Merge pull request #167051 from pacien/ssmtp-removal
ssmtp: drop unmaintained program and modulemain
commit
69c18b0eab
@ -1,190 +0,0 @@ |
||||
# Configuration for `ssmtp', a trivial mail transfer agent that can |
||||
# replace sendmail/postfix on simple systems. It delivers email |
||||
# directly to an SMTP server defined in its configuration file, without |
||||
# queueing mail locally. |
||||
|
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.ssmtp; |
||||
|
||||
in |
||||
{ |
||||
|
||||
imports = [ |
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "directDelivery" ] [ "services" "ssmtp" "enable" ]) |
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "hostName" ] [ "services" "ssmtp" "hostName" ]) |
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "domain" ] [ "services" "ssmtp" "domain" ]) |
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "root" ] [ "services" "ssmtp" "root" ]) |
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ]) |
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ]) |
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ]) |
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ]) |
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ]) |
||||
|
||||
(mkRemovedOptionModule [ "networking" "defaultMailServer" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path") |
||||
(mkRemovedOptionModule [ "services" "ssmtp" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path") |
||||
]; |
||||
|
||||
options = { |
||||
|
||||
services.ssmtp = { |
||||
|
||||
enable = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = '' |
||||
Use the trivial Mail Transfer Agent (MTA) |
||||
<command>ssmtp</command> package to allow programs to send |
||||
e-mail. If you don't want to run a “real” MTA like |
||||
<command>sendmail</command> or <command>postfix</command> on |
||||
your machine, set this option to <literal>true</literal>, and |
||||
set the option |
||||
<option>services.ssmtp.hostName</option> to the |
||||
host name of your preferred mail server. |
||||
''; |
||||
}; |
||||
|
||||
settings = mkOption { |
||||
type = with types; attrsOf (oneOf [ bool str ]); |
||||
default = {}; |
||||
description = '' |
||||
<citerefentry><refentrytitle>ssmtp</refentrytitle><manvolnum>5</manvolnum></citerefentry> configuration. Refer |
||||
to <link xlink:href="https://linux.die.net/man/5/ssmtp.conf"/> for details on supported values. |
||||
''; |
||||
example = literalExpression '' |
||||
{ |
||||
Debug = true; |
||||
FromLineOverride = false; |
||||
} |
||||
''; |
||||
}; |
||||
|
||||
hostName = mkOption { |
||||
type = types.str; |
||||
example = "mail.example.org"; |
||||
description = '' |
||||
The host name of the default mail server to use to deliver |
||||
e-mail. Can also contain a port number (ex: mail.example.org:587), |
||||
defaults to port 25 if no port is given. |
||||
''; |
||||
}; |
||||
|
||||
root = mkOption { |
||||
type = types.str; |
||||
default = ""; |
||||
example = "root@example.org"; |
||||
description = '' |
||||
The e-mail to which mail for users with UID < 1000 is forwarded. |
||||
''; |
||||
}; |
||||
|
||||
domain = mkOption { |
||||
type = types.str; |
||||
default = ""; |
||||
example = "example.org"; |
||||
description = '' |
||||
The domain from which mail will appear to be sent. |
||||
''; |
||||
}; |
||||
|
||||
useTLS = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = '' |
||||
Whether TLS should be used to connect to the default mail |
||||
server. |
||||
