kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

Merge pull request #167051 from pacien/ssmtp-removal

Browse Source 
ssmtp: drop unmaintained program and module
main
Janne Heß 2 years ago committed by GitHub
parent 95af2245a3 4572069a3a
commit 69c18b0eab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 87 additions and 312 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 38
      nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
  2. 33
      nixos/doc/manual/release-notes/rl-2205.section.md
  3. 1
      nixos/modules/module-list.nix
  4. 190
      nixos/modules/programs/ssmtp.nix
  5. 5
      nixos/modules/rename.nix
  6. 4
      nixos/modules/services/monitoring/nagios.nix
  7. 9
      nixos/tests/mailcatcher.nix
  8. 45
      pkgs/tools/networking/ssmtp/default.nix
  9. 69
      pkgs/tools/networking/ssmtp/ssmtp_support_AuthPassFile_parameter.patch
  10. 1
      pkgs/top-level/aliases.nix
  11. 2
      pkgs/top-level/all-packages.nix
  12. 2
      pkgs/top-level/release-small.nix

38
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
Unescape View File

@ -462,6 +462,44 @@
kernel messages is handled by systemd since Linux 3.5.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.ssmtp</literal> has been dropped due to the
program being unmaintained. <literal>pkgs.msmtp</literal> can
be used instead as a substitute <literal>sendmail</literal>
implementation. The corresponding options
<literal>services.ssmtp.*</literal> have been removed as well.
<literal>programs.msmtp.*</literal> can be used instead for an
equivalent setup. For example:
</para>
<programlisting language="bash">
{
# Original ssmtp configuration:
services.ssmtp = {
enable = true;
useTLS = true;
useSTARTTLS = true;
hostName = &quot;smtp.example:587&quot;;
authUser = &quot;someone&quot;;
authPassFile = &quot;/secrets/password.txt&quot;;
};
# Equivalent msmtp configuration:
programs.msmtp = {
enable = true;
accounts.default = {
tls = true;
tls_starttls = true;
auth = true;
host = &quot;smtp.example&quot;;
port = 587;
user = &quot;someone&quot;;
passwordeval = &quot;cat /secrets/password.txt&quot;;
};
};
}
</programlisting>
</listitem>
<listitem>
<para>
<literal>services.kubernetes.addons.dashboard</literal> was

33
nixos/doc/manual/release-notes/rl-2205.section.md
Unescape View File

@ -150,6 +150,39 @@ In addition to numerous new and upgraded packages, this release has the followin
- `security.klogd` was removed. Logging of kernel messages is handled
by systemd since Linux 3.5.
- `pkgs.ssmtp` has been dropped due to the program being unmaintained.
`pkgs.msmtp` can be used instead as a substitute `sendmail` implementation.
The corresponding options `services.ssmtp.*` have been removed as well.
`programs.msmtp.*` can be used instead for an equivalent setup. For example:
```nix
{
# Original ssmtp configuration:
services.ssmtp = {
enable = true;
useTLS = true;
useSTARTTLS = true;
hostName = "smtp.example:587";
authUser = "someone";
authPassFile = "/secrets/password.txt";
};
# Equivalent msmtp configuration:
programs.msmtp = {
enable = true;
accounts.default = {
tls = true;
tls_starttls = true;
auth = true;
host = "smtp.example";
port = 587;
user = "someone";
passwordeval = "cat /secrets/password.txt";
};
};
}
```
- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
- `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading.

1
nixos/modules/module-list.nix
Unescape View File

@ -205,7 +205,6 @@
./programs/spacefm.nix
./programs/singularity.nix
./programs/ssh.nix
./programs/ssmtp.nix
./programs/sysdig.nix
./programs/systemtap.nix
./programs/starship.nix

