Merge pull request #167051 from pacien/ssmtp-removal
ssmtp: drop unmaintained program and module
This commit is contained in:
commit
69c18b0eab
12 changed files with 87 additions and 312 deletions
|
@ -462,6 +462,44 @@
|
|||
kernel messages is handled by systemd since Linux 3.5.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>pkgs.ssmtp</literal> has been dropped due to the
|
||||
program being unmaintained. <literal>pkgs.msmtp</literal> can
|
||||
be used instead as a substitute <literal>sendmail</literal>
|
||||
implementation. The corresponding options
|
||||
<literal>services.ssmtp.*</literal> have been removed as well.
|
||||
<literal>programs.msmtp.*</literal> can be used instead for an
|
||||
equivalent setup. For example:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{
|
||||
# Original ssmtp configuration:
|
||||
services.ssmtp = {
|
||||
enable = true;
|
||||
useTLS = true;
|
||||
useSTARTTLS = true;
|
||||
hostName = "smtp.example:587";
|
||||
authUser = "someone";
|
||||
authPassFile = "/secrets/password.txt";
|
||||
};
|
||||
|
||||
# Equivalent msmtp configuration:
|
||||
programs.msmtp = {
|
||||
enable = true;
|
||||
accounts.default = {
|
||||
tls = true;
|
||||
tls_starttls = true;
|
||||
auth = true;
|
||||
host = "smtp.example";
|
||||
port = 587;
|
||||
user = "someone";
|
||||
passwordeval = "cat /secrets/password.txt";
|
||||
};
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.kubernetes.addons.dashboard</literal> was
|
||||
|
|
|
@ -150,6 +150,39 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
- `security.klogd` was removed. Logging of kernel messages is handled
|
||||
by systemd since Linux 3.5.
|
||||
|
||||
- `pkgs.ssmtp` has been dropped due to the program being unmaintained.
|
||||
`pkgs.msmtp` can be used instead as a substitute `sendmail` implementation.
|
||||
The corresponding options `services.ssmtp.*` have been removed as well.
|
||||
`programs.msmtp.*` can be used instead for an equivalent setup. For example:
|
||||
|
||||
```nix
|
||||
{
|
||||
# Original ssmtp configuration:
|
||||
services.ssmtp = {
|
||||
enable = true;
|
||||
useTLS = true;
|
||||
useSTARTTLS = true;
|
||||
hostName = "smtp.example:587";
|
||||
authUser = "someone";
|
||||
authPassFile = "/secrets/password.txt";
|
||||
};
|
||||
|
||||
# Equivalent msmtp configuration:
|
||||
programs.msmtp = {
|
||||
enable = true;
|
||||
accounts.default = {
|
||||
tls = true;
|
||||
tls_starttls = true;
|
||||
auth = true;
|
||||
host = "smtp.example";
|
||||
port = 587;
|
||||
user = "someone";
|
||||
passwordeval = "cat /secrets/password.txt";
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
|
||||
|
||||
- `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading.
|
||||
|
|
|
@ -205,7 +205,6 @@
|
|||
./programs/spacefm.nix
|
||||
./programs/singularity.nix
|
||||
./programs/ssh.nix
|
||||
./programs/ssmtp.nix
|
||||
./programs/sysdig.nix
|
||||
./programs/systemtap.nix
|
||||
./programs/starship.nix
|
||||
|
|
|
@ -1,190 +0,0 @@
|
|||
# Configuration for `ssmtp', a trivial mail transfer agent that can
|
||||
# replace sendmail/postfix on simple systems. It delivers email
|
||||
# directly to an SMTP server defined in its configuration file, without
|
||||
# queueing mail locally.
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.ssmtp;
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "directDelivery" ] [ "services" "ssmtp" "enable" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "hostName" ] [ "services" "ssmtp" "hostName" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "domain" ] [ "services" "ssmtp" "domain" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "root" ] [ "services" "ssmtp" "root" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
|
||||
(mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
|
||||
|
||||
(mkRemovedOptionModule [ "networking" "defaultMailServer" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
|
||||
(mkRemovedOptionModule [ "services" "ssmtp" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
|
||||
];
|
||||
|
||||
options = {
|
||||
|
||||
services.ssmtp = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Use the trivial Mail Transfer Agent (MTA)
|
||||
<command>ssmtp</command> package to allow programs to send
|
||||
e-mail. If you don't want to run a “real” MTA like
|
||||
<command>sendmail</command> or <command>postfix</command> on
|
||||
your machine, set this option to <literal>true</literal>, and
|
||||
set the option
|
||||
<option>services.ssmtp.hostName</option> to the
|
||||
host name of your preferred mail server.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = with types; attrsOf (oneOf [ bool str ]);
|
||||
default = {};
|
||||
description = ''
|
||||
<citerefentry><refentrytitle>ssmtp</refentrytitle><manvolnum>5</manvolnum></citerefentry> configuration. Refer
|
||||
to <link xlink:href="https://linux.die.net/man/5/ssmtp.conf"/> for details on supported values.
