From 0ce6a09235ba11534c7cc9ee4bbd2aed5bf89aeb Mon Sep 17 00:00:00 2001 From: Philipp Kern Date: Sun, 19 Feb 2023 13:15:04 +0100 Subject: [PATCH 01/10] =?UTF-8?q?spamassassin:=203.4.6=20=E2=86=92=204.0.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The HashCash module has been removed, so this change also drops it from the default config for spamassassin. --- nixos/modules/services/mail/spamassassin.nix | 1 - pkgs/servers/mail/spamassassin/default.nix | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/mail/spamassassin.nix b/nixos/modules/services/mail/spamassassin.nix index 49d1d9315985..4b5736dfd1bc 100644 --- a/nixos/modules/services/mail/spamassassin.nix +++ b/nixos/modules/services/mail/spamassassin.nix @@ -79,7 +79,6 @@ in loadplugin Mail::SpamAssassin::Plugin::DKIM loadplugin Mail::SpamAssassin::Plugin::DNSEval loadplugin Mail::SpamAssassin::Plugin::FreeMail - loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::HeaderEval loadplugin Mail::SpamAssassin::Plugin::HTMLEval loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch diff --git a/pkgs/servers/mail/spamassassin/default.nix b/pkgs/servers/mail/spamassassin/default.nix index ef87288df29b..996db226e0d1 100644 --- a/pkgs/servers/mail/spamassassin/default.nix +++ b/pkgs/servers/mail/spamassassin/default.nix @@ -1,12 +1,12 @@ -{ lib, fetchurl, perlPackages, makeWrapper, gnupg, re2c, gcc, gnumake }: +{ lib, fetchurl, perlPackages, makeWrapper, gnupg, re2c, gcc, gnumake, libxcrypt }: perlPackages.buildPerlPackage rec { pname = "SpamAssassin"; - version = "3.4.6"; + version = "4.0.0"; src = fetchurl { url = "mirror://apache/spamassassin/source/Mail-${pname}-${version}.tar.bz2"; - sha256 = "044ng2aazqy8g0m17q0a4939ck1ca4x230q2q7q7jndvwkrpaj5w"; + hash = "sha256-5aoXBQowvHK6qGr9xgSMrepNHsLsxh14dxegWbgxnog="; }; # ExtUtil::MakeMaker is bundled with Perl, but the bundled version @@ -36,7 +36,7 @@ perlPackages.buildPerlPackage rec { mv "rules/"* $out/share/spamassassin/ for n in "$out/bin/"*; do - wrapProgram "$n" --prefix PERL5LIB : "$PERL5LIB" --prefix PATH : ${lib.makeBinPath [ gnupg re2c gcc gnumake ]} + wrapProgram "$n" --prefix PERL5LIB : "$PERL5LIB" --prefix PATH : ${lib.makeBinPath [ gnupg re2c gcc gnumake ]} --prefix C_INCLUDE_PATH : ${lib.makeSearchPathOutput "include" "include" [ libxcrypt ]} done ''; From cd0d3ad3445ff10ce7b7a9f6ab3630fce2d59686 Mon Sep 17 00:00:00 2001 From: Philipp Kern Date: Sun, 21 May 2023 21:01:05 +0200 Subject: [PATCH 02/10] nixos/release-notes: Add a note about Hashcash being removed from spamassassin. --- nixos/doc/manual/release-notes/rl-2311.section.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index b0a256224970..39abdb715336 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -50,6 +50,8 @@ - `services.lemmy.settings.federation` was removed in 0.17.0 and no longer has any effect. To enable federation, the hostname must be set in the configuration file and then federation must be enabled in the admin web UI. See the [release notes](https://github.com/LemmyNet/lemmy/blob/c32585b03429f0f76d1e4ff738786321a0a9df98/RELEASES.md#upgrade-instructions) for more details. +- `spamassassin` no longer supports the `Hashcash` module. The module needs to be removed from the `loadplugin` list if it was copied over from the default `initPreConf` option. + ## Other Notable Changes {#sec-release-23.11-notable-changes} - The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration. From 584cd908f08fe302537a434fb0d593eed32f5e61 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 25 Jun 2023 12:49:42 +0000 Subject: [PATCH 03/10] perlPackages.NetLibIDN2: init at 1.02 --- pkgs/top-level/perl-packages.