190
nixos/modules/programs/ssmtp.nix
Unescape View File

@ -1,190 +0,0 @@
# Configuration for `ssmtp', a trivial mail transfer agent that can
# replace sendmail/postfix on simple systems. It delivers email
# directly to an SMTP server defined in its configuration file, without
# queueing mail locally.
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.ssmtp;
in
{
imports = [
(mkRenamedOptionModule [ "networking" "defaultMailServer" "directDelivery" ] [ "services" "ssmtp" "enable" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "hostName" ] [ "services" "ssmtp" "hostName" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "domain" ] [ "services" "ssmtp" "domain" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "root" ] [ "services" "ssmtp" "root" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
(mkRemovedOptionModule [ "networking" "defaultMailServer" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
(mkRemovedOptionModule [ "services" "ssmtp" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
];
options = {
services.ssmtp = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Use the trivial Mail Transfer Agent (MTA)
<command>ssmtp</command> package to allow programs to send
e-mail. If you don't want to run a real MTA like
<command>sendmail</command> or <command>postfix</command> on
your machine, set this option to <literal>true</literal>, and
set the option
<option>services.ssmtp.hostName</option> to the
host name of your preferred mail server.
'';
};
settings = mkOption {
type = with types; attrsOf (oneOf [ bool str ]);
default = {};
description = ''
<citerefentry><refentrytitle>ssmtp</refentrytitle><manvolnum>5</manvolnum></citerefentry> configuration. Refer
to <link xlink:href="https://linux.die.net/man/5/ssmtp.conf"/> for details on supported values.
'';
example = literalExpression ''
{
Debug = true;
FromLineOverride = false;
}
'';
};
hostName = mkOption {
type = types.str;
example = "mail.example.org";
description = ''
The host name of the default mail server to use to deliver
e-mail. Can also contain a port number (ex: mail.example.org:587),
defaults to port 25 if no port is given.
'';
};
root = mkOption {
type = types.str;
default = "";
example = "root@example.org";
description = ''
The e-mail to which mail for users with UID &lt; 1000 is forwarded.
'';
};
domain = mkOption {
type = types.str;
default = "";
example = "example.org";
description = ''
The domain from which mail will appear to be sent.
'';
};
useTLS = mkOption {
type = types.bool;
default = false;
description = ''
Whether TLS should be used to connect to the default mail
server.
'';
};
useSTARTTLS = mkOption {
type = types.bool;
default = false;
description = ''
Whether the STARTTLS should be used to connect to the default
mail server. (This is needed for TLS-capable mail servers
running on the default SMTP port 25.)
'';
};
authUser = mkOption {
type = types.str;
default = "";
example = "foo@example.org";
description = ''
Username used for SMTP auth. Leave blank to disable.
'';
};
authPassFile = mkOption {
type = types.nullOr types.str;
default = null;
example = "/run/keys/ssmtp-authpass";
description = ''
Path to a file that contains the password used for SMTP auth. The file
should not contain a trailing newline, if the password does not contain one
(e.g. use <command>echo -n "password" > file</command>).
This file should be readable by the users that need to execute ssmtp.
'';
};
setSendmail = mkOption {
type = types.bool;
default = true;
description = "Whether to set the system sendmail to ssmtp's.";
};
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.useSTARTTLS -> cfg.useTLS;
message = "services.ssmtp.useSTARTTLS has no effect without services.ssmtp.useTLS";
}
];
services.ssmtp.settings = mkMerge [
({
MailHub = cfg.hostName;
FromLineOverride = mkDefault true;
UseTLS = cfg.useTLS;
UseSTARTTLS = cfg.useSTARTTLS;
})
(mkIf (cfg.root != "") { root = cfg.root; })
(mkIf (cfg.domain != "") { rewriteDomain = cfg.domain; })
(mkIf (cfg.authUser != "") { AuthUser = cfg.authUser; })
(mkIf (cfg.authPassFile != null) { AuthPassFile = cfg.authPassFile; })
];
# careful here: ssmtp REQUIRES all config lines to end with a newline char!
environment.etc."ssmtp/ssmtp.conf".text = with generators; toKeyValue {
mkKeyValue = mkKeyValueDefault {
mkValueString = value:
if value == true then "YES"
else if value == false then "NO"
else mkValueStringDefault {} value
;
} "=";
} cfg.settings;
environment.systemPackages = [pkgs.ssmtp];
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail {
program = "sendmail";
source = "${pkgs.ssmtp}/bin/sendmail";
setuid = false;
setgid = false;
owner = "root";
group = "root";
};
};
}

