[GF-Users] postfix-tlspol

Michael Webb michael.webb at integrilog.com
Thu Jul 10 13:57:48 MST 2025 

Awesome. Thanks.

-----Original Message-----
From: users-bounces at lists.ghettoforge.org <users-bounces at lists.ghettoforge.org> On Behalf Of Peter
Sent: Thursday, July 10, 2025 2:53 PM
To: users at lists.ghettoforge.org
Subject: Re: [GF-Users] postfix-tlspol

https://rpa.st/raw/KMMQ

I'll see if I can build it with that spec that you're showing.


Peter


On 10/07/25 22:27, Michael Webb wrote:
> Hi Peter
> 
> Please could you post your example tlsrpt-reporter spec file again? The link has expired.
> 
> I have installed mock but am still learning. For now, I modified my spec file by removing go-vendor-tools references and tested line by line, and it now makes an installable rpm with rpmbuild, but there is nothing there yet to install the config.yaml and postfix-tlspol.service files.
> 
> Mike
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ---------------- # Modified output generated by go2rpm 1.16.0.post0 # 
> All references to go-vendor-tools and related output removed for 
> compatibility with EL9
> 
> # https://github.com/Zuplu/postfix-tlspol
> %global goipath         github.com/Zuplu/postfix-tlspol
> Version:                1.8.12
> 
> %gometa -L -f
> 
> %global common_description %{expand:
> Lightweight MTA-STS + DANE/TLSA resolver and TLS policy server for 
> Postfix, prioritizing DANE.}
> 
> Name:           postfix-tlspol
> Release:        1
> Summary:        Lightweight MTA-STS + DANE/TLSA resolver and TLS policy server for Postfix, prioritizing DANE
> 
> License:        See LICENSE File
> URL:            %{gourl}
> Source0:        %{gosource}
> Source1:        %{archivename}-vendor.tar.bz2
> 
> BuildRequires:  go-rpm-macros
> 
> %description %{common_description}
> 
> %prep
> %goprep -A
> %setup -q -T -D -a1 %{forgesetupargs}
> %autopatch -p1
> 
> %build
> %gobuild -o %{gobuilddir}/bin/postfix-tlspol %{goipath}
> 
> %install
> install -m 0755 -vd                     %{buildroot}%{_bindir}
> install -m 0755 -vp %{gobuilddir}/bin/* %{buildroot}%{_bindir}/
> 
> %files
> %license LICENSE
> %doc README.md SECURITY.md
> %{_bindir}/postfix-tlspol
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> ----------------------
> 
> 
> -----Original Message-----
> From: users-bounces at lists.ghettoforge.org 
> <users-bounces at lists.ghettoforge.org> On Behalf Of Peter
> Sent: Monday, June 23, 2025 7:04 AM
> To: users at lists.ghettoforge.org
> Subject: Re: [GF-Users] postfix-tlspol
> 
> It's a good start, but it requires go-vendor-tools for the build which is not available for EL8 or EL9.  That means that we either need to also build go-vendor-tools or just fix the spec to not use the macros that are in that package, I will likely do the latter because it's not worth going down dependency hell when I can just work around it in the spec file.
> 
> As for actually testing, I suggest building with fedora mock, there are plenty of howtos online for this so I won't go into details here about it but it provides a clean build environment for each build and can do cross-distro builds as well, it's what I use to build for GF.
> 
> I'll get back to it when I can, I seem to have 100 different things piling up right now.
> 
> 
> Peter
> 
> 
> On 22/06/25 20:25, Michael Webb wrote:
>> Hi Peter
>>
>> Thank you for the examples.
>>
>> Hope this helps. I have created a spec file but don't know if this is any good because I don't know how to test it (yet).
>>
>> https://www.integrilog.com/adhj5jkuuk2sfsf0/postfix-tlspol/golang-git
>> hub-zuplu-postfix-tlspol.spec.txt
>>
>> I discovered a package called go2rpm. Took a while to find all the dependencies I needed, but the output looks reasonable.
>>
>> 1. Only thing that the build couldn't resolve was the spdx for 2 perceived license instances and I had to specify EXCLUDE in these 2 places for "COPYRIGHT" and "yaml" (see below).
>> 2. Also, I contend that although the default/example config.yaml specifies 127.0.0.53:53 intended for "resolve", the preferred IP address for EL should be 127.0.0.1:53 for "bind" DNS resolver.
>>
>>
>> I think this was all I needed (Rocky 9.6) to build the spec file. I did not use a python venv and installed go2rpm directly into my os:
>>
>> dnf install git golang python python3-build python3-installer 
>> python3-specfile pip rpmdevtools askalono-cli pip install tomlkit 
>> flit-core aiohttp gitpython jinja2 go-vendor-tools cd /root git clone 
>> https://gitlab.com/fedora/sigs/go/go2rpm