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index b2714c0826a7..0f34b152bce6 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -18001,6 +18001,21 @@ with self; { }; }; + NetLibIDN2 = buildPerlModule { + pname = "Net-LibIDN2"; + version = "1.02"; + src = fetchurl { + url = "mirror://cpan/authors/id/T/TH/THOR/Net-LibIDN2-1.02.tar.gz"; + hash = "sha256-0fMK/GrPplQbAMCafkx059jkuknjJ3wLvEGuNcE5DQc="; + }; + propagatedBuildInputs = [ pkgs.libidn2 ]; + meta = { + description = "Perl bindings for GNU Libidn2"; + homepage = "https://github.com/gnuthor/Net--LibIDN2"; + license = with lib.licenses; [ artistic1 gpl1Plus ]; + }; + }; + NetNetmask = buildPerlPackage { pname = "Net-Netmask"; version = "2.0001"; From 62654174d07e52a6a6e8fa7cff6b6050f97333bc Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 25 Jun 2023 13:34:40 +0000 Subject: [PATCH 04/10] perlPackages.MailDMARC: init at 1.20230215 --- pkgs/top-level/perl-packages.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 0f34b152bce6..ffa2532f99b9 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -14256,6 +14256,28 @@ with self; { }; }; + MailDMARC = buildPerlPackage { + pname = "Mail-DMARC"; + version = "1.20230215"; + src = fetchurl { + url = "mirror://cpan/authors/id/M/MB/MBRADSHAW/Mail-DMARC-1.20230215.tar.gz"; + hash = "sha256-V9z1R1nLkkSOVukUE0D2E0QnTFjZ3WWqkKqczw5+uQM="; + }; + buildInputs = [ ExtUtilsMakeMaker FileShareDirInstall ]; + doCheck = false; # uses actual DNS at runtime + checkInputs = [ XMLSAX XMLValidatorSchema TestException TestFileShareDir TestMore TestOutput ]; + propagatedBuildInputs = [ + ConfigTiny DBDSQLite DBIxSimple EmailMIME EmailSender Encode FileShareDir GetoptLong + IOCompress IO IOSocketSSL NetDNS NetIDNEncode NetIP NetSSLeay RegexpCommon Socket6 + SysSyslog URI XMLLibXML + ]; + meta = { + description = "Perl implementation of DMARC"; + homepage = "https://github.com/msimerson/mail-dmarc"; + license = with lib.licenses; [ artistic1 gpl1Plus ]; + }; + }; + MailMaildir = buildPerlPackage { version = "1.0.0"; pname = "Mail-Maildir"; From 0b48da2e88346e8691c68f9cd31c995f238668c5 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 25 Jun 2023 13:35:32 +0000 Subject: [PATCH 05/10] spamassassin: switch back to Perl-bundled ExtUtils::MakeMaker It's past the required minimum version now, so we can drop this comment and the explicit dependency. --- pkgs/servers/mail/spamassassin/default.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/pkgs/servers/mail/spamassassin/default.nix b/pkgs/servers/mail/spamassassin/default.nix index 996db226e0d1..fd8acd7d9a6c 100644 --- a/pkgs/servers/mail/spamassassin/default.nix +++ b/pkgs/servers/mail/spamassassin/default.nix @@ -9,14 +9,7 @@ perlPackages.buildPerlPackage rec { hash = "sha256-5aoXBQowvHK6qGr9xgSMrepNHsLsxh14dxegWbgxnog="; }; - # ExtUtil::MakeMaker is bundled with Perl, but the bundled version - # causes build errors for aarch64-darwin, so we override it with the - # latest version. We can drop the dependency to go back to the - # bundled version when the version that comes with Perl is ≥7.57_02. - # - # Check the version bundled with Perl like this: - # perl -e 'use ExtUtils::MakeMaker qw($VERSION); print "$VERSION\n"' - nativeBuildInputs = [ makeWrapper perlPackages.ExtUtilsMakeMaker ]; + nativeBuildInputs = [ makeWrapper ]; buildInputs = (with perlPackages; [ HTMLParser NetCIDRLite NetDNS NetAddrIP DBFile HTTPDate MailDKIM LWP LWPProtocolHttps IOSocketSSL DBI EncodeDetect IPCountry NetIdent From 16663f620a4f649e8ace1c1fd85458eadf487ea7 