5
nixos/modules/rename.nix
Unescape View File

@ -69,6 +69,11 @@ with lib;
'')
(mkRemovedOptionModule [ "services" "quagga" ] "the corresponding package has been removed from nixpkgs")
(mkRemovedOptionModule [ "services" "seeks" ] "")
(mkRemovedOptionModule [ "services" "ssmtp" ] ''
The ssmtp package and the corresponding module have been removed due to
the program being unmaintained. The options `programs.msmtp.*` can be
used instead.
'')
(mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")

4
nixos/modules/services/monitoring/nagios.nix
Unescape View File

@ -102,8 +102,8 @@ in
plugins = mkOption {
type = types.listOf types.package;
default = with pkgs; [ monitoring-plugins ssmtp mailutils ];
defaultText = literalExpression "[pkgs.monitoring-plugins pkgs.ssmtp pkgs.mailutils]";
default = with pkgs; [ monitoring-plugins msmtp mailutils ];
defaultText = literalExpression "[pkgs.monitoring-plugins pkgs.msmtp pkgs.mailutils]";
description = "
Packages to be added to the Nagios <envar>PATH</envar>.
Typically used to add plugins, but can be anything.

9
nixos/tests/mailcatcher.nix
Unescape View File

@ -9,8 +9,13 @@ import ./make-test-python.nix ({ lib, ... }:
{
services.mailcatcher.enable = true;
services.ssmtp.enable = true;
services.ssmtp.hostName = "localhost:1025";
programs.msmtp = {
enable = true;
accounts.default = {
host = "localhost";
port = 1025;
};
};
environment.systemPackages = [ pkgs.mailutils ];
};

45
pkgs/tools/networking/ssmtp/default.nix
Unescape View File

@ -1,45 +0,0 @@
{ lib, stdenv, fetchurl, tlsSupport ? true, openssl }:
stdenv.mkDerivation rec {
pname = "ssmtp";
version = "2.64";
src = fetchurl {
url = "mirror://debian/pool/main/s/ssmtp/ssmtp_${version}.orig.tar.bz2";
sha256 = "0dps8s87ag4g3jr6dk88hs9zl46h3790marc5c2qw7l71k4pvhr2";
};
# A request has been made to merge this patch into ssmtp.
# See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858781
patches = [ ./ssmtp_support_AuthPassFile_parameter.patch ];
configureFlags = [
"--sysconfdir=/etc"
(lib.enableFeature tlsSupport "ssl")
];
postConfigure = ''
# Don't run the script that interactively generates a config file.
# Also don't install the broken, cyclic symlink /lib/sendmail.
sed -e '/INSTALLED_CONFIGURATION_FILE/d' \
-e 's|/lib/sendmail|$(TMPDIR)/sendmail|' \
-i Makefile
substituteInPlace Makefile \
--replace '$(INSTALL) -s' '$(INSTALL) -s --strip-program $(STRIP)'
'';
installFlags = [ "etcdir=$(out)/etc" ];
installTargets = [ "install" "install-sendmail" ];
buildInputs = lib.optional tlsSupport openssl;
NIX_LDFLAGS = lib.optionalString tlsSupport "-lcrypto";
meta = with lib; {
description = "simple MTA to deliver mail from a computer to a mail hub";
platforms = platforms.linux;
license = licenses.gpl2;
maintainers = with maintainers; [ basvandijk ];
};
}

69
pkgs/tools/networking/ssmtp/ssmtp_support_AuthPassFile_parameter.patch
Unescape View File

