLDAP2 LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap LOOKUP_LIBS += -lldap -llber EOC fi if use mysql; then cat >> Makefile <<- EOC LOOKUP_MYSQL=yes LOOKUP_INCLUDE += $(mysql_config --include) LOOKUP_LIBS += $(mysql_config --libs) EOC fi if use nis; then cat >> Makefile <<- EOC LOOKUP_NIS=yes LOOKUP_NISPLUS=yes EOC if use elibc_glibc ; then cat >> Makefile <<- EOC LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc LOOKUP_LIBS += -lnsl EOC fi fi if use postgres; then cat >> Makefile <<- EOC LOOKUP_PGSQL=yes LOOKUP_INCLUDE += -I$(pg_config --includedir) LOOKUP_LIBS += -L$(pg_config --libdir) -lpq EOC fi if use sqlite; then cat >> Makefile <<- EOC LOOKUP_SQLITE=yes LOOKUP_SQLITE_PC=sqlite3 EOC fi if use redis; then cat >> Makefile <<- EOC LOOKUP_REDIS=yes LOOKUP_LIBS += -lhiredis EOC fi # Exim monitor, enabled by default, controlled via X USE-flag, # disable if not requested, bug #46778 if use X; then cp ../exim_monitor/EDITME eximon.conf || die cat >> Makefile <<- EOC EXIM_MONITOR=eximon.bin EOC fi # # features # # DomainKeys Identified Mail, RFC4871 if ! use dkim; then # DKIM is enabled by default cat >> Makefile <<- EOC DISABLE_DKIM=yes EOC fi # Per-Recipient-Data-Response if ! use prdr; then # PRDR is enabled by default cat >> Makefile <<- EOC DISABLE_PRDR=yes EOC fi # Transport post-delivery actions if use !tpda && use !dane; then # EVENT is enabled by default cat >> Makefile <<- EOC DISABLE_EVENT=yes EOC fi # log to syslog if use syslog; then local eximlog="${EPREFIX}/var/log/exim/exim_%s.log" sed -i \ -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \ Makefile || die cat >> Makefile <<- EOC LOG_FILE_PATH=syslog EOC else cat >> Makefile <<- EOC LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log EOC fi # starttls support (ssl) if use ssl; then if use gnutls; then echo "USE_GNUTLS=yes" >> Makefile echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \ >> Makefile use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile else echo "USE_OPENSSL=yes" >> Makefile echo "USE_OPENSSL_PC=openssl" >> Makefile fi else echo "DISABLE_TLS=yes" >> Makefile fi # TCP wrappers if use tcpd; then cat >> Makefile <<- EOC USE_TCP_WRAPPERS=yes EXTRALIBS_EXIM += -lwrap EOC fi # Light Mail Transport Protocol if use lmtp; then cat >> Makefile <<- EOC TRANSPORT_LMTP=yes EOC fi # embedded Perl if use perl; then cat >> Makefile <<- EOC EXIM_PERL=perl.o EOC fi # dlfunc if use dlfunc; then cat >> Makefile <<- EOC EXPAND_DLFUNC=yes HAVE_LOCAL_SCAN=yes DLOPEN_LOCAL_SCAN=yes EOC fi # Proxy Protocol if use proxy; then cat >> Makefile <<- EOC SUPPORT_PROXY=yes EOC fi # SOCKS5 (outbound) proxy support if use socks5; then cat >> Makefile <<- EOC SUPPORT_SOCKS=yes EOC fi # DANE if use !dane; then # DANE is enabled by default sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die fi # DMARC if use dmarc; then cat >> Makefile <<- EOC SUPPORT_DMARC=yes EXTRALIBS_EXIM += -lopendmarc EOC fi # Sender Policy Framework if use spf; then cat >> Makefile <<- EOC SUPPORT_SPF=yes EXTRALIBS_EXIM += -lspf2 EOC fi # # experimental features # # Authenticated Receive Chain if use arc; then echo "EXPERIMENTAL_ARC=yes">> Makefile fi # Distributed Checksum Clearinghouse if use dcc; then echo "EXPERIMENTAL_DCC=yes">> Makefile fi # Sender Rewriting Scheme if use srs; then # this one is the default/supported variant since 4.95, and the # only variant available since 4.96 cat >> Makefile <<- EOC SUPPORT_SRS=yes EOC fi # Delivery Sender Notifications extra information in fail