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 25 Jun 2023 13:36:37 +0000 Subject: [PATCH 06/10] spamassassin: add dependencies from SpamAssassin core These modules are all used by SpamAssassin in some way or another, in some cases optional depending on what plugins you have loaded. --- pkgs/servers/mail/spamassassin/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/servers/mail/spamassassin/default.nix b/pkgs/servers/mail/spamassassin/default.nix index fd8acd7d9a6c..774558932c88 100644 --- a/pkgs/servers/mail/spamassassin/default.nix +++ b/pkgs/servers/mail/spamassassin/default.nix @@ -14,6 +14,8 @@ perlPackages.buildPerlPackage rec { HTMLParser NetCIDRLite NetDNS NetAddrIP DBFile HTTPDate MailDKIM LWP LWPProtocolHttps IOSocketSSL DBI EncodeDetect IPCountry NetIdent Razor2ClientAgent MailSPF NetDNSResolverProgrammable Socket6 + ArchiveZip EmailAddressXS NetLibIDN2 MaxMindDBReader GeoIP MailDMARC + MaxMindDBReaderXS ]); # Enabling 'taint' mode is desirable, but that flag disables support From 6c161ee4b9abdd5673e962b57b607f647f40ab70 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 25 Jun 2023 13:37:18 +0000 Subject: [PATCH 07/10] spamassassin: enable tests --- pkgs/servers/mail/spamassassin/default.nix | 27 +++++++++++++++++-- .../sa_compile-use-perl5lib.patch | 23 ++++++++++++++++ .../spamassassin/satest-no-clean-path.patch | 18 +++++++++++++ 3 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 pkgs/servers/mail/spamassassin/sa_compile-use-perl5lib.patch create mode 100644 pkgs/servers/mail/spamassassin/satest-no-clean-path.patch diff --git a/pkgs/servers/mail/spamassassin/default.nix b/pkgs/servers/mail/spamassassin/default.nix index 774558932c88..3fbab769fa0d 100644 --- a/pkgs/servers/mail/spamassassin/default.nix +++ b/pkgs/servers/mail/spamassassin/default.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl, perlPackages, makeWrapper, gnupg, re2c, gcc, gnumake, libxcrypt }: +{ lib, fetchurl, perlPackages, makeWrapper, gnupg, re2c, gcc, gnumake, libxcrypt, coreutils, poppler_utils, tesseract, iana-etc }: perlPackages.buildPerlPackage rec { pname = "SpamAssassin"; @@ -9,6 +9,11 @@ perlPackages.buildPerlPackage rec { hash = "sha256-5aoXBQowvHK6qGr9xgSMrepNHsLsxh14dxegWbgxnog="; }; + patches = [ + ./satest-no-clean-path.patch + ./sa_compile-use-perl5lib.patch + ]; + nativeBuildInputs = [ makeWrapper ]; buildInputs = (with perlPackages; [ HTMLParser NetCIDRLite NetDNS NetAddrIP DBFile HTTPDate MailDKIM LWP @@ -24,7 +29,25 @@ perlPackages.buildPerlPackage rec { makeMakerFlags = [ "SYSCONFDIR=/etc LOCALSTATEDIR=/var/lib/spamassassin" ]; - doCheck = false; + checkInputs = (with perlPackages; [ + TextDiff # t/strip2.t + ]) ++ [ + coreutils # date, t/basic_meta.t + poppler_utils # pdftotext, t/extracttext.t + tesseract # tesseract, t/extracttext.t + iana-etc # t/dnsbl_subtests.t (/etc/protocols used by Net::DNS::Nameserver) + re2c gcc gnumake + ]; + preCheck = '' + substituteInPlace t/spamc_x_e.t \ + --replace "/bin/echo" "${coreutils}/bin/echo" + export C_INCLUDE_PATH='${lib.makeSearchPathOutput "include" "include" [ libxcrypt ]}' + export HARNESS_OPTIONS="j''${NIX_BUILD_CORES}" + + export HOME=$NIX_BUILD_TOP/home + mkdir -p $HOME + mkdir t/log # pre-create to avoid race conditions + ''; postInstall = '' mkdir -p $out/share/spamassassin diff --git a/pkgs/servers/mail/spamassassin/sa_compile-use-perl5lib.patch b/pkgs/servers/mail/spamassassin/sa_compile-use-perl5lib.patch new file mode 100644 index 000000000000..ba68142a92d9 --- /dev/null +++ b/pkgs/servers/mail/spamassassin/sa_compile-use-perl5lib.patch @@ -0,0 +1,23 @@ +diff -ru orig/t/sa_compile.t new/t/sa_compile.t +--- orig/t/sa_compile.t 2022-12-14 06:03:26.000000000 +0000 ++++ new/t/sa_compile.t 2023-06-25 12:30:39.735577152 +0000 +@@ -40,7 +40,7 @@ + + # we now have an "installed" version we can run sa-compile with. Ensure + # sarun() will use it appropriately +-$scr = "$instdir/$temp_binpath/spamassassin"; ++$scr = "$perl_cmd -T $instdir/$temp_binpath/spamassassin"; + $scr_localrules_args = $scr_cf_args = ""; # use the default rules dir, from our "install" + + &set_rules(' +@@ -86,8 +86,8 @@ + # ------------------------------------------------------------------- + + rmtree( glob "~/.spamassassin/sa-compile.cache". { safe => 1 }); # reset test +-system_or_die "TMP=$instdir TMPDIR=$instdir $instdir/$temp_binpath/sa-compile --quiet -p $cwd/$workdir/user.cf --keep-tmps -D 2>$instdir/sa-compile.debug"; # --debug +-$scr = "$instdir/$temp_binpath/spamassassin"; ++system_or_die "TMP=$instdir TMPDIR=$instdir $perl_cmd -T $instdir/$temp_binpath/sa-compile --quiet -p $cwd/$workdir/user.cf --keep-tmps -D 2>$instdir/sa-compile.debug"; # --debug ++$scr = "$perl_cmd -T $instdir/$temp_binpath/spamassassin"; + $scr_localrules_args = $scr_cf_args = ""; # use the default rules dir, from our "install" + + %patterns = ( diff --git a/pkgs/servers/mail/spamassassin/satest-no-clean-path.patch b/pkgs/servers/mail/spamassassin/satest-no-clean-path.patch new file mode 100644 index 000000000000..11f5c31d31e7 --- /dev/null +++ b/pkgs/servers/mail/spamassassin/satest-no-clean-path.patch @@ -0,0 +1,18 @@ +diff -ru orig/t/SATest.pm new/t/SATest.pm +--- orig/t/SATest.pm 2023-06-25 11:26:27.663204415 +0000 ++++ new/t/SATest.pm 2023-06-25 11:34:08.902174669 +0000 +@@ -65,9 +65,12 @@ + + # Clean PATH so taint doesn't complain + if (!$RUNNING_ON_WINDOWS) { +- $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; ++ # untaint PATH ++ $ENV{'PATH'} =~ /^(.+)$/; ++ $ENV{'PATH'} = $1; ++ # $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; + # Remove tainted envs, at least ENV used in FreeBSD +- delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; ++ # delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; + } else { + # Windows might need non-system directories in PATH to run a Perl installation + # The best we can do is clean out obviously bad stuff such as relative paths or \..\ From 58b48cd7209fc181847ee850b090c4f5c3b74165 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 25 Jun 2023 13:39:53 +0000 Subject: [PATCH 08/10] nixos/spamassassin: add DMARC module to default config --- nixos/modules/services/mail/spamassassin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/mail/spamassassin.nix b/nixos/modules/services/mail/spamassassin.nix index 4b5736dfd1bc..072172e31451 100644 --- a/nixos/modules/services/mail/spamassassin.nix +++ b/nixos/modules/services/mail/spamassassin.nix @@ -77,6 +77,7 @@ in loadplugin Mail::SpamAssassin::Plugin::Check #loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::DKIM + loadplugin Mail::SpamAssassin::Plugin::DMARC loadplugin Mail::SpamAssassin::Plugin::DNSEval loadplugin Mail::SpamAssassin::Plugin::FreeMail loadplugin Mail::SpamAssassin::Plugin::HeaderEval From 01b8cd44fcaf2087dd0d60f6b888ddb98b4b5b52 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 25 Jun 2023 13:58:29 +0000 Subject: [PATCH 09/10] spamassassin: compile spamc with TLS support --- pkgs/servers/mail/spamassassin/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/mail/spamassassin/default.nix b/pkgs/servers/mail/spamassassin/default.nix index 3fbab769fa0d..ef6917397deb 100644 --- a/pkgs/servers/mail/spamassassin/default.nix +++ b/pkgs/servers/mail/spamassassin/default.