Open amaclach opened 3 days ago
Having everything in a .deb would be tricky as there could be issues with CPAN modules in that deb conflicting with system packages, depending on how it was packaged. It would surely be against the debian package style in that case. The way to go could be docker, there is a very old image somewhere but it hasn't been updated for a number of years. It wouldn't be something I could devote enough time to, but would also love to see as it would make installation much easier.
Is there a full list of dependencies for the milter? That way we can favor pre-packaged modules? Are you aware of any apt repositories for perl modules?
CPAN can be a bit hit and miss, and it's super mega slow...
@marcbradshaw
but would also love to see as it would make installation much easier.
fwiw, i build/use the milter on Fedora.
i also had issues with 'simple' install of the milter from CPAN, on Fedora. it would very frequently fail - due to wrong/unavailable packaged perl mods, prereqs etc.
not surprisingly, the milter's not packaged for the distro. to get it officially Fedora-packaged, one'd have to build/package/maintain all the correct/matching versions -- as req'd by the milter build -- of perl prereqs.
i do want a build based on current CPAN release prereqs. but, as i don't want to use docker, my solution is to mock-build my own rpm, with perl in a self-contined, local-lib environment. in effect, perl venv.
i end up with a self-consistent build under a target dir (e.g., /usr/local/fm).
it's not ideal -- do need to fuss a bit to correct perl shebangs/paths. but, it's easily (un)installable as an rpm, & avoids any/all collisions with system perl install.
as for the build, it's fairly straighforward, and easy to apply fixes to.
for example, with these in an rpm spec's system/build prereqs -- all of which ARE pkg'd @ distro,
BuildRequires: curl
BuildRequires: findutils
BuildRequires: gcc
BuildRequires: make
BuildRequires: pcre2-devel
BuildRequires: perl(local::lib)
BuildRequires: perl(App::cpanminus)
BuildRequires: perl(deprecate)
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(File::Copy)
BuildRequires: perl(Test::More)
BuildRequires: perl(Test::NoWarnings)
BuildRequires: pkgconf
BuildRequires: pkgconfig(libidn2)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libzstd)
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(sqlite3) sqlite
BuildRequires: pkgconfig(zlib)
BuildRequires: systemd
BuildRequires: systemd-rpm-macros
%{?systemd_requires}
Requires: findutils
Requires: logrotate
Requires: perl(local::lib)
Requires: rsyslog
config'ing perl cpanm opt env,
_opts=""
_opts+=" --verify"
_opts+=" --no-prompt"
_opts+=" --notest"
_opts+=" --no-sudo"
_opts+=" --no-interactive"
_opts+=" --with-recommends"
_opts+=" --with-suggests"
_opts+=" --local-lib %{_fmam_local_lib}"
_opts+=" --self-contained"
_opts+=" --from https://www.cpan.org/"
export PERL_CPANM_OPT="${_opts}"
export PERL_CPANM_HOME="%{_build_work_dir}/.cpanm"
then using the local lib env
cd %{_fmam_local_lib}
eval $(perl -Mlocal::lib=./)
the build's 'simple', grabbing current/available cpanm source,
1st, grabbing ModInfo ...
cpanm --quiet Module::Info
applying FIXES (atm, Net::IDN from CPAN is still broken, requiring a patch.) !! BUG: https://github.com/fastmail/authentication_milter/issues/149 )
# Net::IDN::Encode @F40
#
_mod="Net::IDN::Encode"
pushd .
rm -rf ./tmpdir
mkdir -p ./tmpdir
cd ./tmpdir
_mod_info=$( cpanm --info ${_mod} )
_mod_vers=$( echo ${_mod_info} | sed 's|.*/||g' | sed 's|\.tar\.gz||g' )
curl -O https://cpan.metacpan.org/authors/id/${_mod_info:0:1}/${_mod_info:0:2}/${_mod_info}
tar zxvf ${_mod_vers}.tar.gz
cd ${_mod_vers}
export PERL_MM_USE_DEFAULT=1
curl -o _this.patch \
https://src.fedoraproject.org/rpms/perl-Net-IDN-Encode/raw/rawhide/f/Net-IDN-Encode-2.500-use_uvchr_to_utf8_flags_instead_of_uvuni_to_utf8_flags.patch
patch --quiet -p1 -i _this.patch
perl Build.PL
./Build --quiet installdeps --cpan_client 'cpanm --quiet'
./Build --quiet
./Build --quiet install
popd
rm -rf ./tmpdir
install all required module prereqs,
cpanm --quiet --installdeps Mail::Milter::Authentication
then the module itself
cpanm --quiet Mail::Milter::Authentication
after rpm install, in my env, i end up with,
`tree /usr/local/fm`
@ --> https://pastebin.com/raw/m9u1X7x4
that runs, here, started with systemd
ExecStart=/usr/bin/perl -I/usr/local/fm/lib/perl5 /usr/local/fm/bin/authentication_milter --control start --prefix=/usr/local/etc/fm --pidfile=/run/fm/fm.pid --ident mx
processing inbound mail as usual; e.g., in headers,
...
Authentication-Results: auth-milter.mx.example.com;
arc=none (no signatures found);
dkim=pass (1024-bit rsa key sha256) header.d=example.net
header.i=@example.net header.b=T7hZiw+N header.a=rsa-sha256
header.s=example.net;
dmarc=pass policy.published-domain-policy=reject
policy.applied-disposition=none policy.evaluated-disposition=none
(p=reject,d=none,d.eval=none) policy.policy-from=p
header.from=example.net;
iprev=pass smtp.remote-ip=139.xx.xx.xx (esa.xx.iphmx.com);
spf=pass smtp.mailfrom=donotreply2@example.net
smtp.helo=esa.xx.iphmx.com;
x-ptr=pass smtp.helo=esa.xx.iphmx.com
policy.ptr=esa.xx.iphmx.com;
x-return-mx=pass header.domain=example.net policy.is_org=yes
(MX Records found: mx1.xx.iphmx.com,mx2.xx.iphmx.com);
x-return-mx=pass smtp.domain=example.net policy.is_org=yes
(MX Records found: mx2.xx.iphmx.com,mx1.xx.iphmx.com);
x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES128-GCM-SHA256
smtp.bits=128/128
again, it scratches my itch, and would have to be adjusted to your build/runtime env.
i'd much prefer to see this officially distro-packaged, but doubt that can happen @ Fedora, given packaging guidelines.
CPAN's the best best, imo. but mixing local and distro CPAN mods leads to fail.
when done in the 'venv' as above, it works. here, anyway.
I haven't tried any other distros but I'm really having issues with dependencies. Some I can get from CPAN, some I have to get as packages from the distro, and one or two I just can't get to install at all (fail on CPAN, not available from the distro) What would be great would be for a package containing all the dependencies in a .deb package. I really want to be able to get this to work....