|
||||
'';
|
||||
example = literalExpression ''
|
||||
{
|
||||
Debug = true;
|
||||
FromLineOverride = false;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
example = "mail.example.org";
|
||||
description = ''
|
||||
The host name of the default mail server to use to deliver
|
||||
e-mail. Can also contain a port number (ex: mail.example.org:587),
|
||||
defaults to port 25 if no port is given.
|
||||
'';
|
||||
};
|
||||
|
||||
root = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "root@example.org";
|
||||
description = ''
|
||||
The e-mail to which mail for users with UID < 1000 is forwarded.
|
||||
'';
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "example.org";
|
||||
description = ''
|
||||
The domain from which mail will appear to be sent.
|
||||
'';
|
||||
};
|
||||
|
||||
useTLS = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether TLS should be used to connect to the default mail
|
||||
server.
|
||||
'';
|
||||
};
|
||||
|
||||
useSTARTTLS = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether the STARTTLS should be used to connect to the default
|
||||
mail server. (This is needed for TLS-capable mail servers
|
||||
running on the default SMTP port 25.)
|
||||
'';
|
||||
};
|
||||
|
||||
authUser = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "foo@example.org";
|
||||
description = ''
|
||||
Username used for SMTP auth. Leave blank to disable.
|
||||
'';
|
||||
};
|
||||
|
||||
authPassFile = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/run/keys/ssmtp-authpass";
|
||||
description = ''
|
||||
Path to a file that contains the password used for SMTP auth. The file
|
||||
should not contain a trailing newline, if the password does not contain one
|
||||
(e.g. use <command>echo -n "password" > file</command>).
|
||||
This file should be readable by the users that need to execute ssmtp.
|
||||
'';
|
||||
};
|
||||
|
||||
setSendmail = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to set the system sendmail to ssmtp's.";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.useSTARTTLS -> cfg.useTLS;
|
||||
message = "services.ssmtp.useSTARTTLS has no effect without services.ssmtp.useTLS";
|
||||
}
|
||||
];
|
||||
|
||||
services.ssmtp.settings = mkMerge [
|
||||
({
|
||||
MailHub = cfg.hostName;
|
||||
FromLineOverride = mkDefault true;
|
||||
UseTLS = cfg.useTLS;
|
||||
UseSTARTTLS = cfg.useSTARTTLS;
|
||||
})
|
||||
(mkIf (cfg.root != "") { root = cfg.root; })
|
||||
(mkIf (cfg.domain != "") { rewriteDomain = cfg.domain; })
|
||||
(mkIf (cfg.authUser != "") { AuthUser = cfg.authUser; })
|
||||
(mkIf (cfg.authPassFile != null) { AuthPassFile = cfg.authPassFile; })
|
||||
];
|
||||
|
||||
# careful here: ssmtp REQUIRES all config lines to end with a newline char!
|
||||
environment.etc."ssmtp/ssmtp.conf".text = with generators; toKeyValue {
|
||||
mkKeyValue = mkKeyValueDefault {
|
||||
mkValueString = value:
|
||||
if value == true then "YES"
|
||||
else if value == false then "NO"
|
||||
else mkValueStringDefault {} value
|
||||
;
|
||||
} "=";
|
||||
} cfg.settings;
|
||||
|
||||
environment.systemPackages = [pkgs.ssmtp];
|
||||
|
||||
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail {
|
||||
program = "sendmail";
|
||||
source = "${pkgs.ssmtp}/bin/sendmail";
|
||||
setuid = false;
|
||||
setgid = false;
|
||||
owner = "root";
|
||||
group = "root";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -69,6 +69,11 @@ with lib;
|
|||
'')
|
||||
(mkRemovedOptionModule [ "services" "quagga" ] "the corresponding package has been removed from nixpkgs")
|
||||
(mkRemovedOptionModule [ "services" "seeks" ] "")
|
||||
(mkRemovedOptionModule [ "services" "ssmtp" ] ''
|
||||
The ssmtp package and the corresponding module have been removed due to
|
||||
the program being unmaintained. The options `programs.msmtp.*` can be
|
||||
used instead.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")
|
||||
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
|
||||
|
|
|
@ -102,8 +102,8 @@ in
|
|||
|
||||
plugins = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = with pkgs; [ monitoring-plugins ssmtp mailutils ];
|
||||
defaultText = literalExpression "[pkgs.monitoring-plugins pkgs.ssmtp pkgs.mailutils]";
|
||||
default = with pkgs; [ monitoring-plugins msmtp mailutils ];
|
||||
defaultText = literalExpression "[pkgs.monitoring-plugins pkgs.msmtp pkgs.mailutils]";
|
||||
description = "
|
||||
Packages to be added to the Nagios <envar>PATH</envar>.