''; |
||||
}; |
||||
|
||||
useSTARTTLS = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = '' |
||||
Whether the STARTTLS should be used to connect to the default |
||||
mail server. (This is needed for TLS-capable mail servers |
||||
running on the default SMTP port 25.) |
||||
''; |
||||
}; |
||||
|
||||
authUser = mkOption { |
||||
type = types.str; |
||||
default = ""; |
||||
example = "foo@example.org"; |
||||
description = '' |
||||
Username used for SMTP auth. Leave blank to disable. |
||||
''; |
||||
}; |
||||
|
||||
authPassFile = mkOption { |
||||
type = types.nullOr types.str; |
||||
default = null; |
||||
example = "/run/keys/ssmtp-authpass"; |
||||
description = '' |
||||
Path to a file that contains the password used for SMTP auth. The file |
||||
should not contain a trailing newline, if the password does not contain one |
||||
(e.g. use <command>echo -n "password" > file</command>). |
||||
This file should be readable by the users that need to execute ssmtp. |
||||
''; |
||||
}; |
||||
|
||||
setSendmail = mkOption { |
||||
type = types.bool; |
||||
default = true; |
||||
description = "Whether to set the system sendmail to ssmtp's."; |
||||
}; |
||||
|
||||
}; |
||||
|
||||
}; |
||||
|
||||
|
||||
config = mkIf cfg.enable { |
||||
|
||||
assertions = [ |
||||
{ |
||||
assertion = cfg.useSTARTTLS -> cfg.useTLS; |
||||
message = "services.ssmtp.useSTARTTLS has no effect without services.ssmtp.useTLS"; |
||||
} |
||||
]; |
||||
|
||||
services.ssmtp.settings = mkMerge [ |
||||
({ |
||||
MailHub = cfg.hostName; |
||||
FromLineOverride = mkDefault true; |
||||
UseTLS = cfg.useTLS; |
||||
UseSTARTTLS = cfg.useSTARTTLS; |
||||
}) |
||||
(mkIf (cfg.root != "") { root = cfg.root; }) |
||||
(mkIf (cfg.domain != "") { rewriteDomain = cfg.domain; }) |
||||
(mkIf (cfg.authUser != "") { AuthUser = cfg.authUser; }) |
||||
(mkIf (cfg.authPassFile != null) { AuthPassFile = cfg.authPassFile; }) |
||||
]; |
||||
|
||||
# careful here: ssmtp REQUIRES all config lines to end with a newline char! |
||||
environment.etc."ssmtp/ssmtp.conf".text = with generators; toKeyValue { |
||||
mkKeyValue = mkKeyValueDefault { |
||||
mkValueString = value: |
||||
if value == true then "YES" |
||||
else if value == false then "NO" |
||||
else mkValueStringDefault {} value |
||||
; |
||||
} "="; |
||||
} cfg.settings; |
||||
|
||||
environment.systemPackages = [pkgs.ssmtp]; |
||||
|
||||
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail { |
||||
program = "sendmail"; |
||||
source = "${pkgs.ssmtp}/bin/sendmail"; |
||||
setuid = false; |
||||
setgid = false; |
||||
owner = "root"; |
||||
group = "root"; |
||||
}; |
||||
|
||||
}; |
||||
|
||||
} |
@ -1,45 +0,0 @@ |
||||
{ lib, stdenv, fetchurl, tlsSupport ? true, openssl }: |
||||
|
||||
stdenv.mkDerivation rec { |
||||
pname = "ssmtp"; |
||||
version = "2.64"; |
||||
|
||||
src = fetchurl { |
||||
url = "mirror://debian/pool/main/s/ssmtp/ssmtp_${version}.orig.tar.bz2"; |
||||
sha256 = "0dps8s87ag4g3jr6dk88hs9zl46h3790marc5c2qw7l71k4pvhr2"; |
||||
}; |
||||
|
||||
# A request has been made to merge this patch into ssmtp. |
||||
# See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858781 |
||||
patches = [ ./ssmtp_support_AuthPassFile_parameter.patch ]; |
||||
|
||||
configureFlags = [ |
||||
"--sysconfdir=/etc" |
||||
(lib.enableFeature tlsSupport "ssl") |
||||
]; |
||||
|
||||
postConfigure = '' |
||||
# Don't run the script that interactively generates a config file. |
||||
