diff --git a/courier-imap-4.8.0-certsdir.patch b/courier-imap-4.8.0-certsdir.patch new file mode 100644 index 0000000..8a0a7d8 --- /dev/null +++ b/courier-imap-4.8.0-certsdir.patch @@ -0,0 +1,351 @@ +diff -ruN courier-imap-4.8.0-orig/configure courier-imap-4.8.0/configure +--- courier-imap-4.8.0-orig/configure 2010-05-30 23:20:04.000000000 +0200 ++++ courier-imap-4.8.0/configure 2010-08-05 16:27:03.000000000 +0200 +@@ -890,6 +890,7 @@ + with_socks + with_authchangepwdir + with_package ++with_certsdir + ' + ac_precious_vars='build_alias + host_alias +@@ -1540,6 +1541,7 @@ + + --with-db=gdbm Use the GDBM library. + --with-db=db Use the libdb.a library. ++ --with-certsdir[=ARG] Directory where certs are created + + Some influential environment variables: + CC C compiler command +@@ -11104,6 +11106,12 @@ + HAVE_HTML_FALSE= + fi + ++# Check whether --with-certsdir was given. ++if test "${with_certsdir+set}" = set; then : ++ withval=$with_certsdir; certsdir="$withval" ++else ++ certsdir=$datadir ++fi + + ac_config_files="$ac_config_files Makefile dbobj.h dbobj.config imapd.rc imapd-ssl.rc pop3d.rc pop3d-ssl.rc courier-imap.sysvinit courier-imap.spec courier-imap.lpspec INSTALL.html packaging/suse/courier-imap.init" + +diff -ruN courier-imap-4.8.0-orig/imap/configure courier-imap-4.8.0/imap/configure +--- courier-imap-4.8.0-orig/imap/configure 2010-05-30 23:20:45.000000000 +0200 ++++ courier-imap-4.8.0/imap/configure 2010-08-05 16:30:02.000000000 +0200 +@@ -753,6 +753,7 @@ + HAVE_SGML_FALSE + HAVE_SGML_TRUE + mydatadir ++certsdir + smap + NETLIBS + dblibrary +@@ -902,6 +903,7 @@ + enable_workarounds_for_imap_client_bugs + with_dirsync + with_smap ++with_certsdir + with_package + with_version + with_trashquota +@@ -1556,14 +1558,15 @@ + both] + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-mailer=prog Your mail submission program +- --with-random=/dev/urandom - location of the system random file generator +---without-random - there is no system random file generator ++ --with-random=/dev/urandom - location of the system random file generator ++ --without-random - there is no system random file generator + + --with-piddir Directory where imapd.pid is created + +- --with-dirsync Manually sync queue file directory +- --without-smap Do not compile SMAP support +- --with-trashquota Count deleted messages as part of the quota ++ --with-dirsync Manually sync queue file directory ++ --without-smap Do not compile SMAP support ++ --with-certsdir[=ARG] Directory where certs are created ++ --with-trashquota Count deleted messages as part of the quota + + Some influential environment variables: + CC C compiler command +@@ -16506,6 +16509,13 @@ + eval "sysconfdir=$sysconfdir" + eval "localstatedir=$localstatedir" + ++# Check whether --with-certsdir was given. ++if test "${with_certsdir+set}" = set; then : ++ withval=$with_certsdir; certsdir="$withval" ++else ++ certsdir="$datadir" ++fi ++ + mydatadir="$datadir" + # Avoid useless autoconf warning + +diff -ruN courier-imap-4.8.0-orig/imap/imapd.cnf.openssl.in courier-imap-4.8.0/imap/imapd.cnf.openssl.in +--- courier-imap-4.8.0-orig/imap/imapd.