|
||||
Typically used to add plugins, but can be anything.
|
||||
|
|
|
@ -9,8 +9,13 @@ import ./make-test-python.nix ({ lib, ... }:
|
|||
{
|
||||
services.mailcatcher.enable = true;
|
||||
|
||||
services.ssmtp.enable = true;
|
||||
services.ssmtp.hostName = "localhost:1025";
|
||||
programs.msmtp = {
|
||||
enable = true;
|
||||
accounts.default = {
|
||||
host = "localhost";
|
||||
port = 1025;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.mailutils ];
|
||||
};
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
{ lib, stdenv, fetchurl, tlsSupport ? true, openssl }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ssmtp";
|
||||
version = "2.64";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://debian/pool/main/s/ssmtp/ssmtp_${version}.orig.tar.bz2";
|
||||
sha256 = "0dps8s87ag4g3jr6dk88hs9zl46h3790marc5c2qw7l71k4pvhr2";
|
||||
};
|
||||
|
||||
# A request has been made to merge this patch into ssmtp.
|
||||
# See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858781
|
||||
patches = [ ./ssmtp_support_AuthPassFile_parameter.patch ];
|
||||
|
||||
configureFlags = [
|
||||
"--sysconfdir=/etc"
|
||||
(lib.enableFeature tlsSupport "ssl")
|
||||
];
|
||||
|
||||
postConfigure = ''
|
||||
# Don't run the script that interactively generates a config file.
|
||||
# Also don't install the broken, cyclic symlink /lib/sendmail.
|
||||
sed -e '/INSTALLED_CONFIGURATION_FILE/d' \
|
||||
-e 's|/lib/sendmail|$(TMPDIR)/sendmail|' \
|
||||
-i Makefile
|
||||
substituteInPlace Makefile \
|
||||
--replace '$(INSTALL) -s' '$(INSTALL) -s --strip-program $(STRIP)'
|
||||
'';
|
||||
|
||||
installFlags = [ "etcdir=$(out)/etc" ];
|
||||
|
||||
installTargets = [ "install" "install-sendmail" ];
|
||||
|
||||
buildInputs = lib.optional tlsSupport openssl;
|
||||
|
||||
NIX_LDFLAGS = lib.optionalString tlsSupport "-lcrypto";
|
||||
|
||||
meta = with lib; {
|
||||
description = "simple MTA to deliver mail from a computer to a mail hub";
|
||||
platforms = platforms.linux;
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ basvandijk ];
|
||||
};
|
||||
}
|
|
@ -1,69 +0,0 @@
|
|||
diff -Naurb a/ssmtp.c b/ssmtp.c
|
||||
--- a/ssmtp.c 2009-11-23 10:55:11.000000000 +0100
|
||||
+++ b/ssmtp.c 2017-03-25 03:00:26.508283016 +0100
|
||||
@@ -57,6 +57,7 @@
|
||||
char arpadate[ARPADATE_LENGTH];
|
||||
char *auth_user = (char)NULL;
|
||||
char *auth_pass = (char)NULL;
|
||||
+char *auth_passfile = (char)NULL;
|
||||
char *auth_method = (char)NULL; /* Mechanism for SMTP authentication */
|
||||
char *mail_domain = (char)NULL;
|
||||
char *from = (char)NULL; /* Use this as the From: address */
|
||||
@@ -1053,6 +1054,15 @@
|
||||
log_event(LOG_INFO, "Set AuthPass=\"%s\"\n", auth_pass);
|
||||
}
|
||||
}
|
||||
+ else if(strcasecmp(p, "AuthPassFile") == 0 && !auth_passfile) {
|
||||
+ if((auth_passfile = strdup(q)) == (char *)NULL) {
|
||||
+ die("parse_config() -- strdup() failed");
|
||||
+ }
|
||||
+
|
||||
+ if(log_level > 0) {
|
||||
+ log_event(LOG_INFO, "Set AuthPassFile=\"%s\"\n", auth_passfile);
|
||||
+ }
|
||||
+ }
|
||||
else if(strcasecmp(p, "AuthMethod") == 0 && !auth_method) {
