dovecot: add PAM support, use defaults for SSL certs, remove configuration patch

dovecot/.footprint

@@ -31,13 +31,15 @@ drwxr-xr-x	root/root	etc/dovecot/conf.d/
 -rw-r--r--	root/root	etc/dovecot/dovecot-ldap.conf.ext
 -rw-r--r--	root/root	etc/dovecot/dovecot-sql.conf.ext
 -rw-r--r--	root/root	etc/dovecot/dovecot.conf
+drwxr-xr-x	root/root	etc/pam.d/
+-rw-r--r--	root/root	etc/pam.d/dovecot
 drwxr-xr-x	root/root	etc/rc.d/
 -rwxr-xr-x	root/root	etc/rc.d/dovecot
 drwxr-xr-x	root/root	etc/ssl/
 drwxr-xr-x	root/root	etc/ssl/certs/
--rw-------	root/root	etc/ssl/certs/dovecot.crt (EMPTY)
-drwxr-xr-x	root/root	etc/ssl/keys/
--rw-------	root/root	etc/ssl/keys/dovecot.key (EMPTY)
+-rw-------	root/root	etc/ssl/certs/dovecot.pem (EMPTY)
+drwxr-xr-x	root/root	etc/ssl/private/
+-rw-------	root/root	etc/ssl/private/dovecot.pem (EMPTY)
 drwxr-xr-x	root/root	usr/
 drwxr-xr-x	root/root	usr/bin/
 -rwxr-xr-x	root/root	usr/bin/doveadm

dovecot/.signature

@@ -1,7 +1,7 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/QBKk3FZ379levFWEjGI6az60NK5NB3rnPEaMZ9INFPI5EocxAA4ZJETSRGw7mrVc4u4nYMnrExrAWbdRUQlfQA=
-SHA256 (Pkgfile) = 3ee65d3ca04bfe4da2d5695f38212b1d935fdd0625ccb3f79f9deb33a6935695
-SHA256 (.footprint) = 68cfd06d3f8296a6114bac238b41a36cd01078b1d0058837b97abd88b8e5098a
+RWSE3ohX2g5d/bhK8LVXlLOI0fTo4g/ADPI/n0EhszaUwBTRpreBertAV3dsAcLYWyrZoGGvyS5X6e6ZFtxD5pvihU5V7JBd5g0=
+SHA256 (Pkgfile) = a621c38530a50fea98b28290a0c53220b700c764407a3a5962311d1bf1ee7570
+SHA256 (.footprint) = 8862d922606d0296a7481ba671e3d170c1859e331d857c033c8053b97d500fe0
 SHA256 (dovecot-2.3.5.tar.gz) = bfe112ec6d11f7d6c6f7f0440e3b6e2c840c15cec1e99466b5495765d54aaaff
-SHA256 (dovecot-config.patch) = a6f09e637f1ac15368d2d18736dc353e4a188959c5940dedd5306b689156e91c
-SHA256 (dovecot) = ead06d36290cca8be6be350f2c05edf53a4e9ce8aec5d5d663b1162ae96c17c7
+SHA256 (dovecot.rc) = 188af70cdcbb012eedd44bc0bbe6ef11567e7a788ecc57ffb106b934a87de286
+SHA256 (dovecot.pam) = 9aa8bd8871560e4e3c255ca3e8ed9c99d6b29620e375155ef6c4118b5b7da4af

dovecot/Pkgfile

@@ -1,42 +1,49 @@
 # Description: IMAP and POP3 server with ssl/ipv6 support, written with security primarily in mind
 # URL:         http://dovecot.org
 # Maintainer:  Juergen Daubert, jue at crux dot nu
-# Depends on:  zlib bzip2 xz openssl libcap
+# Depends on:  zlib bzip2 xz openssl libcap linux-pam
 
 name=dovecot
 version=2.3.5
-release=1
+release=2
 source=(https://dovecot.org/releases/2.3/$name-$version.tar.gz
-        dovecot-config.patch dovecot)
+        dovecot.rc dovecot.pam)
 
 build () {
     cd $name-$version
 
-    patch -p1 -i $SRC/dovecot-config.patch
-
     ./configure --prefix=/usr \
                 --libexecdir=/usr/lib \
                 --sysconfdir=/etc \
                 --localstatedir=/var \
                 --with-moduledir=/usr/lib/dovecot/modules \
-                --with-ssl=openssl \
-                --without-libwrap
+                --with-pam \
+                --with-ssl=openssl
 
     make
     make DESTDIR=$PKG install
 
     cp -r $PKG/usr/share/doc/dovecot/example-config/* $PKG/etc/dovecot
-    install -D -m 755 $SRC/dovecot $PKG/etc/rc.d/dovecot
 
-    rm -r $PKG/usr/share/doc
-    rm $PKG/etc/dovecot/README
+    # RC script
+    install -D -m 755 $SRC/dovecot.rc $PKG/etc/rc.d/dovecot
 
-    install -d $PKG/etc/ssl/{certs,keys}
-    touch $PKG/etc/ssl/certs/dovecot.crt
-    touch $PKG/etc/ssl/keys/dovecot.key
-    chmod 0600 $PKG/etc/ssl/{keys/dovecot.key,certs/dovecot.crt}
+    # PAM
+    install -D -m 644 $SRC/dovecot.pam $PKG/etc/pam.d/dovecot
 