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100 ++++ courier-imap-4.8.0/imap/imapd.cnf.openssl.in 2010-08-05 14:42:33.000000000 +0200 +@@ -1,5 +1,5 @@ + +-RANDFILE = @mydatadir@/imapd.rand ++RANDFILE = @certsdir@/imapd.rand + + [ req ] + default_bits = 1024 +@@ -15,7 +15,7 @@ + O=Courier Mail Server + OU=Automatically-generated IMAP SSL key + CN=localhost +-emailAddress=postmaster@example.com ++emailAddress=postmaster@localhost + + + [ cert_type ] +diff -ruN courier-imap-4.8.0-orig/imap/imapd-ssl.dist.in courier-imap-4.8.0/imap/imapd-ssl.dist.in +--- courier-imap-4.8.0-orig/imap/imapd-ssl.dist.in 2009-08-13 05:06:42.000000000 +0200 ++++ courier-imap-4.8.0/imap/imapd-ssl.dist.in 2010-08-05 14:37:38.000000000 +0200 +@@ -260,7 +260,7 @@ + # + # This is an experimental feature. + +-TLS_CERTFILE=@mydatadir@/imapd.pem ++TLS_CERTFILE=@certsdir@/imapd.pem + + ##NAME: TLS_TRUSTCERTS:0 + # +diff -ruN courier-imap-4.8.0-orig/imap/Makefile.in courier-imap-4.8.0/imap/Makefile.in +--- courier-imap-4.8.0-orig/imap/Makefile.in 2010-05-30 23:20:45.000000000 +0200 ++++ courier-imap-4.8.0/imap/Makefile.in 2010-08-05 14:40:45.000000000 +0200 +@@ -234,6 +234,7 @@ + build_vendor = @build_vendor@ + builddir = @builddir@ + cacerts = @cacerts@ ++certsdir = @certsdir@ + datadir = @datadir@ + datarootdir = @datarootdir@ + dblibrary = @dblibrary@ +diff -ruN courier-imap-4.8.0-orig/imap/mkimapdcert.8.in courier-imap-4.8.0/imap/mkimapdcert.8.in +--- courier-imap-4.8.0-orig/imap/mkimapdcert.8.in 2010-02-20 05:12:44.000000000 +0100 ++++ courier-imap-4.8.0/imap/mkimapdcert.8.in 2010-08-05 14:47:01.000000000 +0200 +@@ -29,18 +29,18 @@ + .SH "DESCRIPTION" + .PP + IMAP over SSL requires a valid, signed, X\&.509 certificate\&. The default location for the certificate file is +-@datadir@/imapd\&.pem\&. ++@certsdir@/imapd\&.pem\&. + \fBmkimapdcert\fR + generates a self\-signed X\&.509 certificate, mainly for testing\&. For production use the X\&.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate\&. + .PP + +-@datadir@/imapd\&.pem ++@certsdir@/imapd\&.pem + must be owned by the @mailuser@ user and have no group or world permissions\&. The + \fBmkimapdcert\fR + command will enforce this\&. To prevent an unfortunate accident, + \fBmkimapdcert\fR + will not work if +-\fB@datadir@/imapd\&.pem\fR ++\fB@certsdir@/imapd\&.pem\fR + already exists\&. + .PP + +@@ -50,7 +50,7 @@ + to be installed\&. + .SH "FILES" + .PP +-@datadir@/imapd\&.pem ++@certsdir@/imapd\&.pem + .RS 4 + X\&.509 certificate\&. + .RE +diff -ruN courier-imap-4.8.0-orig/imap/mkimapdcert.html.in courier-imap-4.8.0/imap/mkimapdcert.html.in +--- courier-imap-4.8.0-orig/imap/mkimapdcert.html.in 2010-02-20 05:12:44.000000000 +0100 ++++ courier-imap-4.8.0/imap/mkimapdcert.html.in 2010-08-05 14:39:46.000000000 +0200 +@@ -7,22 +7,22 @@ + -->