|
||||
if((auth_method = strdup(q)) == (char *)NULL) {
|
||||
die("parse_config() -- strdup() failed");
|
||||
@@ -1415,6 +1425,8 @@
|
||||
struct passwd *pw;
|
||||
int i, sock;
|
||||
uid_t uid;
|
||||
+ FILE *fp;
|
||||
+ char pass_buf[BUF_SZ+1];
|
||||
bool_t minus_v_save, leadingdot, linestart = True;
|
||||
int timeout = 0;
|
||||
int bufsize = sizeof(b)-1;
|
||||
@@ -1433,6 +1445,17 @@
|
||||
log_event(LOG_INFO, "%s not found", config_file);
|
||||
}
|
||||
|
||||
+ if(auth_passfile != (char *)NULL) {
|
||||
+ if((fp = fopen(auth_passfile, "r")) == (FILE *)NULL) {
|
||||
+ die("Could not open the AuthPassFile %s", auth_passfile);
|
||||
+ }
|
||||
+ if (fgets(pass_buf, BUF_SZ, fp) == NULL) {
|
||||
+ die("Error while reading a line from the AuthPassFile %s, or it is empty", auth_passfile);
|
||||
+ }
|
||||
+ fclose(fp);
|
||||
+ auth_pass = strdup(pass_buf);
|
||||
+ }
|
||||
+
|
||||
if((p = strtok(pw->pw_gecos, ";,"))) {
|
||||
if((gecos = strdup(p)) == (char *)NULL) {
|
||||
die("ssmtp() -- strdup() failed");
|
||||
diff -Naurb a/ssmtp.conf.5 b/ssmtp.conf.5
|
||||
--- a/ssmtp.conf.5 2008-02-29 03:50:15.000000000 +0100
|
||||
+++ b/ssmtp.conf.5 2017-03-25 01:45:52.890165426 +0100
|
||||
@@ -61,6 +61,11 @@
|
||||
.Pp
|
||||
.It Cm AuthPass
|
||||
The password to use for SMTP AUTH.
|
||||
+It is recommended to use AuthPassFile which also takes precedence over AuthPass.
|
||||
+.Pp
|
||||
+.It Cm AuthPassFile
|
||||
+A file that should contain the password to use for SMTP AUTH.
|
||||
+This takes precedence over AuthPass.
|
||||
.Pp
|
||||
.It Cm AuthMethod
|
||||
The authorization method to use.
|
|
@ -1207,6 +1207,7 @@ mapAliases ({
|
|||
sqliteInteractive = throw "'sqliteInteractive' has been renamed to/replaced by 'sqlite-interactive'"; # Converted to throw 2022-02-22
|
||||
squid4 = squid; # added 2019-08-22
|
||||
sshfsFuse = throw "'sshfsFuse' has been renamed to/replaced by 'sshfs-fuse'"; # Converted to throw 2022-02-22
|
||||
ssmtp = throw "'ssmtp' has been removed due to the software being unmaintained. 'msmtp' can be used as a replacement"; # Added 2022-04-17
|
||||
stanchion = throw "Stanchion was part of riak-cs which is not maintained anymore"; # added 2020-10-14
|
||||
steam-run-native = steam-run; # added 2022-02-21
|
||||
stumpwm-git = throw "stumpwm-git has been broken for a long time and lispPackages.stumpwm follows Quicklisp that is close to git version"; # Added 2021-05-09
|
||||
|
|
|
@ -10231,8 +10231,6 @@ with pkgs;
|
|||
|
||||
sshoogr = callPackage ../tools/networking/sshoogr { };
|
||||
|
||||
ssmtp = callPackage ../tools/networking/ssmtp { };
|
||||
|
||||
ssocr = callPackage ../applications/misc/ssocr { };
|
||||
|
||||
ssss = callPackage ../tools/security/ssss { };
|
||||
|
|
|
@ -124,7 +124,7 @@ with import ./release-lib.nix { inherit supportedSystems nixpkgsArgs; };
|
|||
smartmontools = all;
|
||||
sqlite = unix; # Cygwin builds fail
|
||||
squid = linux;
|
||||
ssmtp = linux;
|
||||
msmtp = linux;
|
||||
stdenv = all;
|
||||
strace = linux;
|
||||
su = linux;
|
||||
|
|
Loading…
Reference in a new issue