>> cd go2rpm
>> python -m build --wheel --no-isolation python -m installer 
>> --destdir=/ /root/go2rpm/dist/go2rpm-1.16.0.post0-py3-none-any.whl
>> mkdir /root/rpmspec
>> cd /root/rpmspec
>> git config --global user.name "root"  #unsure what I was supposed to 
>> put here and why it cared git config --global user.email 
>> "root at example.com"  #unsure why it needed this, it did not included 
>> it in the spec file go2rpm -d -p vendor 
>> github.com/Zuplu/postfix-tlspol
>>
>> Warnings from the build:
>>
>> Undetected licenses found! Please enter them manually.
>> * Undetected license: 
>> /tmp/tmpsnmp5mkw/postfix-tlspol-1.8.11/vendor/github.com/miekg/dns/CO
>> PYRIGHT Enter SPDX expression (or EXCLUDE): EXCLUDE Adding file to 
>> licensing.exclude_files...
>> * Undetected license: 
>> /tmp/tmpsnmp5mkw/postfix-tlspol-1.8.11/vendor/gopkg.in/yaml.v3/LICENS
>> E Enter SPDX expression (or EXCLUDE): EXCLUDE Adding file to 
>> licensing.exclude_files...
>> LICENSE: MIT
>>
>> Will be away for the week with limited access to email, so may not be very responsive.
>>
>> Thanks for the help and support
>>
>> Mike
>>
>>
>>
>> -----Original Message-----
>> From: users-bounces at lists.ghettoforge.org 
>> <users-bounces at lists.ghettoforge.org> On Behalf Of Peter
>> Sent: Saturday, June 21, 2025 6:59 PM
>> To: users at lists.ghettoforge.org
>> Subject: Re: [GF-Users] postfix-tlspol
>>
>> If you want to have a crack at it you can look at the one I made for
>> tlsrpt-reporter:
>>
>> https://rpa.st/raw/GV6Q
>>
>> ...compare that to the PKGBUILD file from arch:
>>
>> https://gitlab.archlinux.org/archlinux/packaging/packages/tlsrpt-repo
>> rter/-/raw/main/PKGBUILD?ref_type=heads
>>
>> ...and then you'd want to try a similar adaptation for the PKGBUILD file for postfix-tlspol:
>>
>> https://gitlab.archlinux.org/archlinux/packaging/packages/postfix-tls
>> pol/-/raw/main/PKGBUILD?ref_type=heads
>>
>>
>> Peter
>>
>>
>> On 22/06/25 02:25, Michael Webb wrote:
>>> Peter, Understood. Thank you. Maybe I can learn to do it. For now I 
>>> have logged a request at the source. Someone there with hidden 
>>> talents may be able to contribute.
>>> https://github.com/Zuplu/postfix-tlspol/issues/56
>>>
>>> Mike
>>>
>>> -----Original Message-----
>>> From: users-bounces at lists.ghettoforge.org
>>> <users-bounces at lists.ghettoforge.org> On Behalf Of Peter
>>> Sent: Friday, June 20, 2025 6:32 PM
>>> To: users at lists.ghettoforge.org
>>> Subject: Re: [GF-Users] postfix-tlspol
>>>
>>> I'm happy to do it, but there's currently no spec file available so I'll have to create one likely based on the steps in the arch PKGBUILD file.
>>> It might take a little while to do because I  currently have a lot of other stuff on my plate and very little time to do it.
>>>
>>>
>>> Peter
>>>
>>>
>>> On 21/06/25 10:34, Michael Webb wrote:
>>>> Hi Peter
>>>>
>>>> I have wanted to mention this package for some time. I consider it 
>>>> essential to postfix TLS and TLSRPT integration. Although I have 
>>>> been compiling myself and using this package on my production 
>>>> servers since January 2025 with ease, I believe it would benefit 
>>>> the EL community more to have it available on GhettoForge.
>>>>
>>>> https://github.com/Zuplu/postfix-tlspol
>>>>
>>>> To the best of my knowledge, it was the first (and possibly is 
>>>> still the
>>>> only) open-source program to resolve both TLSA and MTA-STS records 
>>>> and prioritize DANE delivery when recipients have specified both 
>>>> record types. The author has been developing this since October 
>>>> 2024 and has brought Wietse Venema into the discussion several 
>>>> times to clarify IETF RFC language and postfix connectivity. A 
>>>> couple of European email services providers (with high and varied 
>>>> volume) also actively worked with the author to fix some issues. 
>>>> The integration was extremely well done with helpful logs, console 
>>>> query commands for testing, compact, high-speed processing, and 
>>>> using best practice in general. The only updates for about the last 
>>>> 6 weeks have been platform related and I personally consider it stable.
>>>>
>>>> Mike
>>>>
>>>>
> _______________________________________________
> users mailing list
> users at lists.ghettoforge.org
> http://lists.ghettoforge.org/mailman/listinfo/users

_______________________________________________
users mailing list
users at lists.ghettoforge.org
http://lists.ghettoforge.org/mailman/listinfo/users

More information about the users mailing list