Name

mkimapdcert — create a test SSL certificate for IMAP over SSL

Synopsis

@sbindir@/mkimapdcert

DESCRIPTION

+ IMAP over SSL requires a valid, signed, X.509 certificate. The default + location for the certificate file is +-@datadir@/imapd.pem. ++@certsdir@/imapd.pem. + mkimapdcert generates a self-signed X.509 certificate, + mainly for + testing. + For production use the X.509 certificate must be signed by a + recognized certificate authority, in order for mail clients to accept the + certificate.

+-@datadir@/imapd.pem must be owned by the ++@certsdir@/imapd.pem must be owned by the + @mailuser@ user and + have no group or world permissions. + The mkimapdcert command will + enforce this. To prevent an unfortunate accident, + mkimapdcert +-will not work if @datadir@/imapd.pem already exists.

++will not work if @certsdir@/imapd.pem already exists.

+ mkimapdcert requires +-OpenSSL to be installed.

FILES

@datadir@/imapd.pem
++OpenSSL to be installed.

FILES

@certsdir@/imapd.pem
+ X.509 certificate. +
@sysconfdir@/imapd.cnf
+ Parameters used by OpenSSL to +diff -ruN courier-imap-4.8.0-orig/imap/mkimapdcert.in courier-imap-4.8.0/imap/mkimapdcert.in +--- courier-imap-4.8.0-orig/imap/mkimapdcert.in 2007-11-04 21:49:58.000000000 +0100 ++++ courier-imap-4.8.0/imap/mkimapdcert.in 2010-08-05 14:36:53.000000000 +0200 +@@ -18,41 +18,41 @@ + + prefix="@prefix@" + +-if test -f @mydatadir@/imapd.pem ++if test -f @certsdir@/imapd.pem + then +- echo "@mydatadir@/imapd.pem already exists." ++ echo "@certsdir@/imapd.pem already exists." + exit 1 + fi + + umask 077 + + cleanup() { +- rm -f @mydatadir@/imapd.pem +- rm -f @mydatadir@/imapd.rand +- rm -f @mydatadir@/imapd.key +- rm -f @mydatadir@/imapd.cert ++ rm -f @certsdir@/imapd.pem ++ rm -f @certsdir@/imapd.rand ++ rm -f @certsdir@/imapd.key ++ rm -f @certsdir@/imapd.cert + exit 1 + } + +-cd @mydatadir@ ++cd @certsdir@ + + if test "@ssllib@" = "openssl" + then +- cp /dev/null @mydatadir@/imapd.pem +- chmod 600 @mydatadir@/imapd.pem +- chown @mailuser@ @mydatadir@/imapd.pem ++ cp /dev/null @certsdir@/imapd.pem ++ chmod 600 @certsdir@/imapd.pem ++ chown @mailuser@ @certsdir@/imapd.pem + +- dd if=@RANDOMV@ of=@mydatadir@/imapd.rand count=1 2>/dev/null ++ dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null + @OPENSSL@ req -new -x509 -days 365 -nodes \ +- -config @sysconfdir@/imapd.cnf -out @mydatadir@/imapd.pem -keyout @mydatadir@/imapd.pem || cleanup +- @OPENSSL@ gendh -rand @mydatadir@/imapd.rand 512 >>@mydatadir@/imapd.pem || cleanup +- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/imapd.pem || cleanup +- rm -f @mydatadir@/imapd.rand ++ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup ++ @OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup ++ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup ++ rm -f @certsdir@/imapd.rand + else +- cp /dev/null @mydatadir@/imapd.key +- chmod 600 @mydatadir@/imapd.key +- cp /dev/null @mydatadir@/imapd.cert +- chmod 600 @mydatadir@/imapd.cert ++ cp /dev/null @certsdir@/imapd.key ++ chmod 600 @certsdir@/imapd.key ++ cp /dev/null @certsdir@/imapd.cert ++ chmod 600 @certsdir@/imapd.cert + + @CERTTOOL@ --generate-privkey --outfile imapd.key + @CERTTOOL@ --generate-self-signed --load-privkey imapd.key --outfile imapd.cert --template @sysconfdir@/imapd.cnf +diff -ruN courier-imap-4.8.0-orig/imap/mkpop3dcert.in courier-imap-4.8.0/imap/mkpop3dcert.in +--- courier-imap-4.8.0-orig/imap/mkpop3dcert.in 2007-11-04 21:49:58.000000000 +0100 ++++ courier-imap-4.8.0/imap/mkpop3dcert.in 2010-08-05 14:35:48.000000000 +0200 +@@ -18,41 +18,41 @@ + + prefix="@prefix@" + +-if test -f @mydatadir@/pop3d.pem ++if test -f @certsdir@/pop3d.pem + then +- echo "@mydatadir@/pop3d.pem already exists." ++ echo "@certsdir@/pop3d.pem already exists." + exit 1 + fi + + umask 077 + + cleanup() { +- rm -f @mydatadir@/pop3d.pem +- rm -f @mydatadir@/pop3d.rand +- rm -f @mydatadir@/pop3d.key +- rm -f @mydatadir@/pop3d.cert ++ rm -f @certsdir@/pop3d.pem ++ rm -f @certsdir@/pop3d.rand ++ rm -f @certsdir@/pop3d.key ++ rm -f @certsdir@/pop3d.cert + exit 1 + } + +-cd @mydatadir@ ++cd @certsdir@ + + if test "@ssllib@" = "openssl" + then +- cp /dev/null @mydatadir@/pop3d.pem +- chmod 600 @mydatadir@/pop3d.pem +- chown @mailuser@ @mydatadir@/pop3d.pem ++ cp /dev/null @certsdir@/pop3d.pem ++ chmod 600 @certsdir@/pop3d.pem ++ chown @mailuser@ @certsdir@/pop3d.pem + +- dd if=@RANDOMV@ of=@mydatadir@/pop3d.rand count=1 2>/dev/null ++ dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null + @OPENSSL@ req -new -x509 -days 365 -nodes \ +- -config @sysconfdir@/pop3d.cnf -out @mydatadir@/pop3d.pem -keyout @mydatadir@/pop3d.pem || cleanup +- @OPENSSL@ gendh -rand @mydatadir@/pop3d.rand 512 >>@mydatadir@/pop3d.pem || cleanup +- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/pop3d.pem || cleanup +- rm -f @mydatadir@/pop3d.rand ++ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup ++ @OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup ++ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup ++ rm -f @certsdir@/pop3d.rand + else +- cp /dev/null @mydatadir@/pop3d.key +- chmod 600 @mydatadir@/pop3d.key +- cp /dev/null @mydatadir@/pop3d.cert +- chmod 600 @mydatadir@/pop3d.cert ++ cp /dev/null @certsdir@/pop3d.key ++ chmod 600 @certsdir@/pop3d.key ++ cp /dev/null @certsdir@/pop3d.cert ++ chmod 600 @certsdir@/pop3d.cert + + @CERTTOOL@ --generate-privkey --outfile pop3d.key + @CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile pop3d.cert --template @sysconfdir@/pop3d.cnf +diff -ruN courier-imap-4.8.0-orig/imap/pop3d.cnf.openssl.in courier-imap-4.8.0/imap/pop3d.cnf.openssl.in +--- courier-imap-4.8.0-orig/imap/pop3d.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100 ++++ courier-imap-4.8.0/imap/pop3d.cnf.openssl.in 2010-08-05 14:43:48.000000000 +0200 +@@ -1,5 +1,5 @@ + +-RANDFILE = @mydatadir@/pop3d.rand ++RANDFILE = @certsdir@/pop3d.rand + + [ req ] + default_bits = 1024 +@@ -15,7 +15,7 @@ + O=Courier Mail Server + OU=Automatically-generated POP3 SSL key + CN=localhost +-emailAddress=postmaster@example.com ++emailAddress=postmaster@localhost + + + [ cert_type ] +diff -ruN courier-imap-4.8.0-orig/imap/pop3d-ssl.dist.in courier-imap-4.8.0/imap/pop3d-ssl.dist.in +--- courier-imap-4.8.0-orig/imap/pop3d-ssl.dist.in 2009-08-13 05:06:42.000000000 +0200 ++++ courier-imap-4.8.0/imap/pop3d-ssl.dist.in 2010-08-05 14:43:05.000000000 +0200 +@@ -248,7 +248,7 @@ + # + # This is an experimental feature. + +-TLS_CERTFILE=@mydatadir@/pop3d.pem ++TLS_CERTFILE=@certsdir@/pop3d.pem + + ##NAME: TLS_TRUSTCERTS:0 + # diff --git a/courier-imap.changes b/courier-imap.changes index ee88545..0262cf5 100644 --- a/courier-imap.changes +++ b/courier-imap.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Aug 5 16:06:36 UTC 2010 - chris@computersalat.de + +- have pop3d, imapd ssl certs in /etc/ssl/private + [bnc#628487]; certsdir patch + ------------------------------------------------------------------- Mon Jul 5 15:21:53 UTC 2010 - chris@computersalat.de diff --git a/courier-imap.spec b/courier-imap.spec index 16ad5e8..e212058 100644 --- a/courier-imap.spec +++ b/courier-imap.spec @@ -37,6 +37,8 @@ Source9: %{name}-ssl.firewall Patch0: %{name}-4.8.0-sbindir.patch Patch1: %{name}-4.7.0-LDFLAGS.patch Patch2: %{name}-ulimit_conf.diff +# bnc#628487 +Patch3: %{name}-4.8.0-certsdir.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} > 910 BuildRequires: audit-libs @@ -83,6 +85,8 @@ install the entire Courier server. %patch0 -p1 %patch1 -p1 %patch2 +# bnc#628487 +%patch3 -p1 %build %configure \ @@ -95,6 +99,7 @@ install the entire Courier server. --enable-unicode \ --with-authdaemonvar=%{_localstatedir}/run/authdaemon.%{name} \ --with-certdb=%{_sysconfdir}/ssl/certs \ + --with-certsdir=%{_sysconfdir}/ssl/private \ --enable-workarounds-for-imap-client-bugs %{__make} %{?jobs:-j%jobs}