+    # SSL 
+    install -d $PKG/etc/ssl/{certs,private}
+    touch $PKG/etc/ssl/certs/dovecot.pem
+    touch $PKG/etc/ssl/private/dovecot.pem
+    chmod 0600 $PKG/etc/ssl/{certs/dovecot.pem,private/dovecot.pem}
+
+    # directories
     install -d -m 0750 $PKG/var/lib/dovecot
     install -d -m 0755 $PKG/var/run/dovecot
     install -d -m 0750 -o root -g dovecot $PKG/var/run/dovecot/login
+
+    # cleanup
+    rm -r $PKG/usr/share/doc
+    rm $PKG/etc/dovecot/README
+
 }

dovecot/README

@@ -3,12 +3,12 @@ README for dovecot 2.x
 REQUIREMENTS
 
 PRE-INSTALL
-   Create two users dovecot/dovenull and one group dovecot with a 
-   unused id < 99:
+   Create two system users dovecot/dovenull and one system group
+   dovecot with unused id < 99:
 
-   'groupadd -g 26 dovecot'
-   'useradd -g dovecot -u 26 -d /var/run/dovecot -s /bin/false dovecot'
-   'useradd -g dovecot -u 27 -d /var/run/dovecot -s /bin/false dovenull'
+   'groupadd -r dovecot'
+   'useradd -r -g dovecot -d /var/run/dovecot -s /bin/false dovecot'
+   'useradd -r -g dovecot -d /var/run/dovecot -s /bin/false dovenull'
    'passwd -l dovecot'
    'passwd -l dovenull'
 

dovecot/dovecot-config.patch

@@ -1,48 +0,0 @@
-diff -Nru dovecot-ce-2.3.0.orig/doc/example-config/conf.d/10-ssl.conf dovecot-ce-2.3.0/doc/example-config/conf.d/10-ssl.conf
---- dovecot-ce-2.3.0.orig/doc/example-config/conf.d/10-ssl.conf	2018-01-27 16:56:45.984507980 +0100
-+++ dovecot-ce-2.3.0/doc/example-config/conf.d/10-ssl.conf	2018-01-27 16:57:08.627035390 +0100
-@@ -9,8 +9,8 @@
- # dropping root privileges, so keep the key file unreadable by anyone but
- # root. Included doc/mkcert.sh can be used to easily generate self-signed
- # certificate, just make sure to update the domains in dovecot-openssl.cnf
--ssl_cert = </etc/ssl/certs/dovecot.pem
--ssl_key = </etc/ssl/private/dovecot.pem
-+ssl_cert = </etc/ssl/certs/dovecot.crt
-+ssl_key = </etc/ssl/keys/dovecot.key
- 
- # If key file is password protected, give the password here. Alternatively
- # give it when starting dovecot with -p parameter. Since this file is often
-diff -Nru dovecot-ce-2.3.0.orig/doc/example-config/conf.d/auth-system.conf.ext dovecot-ce-2.3.0/doc/example-config/conf.d/auth-system.conf.ext
---- dovecot-ce-2.3.0.orig/doc/example-config/conf.d/auth-system.conf.ext	2018-01-27 16:56:45.984507980 +0100
-+++ dovecot-ce-2.3.0/doc/example-config/conf.d/auth-system.conf.ext	2018-01-27 16:57:08.627035390 +0100
-@@ -7,12 +7,12 @@
- # PAM is typically used with either userdb passwd or userdb static.
- # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
- # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
--passdb {
--  driver = pam
-+#passdb {
-+  #driver = pam
-   # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
-   # [cache_key=<key>] [<service name>]
-   #args = dovecot
--}
-+#}
- 
- # System users (NSS, /etc/passwd, or similar).
- # In many systems nowadays this uses Name Service Switch, which is
-@@ -26,11 +26,11 @@
- # Shadow passwords for system users (NSS, /etc/shadow or similar).
- # Deprecated by PAM nowadays.
- # <doc/wiki/PasswordDatabase.Shadow.txt>
--#passdb {
--  #driver = shadow
-+passdb {
-+  driver = shadow
-   # [blocking=no]
-   #args = 
--#}
-+}
- 
- # PAM-like authentication for OpenBSD.
- # <doc/wiki/PasswordDatabase.BSDAuth.txt>

dovecot/dovecot.pam

@@ -0,0 +1,7 @@
+#
+# /etc/pam.d/dovecot - dovecot service module configuration
+#
+
+auth        include common-auth
+account     include common-account
+

dovecot/dovecot.rc

@@ -6,8 +6,8 @@
 SSD=/sbin/start-stop-daemon
 PROG=/usr/sbin/dovecot
 PID=/var/run/dovecot/master.pid
-KEY=/etc/ssl/keys/dovecot.key
-CRT=/etc/ssl/certs/dovecot.crt
+KEY=/etc/ssl/private/dovecot.pem
+CRT=/etc/ssl/certs/dovecot.pem
 
 case $1 in
 start)

dovecot/pre-install

@@ -1,8 +1,8 @@
 #!/bin/sh
 
-getent group dovecot   || /usr/sbin/groupadd -g 26 dovecot
-getent passwd dovecot  || /usr/sbin/useradd  -g dovecot -u 26 -d /var/run/dovecot -s /bin/false dovecot
-getent passwd dovenull || /usr/sbin/useradd  -g dovecot -u 27 -d /var/run/dovecot -s /bin/false dovenull
+getent group dovecot   || /usr/sbin/groupadd -r dovecot
+getent passwd dovecot  || /usr/sbin/useradd  -r -g dovecot -d /var/run/dovecot -s /bin/false dovecot
+getent passwd dovenull || /usr/sbin/useradd  -r -g dovecot -d /var/run/dovecot -s /bin/false dovenull
 /usr/bin/passwd -l dovecot
 /usr/bin/passwd -l dovenull