# Also don't install the broken, cyclic symlink /lib/sendmail. |
||||
sed -e '/INSTALLED_CONFIGURATION_FILE/d' \ |
||||
-e 's|/lib/sendmail|$(TMPDIR)/sendmail|' \ |
||||
-i Makefile |
||||
substituteInPlace Makefile \ |
||||
--replace '$(INSTALL) -s' '$(INSTALL) -s --strip-program $(STRIP)' |
||||
''; |
||||
|
||||
installFlags = [ "etcdir=$(out)/etc" ]; |
||||
|
||||
installTargets = [ "install" "install-sendmail" ]; |
||||
|
||||
buildInputs = lib.optional tlsSupport openssl; |
||||
|
||||
NIX_LDFLAGS = lib.optionalString tlsSupport "-lcrypto"; |
||||
|
||||
meta = with lib; { |
||||
description = "simple MTA to deliver mail from a computer to a mail hub"; |
||||
platforms = platforms.linux; |
||||
license = licenses.gpl2; |
||||
maintainers = with maintainers; [ basvandijk ]; |
||||
}; |
||||
} |
@ -1,69 +0,0 @@ |
||||
diff -Naurb a/ssmtp.c b/ssmtp.c
|
||||
--- a/ssmtp.c 2009-11-23 10:55:11.000000000 +0100
|
||||
+++ b/ssmtp.c 2017-03-25 03:00:26.508283016 +0100
|
||||
@@ -57,6 +57,7 @@
|
||||
char arpadate[ARPADATE_LENGTH];
|
||||
char *auth_user = (char)NULL;
|
||||
char *auth_pass = (char)NULL;
|
||||
+char *auth_passfile = (char)NULL;
|
||||
char *auth_method = (char)NULL; /* Mechanism for SMTP authentication */
|
||||
char *mail_domain = (char)NULL;
|
||||
char *from = (char)NULL; /* Use this as the From: address */
|
||||
@@ -1053,6 +1054,15 @@
|
||||
log_event(LOG_INFO, "Set AuthPass=\"%s\"\n", auth_pass);
|
||||
}
|
||||
}
|
||||
+ else if(strcasecmp(p, "AuthPassFile") == 0 && !auth_passfile) {
|
||||
+ if((auth_passfile = strdup(q)) == (char *)NULL) {
|
||||
+ die("parse_config() -- strdup() failed");
|
||||
+ }
|
||||
+
|
||||
+ if(log_level > 0) {
|
||||
+ log_event(LOG_INFO, "Set AuthPassFile=\"%s\"\n", auth_passfile);
|
||||
+ }
|
||||
+ }
|
||||
else if(strcasecmp(p, "AuthMethod") == 0 && !auth_method) {
|
||||
if((auth_method = strdup(q)) == (char *)NULL) {
|
||||
die("parse_config() -- strdup() failed");
|
||||
@@ -1415,6 +1425,8 @@
|
||||
struct passwd *pw;
|
||||
int i, sock;
|
||||
uid_t uid;
|
||||
+ FILE *fp;
|
||||
+ char pass_buf[BUF_SZ+1];
|
||||
bool_t minus_v_save, leadingdot, linestart = True;
|
||||
int timeout = 0;
|
||||
int bufsize = sizeof(b)-1;
|
||||
@@ -1433,6 +1445,17 @@
|
||||
log_event(LOG_INFO, "%s not found", config_file);
|
||||
}
|
||||
|
||||
+ if(auth_passfile != (char *)NULL) {
|
||||
+ if((fp = fopen(auth_passfile, "r")) == (FILE *)NULL) {
|
||||
+ die("Could not open the AuthPassFile %s", auth_passfile);
|
||||
+ }
|
||||
+ if (fgets(pass_buf, BUF_SZ, fp) == NULL) {
|
||||
+ die("Error while reading a line from the AuthPassFile %s, or it is empty", auth_passfile);
|
||||
+ }
|
||||
+ fclose(fp);
|
||||
+ auth_pass = strdup(pass_buf);
|
||||
+ }
|
||||
+
|
||||
if((p = strtok(pw->pw_gecos, ";,"))) {
|
||||
if((gecos = strdup(p)) == (char *)NULL) {
|
||||
die("ssmtp() -- strdup() failed");
|
||||
diff -Naurb a/ssmtp.conf.5 b/ssmtp.conf.5
|
||||
--- a/ssmtp.conf.5 2008-02-29 03:50:15.000000000 +0100
|
||||
+++ b/ssmtp.conf.5 2017-03-25 01:45:52.890165426 +0100
|
||||
@@ -61,6 +61,11 @@
|
||||
.Pp
|
||||
.It Cm AuthPass
|
||||
The password to use for SMTP AUTH.
|
||||
+It is recommended to use AuthPassFile which also takes precedence over AuthPass.
|
||||
+.Pp
|
||||
+.It Cm AuthPassFile
|
||||
+A file that should contain the password to use for SMTP AUTH.
|
||||
+This takes precedence over AuthPass.
|
||||
.Pp
|
||||
.It Cm AuthMethod
|
||||
The authorization method to use.
|
Loading…
Reference in new issue