[Solved] How to run OpenSMTPD >=6.4.0 and LibreSSL

ua4000 · 2019-03-15 18:14:16

I'm using OpenSMTPD and dovecot as a small email server.

In the wiki I found this helpful hint:
Note: Starting with version 6.4.0 OpenSMTPD depends on LibreSSL. Since libresslAUR is not supported by Arch Linux, the opensmtpd package is stuck in version 6.0.3p1 indefinitely.

The question is: What are my options to continue use of OpenSMTPD, latest version with LibreSSL on ArchLinux ?

Thanks for all ideas.

Last edited by ua4000 (2019-03-16 19:07:12)

loqs · 2019-03-15 18:18:55

Create a libressl package that installs into its own libdir see https://git.archlinux.org/svntogit/pack … penssl-1.0 then adjust the opensmtpd PKGBUILD to use that include and lib dir.

Mr.Elendig · 2019-03-16 07:59:38

Or use a container.

Last edited by Mr.Elendig (2019-03-16 07:59:57)

ua4000 · 2019-03-16 10:43:43

Thanks very much loqs.
I'm familiar with building packages from AUR, so this seems to be a good solution for me.

Based on the current opensmtpd PKGBUILD I would make a new one, e.g. opensmtpd-libressl, modify the package version to latest, update some dirs to make usage of libressl.
Then I make another PKGBUILD for libressl with it's own libdir, so it won't conflict with openssl during install.

loqs · 2019-03-16 12:46:42

Very rough PKGBUILDS that builds opensptpd successfully only build tested.

# Maintainer: Lukas Fleischer <lfleischer@archlinux.org>
# Contributor: Sébastien Luttringer
# Contributor: parchd <parchd@archlinux.info>

pkgname=opensmtpd
pkgver=6.4.1p2
pkgrel=1
pkgdesc='Free implementation of the server-side SMTP protocol'
arch=('x86_64')
url='https://www.opensmtpd.org/'
license=('custom')
depends=('libasr' 'libevent' 'libressl' 'pam')
provides=('smtp-server' 'smtp-forwarder')
conflicts=('smtp-server' 'smtp-forwarder')
backup=('etc/smtpd/smtpd.conf' 'etc/smtpd/aliases')
options=('emptydirs')
source=("https://www.opensmtpd.org/archives/$pkgname-$pkgver.tar.gz"
        'opensmtpd.sysusers'
        'smtpd.service'
        'smtpd.socket'
        'fix-crash-on-authentication.patch')
sha256sums=('b69b84934bcc4893ca334504411cd47f86ea04ac5e971a5746d44c473ac5f732'
            'b38b64f1457b7227d55585edc711cce525e089516d16b093e6c44387380e6b13'
            'abf5baeb2a87c60d668ad18ea41cc08cab7a4f76339dd6df05de15cdaadaf922'
            '32d46de5562d01de445d04c93bcc9f94bf103539b676e449c32e3603a3866cf8'
            '0f4a8729bb46413d3b4a043ef41ed4949ff8e35d22c293c4b9fde10f9d44ba41')

prepare() {
  sed -ri 's,/etc/mail,/etc/smtpd,g' "$pkgname-$pkgver/smtpd/smtpd.conf"
  cd $pkgname-$pkgver
#  patch -p1 -i ../fix-crash-on-authentication.patch
}

build() {
  cd "$pkgname-$pkgver"

  ./configure \
    --prefix=/usr \
    --sysconfdir=/etc/smtpd \
    --sbindir=/usr/bin \
    --libexecdir=/usr/lib/smtpd \
    --with-path-mbox=/var/spool/mail \
    --with-path-empty=/var/empty \
    --with-path-socket=/run \
    --with-path-CAfile=/etc/ssl/certs/ca-certificates.crt \
    --with-user-smtpd=smtpd \
    --with-user-queue=smtpq \
    --with-group-queue=smtpq \
    --with-auth-pam \
    --with-libssl='/usr/lib/libressl' \
    --with-cflags='-I/usr/include/libressl'

  make
}

package() {
  cd "$pkgname-$pkgver"

  make DESTDIR="$pkgdir/" install

  ln -s /usr/bin/smtpctl "$pkgdir/usr/bin/sendmail"
  ln -s /usr/bin/smtpctl "$pkgdir/usr/bin/mailq"
  ln -s /usr/bin/smtpctl "$pkgdir/usr/bin/newaliases"
  ln -s /usr/bin/smtpctl "$pkgdir/usr/bin/makemap"

  # install license, systemd unit files, sysusers
  install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
  install -Dm644 "$srcdir/smtpd.service" "$pkgdir/usr/lib/systemd/system/smtpd.service"
  install -Dm644 "$srcdir/smtpd.socket" "$pkgdir/usr/lib/systemd/system/smtpd.socket"
  install -Dm644 "$srcdir/opensmtpd.sysusers" "$pkgdir/usr/lib/sysusers.d/opensmtpd.conf"