@ -1,69 +0,0 @@
diff -Naurb a/ssmtp.c b/ssmtp.c
--- a/ssmtp.c 2009-11-23 10:55:11.000000000 +0100
+++ b/ssmtp.c 2017-03-25 03:00:26.508283016 +0100
@@ -57,6 +57,7 @@
char arpadate[ARPADATE_LENGTH];
char *auth_user = (char)NULL;
char *auth_pass = (char)NULL;
+char *auth_passfile = (char)NULL;
char *auth_method = (char)NULL; /* Mechanism for SMTP authentication */
char *mail_domain = (char)NULL;
char *from = (char)NULL; /* Use this as the From: address */
@@ -1053,6 +1054,15 @@
log_event(LOG_INFO, "Set AuthPass=\"%s\"\n", auth_pass);
}
}
+ else if(strcasecmp(p, "AuthPassFile") == 0 && !auth_passfile) {
+ if((auth_passfile = strdup(q)) == (char *)NULL) {
+ die("parse_config() -- strdup() failed");
+ }
+
+ if(log_level > 0) {
+ log_event(LOG_INFO, "Set AuthPassFile=\"%s\"\n", auth_passfile);
+ }
+ }
else if(strcasecmp(p, "AuthMethod") == 0 && !auth_method) {
if((auth_method = strdup(q)) == (char *)NULL) {
die("parse_config() -- strdup() failed");
@@ -1415,6 +1425,8 @@
struct passwd *pw;
int i, sock;
uid_t uid;
+ FILE *fp;
+ char pass_buf[BUF_SZ+1];
bool_t minus_v_save, leadingdot, linestart = True;
int timeout = 0;
int bufsize = sizeof(b)-1;
@@ -1433,6 +1445,17 @@
log_event(LOG_INFO, "%s not found", config_file);
}
+ if(auth_passfile != (char *)NULL) {
+ if((fp = fopen(auth_passfile, "r")) == (FILE *)NULL) {
+ die("Could not open the AuthPassFile %s", auth_passfile);
+ }
+ if (fgets(pass_buf, BUF_SZ, fp) == NULL) {
+ die("Error while reading a line from the AuthPassFile %s, or it is empty", auth_passfile);
+ }
+ fclose(fp);
+ auth_pass = strdup(pass_buf);
+ }
+
if((p = strtok(pw->pw_gecos, ";,"))) {
if((gecos = strdup(p)) == (char *)NULL) {
die("ssmtp() -- strdup() failed");
diff -Naurb a/ssmtp.conf.5 b/ssmtp.conf.5
--- a/ssmtp.conf.5 2008-02-29 03:50:15.000000000 +0100
+++ b/ssmtp.conf.5 2017-03-25 01:45:52.890165426 +0100
@@ -61,6 +61,11 @@
.Pp
.It Cm AuthPass
The password to use for SMTP AUTH.
+It is recommended to use AuthPassFile which also takes precedence over AuthPass.
+.Pp
+.It Cm AuthPassFile
+A file that should contain the password to use for SMTP AUTH.
+This takes precedence over AuthPass.
.Pp
.It Cm AuthMethod
The authorization method to use.

1
pkgs/top-level/aliases.nix
Unescape View File

@ -1207,6 +1207,7 @@ mapAliases ({
sqliteInteractive = throw "'sqliteInteractive' has been renamed to/replaced by 'sqlite-interactive'"; # Converted to throw 2022-02-22
squid4 = squid; # added 2019-08-22
sshfsFuse = throw "'sshfsFuse' has been renamed to/replaced by 'sshfs-fuse'"; # Converted to throw 2022-02-22
ssmtp = throw "'ssmtp' has been removed due to the software being unmaintained. 'msmtp' can be used as a replacement"; # Added 2022-04-17
stanchion = throw "Stanchion was part of riak-cs which is not maintained anymore"; # added 2020-10-14
steam-run-native = steam-run; # added 2022-02-21
stumpwm-git = throw "stumpwm-git has been broken for a long time and lispPackages.stumpwm follows Quicklisp that is close to git version"; # Added 2021-05-09

2
pkgs/top-level/all-packages.nix
Unescape View File

@ -10231,8 +10231,6 @@ with pkgs;
sshoogr = callPackage ../tools/networking/sshoogr { };
ssmtp = callPackage ../tools/networking/ssmtp { };
ssocr = callPackage ../applications/misc/ssocr { };
ssss = callPackage ../tools/security/ssss { };

2
pkgs/top-level/release-small.nix
Unescape View File

@ -124,7 +124,7 @@ with import ./release-lib.nix { inherit supportedSystems nixpkgsArgs; };
smartmontools = all;
sqlite = unix; # Cygwin builds fail
squid = linux;
ssmtp = linux;
msmtp = linux;
stdenv = all;
strace = linux;
su = linux;

Write Preview
Loading…
Cancel
Save