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl, perlPackages, makeWrapper, gnupg, re2c, gcc, gnumake, libxcrypt, coreutils, poppler_utils, tesseract, iana-etc }: +{ lib, fetchurl, perlPackages, makeWrapper, gnupg, re2c, gcc, gnumake, libxcrypt, openssl, coreutils, poppler_utils, tesseract, iana-etc }: perlPackages.buildPerlPackage rec { pname = "SpamAssassin"; @@ -21,11 +21,13 @@ perlPackages.buildPerlPackage rec { Razor2ClientAgent MailSPF NetDNSResolverProgrammable Socket6 ArchiveZip EmailAddressXS NetLibIDN2 MaxMindDBReader GeoIP MailDMARC MaxMindDBReaderXS - ]); + ]) ++ [ + openssl + ]; # Enabling 'taint' mode is desirable, but that flag disables support # for the PERL5LIB environment variable. Needs further investigation. - makeFlags = [ "PERL_BIN=${perlPackages.perl}/bin/perl" "PERL_TAINT=no" ]; + makeFlags = [ "PERL_BIN=${perlPackages.perl}/bin/perl" "PERL_TAINT=no" "ENABLE_SSL=yes" ]; makeMakerFlags = [ "SYSCONFDIR=/etc LOCALSTATEDIR=/var/lib/spamassassin" ]; From c4abac1cffae620573a78ab1593d0a6d667de6ca Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 25 Jun 2023 14:32:01 +0000 Subject: [PATCH 10/10] spamassassin: enable taint mode --- pkgs/servers/mail/spamassassin/default.nix | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/pkgs/servers/mail/spamassassin/default.nix b/pkgs/servers/mail/spamassassin/default.nix index ef6917397deb..95b613f0b478 100644 --- a/pkgs/servers/mail/spamassassin/default.nix +++ b/pkgs/servers/mail/spamassassin/default.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl, perlPackages, makeWrapper, gnupg, re2c, gcc, gnumake, libxcrypt, openssl, coreutils, poppler_utils, tesseract, iana-etc }: +{ lib, fetchurl, perlPackages, makeBinaryWrapper, gnupg, re2c, gcc, gnumake, libxcrypt, openssl, coreutils, poppler_utils, tesseract, iana-etc }: perlPackages.buildPerlPackage rec { pname = "SpamAssassin"; @@ -14,7 +14,7 @@ perlPackages.buildPerlPackage rec { ./sa_compile-use-perl5lib.patch ]; - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeBinaryWrapper ]; buildInputs = (with perlPackages; [ HTMLParser NetCIDRLite NetDNS NetAddrIP DBFile HTTPDate MailDKIM LWP LWPProtocolHttps IOSocketSSL DBI EncodeDetect IPCountry NetIdent @@ -25,9 +25,7 @@ perlPackages.buildPerlPackage rec { openssl ]; - # Enabling 'taint' mode is desirable, but that flag disables support - # for the PERL5LIB environment variable. Needs further investigation. - makeFlags = [ "PERL_BIN=${perlPackages.perl}/bin/perl" "PERL_TAINT=no" "ENABLE_SSL=yes" ]; + makeFlags = [ "PERL_BIN=${perlPackages.perl}/bin/perl" "ENABLE_SSL=yes" ]; makeMakerFlags = [ "SYSCONFDIR=/etc LOCALSTATEDIR=/var/lib/spamassassin" ]; @@ -56,7 +54,18 @@ perlPackages.buildPerlPackage rec { mv "rules/"* $out/share/spamassassin/ for n in "$out/bin/"*; do - wrapProgram "$n" --prefix PERL5LIB : "$PERL5LIB" --prefix PATH : ${lib.makeBinPath [ gnupg re2c gcc gnumake ]} --prefix C_INCLUDE_PATH : ${lib.makeSearchPathOutput "include" "include" [ libxcrypt ]} + # Skip if this isn't a perl script + if ! head -n1 "$n" | grep -q bin/perl; then + continue + fi + echo "Wrapping $n for taint mode" + orig="$out/bin/.$(basename "$n")-wrapped" + mv "$n" "$orig" + # We don't inherit argv0 so that $^X works properly in e.g. sa-compile + makeWrapper "${perlPackages.perl}/bin/perl" "$n" \ + --add-flags "-T $perlFlags $orig" \ + --prefix PATH : ${lib.makeBinPath [ gnupg re2c gcc gnumake ]} \ + --prefix C_INCLUDE_PATH : ${lib.makeSearchPathOutput "include" "include" [ libxcrypt ]} done '';