  # install an empty aliases file (used by the default config)
  install -Dm644 /dev/null "$pkgdir/etc/smtpd/aliases"
}

# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor: Reventlov <contact@volcanis.me>
# Contributor: kpcyrd <git@rxv.cc>
# Your system will break if you install this. For breaking purposes only

pkgname=libressl
pkgver=2.9.0
pkgrel=1
pkgdesc='FREE version of the SSL/TLS protocol forked from OpenSSL - EXPRIMENTAL ONLY'
url='http://www.libressl.org/'
arch=('x86_64')
license=('custom:OpenSSL')
depends=('glibc')
optdepends=('ca-certificates')
#backup=('etc/ssl/openssl.cnf')
source=(https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${pkgname}-${pkgver}.tar.gz{,.asc}
        libressl-dummy-rand-egd.patch)
sha512sums=('db7fec664bef8d76204ca691c11df236abce3c85b2a51011eec5bd302e273b62fa3cfce0430980915c3f3ce34176d5ef9c187902f0b39d7fc151e69e552b499c'
            'SKIP'
            '73ca8a924a23f874287503453d939ecffa40f05760cd539b4773f3f28687ee1f2fa463ca3f2cad4ac5f57a49f3b6a918c015c8829112c61cb3ea7b798c0d110b')
validpgpkeys=('A1EB079B8D3EB92B4EBD3139663AF51BD5E4D8D5') # Brent Cook <bcook@openbsd.org>

prepare() {
  cd ${pkgname}-${pkgver}
  # Dummy RAND_egd() function - Can help to compile some stuff
  # https://blog.hboeck.de/archives/851-LibreSSL-on-Gentoo.html
  patch -p1 < "${srcdir}/libressl-dummy-rand-egd.patch"
  # fix manpage symlink locations
#  sed -ri 's|(ln -sf )(.+) (.+)|\1\2.gz \3.gz|g' man/Makefile.in
  sed -i 's|SUBDIRS = crypto ssl tls include apps tests man|SUBDIRS = crypto ssl tls include apps tests|' Makefile.in
}

build() {
  cd ${pkgname}-${pkgver}
  ./configure --prefix=/usr --with-openssldir=/etc/ssl --libdir=/usr/lib/libressl --includedir=/usr/include/libressl
  make
}

check() {
  cd ${pkgname}-${pkgver}
  make check
}

package() {
  cd ${pkgname}-${pkgver}
  make DESTDIR="${pkgdir}" install
  install -Dm 644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
  rm -rf "$pkgdir"/{etc,usr/{bin,share/man}}
#  rm "${pkgdir}/etc/ssl/cert.pem"
  mv "$pkgdir/usr/lib/libressl/libssl.so.47.0.1" "$pkgdir/usr/lib/"
  mv "$pkgdir/usr/lib/libressl/libcrypto.so.45.0.1" "$pkgdir/usr/lib/"
  mv "$pkgdir/usr/lib/libressl/libtls.so.19.0.2" "$pkgdir/usr/lib/"
  ln -sf ../libssl.so.47.0.1 "$pkgdir/usr/lib/libressl/libssl.so"
  ln -sf ../libcrypto.so.45.0.1 "$pkgdir/usr/lib/libressl/libcrypto.so"
  ln -sf ../libcrypto.so.19.0.2 "$pkgdir/usr/lib/libressl/libtls.so"
}

# vim: ts=2 sw=2 et:

ua4000 · 2019-03-16 19:06:51

Thank you very much for your help loqs!!!

Building and installing the 2 packages was an easy part now :-)

$ smtpd -h
version: OpenSMTPD 6.4.1p2
usage: smtpd [-dFhnv] [-D macro=value] [-f file] [-P system] [-T trace]

Seems I have now some time leftover for getting used to the new OpenSMTPD config syntax :-)

$ sudo smtpd -n
/etc/smtpd/smtpd.conf:6: syntax error
/etc/smtpd/smtpd.conf:11: syntax error
/etc/smtpd/smtpd.conf:15: syntax error
/etc/smtpd/smtpd.conf:20: syntax error
/etc/smtpd/smtpd.conf:23: syntax error
warn: no rules, nothing to do

Thanks again!

Arch Linux

#1 2019-03-15 18:14:16

[Solved] How to run OpenSMTPD >=6.4.0 and LibreSSL

#2 2019-03-15 18:18:55

Re: [Solved] How to run OpenSMTPD >=6.4.0 and LibreSSL

#3 2019-03-16 07:59:38

Re: [Solved] How to run OpenSMTPD >=6.4.0 and LibreSSL

#4 2019-03-16 10:43:43

Re: [Solved] How to run OpenSMTPD >=6.4.0 and LibreSSL

#5 2019-03-16 12:46:42

Re: [Solved] How to run OpenSMTPD >=6.4.0 and LibreSSL

#6 2019-03-16 19:06:51

Re: [Solved] How to run OpenSMTPD >=6.4.0 and LibreSSL

Board footer