message if use dsn; then cat >> Makefile <<- EOC EXPERIMENTAL_DSN_INFO=yes EOC fi # # authentication (SMTP AUTH) # # standard bits cat >> Makefile <<- EOC AUTH_SPA=yes AUTH_CRAM_MD5=yes AUTH_PLAINTEXT=yes EOC # Cyrus SASL if use sasl; then cat >> Makefile <<- EOC CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux AUTH_CYRUS_SASL=yes AUTH_LIBS += -lsasl2 EOC fi # Dovecot if use dovecot-sasl; then cat >> Makefile <<- EOC AUTH_DOVECOT=yes EOC fi # Pluggable Authentication Modules if use pam; then cat >> Makefile <<- EOC SUPPORT_PAM=yes AUTH_LIBS += -lpam EOC fi # Radius if use radius; then cat >> Makefile <<- EOC RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf RADIUS_LIB_TYPE=RADIUSCLIENTNEW AUTH_LIBS += -lfreeradius-client EOC fi } src_compile() { emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' } src_install() { cd "${S}"/build-exim-gentoo || die dosbin exim if use X; then dosbin eximon.bin dosbin eximon fi fperms 4755 /usr/sbin/exim dosym exim /usr/sbin/sendmail dosym exim /usr/sbin/rsmtp dosym exim /usr/sbin/rmail dosym ../sbin/exim /usr/bin/mailq dosym ../sbin/exim /usr/bin/newaliases dosym ../sbin/sendmail /usr/lib/sendmail for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \ convert4r3 convert4r4 exipick do dosbin $i done dodoc -r "${S}"/doc/. doman "${S}"/doc/exim.8 use dsn && dodoc "${S}"/README.DSN use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf # conf files insinto /etc/exim newins "${S}"/src/configure.default exim.conf.dist doins "${WORKDIR}"/system_filter.exim doins "${FILESDIR}"/auth_conf.sub if use pam; then pamd_mimic system-auth exim auth account fi # headers, #436406 if use dlfunc ; then # fixup includes so they actually can be found when including sed -i \ -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)"::' \ local_scan.h || die insinto /usr/include/exim doins {config,local_scan}.h ../src/{mytypes,store}.h fi insinto /etc/logrotate.d newins "${FILESDIR}/exim.logrotate" exim newinitd "${FILESDIR}"/exim.rc10 exim newconfd "${FILESDIR}"/exim.confd exim systemd_dounit \ "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket} systemd_newunit \ "${FILESDIR}"/exim_at.service 'exim@.service' systemd_newunit \ "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service' diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP} keepdir /var/log/${PN} } pkg_postinst() { if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter." einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub" einfo "for using smtp auth." einfo "Please create ${EROOT}/etc/exim/exim.conf from" einfo " ${EROOT}/etc/exim/exim.conf.dist." fi if use berkdb && ( use gdbm || use tdb ) ; then ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!" fi if use dmarc ; then einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds" einfo "you can populate this file with the contents downloaded from" einfo " https://publicsuffix.org/list/public_suffix_list.dat" fi if use dcc ; then einfo "DCC support is experimental, you can find some limited" einfo "documentation at the bottom of this prerelease message:" einfo " http://article.gmane.org/gmane.mail.exim.devel/3579" fi use dsn && einfo "extra information in fail DSN message is experimental" einfo elog "Note that this release contains a tainted variable check that" elog "is likely to break your configuration used with Exim 4.93 and before." elog "Please check your transports for occurences of \$local_part, and" elog "use a replacement like \$local_part_data where possible." }